On May 11, 2016 the Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) published final rules (81 FR 29397-29458) under the Bank Secrecy Act to clarify customer due diligence requirements for Banks; brokers or dealers in securities; mutual funds; and futures commission merchants and introducing brokers in commodities.
Unlike most other federal agencies where they've taken the approach to provide guidelines or inferred expectations around customer due diligence, these rules contain explicit customer due diligence requirements.
FinCEN makes the case that there are four core elements of customer due diligence (CDD):
- Customer identification and verification (already a requirement)
- Beneficial ownership identification and verification (required by the new final rule)
- Understanding the nature and purpose of customer relationships to develop a customer risk profile (implicitly required already and will now be explicitly required by the new final rule)
- Ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information (implicitly required already and will now be explicitly required by the new final rule)
These four core elements are also good basic guidelines for any global business, regardless of industry, with third party relationships. Companies that fail to maintain an adequate level of oversight of their third parties risk conducting business with people and entities that do not share their same values for integrity. This can lead to relationships that end with compliance failures that could damage the company's reputation and in some instances result in criminal/civil penalties.
A good third party due diligence program will include these basic elements:
- Written policy with Executive level support
- Third Party verification and screening against denied party/restricted party lists as well as for adverse media events
- Desktop procedures that include when, what and how a third party is to be on-boarded and for how an existing third party relationship is to be monitored (for changes in their risk profile)
- Red Flags awareness and a process for handling Red Flags as they arise
- Prioritization of third parties by level of risk and categorization by required levels of due diligence (low, moderate, high)
Global Compliance Solution Group (GCSG) is well versed in assessing and implementing corporate third party due diligence programs. If you have any questions or needs in this area please contact us directly at firstname.lastname@example.org or +1-225-229-2984.
The final rules become effective on July 11, 2016 and covered institutions must fully comply by May 11, 2018.
- Third Party - means customers or intermediaries that conduct business on a company's behalf with persons outside of the company and encompasses those contracted in both sales and supply channels.
- Intermediaries - may include joint venture partners, consortium partners, agents, advisor (e.g. legal, tax, financial, consultant, lobbyist), supplier, vendor, service provider (e.g. communications, logistics, storage, brokers, forwarders, etc.) or distributor/reseller.