The final version of FinCEN’s CDD requirements for financial institutions have now been issued, and they are already the subject of much discussion among AML/KYC practitioners. Much of this discussion has to date been devoted to risk models and risk-containment procedures that implement these models. Largely overlooked in the rush to read the FinCEN tea-leaves is the subtle but significant pressure FinCEN has added to the name-screening process that forms a central component of the AML/KYC process in the vast majority of AML/KYC operations.
Why does the new FinCEN regime make name-screening even more important for CDD? Here are at least three reasons why getting the right name-screening results will be more important than ever in order to meet the regulatory requirements that FinCEN regards as minimally adequate:
- People, not organizations: the demand that CDD and CIP processing include a “drill down” through layers of obfuscation in order to locate and positively identify the true beneficial ownership and/or controlling individuals who are parties to financial transactions means that meaningful CDD research will inevitably involve by-name searches for what FinCEN calls “natural persons.” Further, these persons will need to be identified positively, whenever possible, by reference to what the rule document calls “documentary” sources, exemplified as passports, driver’s-licenses and other types of official, government-issued credentials. Expect increased volume and scope in name-screening process.
- No cherry-picking: the FinCEN rule takes great pains to set forth the demand that a nuanced, risk-based procedure be articulated and applied across the board at each regulated institution. This requirement certainly comprises the name-screening system(s) embedded in the more general AML/KYC/CDD operations. Expect problems for any name-screening process or system that renders simplistic up-or-down, match/no-match results. Gradations of match likelihood against watch-list names will be needed to underpin the more general risk-calculation logic that FinCEN now expects to be shown.
- CTR Aggregation by individual: updated Currency Transaction Reporting (CTR) requirements now include the expectation that transactions will be grouped by individual, in order to prevent the “smurfing” subterfuge that was facilitated by opaque corporate ownership rosters. Expect compliant AML/KYC operations henceforth to have a customer data integration (CDI) capability with name-matching functionality equivalent to that of the watch-list screening process.
The full practical and financial impact of the enhanced FinCEN CDD rules will be played out in the months to come. Whatever changes these rules may induce elsewhere in the operations of covered financial institutions, they should add still further to the critical importance of an effective name-screening/matching capability in any serious AML/KYC shop.
For more information on how to evaluate the risk in your NSS, see our new white paper, which explores this topic in depth.