NCUA Issues Examination Guidance for Bank Secrecy Act Customer Due Diligence and Beneficial Ownership Rule Compliance

The National Credit Union Administration recently issued a supervisory letter providing federally insured credit unions with the examination expectations that will be used by NCUA examiners when reviewing for compliance with the customer due diligence (CDD) and beneficial ownership rule requirements of the Bank Secrecy Act/Anti Money Laundering Rules.

Credit unions were required to comply with the new CDD and beneficial ownership rules beginning on May 11, 2018.  The supervisory letter provides, however, that NCUA examiners will accept reasonable and good faith compliance efforts throughout 2018, but notes that such efforts do not provide a shield against FinCEN penalties that could arise from failing to fully comply with the requirements.  To aid with compliance, the supervisory letter provides information that the NCUA has given to its field staff regarding expectations and the implementation of examination procedures that will be used to review for compliance with the new requirements.

When reviewing for CDD compliance, examiners will look for whether the credit union: (i) has developed and implemented appropriate risk-based procedures for conducting ongoing CDD; (ii) has a sufficiently detailed program for determining customer risk profiles to distinguish between significant variations in the money laundering and terrorist financing risks of its customers; (iii) is properly collecting beneficial ownership information at the 25% ownership threshold regardless of the customer’s risk profile, and is collecting other customer information necessary to form an understanding of the nature and purpose of the customer relationship in a manner that is commensurate with the customer’s risk profile; (iv) has policies, procedures, and processes that define both when and what additional customer information will be collected based on the customer risk profile and the specific risks posed in relation to higher risk profile customers; and (v) has risk-based procedures for ongoing monitoring of the customer relationship, on a risk basis, to maintain and update customer information, including beneficial ownership information of legal entity customers.

When reviewing for beneficial ownership rule compliance, examiners will look for whether the credit union has policies, procedures, and processes in place: (i) to properly identify a legal entity customer; (ii) instructing staff who know, suspect, or have reason to suspect that equity holders are attempting to avoid the reporting threshold (i.e., 25% or more ownership) to file a SAR; (iii) detailing the identifying information that must be obtained and updated for each beneficial owner of a legal entity customer opening a new account after May 11, 2018; (iv) verifying the identity of each beneficial owner of a legal entity customer within a reasonable period of time after an account is opened; (v) describing processes for circumstances in which the credit union cannot form a reasonable belief that it knows the true identity of the beneficial owner(s) of a legal entity customer; (vi) establishing recordkeeping procedures for beneficial ownership identification and verification information; and (vii) providing that if the credit union relies on another financial institution’s compliance information, that a contract must be used that requires the other financial institution to certify annually that it has implemented its anti-money laundering program, and that it will perform the specified requirements of the procedures to comply with the requirements of the beneficial ownership rule.

The supervisory letter also provides the procedures examiners will follow when conducting an examination for compliance with the new rules.