FIN-2018-G001Issued:April 3, 2018Subject: Frequently Asked Questions Regarding Customer Due DiligenceRequirements for Financial InstitutionsThe Financial Crimes Enforcement Network (FinCEN) is issuing these FrequentlyAsked Questions to assist covered financial institutions in understanding thescope of the Customer Due Diligence Requirements for Financial Institutions,published on May 11, 2016, as amended on September 29, 2017 (“CDD Rule”or “Rule”), available at e-requirements. On July19, 2016,FinCEN published FAQs, available at ustomer-duediligence. FinCEN may issue additional FAQs, guidance, or grant exceptive reliefas appropriate.A covered financial institution with notice of or a reasonable suspicion thata customer is evading or attempting to evade beneficial ownership or othercustomer due diligence requirements should consider whether it should not openan account, close an account, or file a suspicious activity report, regardless of anyinterpretations below.Frequently Asked Questions (FAQs)Question 1: Beneficial ownership thresholdCan a covered financial institution adopt and implement more stringent writteninternal policies and procedures for the collection of beneficial ownershipinformation than the obligations prescribed by the Beneficial OwnershipRequirements for Legal Entity Customers (31 CFR 1010.230)?A. Yes. Covered financial institutions may choose to implement stricter writteninternal policies and procedures for the collection and verification of beneficialownership information than the requirements prescribed by the Rule.1

F I N C E NG U I D A N C EQuestion 2: Interaction of the beneficial ownership threshold withother AML program obligationsAre there circumstances where covered financial institutions should considercollecting beneficial ownership information at a lower equity interest thresholdunder the anti-money laundering (AML) program rules with regard to certaincustomers?A. There may be circumstances where a financial institution may determine thatcollection and verification of beneficial ownership information at a lower thresholdmay be warranted, based on the financial institution’s own assessment of its riskrelating to its customer.Transparency in beneficial ownership, however, is only one aspect of a coveredfinancial institution’s customer due diligence obligations. A financial institutionmay reasonably conclude that collecting beneficial ownership information at alower equity interest than 25 percent would not help mitigate the specific riskposed by the customer or provide information useful to the financial institutionin analyzing the risk. Rather, any additional heightened risk could be mitigatedby other reasonable means, such as enhanced monitoring or collecting otherinformation, including expected account activity, in connection with the particularlegal entity customer.In all cases, however, it is important that covered financial institutions establishand maintain written procedures that are reasonably designed to identify andverify the identity of beneficial owners of legal entity customers and to includesuch procedures in their AML compliance program.11.See 31 U.S.C. § 5318(h); 31 CFR 1010.230(a).2

F I N C E NG U I D A N C EQuestion 3: Collection of beneficial ownership information fordirect and indirect owners: Legal entity customers with complexownership structuresWhen a legal entity is identified as owning 25 percent or more of a legal entitycustomer that is opening an account, is it necessary for a covered financialinstitution to request beneficial ownership information on the legal entityidentified as an owner?A. Under the Rule’s beneficial ownership identification requirement, a coveredinstitution must collect, from its legal entity customers, information about anyindividual(s) that are the beneficial owner(s) (unless the entity is excluded or theaccount is exempted). Therefore, covered financial institutions must obtain fromtheir legal entity customers the identities of individuals who satisfy the definition,either directly or indirectly through multiple corporate structures, as illustrated incoveredfinancial institutionsthe followingexample. must obtain from their legal entity customers the identities ofindividuals who satisfy the definition, either directly or indirectly through multiple corporatestructures,as illustratedthe followingFor purposesof theinRule,Allan is example.a beneficial owner of Customer because heowns indirectly 30 percent of its equity interests through his direct ownershipFor purposes of the Rule, Allan is a beneficial owner of Customer because he owns indirectlyof Company A. Betty is also a beneficial owner of Customer because she owns30 percent of its equity interests through his direct ownership of Company A. Betty is also aindirectly20 ofpercentof lownerCustomerbecauseowns indirectlypercentof ownershipits equity interestsCompanyA plus16⅔ percentthroughCompanyB forthrougha totalCompanyof indirectownershipthroughher directownershipof CompanyA plus16⅔ percentB fora totalinterestownershipof 36⅔ percent.NeitherCarl norDianeis anorbeneficialbecauseof indirectinterest of36⅔ percent.NeitherCarlDiane is ghtheirowns indirectly only 16⅔ percent of Customer’s equity interests through theirdirectownershipof CompanyB.directownershipof CompanyB.CustomerCompany Aowns 50%Allan owns60%Betty owns40%Company Bowns 50%Betty owns33⅓%Carl owns33⅓%Diane owns33⅓%A covered financial institution need not independently investigate the legal entity customer’sownership structure and may accept and reasonably rely on the information regarding thestatus of beneficial owners presented to the financial institution by the legal entity customer’srepresentative, provided that the institution has no knowledge of facts that would reasonablycall into question the reliability of the information.3Question 4: Identification and Verification: Methods of verifying beneficial ownership

F I N C E NG U I D A N C EQuestion 4: Identification and Verification: Methods of verifyingbeneficial ownership informationWhat means of identity verification are sufficient to reliably confirm beneficialownership under the CDD Rule?A. Covered financial institutions must verify the identity of each beneficial owneraccording to risk-based procedures that contain, at a minimum, the sameelements financial institutions are required to use to verify the identity ofindividual customers under applicable Customer Identification Program (“CIP”)requirements. This includes the requirement to address situations in which thefinancial institution cannot form a reasonable belief that it knows the true identityof the legal entity customer’s beneficial owners.2 Although the CDD Rule’sbeneficial ownership verification procedures must contain the same elementsas existing CIP procedures, they are not required to be identical to them.3 Forexample, a covered financial institution’s policies and procedures may state thatthe institution will accept photocopies of a driver’s license from the legal entitycustomer to verify the beneficial owner(s)’ identity if the beneficial owner is notpresent, which is not permissible in the CIP rules. (See Question 6.)A financial institution’s CIP must contain procedures for verifying customeridentification, including describing when the institution will use documentary,non-documentary, or a combination of both methods for identity verification.4Covered financial institutions may use the same methods to verify the identityof the beneficial owner of a legal entity customer. In addition, in contrast to theCIP rule, the CDD Rule expressly authorizes covered financial institutions to usephotocopies or other reproduction documents for documentary verification.52.Under the CIP rules, a financial institution’s CIP must include procedures for responding tocircumstances in which the financial institution cannot form a reasonable belief that it knows the trueidentity of a customer. These procedures should describe: (1) when the institution should not openan account; (2) the terms under which a customer may use an account while the institution attemptsto verify the customer’s identity; (3) when it should close an account, after attempts to verify acustomer’s identity have failed; and (4) when it should file a Suspicious Activity Report in accordancewith applicable laws and regulations. See, e.g., 31 CFR 1020.220(a)(2)(iii).3.See 31 CFR 1020.220(a)(2); 31 CFR 1023.220(a)(2); 31 CFR 1024.220(a)(2); or 31 CFR 1026.220(a)(2).4.See 31 CFR 1020.220 (a)(2)(ii).5.See 31 CFR 1010.230(b)(2).4

F I N C E NG U I D A N C ENon-documentarymethods of verification may include contacting a beneficial owner; independentlyverifying the beneficial owner’s identity through the comparison of informationprovided by the legal entity customer (or the beneficial owner, as appropriate)with information obtained from other sources; checking references with otherfinancial institutions; and obtaining a financial statement.7Question 5: Collection of beneficial ownership information:Required addressesWhat address should be obtained for a legal entity customer’s beneficial owner(s)to comply with the certification requirement – residential or business?A. The address requirements for certification under the CDD Rule are the sameas those outlined in the CIP rule. For an individual beneficial owner, coveredfinancial institutions must obtain either a residential or a business street address.If neither is available, acceptable substitutes may include an Army Post Office(APO) or Fleet Post Office (FPO) box number, or the residential or business streetaddress of next of kin or of another contact individual.8Question 6: Identification and verification: Legal entity customerrepresentativeWhat process should a covered financial institution use to identify and verify theidentity of a beneficial owner of a legal entity customer when the beneficial owneris unavailable to appear in person during the opening of a new account and choosesto provide to the legal entity’s representative a copy of a driver’s license?A. A covered financial institution may identify the beneficial owner(s) of a legalentity customer either by obtaining a completed Certification Form or equivalentinformation from the legal entity customer’s representative and may rely on suchinformation, provided that it has no knowledge of facts that would reasonably call6.See 31 CFR 1020.220 (a)(2)(ii)(A).7.See 31 CFR 1020.220 (a)(2)(ii)(B).8.See 31 CFR 1020.220(a)(2)(i)(3); 31 CFR 1023.220(a)(2)(i)(3); 31 CFR 1024.220(a)(2(i)(3)); 31 CFR1026.220(a)(2)(i)(3).5

F I N C E NG U I D A N C Einto question the reliability of such information.9 Furthermore, covered financialinstitutions may verify the identity of a beneficial owner who does not appear inperson, through a photocopy or other reproduction of a valid identity document,or by non-documentary means described in response to Question 4 above.Question 7: Identification and verification: Existing customers asbeneficial owners of new legal entity customer accountsIf an individual named as a beneficial owner of a new legal entity account isan existing customer of the covered financial institution subject to the financialinstitution’s CIP, is a covered financial institution still required to identify andverify the identity of this individual, or may it rely on the CIP identification andverification of the individual that it previously performed?A. In general, covered financial institutions must identify and verify the identity ofthe beneficial owner(s) of legal entity customers at the time each new account isopened. However, if the individual identified as the beneficial owner is an existingcustomer of the financial institution and is subject to the financial institution’sCIP, a financial institution may rely on information in its possession to fulfill theidentification and verification requirements, provided the existing informationis up-to-date, accurate, and the legal entity customer’s representative certifies orconfirms (verbally or in writing) the accuracy of the pre-existing CIP information.For example, a representative of X Corp opens a new account for the company at acovered financial institution and identifies John Doe, who has a personal accountat the institution, as a 25 percent equity owner of X Corp. As required under theCIP rule, the institution identified and verified John Doe’s identity at the time thepersonal account was established. In this situation, a covered financial institutionmay rely on the pre-existing CIP identification and verification information itmaintains for John Doe, provided that X Corp’s representative certifies or confirms(verbally or in writing) the accuracy of the pre-existing information on John Doein order to comply with the Rule. The covered financial institution’s records ofbeneficial ownership for the new account could cross-reference the relevant CIPrecords and the verification of information would not need to be repeated.Question 8: Location of Certification Form or Appendix A to thefinal ruleAre covered financial institutions required to use the beneficial ownership CertificationForm (Appendix A to the Rule) and if so, how can they obtain a copy of the Form?9.See 31 CFR 1010.230(b)(1).6

F I N C E NG U I D A N C EA. There is no requirement that covered financial institutions use the CertificationForm. Rather, the form is optional and provided for the convenience of coveredfinancial institutions as one possible method to obtain the required beneficialownership information. Financial institutions may choose to comply withthe requirements of the Rule by using another method, such as through theinstitutions’ own forms, or any other means that comply with the substantiverequirements of this obligation. Covered financial institutions should retain theform and not file it with FinCEN.Covered financial institutions may obtain a fillable and non-fillable copy of theoptional Certification Form in Appendix A of the CDD Rule ion.Question 9: Retention of beneficial ownership information: Multiplesets of beneficial ownership certification documentsIf a covered financial institution has updated the beneficial ownership informationon the account(s) of a legal entity customer, and subsequently a new account isopened on behalf of the same legal entity customer, is the institution required toretain all sets of beneficial ownership documentation, thereby retaining up to threesets of information: the original set collected at account opening, the updated set,and a third, a duplicate of the second (updated) set for the new account?A. Yes. Covered financial institutions are required to retain all beneficial ownershipinformation collected about a legal entity customer. Identifying information,including the Certification Form or its equivalent, must be maintained for a periodof five years after the legal entity’s account is closed.10 However, all verificationrecords must be retained for a period of five years after the record is made.11Therefore, whether a financial institution must retain a set of identification orverification records is dependent upon the date an account is opened and closed,or the date a record is made. For example, if a covered financial institution relieson pre-existing beneficial ownership information in its possession as true andaccurate identification information when opening a new account for a legal entitycustomer, the financial institution should maintain the original records, and anyupdated information, including a record of any verbal or written confirmationof pre-existing information (for example, as described in Questions 7 and 10),until five years after the closing of the new account in order to comply with therecordkeeping requirements in the regulation. Covered financial institutions mustalso retain a description of every document relied on for verification, any non-10. See 31 CFR 1010.230(i)(2).11. Id.7

F I N C E NG U I D A N C Edocumentary methods and results of measures undertaken for verification, as wellas the resolution of any substantive discrepancies discovered in identifying andverifying the identification information for five years after the record is made.Question 10: Identification and verification: Certification when asingle legal entity customer opens multiple accountsIf a legal entity customer opens multiple accounts at a covered financial institution(whether or not simultaneously), must the financial institution identify and verifythe customer’s beneficial ownership for each account?A. Generally, covered financial institutions must identify and verify the legal entitycustomer’s beneficial ownership information for each new account opening,regardless of the number of accounts opened or over a specific period of time.However, an institution that has already obtained a Certification Form (or itsequivalent) for the beneficial owner(s) of the legal entity customer may rely onthat information to fulfill the beneficial ownership requirement for subsequentaccounts, provided the customer certifies or confirms (verbally or in writing) thatsuch information is up-to-date and accurate at the time each subsequent accountis opened and the financial institution has no knowledge of facts that wouldreasonably call into question the reliability of such information. The institutionwould also need to maintain a record of such certification or confirmation,including for both verbal and written confirmations by the customer.Question 11: Identification and verification: Accounts for internalrecordkeeping or operational purposesFinCEN understands that after a covered financial institution (particularly in thesecurities and futures industries) opens a new account for a legal entity customerand identifies its beneficial ownership, the financial institution may subsequentlyopen one or more additional accounts or subaccounts for that customer – for theinstitution’s own recordkeeping or operational purposes and not at the customer’sspecific request – so that the customer may, for example invest in particular productsor implement particular trading strategies. Would such accounts fall within thedefinition of “new accounts” for purposes of the beneficial ownership requirement?A. The beneficial ownership requirement applies to a “new account,” which isdefined to mean “each account opened by a legal entity customer”12 [emphasisadded]. An account (or subaccount) relating to a legal entity customer willnot be considered a “new account” or an “account” for purposes of the Rulewhen a financial institution creates such an account (or subaccount) for its own12. See 31 CFR 1010.230(g). In addition, the term “account” is defined by reference to the definition inthe CIP rules. 31 CFR 1010.230(c).8

F I N C E NG U I D A N C Eadministrative or operational purposes and not at the customer’s request—suchas to accommodate a specific trading strategy—and the financial institution hasalready collected beneficial ownership information on such legal entity customer.The distinction between such accounts opened by customers and those openedsolely by the financial institution is consistent with the Rule’s purpose to mitigatethe risks related to the obfuscation of beneficial ownership when a legal entity triesto access the financial system through the opening of a new account.13This interpretation is limited to accounts (or subaccounts) created solely toaccommodate the business of an existing legal entity customer that has previouslyidentified its beneficial ownership. Thus, the following accounts (or subaccounts)would not fall within this interpretation:o accounts (or subaccounts) created to accommodate a trading strategy beingcarried out by a separate legal entity, including a subsidiary of the existing legalentity customer; and,o accounts (or subaccounts) through which the customer of a financialinstitution’s existing legal entity customer carries out trading activity directlythrough the financial institution without intermediation from the existing legalentity customer.Question 12: Collection of beneficial ownership information:Product or service renewalsAre financial institutions required to have their legal entity customers certify thebeneficial owners for existing customers during the course of a financial productrenewal (e.g., a loan renewal or certificate of deposit)?A. Yes. Consistent with the definition of “account” in the CIP rules and subsequentinteragency guidance,14 each time a loan is renewed or a certificate of depositis rolled over, the bank establishes another formal banking relationship anda new account is established. Covered financial institutions are required toobtain information on the beneficial owners of a legal entity that opens a newaccount, meaning (in the case of a bank) for each new formal banking relationshipestablished, even if the legal entity is an existing customer. For financial servicesor products established before May 11, 2018, covered financial institutions mustobtain certified beneficial ownership information of the legal entity customers of13. See 68 FR at 25093 (The preamble to the CIP rules provides that “Treasury and the Agencies notethat the [USA PATRIOT] Act provides that the regulations shall require reasonable procedures for‘verifying the identity of any person seeking to open an account.’ Because these transfers are notinitiated by customers, these accounts do not fall within the scope of section 326.”)14. See “Interagency Interpretive Guidance on Customer Identification Program Requirements underSection 326 of the USA PATRIOT Act, FAQs: Final CIP Rule,” p. 8 (April 28, 2005).9

F I N C E NG U I D A N C Esuch products and services at the time of the first renewal following that date. Atthe time of each subsequent renewal, to the extent that the legal entity customerand the financial service or product (e.g., loan or CD) remains the same, thecustomer certifies or confirms that the beneficial ownership information previouslyobtained is accurate and up-to-date, and the institution has no knowledge offacts that would reasonably call into question the reliability of the information,the financial institution would not be required to collect the beneficial ownershipinformation again. In the case of a loan renewal or CD rollover, because weunderstand that these products are not generally treated as new accounts by theindustry and the risk of money laundering is very low, if at the time the customercertifies its beneficial ownership information, it also agrees to notify the financialinstitution of any change in such information, such agreement can be consideredthe certification or confirmation from the customer and should be documented andmaintained as such, so long as the loan or CD is outstanding.Question 13: Collection of beneficial ownership information:Existing accountsAre covered financial institutions required to collect or update beneficial ownershipinformation on customers with accounts opened prior to May 11, 2018, the Rule’sapplicability date?A. Financial institutions are not required to conduct retroactive reviews to obtainbeneficial ownership information from customers with accounts opened prior toMay 11, 2018. The obligation to obtain or update beneficial ownership informationon legal entity customers with accounts established before May 11, 2018, istriggered when a financial institution becomes aware of information aboutthe customer during the course of normal monitoring relevant to assessing orreassessing the risk posed by the customer, and such information indicates apossible change of beneficial ownership.15Question 14: Obligation to solicit or update beneficial ownershipinformation absent specific risk-based concernsAre covered financial institutions required to obtain or update beneficial ownershipinformation during routine periodic reviews of existing accounts, absent riskbased concerns; that is, are such reviews a trigger for the application of the Rule’sbeneficial ownership requirements?A. No. Covered financial institutions do not have an obligation to solicit or updatebeneficial ownership information as a matter of course during regular or periodicreviews, absent specific risk-based concerns. Financial institutions are required to15. See 81 FR at 29421.1 0

F I N C E NG U I D A N C Edevelop and implement risk-based procedures for conducting ongoing customerdue diligence, including regular monitoring to identify and report suspiciousactivity and, on a risk basis, to maintain and update customer information. Thus,periodic reviews are not by themselves a trigger to obtain or update beneficialownership information. As stated in response to Questions 13 and 16, theobligation to obtain or update information is triggered when, in the course ofnormal monitoring, a financial institution becomes aware of information abouta customer or an account, including a possible change of beneficial ownershipinformation, relevant to assessing or reassessing the customer’s overall risk profile.Absent such a risk-related trigger or event, collecting or updating of beneficialownership information is at the discretion of the covered financial institution.Financial institutions may exercise this discretion to collect or update beneficialownership information on customers as often as they deem appropriate.Question 15: Processes for monitoring and updating customerinformationAre covered financial institutions required to implement different processes thancurrently established to comply with the Rule’s ongoing monitoring and updatingrequirement?A. To the extent that a covered financial institution has monitoring processes inplace that allow the institution to meet the Rule’s requirements, such institutionmay use its existing monitoring processes to comply with customer due diligencemonitoring and updating obligations. As the preamble to the Rule states, “currentindustry practice to comply with existing expectations for SAR reporting shouldalready satisfy this proposed requirement.”16Question 16: Updating beneficial ownership informationIf an update to beneficial ownership information is required, can the change(s) bemade in a covered financial institution’s databases without physically obtainingand re-certifying the information?A. It depends. A covered financial institution must develop written internalpolicies, procedures, and internal controls with respect to collecting,maintaining, and updating a legal entity’s beneficial ownership information.The Rule requires that covered financial institutions monitor and, on a riskbasis, update the customer information, including the beneficial ownershipinformation, and does not require re-certification when the information is up-16. 81 FR 29420.1 1

F I N C E NG U I D A N C Eto-date and accurate.17 Covered financial institutions may therefore update theirrecords to reflect a change of information for an existing beneficial owner usingthe same or similar processes the institution implemented to record accountinformation it obtains from customers in connection with the institution’s accountopening processes. For example, if the update were only to a change of addressfor an existing beneficial owner whose identity information has already beencollected and verified, then full re-certification would likely not be required. Inthis circumstance, it may be reasonable for the covered financial institution tocommunicate verbally with the legal entity customer to confirm the accuracy ofthe change of address and reflect such information in its databases. If, however,the updated information were a change of beneficial ownership, then the newbeneficial owner’s identity would need to be collected, certified, and verified.Question 17: Beneficial ownership information: Identifying andverifying at account opening compared to updating after a riskrelated triggerDoes FinCEN distinguish between the requirements for identifying and verifyingbeneficial owner information at the time of a new account opening and at the timeof a triggering event?A. No. Whether a covered financial institution identifies and verifies the identityof the beneficial owner at the time a legal entity initially opens a new account orat the time of a triggering event, the fundamental elements of identification andverification are the same. That is, covered financial institutions must identify eachbeneficial owner by obtaining their name, date of birth, address, and identifyingnumber (such as a social security number or other identifying number permissibleunder the CIP rule), and verify their identities. However, financial institutions’written policies, procedures, and processes, as well as the sum of information,may differ with respect to the collection of information at the time a legal entitycustomer initially opens a new account or at the time an existing account isupdated after a triggering event.On or after May 11, 2018, when a legal entity customer initially opens a newaccount or an existing account is updated to incorporate beneficial ownershipinformation for the first time in response to a triggering event, covered financialinstitutions must identify and verify the identity of beneficial owners as set forthin section 1010.230(b).17. See e.g., 31 CFR 1020.210(b)(5)(ii) (for banks); 1023.210(b)(5)(ii) (for brokers or dealers in securities),1024.210 (b)(5)(ii) (for mutual funds), 1026.210(b)(5)(ii) (for futures commission merchants andintroducing brokers in commodities).1 2

F I N C E NG U I D A N C EQuestion 18: Collection of beneficial ownership information: PooledInvestment

1 FIN-2018-G001 Issued: April 3, 2018 Subject: Frequently Asked Questions Regarding Custo