Light Dark
August 21, 2014 By Brooke Satti Charles 2 min read
Government
Risk Management

The Financial Crimes Enforcement Network (FinCEN) has announced proposed changes that would amend part of the Bank Secrecy Act (BSA). According to the National Law Review, the changes affect customer due diligence (CDD) requirements for certain covered financial institutions. These include mutual funds, brokers or dealers in securities, future commission merchants and introducing brokers in commodities. Comments and feedback on these proposed changes are due by Oct. 3, 2014.

Details of the FinCEN Proposal

The proposed changes to the BSA add more requirements to anti-money-laundering (AML) programs and customer identification programs (CIP) in the form of CDD requirements. These CDD requirements would apply to all covered financial institutions under the USA PATRIOT Act. They force customers to document beneficial ownership for their legal entity (i.e., mutual funds and brokerage accounts) and codify the requirements.

FinCEN’s proposed rules to revise the current AML requirements for CDD address the following:

  • Identify and authenticate a customer’s identity, which is currently a requirement of the existing CIP rules.
  • Identify, authenticate and understand beneficial owners of a legal entity (i.e., an association, partnership, proprietorship, corporation or trust).The rule states that a beneficial owner will be anyone with a 25 percent or more equity interest of the entity or has significant management responsibilities within the entity.

FinCEN is also proposing an update requiring a fifth pillar to AML compliance. This pillar would address CDD and would require covered financial institutions to understand the use and purpose of their customers’ relationship, and implement ongoing monitoring.

Currently, the pillars are:

  1. Designate a compliance officer.
  2. Development of internal policies, procedures and controls.
  3. Ongoing and relevant training of employees.
  4. Independent testing and review.

Analyst Comments

These proposed CDD requirements have been a widely discussed topic for both U.S. and international law enforcement and regulatory agencies for quite some time. Fraudsters, criminal organizations and terrorists are known to abuse legal entities for their advantage. Having the ability to identify individuals who own these legal entities and do business within the U.S. financial system will greatly assist in reducing this type of abuse.

FinCEN’s first publication regarding the proposed CDD requirements was released in March 2012 and set the stage for coding and enhancing these CDD requirements. The current proposal is partly a product of the 2012 regulatory process and collaboration with other interested regulatory agencies (the Office of the Comptroller of the Currency, Federal Reserve Board, Federal Deposit Insurance Corporation, Securities and Exchange Commission, and Commodity Futures Trading Commission).

If approved, this proposal would identify beneficial owners of legal entity customers and add this CDD component as a fifth pillar to BSA/AML programs.

 |  |  | 
Brooke Satti Charles
Financial Crime Prevention Strategist, IBM Security

More from Government
December 24, 2024

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

August 14, 2024

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

May 30, 2024

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature