FinCEN’s Registry Will Be a Game-Changer. It Will Also Place an Added Burden on Corporations.

The National Defense Authorization Act (NDAA) passed by the U.S. Senate in December 2020 made some remarkable changes to the Bank Secrecy Act (BSA) – 50 years after it was originally instituted in 1970! It included the Anti-Money Laundering Act (AMLA) of 2020 and the incorporation of the Corporate Transparency Act (CTA) within BSA sec 5336. Aspects of this legislation aim to expand disclosures of UBO and crack down on shell companies that have been plaguing the U.S. AML landscape.

U.S. state laws vary in terms of beneficial ownership declarations for companies. As per the CTA, the Financial Crimes Enforcement Network (FinCEN) must establish and maintain a registry of beneficial ownership of all reporting companies registered to conduct business in the country. Reporting companies cover corporations, limited liability companies or similar entities – with a few exceptions, as defined in the CTA.

Here, I’ll explore what this new disclosure requirement means for financial institutions, how it impacts their KYC-AML programs and what steps financial institutions must take to implement this additional source of registry data in their compliance frameworks.

CTA and Its Significance for Financial Institutions: UBO Disclosure and the Impact on KYC-AML Compliance

With the CTA coming into effect, U.S. entities covered under the act would be required to disclose their beneficial ownership information to FinCEN at the time of formation of the company and every time a change occurs. FinCEN will store and maintain this information in their registry with full confidentiality, with permission to disclose such information to select organizations in specific circumstances only as defined in the CTA. One such situation is sharing ultimate beneficial ownership (UBO) information of companies with financial institutions when requested by the latter for conducting customer due diligence (CDD) as per KYC-AML regulations, with the consent of the company in question.

Financial institutions in the U.S. are already covered by FinCEN’s CDD rule of 2016, which came into effect in May 2018. As per this rule, they must identify and verify beneficial owners of entity customers during initial onboarding, as well as during ongoing monitoring. However, until now, financial institutions had to manage this task on their own by obtaining and verifying data and documents from the entities themselves. Also, as certain states did not mandate UBO disclosures from corporations, this loophole was being exploited by criminal organizations to use the financial system for fund movement without sharing ownership details. This loophole will not be closed. Financial institutions can conduct CDD of entities registered in any state using FinCEN’s registry, provided they receive client consent.

Beneficial Ownership Identification: Global Lessons Learned

The European Union has witnessed a slew of AML Directives in the past few years – from the 4^th AMLD in June 2017 to the 5^th in January 2020 and the 6^th targeted by June 2021. Mandating UBO identification via national registries – which are accessible to authorities, obliged entities and public persons with a legitimate interest – have been some of the strongest mandates from the 4^th AMLD. While EU member states are in varying stages of maturity in setting up UBO registries, the bloc has come a long way. It was among the first region globally to enact UBO identification and call for the establishment of central registries.

Based on the EU’s and the U.K.’s (which was part of the EU until the completion of Brexit) experiences with UBO compliance implementation, we have learned some lessons that the U.S. can consider while implementing AMLA and CTA 2020.

• Self-declared information is not verified by registries – UBO registries established across the EU and U.K. act as repositories of beneficial ownership information as declared by the entities. These are, however, not independently verified or updated by the registries themselves. A verification by registries can help bring greater accuracy and authenticity, while regular monitoring and updating can keep the records current even if corporations fail to make these changes themselves.
• Data quality issues – A lot of data quality issues have been observed in the information in the registries. Very often, the UBO data provided by the corporations are incomplete, inconsistent and not updated with changes. Building in data quality checks along with verifying the data against documentary evidence can help reduce such issues in the registries.
• Drawing lines of responsibility around UBO ID&V – Financial institutions can access the registries for the UBO information of entity customers, but they still need to identify and verify UBOs. The registries only act as one of the data sources. The process can be streamlined if financial institutions conduct CDD based on data from the registry and the registry centrally manages the UBO identification and verification.
• UBO registry search capabilities – While accessing UBO records within registries, entitled users should be able to search by both entity name as well as UBO name to identify shell companies and criminal networks. In the EU, some registries allow search via entity name alone, which restricts connecting UBOs across different companies.

Realizing CTA 2020 and UBO Compliance in Financial Institutions: A Roadmap

FinCEN will create and maintain a national registry of UBO information, which can be used by financial institutions for CDD during initial customer onboarding and ongoing due diligence. To realize this, financial institutions need to embark on a journey to integrate FinCEN registry information with their own customer database and make corresponding changes to their systems and procedures in order to consume and process such information according to regulatory mandates.

• Real-time interfacing with the registry for new onboarding and ad-hoc reviews – Analysts must be able to fetch UBO information from the registry dynamically when they are onboarding a new customer or conducting ad-hoc event driven reviews.
• Batch interface with registry for daily updates – Assuming corporations will update their information with the registry as soon as there are any UBO changes on their end, financial institutions also need to update their customer information with such updates. A daily sync with the registry data is therefore essential.
• Rules to identify material changes – For any changes to UBO information of an entity, financial institutions need to define rules of what constitutes “material change.” This term might include, for example, a new UBO added, change in country of residence, change in occupation and so on.
• New workflows to incorporate reviews due to material UBO updates – All material changes should be screened and reviewed through a minimum of two sets of eyes. Enhanced due diligence must be conducted where necessary.
• Integration with customer risk engine – Review of material UBO changes must be necessarily accompanied by a review of the risk scoring and rating of the corporate customer.

Partnership Between FinCEN and Financial Institutions: The Way Forward

CDD for UBOs is being stressed by regulators across the globe. Financial institutions are discovering new ways and means to verify and continuously update UBO information by integrating their internal data with external data sourced from third parties. Niche fintechs are emerging that conduct detailed research on companies’ owners and generate complex ownership structures in a dynamic mode. These solutions leverage all sources of information, ranging from the Companies House and Chamber of Commerce to the web and social media.

FinCEN setting up a UBO registry is certainly a giant step toward corporate transparency and UBO compliance. However, to make this initiative more effective, FinCEN may also look at independent verification, integration of internal and external data and using the latest AI and graph analytics to discover networks and shell companies that are hidden through complex corporate structuring. A two-way public-private partnership (PPP) between FinCEN and financial institutions on sharing UBO intelligence can truly transform AML compliance. For now, the first step has been taken. A significant journey lies ahead.