Thinking about 2015 yet? It’ll be here soon, along with new mortgage regs from the CFPB, perhaps risk-based capital changes from the NCUA, and now new “know your customer” requirements courtesy of the Financial Crimes Enforcement Network and the Bank Secrecy Act.
The underlying idea is to help spot money laundering and other illegal activity. But that's not how everyone sees it.
“This is just another major expense on the compliance front for credit unions,” says Virginia-based industry attorney Andy Keeney of the proposed Customer Due Diligence Requirements for Financial Institutions that were published Aug. 4 in the Federal Register. Read it here on page 45152.
The proposal leads off with: “The proposed rules would contain explicit customer due diligence requirements and would include a new regulatory requirement to identify beneficial owners of legal entity customers, subject to certain exemptions.”
The FinCEN board includes NCUA representation, and credit unions are not exempt from its requirements. The comment period ends Oct. 3 and the impact could be considerable, Keeney says.
“To drill down and require beneficial ownership information will cause a major impact on the growing trend in the use of trusts for loans and savings accounts at credit unions,” he says.
The regulation is intended to make ownership of various enterprises more transparent, including limited liability corporations, and exercise more due diligence when it comes to opening and changing accounts. Existing accounts are not affected, but new accounts would require a two-prong test to identify individuals who own 25% or more of a legal entity or individuals with a significant control over a legal entity.
Drilling down to find out about all the owners and who has control could be time consuming and costly. Lindsey Richardson, a compliance officer with PolicyWorks, the Iowa-based consultancy affiliated with the Iowa Credit Union League, says FinCEN estimates that a financial institution would have to spend an additional 20 minutes to receive and verify the information required on the new form at account opening.
“We are concerned it would be much longer,” she adds. “Credit union staff may need to dig through multiple layers of corporate documentation to determine ownership, if the documentation is even readily available.”
Richardson also questions the necessity.
“If a credit union is complying with FinCEN’s existing due diligence requirements, they should already know their member and the type of activity that’s likely to occur on the accounts,” she says.
“No rest for the weary,” adds Keeney, who expects compliance to be required within a year. “How will small credit unions be able to comply?”
From the technology and operations side, small credit union will need to update their customer identification and anti-money laundering programs and files, says Stephen Gilmour, compliance and security program manager for Symitar, the San Diego-based core processing subsidiary of Jack Henry & Associates.
Employees also will need to be trained.
“From a technological perspective, credit unions will need to track and monitor beneficial owners and retain the proposed certification forms,” Gilmour says, adding that particular attention would need to be paid to automated and online applications.
Jeroen Dekker, senior product manager for financial crimes risk management at Wisconsin-based Fiserv Inc., also says the proposed rule makes sense in the big picture. He calls it “a logical implementation of what has long been a global AML principle” that his company has encountered while deploying AML software in dozens of countries.
“[Domestic] institutions of all sizes will now need to ensure they have an [automated] solution that continuously and dynamically judges each member’s actual behavior against benchmarks by stated intent, historical norms, or peer group comparisons,” he says. “In light of the beneficial ownership requirements, such solutions should now also be able to obtain information on those people to subject them to OFAC screening and, as applicable, ongoing monitoring.”
Meanwhile, one veteran credit union consultant and technologist says he thinks the new rules would require more of a change for people than software.
“It will not take tremendous tech investment to change membership app portals and documents, but it will take a large cultural shift,” says Ron Murray, president of California-based CUTEK. “It will be tempting for a lot of credit unions to blow off this requirement thinking they aren’t in the business of business.
“But most credit unions do a lot of community business” Murray continues. “Clubs, community groups, etc., as I read it are not exempt, so this would put credit unions out of compliance without even thinking much about it.”