In this month’s Compliance Insights podcast, Risk and Compliance experts Christine Bucy and Steven Stachowicz discuss the challenges around the customer due diligence (CDD) rule in force this May, and the dynamic developments related to the Consumer Financial Protection Bureau. More compliance news can be found in the January issue of Compliance Insights, available here.
In-Depth Interview
Compliance Insights, January 25, 2018 [transcript]
Kevin Donahue: Hello, this is Kevin Donahue, Senior Director with Protiviti, welcoming you to a new installment of Powerful Insights. Today, we’re going to be talking a little bit about some of the highlights from the January issue of Compliance Insights, a monthly newsletter Protiviti puts out covering developments and news in the compliance space, largely targeting the financial services industry. I’m pleased to be joined again for this discussion by Steven Stachowicz, a Managing Director and a leader in Protiviti’s Risk and Compliance practice, along with Christine Bucy, an Associate Director with our Risk and Compliance practice. Steve, thanks for joining me today.
Steven Stachowicz: Thanks for having me, sir.
Kevin Donahue: Christine, great to speak with you again.
Christine Bucy: Yes, happy to be here. Thanks for having me.
Kevin Donahue: Christine, let me ask you the first question here, again, around an issue we covered in the newsletter. FinCEN’s Customer Due Diligence Rule, due to come into effect in May of this year, is called the fifth pillar of AML compliance. The others are internal controls, independent testing, designation of individuals responsible for BSA/AML compliance, and ongoing training. So my question is, can you summarize this rule briefly for us and explain how it affects a dealer-broker’s AML compliance programs in practice?
Christine Bucy: Sure, yes. Thanks, Kevin. So yes, after several years of a very concerted effort, FinCEN, in May of 2016, issued its final Customer Due Diligence Rule, or CDD Rule, like you said, that’s effective in May of this year, so really less than four months from today. It’s not effective yet, but this rule really has been a long time in the making.
Some of the more recent developments around this rule really started in July of 2014. So when FinCEN issued its notice of proposed rulemaking, that was really critical because it represented a pretty significant departure from the existing regulations that allowed covered financial institutions to really exercise their own risk-based judgment on determining information around beneficial ownership requirements.
A couple of years later, which is really where we are today, the final rule, which is what we’re talking about today, was published in May of 2016 and that’s really mandatory for new accounts that are opened on or after what we’re calling the applicability date, May 11th of 2018.
The key principles of this rule are really not new. In fact, many institutions have effectively been in compliance with this rule for quite some time. Again, as I mentioned earlier, this rule has really been under development for a long time. That being said, covered institutions, including broker-dealers, are still grappling with some of these compliance challenges, but again, a lot of these really aren’t new for the industry.
Some of the key components that the rule includes is this primary one, identifying and verifying beneficial ownership information. Some of the other key components include identifying and verifying the customer, of course, understanding the nature and purpose of the relationship, and then implementing ongoing monitoring and what we’re calling event-driven reviews and updates of this beneficial ownership type of information.
So collectively, all these things, all these components really establish CDD or Customer Due Diligence as the fifth pillar of an AML program. So, in many ways, this really formalizes what I was mentioning before, existing guidance, but to us, I think this really begins to up the ante for broker-dealers and other covered entities because now regulators can really begin to enforce against it.
What does this mean really? In a nutshell, covered entities really are now obligated to maintain written procedures as part of their compliance program. These procedures really need to be specific around identifying a natural person – so that’s key also to this. So not only going […] buta natural person of each of their legal entity customers opening new accounts.
The rule does set forth certain criteria around this. You need to read this in the rule, but the rule set has a two-pronged approach to identifying this beneficial ownership, or beneficial owners. One of the prongs is identifying up to four individuals who directly or indirectly own 25 percent or more of the equity interest; and then, two, identifying one, a C-suite executive, for example, who has significant control over the legal entities. So that’s really the crux of that key primary component, identifying and verifying beneficial ownership information.
Since many financial institutions have really adopted this information prior to this rule, we’re seeing for many of our clients that lots of institutions are really on track to meet the minimum requirements, certainly from a process standpoint. For instance, making sure their policies and procedures are updated, the account opening forms have been revised to adapt to the new rule, KYC documents have been revised and updated, and employees have been trained on the new requirements. So we’re seeing, by and large, that many of our clients have taken these steps from a process standpoint. That being said, broker-dealers and other covered entities really are still facing some compliance challenges that are posing some significant operational headaches as we enter into these final months.
As alluded to in our newsletter, at the closeout of 2017 FINRA has actually issued regulatory notice offering broker-dealers some guidance on how to implement this rule. So, in concert with, of course, this FINRA guidance, FinCEN’s FAQs, and talking with people in the industry, certainly our clients, and joining and hosting certain webinars, there are a couple common challenges that we’re hearing and seeing and that we’re urging broker-dealers and other entities to really stay focused on.
Kevin Donahue: Christine, what are these common challenges for broker-dealers and others, as you say?
Christine Bucy: First, the first challenge that we keep hearing over and over again is determining this right threshold. So, of course, in the light of the rule, is 25 percent right for you or do you need to take a more conservative approach? If you need to deviate from the threshold that you had established previously, just making sure that you’re documenting and evidencing any changes that you’re making in light of the new rule. Even more so, for institutions that are operating globally, this threshold determination may prompt some additional challenges for those that are managing globally. Just think managing ultimate beneficial ownership, compliance across multiple regulatory frameworks with many jurisdictional regulations can definitely be really complex. So this is certainly something that we’re seeing as a key question for the industry, how to manage these different types of requirements globally.
Secondly, we’re seeing the question on how far do we drill down and really unwrapping some of these complex ownership structures. So again, this challenge really isn’t new, but a lot of folks in operation are really struggling with making sure that their employees are trained well enough on the requirement and understanding really how to navigate through some of these ownership structures that might be obscured by a lot of indirect layers.
Then lastly, this final point that we are really urging broker-dealers and other covered entities to stay focused on is creating this comprehensive view of the customer. What I mean by that is needing to link a beneficial owner who really stands behind maybe multiple accounts for transaction monitoring and reporting purposes, and a suggestion to the industry as a whole is taking data analytics technologies inspired or informed approach to help create this vision. So broker-dealers really should be certainly paying attention to their technology environment in place right now and future needs to really sift and create this comprehensive customer deal.
Kevin Donahue: That’s great. Thanks, Christine. Steve, let me bring you into the conversation and we could talk a little bit about – it seems to be our favorite topic every month – the Consumer Financial Protection Bureau. Congress has invalidated the CFPB arbitration rule that was supposed to go into effect this year. For banks, that sounds like a good thing, in the sense that no change will be required to their existing dispute resolution practices. So, first question, is that correct? And then, regardless of the rule, what is considered best practice when it comes to customer disputes?
Steven Stachowicz: Hey, Kevin. The CFPB is going to be a topic of a lot of conversation in 2018. It is right now, so even as we’re talking right now, there’s just so much going on with their leadership and the administration’s view on their work and much of what they’re putting out there publicly in terms of their own self-evaluation of their processes and their practices and their rules. So, it’s interesting; the arbitration rule is one-of-a-kind rule that has drawn the ire of the industry, and Congress took a hard look at that using their Congressional Review Act authorities. The authorities under the Congressional Review Act is that within a certain period of time of a regulation being put out there by any regulatory agency, Congress can effectively invalidate it in whole or in part. That happens. It’s not that it’s never happened before and it’s happened a number of times with the current Congress and administration, but it really is among the first times, and certainly in a very splashy way, that we’ve seen that happen with a rule that’s promulgated by one of these agencies pursuant to Dodd-Frank or their authorities under Dodd-Frank. So the CFPB’s rule of arbitration, which would have banned mandatory arbitration clauses from being included in the contract for consumer financial products and services, such that it would have prevented customers or consumers from entering into group or class action lawsuits, that rule was invalidated by Congress.
For the financial services industry, for banks and financial institutions, you asked me is that good news. I think that yes, in the sense that arbitration, from their perspective, is a way to manage litigation costs and litigation processes and enable financial institutions to deal with these issues, from their viewpoint, in a more organized and effective manner, frankly, and their viewpoint is that it is actually a consumer-friendly practice. Not great if you’re the CFPB, or many consumer activist organizations, that have said that consumers really should not have their abilities to enter into group or class action lawsuits limited. For financial institutions then, it means effectively no change to what they’re doing today. The rule has been invalidated.
As part of any financial institutions’ fair and responsible banking initiatives, arbitration clauses are something that should be reviewed. You want to make sure, obviously, that arbitration clauses are fair and equitable and meet basic industry standards and legal standards by the court. But assuming that the arbitration clauses do, it is still helpful and a consumer-friendly practice for organizations to make sure that consumers understand what these clauses entail. So they tend to be somewhere in legal contracts and buried in small print, no one really understands them and no one ever really discloses – well they disclose, but no one ever really discusses them, and that’s not particularly helpful for consumers. So as financial institutions look at these things and look at their disclosures in general, it is helpful to have some care and attention to thoughtfully disclose these to consumers in a clear and conspicuous manner so that they do understand what those clauses entail and what’s required of them so they’re not surprised at a later point. That is, I think, still good practice and something that organizations should still be giving attention to, but the CFPB’s rule itself on making changes to these mandatory arbitration clauses has been invalidated, and there’s nothing more for financial institutions to do with respect specifically to that rule.
Kevin Donahue: Steve, one final question for you before we wrap up our discussion today. This latest action seems to be one of many related to the scrutiny of the CFPB’s activities as of late. Should we expect more, and what should financial institutions be considering right now in light of what’s going on with the bureau?
Steven Stachowicz: Yes, we should expect more. I think the simple answer to that is yes, very much so. So that’s what I was saying earlier that with the change in leadership to the CFPB and with the administration’s and Congress’ view, generally speaking, of the CFPB and its mission and its activities today, I think we can and probably should expect more. The CFPB has, and leadership with CFPB, have already taken actions, either required under Dodd-Frank or otherwise, to obtain information from the public, public feedback, on its activities and its rulemaking, and so we’re seeing quite a bit already publicly from the bureau in this regard. There’s also been an indication from the CFPB regarding a rule that they’ve just finalized in 2017, related to certain payday loans and short-term loans. That rule we covered in the Compliance Insights previously. It’s new, it’s fresh, it’s not even effective, and now the CFPB is already indicating that they’d like to take a look at it again. So I think we can and should expect more in 2018. It’d be a very interesting year to follow from a development standpoint.
What should financial institutions be doing. Monitoring developments closely is the immediate answer to this. Making sure, for instance, that they’re aware that something like the arbitration rule has been invalidated. Aside from that, it’s not as if compliance with these rules and regulations is suddenly going to be an optional thing or that these rules and regulations are all just going to be going away. In fact, the CFPB had made it very clear that its mission is still to enforce consumer protection laws and regulations. The manner in which it’s going to do it may change a little bit. Their focus on particular products or services and practices may change a little bit, but it doesn’t necessarily mean that they’re suddenly off the beat, if you will, and institutions can be taking bigger chances or bigger risks or not as concerned about things.
So compliance risk management should still be considered a top priority for institutions whether we’re talking about CFPB rules, whether we’re talking about the FinCEN rule that Christine just talked about, BSA/AML framework in general, or whatever the other multitude of laws and regulations private institutions need to deal with. Compliance management is still important; staying focused on doing the right thing is still important; making sure that your fair and responsible banking programs are still active and in place are all very, very important things.
Kevin Donahue: Christine, Steve, thanks very much for joining me today to discuss some of these highlights from the January edition of Compliance Insights. I again want to remind our audience that to read this issue and prior issues of this newsletter, you can visit protiviti.com/compliance-insights.
– End of Recording –