U.S. financial institutions are facing strengthened customer due-diligence requirements that are as controversial as they are inevitable.
The Financial Crimes Enforcement Network is gathering comments on its ideas for a CDD regulation that fulfills the recommendations of the Financial Action Task Force, an international organization that develops policies to combat money laundering and terrorist financing. Fincen argues that its CDD rule should promote financial transparency, which critics see as forcing banks to expand their surveillance of private financial transactions. Bankers also fear they will be required to do deeper and perhaps fruitless searches to uncover obscure or intentionally hidden owners of partnerships, charities and unregistered corporations.
Though FATF recommendations are technically nonbinding, U.S. policymakers have looked to the organization's relatively vigorous framework as a reference point for international standards. Adherence to those standards helps the U.S. advance the state of play in AML without having to foist extraterritorial obligations on other countries. A U.S. failure to move forward on a FATF recommendation – including one that explicitly advocates "the principle that financial institutions should conduct CDD should be set out in law" – threatens the legitimacy of the entire framework. The FATF's recommendations are therefore likely to be implemented, but when, and how, are still under consideration.
CDD requirements are hardly new to financial institutions. Regulators have used means other than statutes or regulations to spur institutions to adopt them. The Federal Financial Institution Examination Council's BSA/AML examination manual identifies CDD as the "cornerstone of a strong BSA/AML compliance program," and therefore a safety and soundness consideration during regulatory examinations. CDD requirements were also central elements of the Office of the Comptroller of the Currency's recent AML enforcement actions against Citibank and Associated Bank.
Large, multinational institutions already have a CDD program in place, and banks headquartered in the European Union are subject to explicit CDD requirements, though uncertainty about precisely what is necessary has led to a lack of uniformity in program specifics.
Financial institutions may, in fact, welcome a CDD rule that articulates requirements more efficiently than supervisory examinations and enforcement actions. And given their inevitability, banks should seize the opportunity to shape the rule in a manner that helps policymakers achieve their AML goals without imposing needless cost and customer pain.
One important element in the Fincen proposal is the frequency with which CDD information must be updated. International norms have centered on updates every year for high-risk customers, every two years for medium-risk customers and every three years for low-risk customers.
The approach has a simplistic appeal, but no research has indicated that the frequency of updates for medium- and low-risk customers yields benefits worth the costs. It may well be that these resources would be better spent elsewhere – provided institutions have a mechanism like automated transaction monitoring to detect when a medium- or low-risk customer might migrate to high-risk status. The issue merits further study prior to adopting explicit requirements.
Financial institutions should also advocate close alignment with international standards, particularly those in the EU. Banks, particularly the U.S. operations of foreign banks, are wasting resources in complying with redundant due-diligence standards. Eliminating identical reviews of the same customers would free up resources that could be devoted to other aspects of AML and CTF compliance programs. For example, the EU regulations require that alternate beneficial owners be identified to a 25% threshold. In the absence of specific guidance, U.S. institutions have generally moved toward identification of high-risk customers to a 10% threshold. Equivalency with the EU standard would appear to make sense, and, indeed, Fincen has signaled as much by referencing the 25% threshold in its own proposal.