Don't Go Digital Without Understanding the New Business Account Opening Regulations

Despite being well into the 21st century, many small business account openings still occur in the branch, generally due to the lack of a satisfactory digital experience, regulatory requirements, or both. Now that digital account opening is taking hold with consumers, financial institutions are trying to offer a fast and convenient experience for small business customers as well. Making business account opening digital may seem daunting, but the first step in evaluating technology solutions is to understand what regulators look for in a new account process. While regulators typically don’t tell banks how to open business accounts, they are generally looking for three things when it comes to compliance:

1. Adequate data collection – Customer Identification Programs (CIP)/ Know Your Customer (KYC) 

Regulations that require specific information to be collected on each customer, which is then used to validate identity and to build a profile of that customer’s expected activity.

2. External identity verification  Including identity verification of the account holders, Office of Foreign Assets Control (OFAC) screening to ensure the customer is not a known terrorist or on a list of dangerous criminals, and account verification using both industry databases and internal bank lists of known fraudsters or criminals.

3. Risk scoring 

Used to assess risks for money laundering, the scoring process should be thoroughly documented to meet regulatory requirements. Financial institutions need to ensure risk scoring is embedded in the digital process.

What About the New Rules? 

Regulators are stepping up efforts to thwart money laundering and terrorist financing by creating stricter regulations related to KYC and CIP, including the new Customer Due Diligence Rule from the Financial Crimes Enforcement Network (FinCEN). The new rule from FinCEN requires financial institutions of any size to obtain additional information related to ownership of commercial entities that open accounts. Banks must comply with the new Rule by May 11, 2018.  It is called “Customer Due Diligence Requirements for Financial Institutions” and is often referred to as the Beneficial Ownership Rule. Regardless of the account-opening channel, the new requirements will make it difficult to create a positive account-opening experience for businesses if several considerations are not addressed. What are the Implications? Data Gathering The new rule requires banks to capture the names of all owners with 25% or more ownership of the legal entity when a new account is opened. In addition, the bank also needs to capture the name of the individual who makes financial decisions, whether that person is an owner or not.  KYC must be completed on all owners and the control individual.

The purpose of the new rule is to continue FinCEN’s attack on money launderers and terrorist financing organizations and individuals. Financial institutions need to ensure that the account-opening process – whether physical or digital -- gathers identity information for the 25% owners and the controlling individual associated with the account.  Many banks are using a sample form created by FinCEN to capture these identities and the signature of the individual at the business who is providing the ownership/controller information.  Financial institutions offering digital account opening need an electronic attestation. Training The new Customer Due Diligence Rule only applies to new accounts.  However, it gets tricky when an existing business customer wants to open a new account and is asked for the beneficial owners and controlling individual information. The business customer is likely to ask, “Why do I need to do this when I did not need to fill out this form in the past?”  Training customer-facing staff to handles these types of situations will be critical. Disclosures  As has been the case with the USA PATRIOT Act, all individuals opening accounts, whether consumers or businesses, must be advised up front that the data being collected will be used to verify their identities.  The PATRIOT Act requires this disclosure be prominently displayed regardless of channel.  In branches, most banks have signage with the disclosure information.

In a digital process, banks must be sure to prominently display the disclosure related to ID verification. As with all new rules, the banking industry needs to adapt to comply.  If you have a digital process or are evaluating digital solutions, consider the regulatory requirements that need to be built in. This is a good time to learn from the experience of others, such as by attending conferences and hearing from regulators and other bankers their best practices on how to implement the new rule.  Within your bank, pull together the key stakeholders to discuss implementation, including the front-line team, Compliance, the BSA/AML officer and training coordinators.    Be prepared for the May 2018 date.