Implementing CDD in light of the 50% OFAC rule

In today’s increasingly digital world, financial institutions are forced to understand the complex and shifting corporate ownership structures of partners and customers in order to protect their assets.

FinCEN reports that banks spent around $250 million on compliance efforts alone in the first year of implementation of the 2016 CDD rule. While these costs are huge, the risks of implementing these rules on existing systems and processes are even greater.

As regulators continue to tighten requirements around CDD, FIs need to amp up their game to proactively screen and monitor customers for risk without delaying onboarding and negatively impacting customer experience.

UBO under the revised rule

In 2014, the US Treasury Department’s Office of Foreign Assets Control (OFAC) revised its guidelines on Ultimate Beneficial Ownership with the 50% Rule for all covered Financial Institutions. The updated rule directs FIs to include aggregated ownerships in ascertaining whether the 50% rule applies to an entity.

Any entity that is 50% owned, either directly, indirectly or in aggregation by one or more blocked persons on the SDN list is deemed blocked/subject to sanctions. With the aggregation clause, FIs are required to track and identify all ultimate beneficial owners of an entity and not just those who meet the 50% threshold- a major challenge for compliance.

For example, if an entity is 25% owned by a blocked person A and 25% owned by blocked person B, then the entity is blocked, as 50% of the entity, in aggregation, is owned by blocked persons. In the case of an indirect ownership, if B owns 50% of C and 50% of B is owned by a blocked person A, both B and C are blocked. The new guidelines thus have a cascading effect automatically blocking subsidiaries in a chain.

The 50% OFAC rule marks the introduction of ownership structure into sanctions program which has thus far been limited to screenings albeit with the right lists and technology.

Challenges for compliance

Changing regulatory laws and sanction lists mean determining ownership relationships is not a one-time act.

Global ownership is complex and dynamic, spanning multiple countries and levels. Layers of leadership obscure the visibility of a company’s ultimate owner, or the owner’s owner. Lack of information pathways and authority to request this information further make compliance and reporting tricky.

Sanctioned people, many times, transfer ownership to family members and continue to retain control over the entity. According to Anders Rodenberg, an expert on OFAC Sanctions, 6.5M companies change ownership every month, 200,000 in a day and 9000 in an hour. He adds that, for a rigorous CDD, compliance should take into account the control aspect of entities/assets in addition to ownership.

CDD/KYC solutions should therefore support enhanced due diligence with custom monitoring programs for such high-risk customers. Any changes in customer data such as ownership should be actively monitored and accounted for in the risk profile/score. With analytics and predictive modeling, FIs can customize risk models for various customer types and dynamically update risk profiles throughout the customer life cycle.

The way ahead

As regulators raise the bar for sanctions compliance, organizations need to adopt a proactive risk based approach backed by technology to actively combat money laundering. Leveraging segmentation, RPA and analytics, FIs can better understand the nature/structure of ownership, and effectively identify suspicious transactions/entities while ensuring a smooth customer experience.