UBO – You have Gathered all of the Ownership Information- Now What?

Part Three in a Series

We have discussed the UBO rule and the changes that will be required when the both parts of the rule are passed- but one thing that we have yet to get into is the how to us ethe information that is collected in a manner that is effective for the overall AML monitoring program.  Put another way- so now that you have the UBO information on your customers- So what?  

The gathering  of the information that is required is the first basic step- it is what you DO with that information that can make the rule game-changing.  Incorporating UBO information in to both risk-rating and monitoring plans  for customers is a key best practice.  It is also the overall goal of the UBO rule.   

The Reason for the Rule

Before the UBO rule was enacted, the ownership of established companies as well as shell corporations was an area that we missed in our overall information gathering used for risk assessment purposes.  While we often did a background check on the company itself,  we did not focus on the ownership of the company.  The ownership of a business can and should make a huge difference in your risk profile of a customer.

Owners can present additional risks in many ways such as:

·        Cash intensive related businesses

·        Ownership that is potentially OFAC sanctioned or otherwise compromised.

·        Ownership that is engaged in illicit activities such as trade-based money laundering that could be blended into the operations of the established business

 

Risk and Ownership

How can the ownership of a company impact risk?  A small example may help illustrate.  Suppose we have a local owned and operated flower shop that specializes in the Sky-blue Orchid that grows almost exclusively in Tasmania Australia- 

Our customer specializes in selling this rare plant to the many admirers in the local area and throughout the country.  Our risk profile of this customer would include business flow expectations  that would include:

·        A combination of cash checks and credit/debit card payments as deposits.

·        Wires to the suppliers primarily in Australia

·        Payments to other suppliers, utility bills, rent or lease payments, insurance, etc.  by debit card and /or ACH

·        Minimal wires coming in

·        Incremental growth  

 

Now suppose our customer is joined by a 51% owner who is also a casino owner;  does the risk profile of the company change?  What else would you look for as a result of this change in ownership or control?

The risk profile of the company has not necessary changed, but it would be a best practice to consider that any change in the cash flow or other activities of the flower shop might indicate that the new owner is changing the operation of the  company.  This is not to infer that a change in ownership itself is a problem; but the risk profile of the company must be re-considered. 

Risk Profiles and UBO 

When risk rating customers and administrating  the list of customers considered ‘high risk”  it is important that the UBO information including who the controller people/persons are is part of the overall risk assessment and monitoring program that results. 

The whole point of risk assessing customers should be to determine how your monitoring program will be used to mitigate risks.  In the above example, the monitoring program would be altered to look for potential changes in the nature of the cash flow of the company including:

·        Higher cash deposits

·        Wire activity in countries s different from the past

·        Incoming wires

·        Bulk sales of flowers

·        Customers from regions outside the established base

 

UBO information collection should be dynamic -at least annually and must be built into the overall risk assessment and subsequent monitoring program.  Once the information is collected, it should be incorporated in to the overall risk assessment of customers and the monitoring program designed to mitigate risk.

***James DeFrantz is Principal at Virtual Compliance Management.  For More information please visit our website at www.vcm4you.com ***

The Uniform Beneficial Ownership Rule- Big Changes Coming

A Three-part Series- Part Two-The Changes to the Rule  

 

Introduction

In our first blog in this series, we noted that there are several reasons that the Uniform Beneficial  Ownership rule was expanded.  The attempt to put sanctions on Russian persons and organizations has proven to be difficult based on some weaknesses in our overall regulatory scheme.  We noted  that one of the biggest holes in the system is that shell corporations have the ability to be able to traffic in money laundering.  The changes to the rule are designed to address the current “holes” in our AML/CFT system  

While the Uniform Beneficial Ownership (“UBO”) rule changes can help with the effort to reduce illicit transfers of money and wealth, the overall effectiveness of any regulation is limited by the overall participation of the stakeholders.  For the changes to work, there are many players that must be engaged in the overall process. Making sure that you understand the requirements of the regulation and what it is intended to do is a critical component of the overall process

Changes to the UBO Rule

The CTA, which is part of the Anti-Money Laundering Act of 2020 and enacted into law as a part of the National Defense Authorization Act for Fiscal Year 2021, establishes ultimate beneficial ownership (UBO) information reporting requirements for the vast majority of privately held corporations, limited liability companies and other similar entities created in, or registered to do business in, any of the states of the United States.   Under this rule, the number of companies that must report their beneficial ownership has been greatly expanded.  The rule requires:

The Final UBO Rule applies to Reporting Companies. Reporting Companies are U.S. domestic companies and certain non-U.S. foreign companies:

• Domestic Reporting Companies: Any corporation, limited liability company or other similar entity created by the filing of a document with a secretary of state or any similar office under the law of a State (including U.S. territories and possessions) or Indian tribe (unless exempt).
• Foreign Reporting Companies: Any entity that is formed under the laws of a non-U.S. jurisdiction but is registered with a secretary of state or similar office to do business in that State or tribal jurisdiction in the United States (unless exempt).

Despite the broad definition of Reporting Companies under the CTA, the Final UBO Rule exempts 23 types of entities from the reporting requirements, including:

• Entities already required to disclose beneficial ownership information publicly or to federal regulators (g., U.S. banks and credit unions, U.S. branches and agencies of non-U.S. banks, securities broker-dealers, investment advisers registered with the U.S. Securities and Exchange Commission, and money services businesses registered with FinCEN);
• Large operating companies that (1) have 21 or more full-time employees, (2) filed federal income tax returns with the United States in the previous year that demonstrated more than $5,000,000 in gross receipts or sales in the aggregate, and (3) have an operating presence at a physical office within the United States.
• Inactive entities that existed on or before January 1, 2020, but, among other requirements, are not engaged in active business and have not received or sent funds in an amount greater than $1,000; and
• Subject to exceptions, subsidiaries whose ownership interests are controlled or wholly owned, directly or indirectly, by one or more exempt entities.

By looking at who is required to report and who is exempted, we can note that the exempt companies tend to be publicly held, and as a result, they have significant public reporting requirements.  These companies are also large and have strong internal control requirements that make them much less likely to be used by potential terrorists and money launderers. 

If the rule applies to a company, there are specific reporting requirements: 

Reporting Company Information

• Full legal name and fictitious names (e., “doing business as” names).
• Address of the reporting company’s principal place of business.
• Jurisdiction of incorporation or formation (for both domestic and foreign reporting companies) and initial registration in the United States (for foreign reporting companies); and
• Taxpayer Identification Number (TIN).

Beneficial Owners & Company Applicant Information

• Full legal name.
• Date of birth.
• Current residential address; and
• Unique identifying number from an acceptable identification document (or, if information has already been provided to FinCEN, by a FinCEN identifier).

 

This list of information is fairly well known and has been established since the passage of the original UBO rule.  There are some changes in the definitions that change the overall approach that an institution should use: 

 

Beneficial Owner: Under the CTA, a “beneficial owner” of a reporting company is “any individual, who, directly or indirectly, either exercises substantial control over such reporting company or owns or controls at least 25 percent of the ownership interests of such reporting company.[1]

It is really the “control” prong of the regulation that has changed.  In the past, the rule called for inclusion of a single person with control, but the final rule calls for any and all persons who have control to be listed.

Substantial Control:  The Final UBO Rule’s broad definition of “substantial control” states that an individual exercises substantial control over a reporting company if the individual:

(A) Serves as a senior officer of the reporting company.

(B) Has authority over the appointment or removal of any senior officer or a majority of the board of directors (or similar body);

(C) Directs, determines, or has substantial influence over important decisions made by the reporting company, including decisions regarding:

1.       The nature, scope, and attributes of the business of the reporting company, including the sale, lease, mortgage, or other transfer of any principal assets of the reporting company.

2.       The reorganization, dissolution, or merger of the reporting company.

3.       Major expenditures or investments, issuances of any equity, incurrence of any significant debt, or approval of the operating budget of the reporting company.

4.       The selection or termination of business lines or ventures, or geographic focus, of the reporting company.

5.       Compensation schemes and incentive programs for senior officers.

6.       The entry into or termination, or the fulfillment or non-fulfillment, of significant contracts; or

7.       Amendments of any substantial governance documents of the reporting company, including the articles of incorporation or similar formation documents, bylaws, and significant policies or procedures.

 

These rules will take effect in January 2024, but reporting will first be due January 1, 2025.    There is a second part of the rule that is current out for public comment[2]   

 

There are several practical considerations for compliance when it comes to covered institutions.   For example:

 

·         Onboarding procedures should still require UBO information.  Covered institutions must ensure customers are in compliance with their own reporting requirements, perhaps adding a questions to onboarding that ask the customer to verify that they have been registered.

·         Consider enhancing written policies and procedures – remember the reason for the regulation is to help consider what the ownership of a company means when making a risk assessment

·         When ownership changes, the risk profile of the company may be impacted

 

 

 We will discuss these more in detail in our third installment of this series.

 

***James DeFrantz is Principal at Virtual Compliance Management.  For More information please visit our website at www.vcm4you.com ***

---

[1] 31 U.S.C.A. § 5336 (3)(A)(i)-(ii).

[2] Public service announcement- all rules that impact banking are published for comment. The regulators actually read these and consider them.  Taking part in the development of a regulation is a great idea!