FinCEN issued the final rule on customer due diligence on the heels of the Panama Papers scandal, and we’re now more than a year past the compliance deadline. Commonwealth Trust Company’s Ola Tucker discusses the rule’s limitations.
Panama Papers Scandal Exposes Shell Companies
The Panama Papers document leak in 2015 exposed the financial details of over 200,000 offshore entities, including the names of some very public figures who owned and/or controlled these companies. This scandal brought the lack of transparency around shell companies to public attention and generally led to an increased interest and curiosity about shell companies.
A shell company is a legal entity, typically in the form of a limited liability company (LLC), which may hold financial assets, but does not conduct any significant business activity, has few to no employees and usually does not have a physical presence. However, a shell company can open bank accounts and transfer funds, buy and sell real estate and engage in other financial transactions.
Originally created in order to provide limited liability, shell companies can be used to protect assets from litigation, aid in financial planning and serve as holding companies, among other legitimate uses. However, although shell companies are not illegal to form or operate, they can easily be misused and contain several features which readily lend them to illegitimate use.
Setting Up a Shell Company
A shell company can be set up easily, quickly, relatively inexpensively and anonymously. This is done by choosing a registered agent to set up the company. The company can be incorporated domestically or offshore. One can contact a registered agent directly or use an intermediary, such as a lawyer, to add a layer of secrecy. Once the registered agent is chosen, the transaction can be completed in a matter of minutes either online or over the phone. The cost is typically around just a few hundred dollars, depending on the state or country of registration. After that, it only takes a few business days (from about three days to two weeks) before all the paperwork is finalized with the state and the official incorporation documents are sent to the owner(s).
The distinctive feature about shell companies that makes them particularly attractive to criminals is the anonymity shell companies provide to their owners and directors. This anonymity enables the ready use of shell companies as vehicles for money laundering, tax evasion, accepting and paying bribes and a multitude of other crimes, including the concealment of beneficial ownership identity from authorities and others. Ironically, it is this lack of transparency around true ownership that allows criminals to “hide in plain sight” while engaging in seemingly legitimate business transactions.
An Overview of FinCEN’s Beneficial Ownership Rule
On the heels on the Panama Papers leak, the Financial Crimes Enforcement Network (FinCEN) issued the Beneficial Ownership Rule and gave financial institutions two years to implement it. May 11, 2018 marked the implementation deadline for the rule, which requires covered financial institutions to collect and verify identification information about beneficial owners from their legal entity customers at the time a new account is opened. Under this rule, a beneficial owner is defined as an individual who directly or indirectly owns 25 percent or more of the equity interests of the legal entity customer. The required beneficial ownership information may be obtained by using the certification form provided by FinCEN, an institution’s own internal form or any other means that complies with the requirements of the rule. The name and title of the natural person opening the account must be provided, and this person must certify the information provided is correct to the best of his or her knowledge. Verification of identifying information must be completed within a reasonable time after account opening.
The goal of the rule is to assist authorities in combating financial crimes that are often committed through the unwitting participation of financial institutions. The intent is to identify the natural person owning and/or controlling the legal entity and to ensure that the natural person identified is the true and ultimate beneficial owner, rather than a nominee or straw man. Requiring the disclosure of ultimate beneficial ownership is a necessary first step toward transparency and helping to curtail the illegal use of shell companies. But is the rule effective, and are financial institutions substantively complying with the intent and purpose of the rule?
Circumventing the Beneficial Ownership Rule
The first potential issue is that, as written, the Beneficial Ownership Rule applies to new accounts and accounts that are being renewed. This effectively means that beneficial owners of existing legal entity customers need not be identified, allowing criminals to continue misusing the legal entity for the remaining term of their relationship with the financial institution, which could last for several years.
Another problem is that financial institutions are only required to verify the identity of the beneficial owner (i.e., that they are who they say they are), but not their status as the beneficial owner (i.e., that they are, in fact, the beneficial owner of the legal entity). Furthermore, financial institutions are permitted to rely on the certification submitted by the customer, unless there is a clear reason to question the information provided. Therefore, anyone looking to circumvent the beneficial ownership identification requirement can simply substitute a relative or other associate to stand in as the beneficial owner when opening an account with a financial institution.
Additionally, the ownership structure of legal entities can be changed at any time, including after an account has been opened and after beneficial ownership information has been provided and verified. Under the rule, financial institutions must have procedures to maintain and update customer information on the basis of risk. This means that, absent a triggering event, there is no proactive requirement to obtain updated beneficial ownership information for all legal entity customers on a continuous or periodic basis. And even if such information is requested from the customer, there is no guarantee that it reflects the true ownership structure, since there is no requirement to verify the status of beneficial owners as such.
Conclusion
With just over one year of Beneficial Ownership Rule compliance behind them and the knowledge that regulators will be heavily focused on customer due diligence, financial institutions should complete a “look back” and evaluate the effectiveness and adequacy of their processes and procedures around this rule. In order to fully comply with the rule’s purpose and intent and to better know their customers, institutions may need to enhance their due diligence processes. More specifically, many existing due diligence controls, which are completed at onboarding and focus primarily on sanctions list hits and negative news, might not catch the methods of concealment often used by shell companies and the individuals that own and control them. This is particularly true of newly formed companies, which do not yet have any reportable history and lack many of the typical red flags that institutions look for when conducting due diligence. Financial institutions must recognize that know your customer (KYC) is an ongoing process that continues throughout the relationship between the institution and its customers. Compliance departments at financial institutions should make ongoing monitoring a priority, enhance red flags to address shell structures and changes in ownership and update anti-money laundering training for impacted staff.
Ola Tucker is the founder of 
