FinCEN, Don’t Put Credit Unions in the “Middle”
in Compliance & Regulatory
By: Nicola Foggie, NJCUL Vice President, Compliance and Regulatory Affairs

The objectives of a recent Financial Crimes Enforcement Network (FinCEN) rule that requires financial entities, including credit unions, to verify the identities of true account owners is commendable. Whether the regulation achieves those objectives may be another question.

FinCEN’s Customer Due Diligence (CDD) rule went into effect May of this year. It requires credit unions, banks, brokers and other financial entities to collect information about any individuals, who own or control companies, when those companies open an account. It also requires the institutions to include procedures in their anti-money-laundering program to understand the nature and purpose of the accounts, monitor them for suspicious activity and keep account information up to date.

FinCEN’s objective when they designed the rule was to enhance financial transparency. According to the agency, by identifying a legal entity’s beneficial owners, financial institutions can better understand and manage their anti-money laundering (AML) risks. And, more importantly, law enforcement and regulators can more easily combat money-laundering and other financial crimes.

Here's the rub – while the requirements of the rule appear to be reasonable and straightforward, implementation is clearly going to be cumbersome and costly to financial institutions. While larger credit unions may be able to easily absorb those costs and will have the staff and resources to execute, smaller credit unions will struggle with compliance.

This dilemma has not fallen on deaf ears, regulators gave financial institutions and other financial services companies a two-year implementation period between issuance of the final rule and its effectiveness.

Unlike FinCEN’s earlier rule, Customer Identification Program (CIP), which only applies when a new member opens an account, the CDD rule is account based. That means the information must be updated every time a new account is opened or when some other event triggers an update of the information that has been collected, for the life of the account.

The resulting costs to comply are anticipated to be significant. As with any preceding rule, with CDD, as regulators begin to review compliance with the rule, they will inevitably find shortcomings and gaps that result in supervisory and enforcement actions, requiring additional changes to policies, procedures and systems, so the costs of compliance to CDD may ultimately exceed current expectations.

Savvy credit unions will begin to purposefully consider the cost of compliance relative to the profitability of a member relationship and what financial services/solutions are offered. It would not be a stretch to see that credit unions wrestling with the compliance obligations of the CDD rule further diminish access to financial services for members that pose heightened anti-money laundering risk or are unprofitable — often due to factors beyond the members control.

That brings me to FinCEN placing credit unions and other financial entities squarely in the “middle”. While the information that is collected from members under the rule will surely add value to law enforcement, the process also creates an elaborate, expensive and complicated regulatory web, with credit unions, banks and financial services companies caught in the “middle” responsible for collecting and storing highly sensitive information from their members.

Some might say that this method is not only highly inefficient, but also is not the most effective way to obtain this critical information. One suggestion is to require companies to disclose their beneficial owners, as described under the CDD rule, at the time of incorporation or formation. The information could then be stored in a centralized registry within the government and made directly available to law enforcement and regulatory agencies, leaving financial entities out of it.

Lawmakers on both sides of the aisle are reportedly considering an AML reform bill. Let’s hope that any bill that gets enacted contains a provision to require companies to disclose the identities of beneficial owners at the time of incorporation. That would be a far more sensible approach than continuing to make credit unions, banks, brokers and asset managers, among others, the “middleman” in collecting and verifying the identities of beneficial owners.

Looking for compliance and audit solutions? Contact NJCUL’s Nicola Foggie at