FinCEN CDD Rule

FinCEN CDD Rule, sometimes called the Fifth Pillar of AML, became effective on May 11, 2018.

The CDD Rule has four core requirements. It requires covered financial institutions to establish and maintain written policies and procedures that are reasonably designed to (1) identify and verify the identity of customers; (2) identify and verify the identity of the beneficial owners of companies opening accounts; (3) understand the nature and purpose of customer relationships to develop customer risk profiles; and (4) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. – FinCEN New Release

To clarify compliance and implementation of the rule, FinCEN provided two sets of FAQs.  The first was in July of 2016.  The second was in April of 2018.

There were two exemptions.  The first was on May 11, 2018, the guts of which is as follows:

The Beneficial Ownership Rule currently exempts covered financial institutions from the requirements to identify and verify the identity of the beneficial owner of legal entity customers at account opening to the extent that the legal entity customer opens the account for the purpose of financing insurance premiums and for which payments are remitted directly by the financial institution to the insurance provider or broker unless there is a possibility of cash refunds. This ruling provides exceptive relief to covered financial institutions from the requirements to collect and verify the beneficial owner of a legal entity customer opening such premium financing account when there is a possibility of a cash refund.

The second was a temporary relief announced on May 16, 2018, the guts of that is as follows:

… up to and including August 9, 2018… exceptive relief to covered financial institutions from the obligations of the Beneficial Ownership Requirements for Legal Entity Customers (31 CFR § 1010.230) (Beneficial Ownership Rule) with respect to certain financial products and services that automatically rollover or renew (i.e., certificate of deposit (CD) or loan accounts) and were established before the Beneficial Ownership Rule’s Applicability Date, May 11, 2018.

At the time of this writing, many large banks went through a review of the rule implementation recently, are in review, or will soon be in review by the Office of the Comptroller of the Currency, but these are not a coordinated horizontal industry-wide review.  Banks are eager to find out how well they have done and how practical the reviews will be.  The second relief is one of great concern for all banks, not just the big banks, because many products have automatic rollover or renewal, for which banks do not normally consider to be a new financial product or even a new account.

GDPR Means General Data Protection Regulation

If you have been seeing Cookie Acceptance Notifications pop up on many global websites lately, it is precisely because this 2016 EU law, which goes into effect on May 25, 2018.  The law is broad in scope, but the notifications require the site user to accept the cookies being used, which is to document the site-user of opting in to the cookie tracking.  The sites are require to be able to evidence this opt-in.

The major requirement is in the title: Data Protection.  The foundational principle is that the website user owns his or her personal data that the site is collecting, so, as long as the site receives acceptance to use the data, the site also is responsible for protecting the data from data breaches.  Considering the ever-growing prowess of Black Hat Hackers, many sites are opting to purge the user data.  Major social networking site are probably coming up with ways to anonymize user data.

This principle that the user owns the data that is being collected has other ramifications.  The user can request erasure of his or her data.  The user will likely be able to request all users of his or her data, however removed from the originating data collector, to provide how the data was used.  All of the rights of ownership are attached to the data.

This is quite contrary to the American legal principle of privacy, which requires sites to keep the data private, but since the site owns the user’s data, it can do what it can do with any other asset it owns.  The defense of the American legal principle is that much of the data collected are actually intellectual property.  Take, for example, demographic information.  One site may analyze my personal data and conclude that I am a social conservative while another a social liberal; the conclusion is the result of the site’s work.

The EU legal principle suggests that such work may indeed be owned by the site, but if it is derived from the user, then user has derivative ownership of those conclusions.  Essentially, it recognizes that the user’s information has economic value and, therefore, the site will have to have a valid contract to use that data.

Since the law protects all EU citizens and residents and their data, it is global in nature.  Also, if an American tourist logs in from the EU jurisdiction, the American is protected as well.  For that matter, the American would be protected if the data is harvested from the United States but it is stored or passes through the EU jurisdiction.

Some questions remain, at least for me.  Would a company legally headquartered in Ireland but its activities are in Menlo Park, California, is the company treated as an EU company, and, therefore, require data protection to all user information going through Menlo Park because the financial results of that information is reported to the Irish tax authorities?

How about counter-terrorism efforts?

Or, does the public figure have an economic right to his or biography published by a traditional publisher of hardcover books?

FinCEN Final CDD Rule… For Now

FinCEN CDD Rule is the shorthand for Customer Due Diligence Requirements for Financial Institutions, which FIs were supposed to have implemented by May 11, 2018.  The requirement is to obtain beneficial ownership information, financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity, among others.  At the time of this publication, May 16, 2018, the requirement also includes the collection of beneficial ownership information during product or service renewals, such as loan renewals and certificates of deposit rollovers. FIN-2018-G001 FAQ Regarding CDD Requirement for FIs, pages 9 and 10.  This is the most controversial definition of a new product or service.  Practically speaking, it means a short term 1-month CD will trigger the need to collect a certification of beneficial ownership, which also includes the work of due diligence to support the certification.  There is no provision to apply this on a risk basis, which means the pensioner in Wichita and a Middle Eastern correspondent bank will be treated the same for the purposes of this requirement.  Obviously, FIs as awaiting any guidance on the enforcement strategy from regulators.

Update:  On May 16, 2018, at around 6pm, FinCEN delayed the enforcement of this rule. Due to the unexpected interpretation by FinCEN, FIs were not ready to consider rollovers as purchase of a new financial product.  Realizing that they provided guide far too late for FIs to comply, FinCEN is providing a 90-day limited exceptive relief.  Also, as, what seems to be, a jab at FIs sounding the alarm, FinCEN added:

Consistent with the definition of “account” in the Customer Identification Program
(CIP) rules and subsequent interagency guidance, each time a loan is renewed or
a certificate of deposit is rolled over, the bank establishes another formal banking
relationship and a new account is created…

FinCEN understands that some covered institutions have not treated such rollovers or renewals as new accounts and have established automatic processes to continue the banking relationship with the customer.

 

CECL Means Current Expected Credit Loss 

On June 16, 2016, the US financial regulators, who refer to themselves as the Agencies, finalized an industry-wide implementation plan for a new accounting method for Credit Losses. The implementation is in stages and the first set of institution are to have implemented it by January 1, 2018. The first set is made up of the largest financial institutions with a presence in the United States.

More on CECL Implementation.

Ethics Does Not Have To Be Serious

http://rostron.co/2015/10/07/changing-ethics-in-a-digital-world/
credit Digital Transcendence

Ethics has to be real. Ethics has to be appropriate. However, ethics does not have to be serious. Seriousness is a style. And there shouldn’t be a prohibition on taking pleasure in doing the right thing.

I was asked to distinguish between ethics and morality. Morality is what is considered right or wrong by a person or society. Ethics is morality in action. So, if you believe that Jesus Christ was the son of God, then it would be unethical for you to desecrate his image. For that matter, if you don’t believe that Jesus Christ was the son of God but you do believe in respecting other people’s beliefs, you would avoid desecrating images of God worshipped by others.

Notice, I framed morality based on an individual’s belief and, in my second example, I changed the belief but applied the decision to act the same way. There are subtle difference that I won’t get into in this post.

Obviously, desecration of holy objects is a very grave matter. But the non-desecration should not be. It should simply be the norm that people are respectful of each other’s beliefs.

This can be applied to corporations. There is one difficulty with corporations, though: they aren’t democracies. The president or CEO gets to prescribe the appropriate behaviors and one must keep morality to the self. This is an HR issue.

I want to talk about ethics and sales. Financial advisors may have their own personal beliefs, but they take an oath to act in accordance with a set of codified conducts. The industry set these up specifically because FAs are knowledge workers and what they provide is not just financial products but advice. For this reason, an inappropriate product for a certain type of client is forbidden. This hurts the investor and it makes the industry look like cheaters. So, if you want to join the industry, you much follow the ethical guidelines prescribed to you.

This prescription even goes as far as breaking the code of coduct of the financial institution the FA is working for. Against, this no-exemption exists so that firms cannot create an environment where financial advisors are permitted to dismiss their oath.

This is all serious stuff. Why? Because we are talking about harming investors.

But for an FA who loves providing value advice and access to products to his or her clients and the guidelines make him feel secure that his competitors cannot cheat, then why shouldn’t they have a smile on their faces?

So, smile.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

33 banks lost to create 4

from Exposing Truth
from Exposing Truth

Risk is always two sides. Get rid of one risk and it comes with another. Insurance plans, for example, supposedly reduce risk, but if you pay the insurance premium, you are essentially getting rid of the substantive risk for a financial one. One of the ways we have thought about reducing risk is by making each financial institution insure itself through sheer size. The local pizzeria simple isn’t much of a loan risk to a bank with trillions of dollars. We have offset that risk with the risk of less personal interaction. We have made banking more and more transactional and less and less transformational.

The day-to-day business of a bank is really transactional. But the purpose of all of those transactions are supposed to be both transactional and transformational. Transactional in that the money gets wired, or deposit is recorded, or loan is approved. Transformational in that the money wired could provide someone the funds to get to work that day, or the deposit recorded provides the documentation for a mortgage loan, or loan approved so that the borrower can start a new business.

The question for Americans in regards to the size of financial institutions is whether the transactional efficiency now hinders the economic transformation that it is supposed to foster. More efficient transactions free up funds for other economic activity. But have we gotten to a point where the freed up capital is primarily helping wealthier people who then are equipped to more resources to make them wealthier while leaving the less-wealthy behind?

This is not a new question, of course. And I certainly don’t have the solution for what is the right amount of competition in banking that will foster more economic transformation while keeping risk relatively low. One test that I place to begin my inquiry is this: What percentage of transformational projects have been funded by bank loans versus investment from wealthy people? As a follow up, I would ask, When did these transformational projects get funded? I don’t know the answers to these questions but my feeling is that greater transformational projects have been funded by wealthy people over time. While I don’t know what proportion is the right proportion for the American economy, we are probably in a period where bank loans do not transform much of the economy anymore. If my feelings were on the mark, it would probably also mean that banks play a less important role in transforming the economy than before, and, therefore, might need a shake up of some sort. That shake up could come in the form of bank breakups, which increases the number of leaders in the industry with smaller pockets, forcing them to rely on ideas to have bank loans compete better with equity investments. But then again we are not in the mood to taken on more risk these days, and competing with equity investors to fund projects is a riskier activity.

So, I guess what I’m saying is: We are thinking about risk to the financial system all wrong. Size itself is just one variable but it isn’t big enough of a variable to change the economy in any meaningful way. Our mentality now is that banks simply move money around and store it and lend it to known risks. People used to start business with loans. Now, less people start businesses with loans. We have given debt a bad name. And that won’t change with having smaller banks… after all, banks, regardless of size, are enablers of debt.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Bear Market Compliance

Jules, the bulldog, chase away the bears
Jules, the bulldog, chase away the bears

It’s easy to want to reduce compliance spending as the bank enters a bear market, but this is a bad idea for a whole host of reasons. The single primary reason is that revenue centers employees may take on non-compliant and high risk activities to reduce that decline in revenue to keep save their jobs. The incentive structure of your revenue center employees and the compliance culture will be tested.

Ideally, compliance spending should be relatively stable regardless of any short term market trends. In this case, short term means 18 months, because it is strategic. If your compliance department is organized to simply tackle tactical issues, you will need more compliance activity to address the possible rise of noncompliant activities.

In this sense, compliance is a lot like branding. Culture is one of the most important ingredients to Compliance Management. I know there are a lot of supposed Compliance Experts who talk about culture. If you haven’t noticed, my reader, I rarely talk about culture. It’s not that I don’t think it isn’t important, but because culture seems to be the only thing most Compliance Experts talk about; culture and tone from the top. But anyone who is actually a Compliance Expert would agree with me, culture is the one thing that doesn’t require compliance expertise.

In this entry, though, I will address culture from the perspective of a leader, not a manager. A leader who is promoting a Culture of Compliance will be cognizant of the fact that the Compliance Department’s culture and the Line of Business’s culture are often different. And the ways they are different depend on the mix of people in the Compliance Department more than the people in the Line of Business.

Compliance, by nature, requires being pedantic. Possibilities are dealt with, rather than thrown aside in favor of priorities. The few rogue employees are always looking out for possibilities, not necessarily what is right. The current bank structures are organized to reward those who bring in the most money, making the activity that brought in the money the de facto “right thing.”

We live in a society that rewards based on money, not productivity. Luckily, most of the time, productivity is the right thing. We don’t live in a society, however, that rewards those who are more productive; we live in one that rewards those who own the productivity. This means that a few superstar employees who know how to vastly upend the current level of productivity often are rewarded when the great many who help those superstars are not. (I know, I know, I’m starting to sound like a bleeding liberal; just hang in with me.) These superstars do not want to share their productivity gains with others who have helped them on their way. This last bit of change is what describes a transactional society, not a transformational one. Think about it. Transactions take just a minimum of two parties; one invariably makes a better decision than the other. Transactional society creates losers. A transformational one requires assessing one’s actual contributions and rewarding proportionally. A transformational society creates winners of varying degrees. When done right, much of the fear of getting laid off during a downturn will lessen because the issue isn’t due to proving one’s productive value but due to an issue of demand and the comparative productive value against other colleagues.

This doesn’t mean a transformational society is Utopia. But it means that people will understand the true competitive nature of the workplace: the larger competition between firms that an employee contributes to and the smaller competition between employees to be the most valuable on the team – again, the intrafirm competition doesn’t create losers but degrees of winning. But, as I said, we don’t have such a society.

That’s where managing the Culture of Compliance becomes important. Everyone should always feel like they are contributing to the welfare of the firm and compliance to policies and procedures should feel like a contribution to that firm welfare. And work should have a causality to it, meaning, one’s work causes something else to happen. If it merely has a correlation to it, as many corporate employees feel as they do, work feels bureaucratic. And it probably is. Then, of course, each employee’s duty to themselves comes down to the impression of productivity or cheating to be more productive. While only the latter is a compliance issue, they are two sides of the same coin.

So, to sum up the issue of tackling the Culture of Compliance as we head into a bear market, the Culture of Compliance starts from the duties of an employee having causal relationship to the firm’s well-being and understanding that noncompliance and brown-nosing are both results of caring more about results from a short period of time, not a long full history.

I know people might say that I am being idealistic with this, but if you are a compliance professional who doesn’t know how to lead your bank, you are ready to lead your compliance department. Compliance is a responsibility of every member of the firm and the Compliance department exists to take some of the responsibility away from other members of the firm so that they can focus on other activities. So, of course, I believe that leadership and Culture of Compliance as transformational issues, not a transactional one.

If you don’t believe me, then you are probably not a Compliance Expert. If you are a Compliance Expert, you would already know that regulators also agree with me on this point and often Delayed Prosecution Agreements are rewarded based on dealing with issues like I have mentioned.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Growth Need In Anti-Financing of Human Trafficking

from Fair.org

Syrians are migrating en masse to Europe to flee their war-torn homeland. They would like to find a place where they have a chance at life and happiness. In their effort to get to Europe, many are selling everything they own to pay for a passage by water to Greece. Sometimes that ticket is for a boat to Greece, but not necessarily to get a chance at life and happiness.

One hears stories of rape and prostitution. People are enslaved forcefully. Others are coerced into a system that has them accruing debt with high interest rates, which they pay off through labor.

These stories have money behind it all. The transactions are, of course, illegal. The storage of money is also illegal. For banks of all sizes and locations, trying to track down funds originating from these criminal activities is difficult. And this problem isn’t going away. As a matter of fact, Freedom House, an NGO that studies human rights issues, recently released a report stating that a third of the human population lives at risk of war, violence, and terror on a daily basis. That is 2.43 Billion people. Banks and Money Service Businesses facilitate and secure the transactions that make human trafficking profitable.

Here’s where technology can be of great help. On a case-basis, data analysis tools play an important role in discovering players in such industries. On a systemic-basis, a central ledger might be a solution. This is most commonly called BlockChain. The idea is to have a single place where all accounts must balance and all transactions are verified by the community as a whole. Transactions can still be anonymous, but the facilitating financial institution has a place to check unique funds – unique because each unit of currency will have an identification code. You know those numbers and letters stamped on the US Dollar Bill? Yes, that kind of uniqueness. Currently, we treat a single dollar no different from any other dollar. But with a record of that unique identification available, we can start to root-out human trafficking networks.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Importance of formal training in Compliance

There are many jobs that one can learn from experience alone. Compliance Officer is not one of them.

ACFELOGOLike Law or Accounting, becoming an effective compliance officer requires three sets of knowledge: foundational knowledge gained in formal education, specialist knowledge gained in training, and management and leadership knowledge through experience. Foundational knowledge is important because that’s the common knowledge with which the world operates. And management and leadership knowledge can only be developed through real world experience, no amount of conceptual knowledge alone will make one a good manager or leader. The middle piece, the specialist knowledge, requires training because without it the Compliance Officer simply becomes a Compliance Manager or Analyst.

The reason Compliance is like Law or Accounting is that the logic with which Compliance works differs. The logic behind complying with Financial Regulation comes from understanding a business at the operational level as well as the contribution the firm makes to the financial markets overseen by the regulator. Understanding the operations of a business could be gained through training and experience within a business. Understanding the requirements and priorities of regulators require interfacing with the regulator. Many roles are title Compliance Officer, but the true CO roles are the ones that require both arenas.

CAMS LogoThere are several ways to gain the necessary training. Many large financial institutions have Compliance training. Usually, this is the bare minimum of Compliance training necessary. Some of them might not actually be Compliance training but simply a training about suspicious activities awareness. To be qualified as Compliance training, it should include information about regulatory functions and the responsibilities of various regulators and their interactions with Self Regulatory Organizations (SROs) and private firms. In the US, this means a need to cover some combination of the following entities:

And, at a minimum, there is a need to cover the following topics:

These are a lot of topics and no one can be an expert in all of them. But without exposure to this full spectrum of knowledge, a Compliance Officer is not equipped to dealing with the complex nature of the competing interests without an overview of these subjects. There are several ways to get formal training on these entities and matters.

The most common, direct, and practical way to get the formal training needed to be equipped to be a Compliance Officer are through associations that have developed the certifications.

There are programs at a few institutes of higher education that offer coursework specifically addressing these entities and topics:

  • University of South Florida has undergraduate, graduate and PhD programs in Criminology
  • Pace University has Certified Compliance and Regulatory Professional (CCRP)
  • Utica College has MS in Financial Crime and Compliance Management
  • Charles Sturt University has Diplomas, BA and MA degrees in Anti-Money Laundering and Counter Terrorist Financing, Intelligence Analysis, and Investigations

I have provided a concise, compelling reason why you should be staffing your firm with trained Compliance Officer or training the untrained employees who are moving into Compliance. Hopefully, this will be a good starting point for you to think about what kinds of issues your firm will have to face and the value a trained Compliance Officer will bring in handling them.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience.