FinCEN's New CDD Rule - The New Fifth Prong of the AML Program
Jim George is an independent consultant to banks focusing on issues of identity, AML, Know Your Customer issues, and fraud. He brings over 25 years as a consultant to major banks in Associate Partner and Principal roles at PricewaterhouseCoopers Consulting, IBM Consulting in Bank Risk and Compliance, and Andersen Consulting. Jim’s work has included projects in customer identity, fraud loss reduction, AML regulatory compliance (including KYC and CDD), and detection systems. He was a member of a Justice Department Interagency AML Taskforce in Miami, Florida.
This is a chance to look at existing ideas in customer identity in new ways and to consider both practical, short-term improvements as well as look at where the solutions may be evolving.
The Federal regulators put together a list of 26 “Red Flags” to help banks deal with ID theft and identify fraudulent attempts to take over accounts. But the list is not organized for ease of use and they are not a comprehensive guide. In this topic we have organized the Red Flags into related functional areas and, for each area, we provide additional tips and information based on years of consulting with major banks from the perspectives of prevention, loss reduction, detection, and investigations.
Major data breaches have changed the game. They are part of a trend toward “industrializing” id and fraud crimes, so no one person has to do each step. Data is available in the Dark marketplace for small fees per victim. Old controls are less effective and we need to change just to keep up with the perpetrators.
Where do you go from here?
- The existing 4 prongs/pillars of AML per the BSA
- Overview of the new 5th prong/pillar
- Triggers that caused this expansion of regulations
- Purposes, per FinCEN
- Three covered entity types
o Customer legal entity
o Beneficial owners
o Controlling Persons
- New Requirements
o Risk profiles
o Baseline/normal transactions
o Transaction monitoring
- Your bank must be ready, here is what you will need
Course Level - All levels
Who Should Attend
- Retail Banking Leaders
- Risk and Compliance Officers
- Loss Control Managers
Why Should Attend
The new requirements are formidable. They impact commercial, small business, private, and international banking areas of the Banks as well as compliance officers and areas currently performing KYC tasks. New research is now required on new entities never addressed before in customer acceptance.
Follow-up will require new updating requirements and strong linkage of monitored transactions versus baseline.
FinCEN has issued substantial new AML requirements focused on a major expansion of Know Your Customer into what is now Customer Due Diligence, CDD. It goes far beyond the knowledge of the Customer Legal Entity to the Beneficial Owner of that entity and its Controlling Persons. It is focused beyond the initial customer acceptance step, requiring updating and on-going monitoring against baseline “normal” activity for the customer type. It is very unlikely that many banks already comply with these requirements. Compliance implementation should be in place.