John Arvanitis: A compliance plan for FinCEN’s new customer due diligence rule
Monday, October 9, 2017 at 8:28AM
John Arvanitis in Due Diligence, FinCEN

The Financial Crimes Enforcement Network's Final Rule regarding customer due diligence will soon be in force. With implementation required by May 11, 2018, covered financial institutions must ensure their due diligence programs are in line with FinCEN’s guidance on core elements of a customer due diligence program.

The four core elements include:

As organizations work toward restructuring or enhancing their customer due diligence or CCD program ahead of the FinCEN deadline, certain short-term goals are necessary for immediate compliance.

And looking  ahead, companies should also consider long-term strategies for intrinsic, sustainable program compliance.

Here's how to prepare:

1. Identify customers and validate identifications. Now: Know your customer and vendor base. This process may involve the vetting and/or a re-vetting of new and existing customers/vendors to ensure data integrity and consistency for regulatory reporting.

Long-term: Develop, implement, and validate a systematic process for data collection. In the event of a potential third party risk, have an established path for escalation and decisioning within your organization.

2. Identify beneficial owners and verify identification. Now: Authenticate and validate your business relationships to ensure you can meet the regulatory expectation of identifying all individuals who maintain a 25% or greater equity interest or possess the ability to control any business entity you partner with. In cases where third party-provided information may be incomplete or insufficient, independently re-vet your partners and identify intermediary and ultimate ownership information, as well as any state ownership and/or political exposure.

Partner with a vendor who can help scale your research efforts using a variety of tools, including desktop research tools as well as in-country document retrieval. Once beneficial ownership is established, confirm the individual’s source of wealth to ensure they meet regulatory standards. Have an escalation path for atypical research results. Try to achieve identification beyond the 25% identification suggested by the regulation.

Long-term: Develop and implement a systematic approach to beneficial ownership identification and verification for record-keeping. Consider implementing a process for monitoring changes in beneficial ownership and for the regular refresh of records.

3. Establish a risk profile. Now: Evaluate due diligence and screening results, as well as consider utilizing questionnaires that allow for risk-ranking to enhance your understanding of customer profiles. Run screening and due diligence to establish a baseline score for your third party universe. Through this workflow process you can identify potential risk within your relationships. Create an escalation plan to mitigate the risk associated with your third parties.

Long-term: Utilize technology to help facilitate a risk-based approach and program that includes questionnaires, scoring, vetting, record-keeping, and an escalation process.  

4. Monitor, update, and maintain information. Now: Evaluate technology solutions to facilitate monitoring and record keeping. Aim for implementation well in advance of the Final Rule.

Long-term: Streamline your process with the help of technology to evaluate alerts and red flags that are identified in a timely fashion, consistently refining your process. 


John Arvanitis is an Associate Managing Director of Kroll based in New York City. He joined Kroll after a  27-year career with the U.S. Justice Department, Drug Enforcement Administration. He can be contacted here. Information on Kroll’s screening and due diligence solution can be found here

Article originally appeared on The FCPA Blog (
See website for complete article licensing information.