TO: All Field Staff
This supervisory letter provides information about the Bank Secrecy Act (BSA) customer due diligence (CDD) and beneficial ownership rules, and establishes a consistent framework for the examination and supervision processes used to evaluate credit union compliance. The guidance in this document applies to all federally insured credit unions (FICUs).
The U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) issued final rules under the BSA on May 11, 2016, published as Customer Due Diligence Requirements for Financial Institutions (opens new window) in the Federal Register.
The rules strengthen and codify existing CDD requirements for covered financial institutions, and they contain a new requirement for such institutions to identify and verify the identity of individuals (the beneficial owners) who own or control certain legal entity members, subject to a number of exclusions and exemptions. FICUs and other covered institutions must comply with the rule, effective May 11, 2018.
This supervisory letter provides field staff with guidance regarding expectations and the implementation of examination procedures to review compliance with the new rules.
II. BSA/Anti-Money Laundering (AML) Programs
Together, CDD and beneficial ownership requirements are now a required minimum component of a credit union’s BSA/AML internal controls.1 The four pillars of a BSA/AML compliance program include:
- System of internal controls to ensure ongoing compliance, including appropriate, written risk-based procedures to:
- Understand the nature and purpose of the member relationship in order to develop a member risk profile, and conduct ongoing due diligence to identify and report suspicious transactions; and
- Identify and verify the identity of beneficial owner(s) of legal entity members, regardless of risk profile, for each new formal banking relationship established on or after May 11, 2018.2
- Independent testing of BSA/AML compliance
- Individual responsible for day-to-day compliance
- Training for appropriate personnel
III. Examination Expectations
The updated BSA Questionnaire is attached to this letter to give you a preview of the new CDD and beneficial ownership questions. Once the updated BSA Questionnaire and Consumer Compliance Violations citations have been added to AIRES, which is expected with the September 2018 release, field staff will begin evaluating a credit union’s compliance with the final CDD and beneficial ownership rules. Initially, NCUA field staff will discuss and determine a credit union’s awareness of, and review its efforts to comply with, the new requirements.
IMPORTANT: Throughout the remainder of 2018, NCUA field staff will not take exception to a credit union’s non-compliance with the new BSA standards found in FinCEN’s final CDD and beneficial ownership rules effective May 11, 2018, and will not identify any such noncompliance as a significant BSA violation, provided the credit union is making a good faith effort to comply with the new rules.
In 2019, NCUA field staff will begin more in-depth reviews of credit unions’ BSA/AML policies, procedures, and processes in order to assess their overall compliance with regulatory requirements for CDD and for identifying and verifying beneficial owner(s) of legal entity members.
The NCUA partnered with the other Federal Financial Institutions Examination Council (FFIEC) agencies to develop the enclosed guidance and examination procedures, Customer Due Diligence – Overview and Examination Procedures and Beneficial Ownership Requirements for Legal Entity Customers – Overview and Examination Procedures.3 The new guidance is included in the enclosed, updated BSA Questionnaire and will be incorporated into the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual.4 NCUA field staff will review and become familiar with these procedures before examining a credit union for the new rule requirements.
FinCEN issued an administrative ruling concurrent with the release of the interagency guidance documents, providing an exception for premium finance lending products that allow for cash refunds. Specifically, Ruling FIN-2018-R001 (opens new window), Premium Finance Cash Refunds and Beneficial Ownership Requirements for Legal Entity Customers, provides exceptive relief to covered financial institutions from the requirements to collect and verify the beneficial owner of a legal entity customer opening such premium financing account when there is a possibility of a cash refund. There is no expiry date on this exceptive relief.
In addition, FinCEN issued an administrative ruling on May 16, 2018, to provide 90-day limited exceptive relief from the obligations of the beneficial ownership requirements. Specifically, the ruling applies to certain financial products and services that automatically roll over or renew (such as share certificate or loan accounts) and were established before the rule’s applicability date of May 11, 2018. On August 8, 2018, the limited exception was extended an additional 30 days. See FIN-2018-R002 (opens new window), Beneficial Ownership Requirements for Legal Entity Customers of Certain Financial Products and Services with Automatic Rollovers or Renewals, and FIN-2018- R003 (opens new window), Extension of Limited Exception from Beneficial Ownership Requirements for Legal Entity Customers of Certain Financial Products and Services with Rollovers and Renewals, for more information about the applicability of these rulings.
IV. Additional Guidance Relevant to BSA CDD and Beneficial Ownership Rules
Previously issued guidance on CDD and beneficial ownership includes:
- FinCEN Frequently Asked Questions
- FinCEN Guidance FIN-2018-G001 (opens new window), Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions (April 3, 2018)
- FinCEN Guidance FIN-2016-G003 (opens new window), Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions (July 19, 2016)
- NCUA Office of Credit Union Resources and Expansion (CURE) webinar, BSA Compliance – Customer Due Diligence (April 25, 2018)
- FFIEC interagency webinar, Examiner Training for Customer Due Diligence and Beneficial Ownership Examination Procedures (April 19, 2018)
If you have any questions about the information in this letter, please direct them to your immediate supervisor or your regional management.
Office of Examination & Insurance
Supervisory letters are official agency examination policy. These letters communicate guidance to NCUA field staff on regulations and exam procedures. Each supervisory letter focuses on a specific topic, providing background information and outlining any related regulatory and statutory requirements. Supervisory letters may also require field staff to perform certain procedures during an examination; in these cases, the letter will provide instructions to help field staff implement the procedures. Supervisory letters are intended to provide a framework for more consistent application of staff judgment with respect to conclusions about a credit union’s financial and operational condition, and related CAMEL and risk ratings. These letters also provide a consistent approach for evaluating the adequacy of a credit union’s relevant risk-management processes. Supervisory criteria detailed in a supervisory letter are not strict requirements, unless noted as required by law or regulation. The supervisory criteria contained in these letters are used by field staff to evaluate a credit union’s condition based on the preponderance of relevant factors. Generally, supervisory letters are shared with the public as an attachment to a Letter to Credit Unions.
1 The NCUA and the other federal financial institution regulators consider CDD and beneficial ownership requirements to be an essential part of a financial institution’s internal control processes and procedures, but you may hear these requirements referred to as a “fifth pillar.”
2 A beneficial owner is an individual (natural person) who, directly or indirectly, owns 25 percent or more of the equity interests of a legal entity member (ownership prong); or an individual with significant responsibility to control, manage, or direct a legal entity member (control prong).
5 The archived CURE webinar is available through NCUA’s Credit Union Learning Management Service (opens new window). The FFIEC webinar will be shared internally with NCUA staff.