FinCEN Eases Beneficial Ownership Requirements Under CDD Rule

FinCEN has issued an order granting exceptive relief from the longstanding requirement that covered financial institutions (CFIs) identify and verify the beneficial owners of legal entity customers every time a new account is opened. CFIs now need to collect and verify beneficial ownership information once per customer and then update it only when risk or new information warrants. While CFIs must still comply with all other Bank Secrecy Act (BSA) and anti-money laundering and counter-financing terrorism (AML/CFT) obligations, the new order represents an easing of the requirements established by FinCEN’s Customer Due Diligence regulation (the 2016 CDD rule) regarding the diligence CFIs must perform on legal entity customers as part of AML/CFT programs. Companies should consider whether it makes sense to maintain stricter past compliance practices or revise current policies to fit the new rules based on an individualized risk assessment.

What Has Changed?

Under the CDD rule, CFIs were required, for each legal entity customer (e.g., corporations, limited liability companies, and partnerships), to identify the beneficial owners under both the ownership and control prongs, collect required information (name, address, date of birth, and Social Security number or other permitted identification number), and verify the identity of each beneficial owner, all “at the time a new account is opened[.]” In practice, this required collection at every new account opening, even for established customers that frequently opened additional accounts.

The order granting exceptive relief is part of FinCEN’s implementation of the Corporate Transparency Act (CTA), which directs FinCEN to revise the 2016 CDD rule, and a broader federal effort, reinforced by Executive Order 14192 (Unleashing Prosperity Through Deregulation), to reduce regulatory burdens that provide limited incremental AML/CFT benefit beyond initial, risk‑based due diligence. CFIs are no longer required to reidentify and reverify beneficial owners each time a legal entity customer opens another account. Instead, they must identify and verify beneficial owners in the following three situations only:

1. Initial Relationship: When a legal entity customer first opens an account with the institution.  
2. Reliability Concerns: Any time thereafter when the institution has knowledge of facts that would reasonably call into question the reliability of previously obtained beneficial ownership information.  
3. Risk-Based Triggers: As needed based on the institution’s risk-based procedures for ongoing customer due diligence, including monitoring and periodic updates.  

Outside of these three scenarios, repeat collection and verification of beneficial ownership information at every account opening is no longer required.

Who Is Covered?

The relief applies to CFIs which include, among others:

• Banks;  
• Broker-dealers in securities;  
• Mutual funds; and  
• Futures commission merchants and introducing brokers in commodities.  

The relief applies with respect to “legal entity customers” (e.g., corporations, LLCs, general partnerships, and similar entities formed by filing with a secretary of state or equivalent authority), subject to existing exemptions. It does not alter the existing exemptions and limitations.

Ongoing Obligations Remain

The exceptive relief does not change the core elements of an AML/CFT program. CFIs must still:

• Maintain a written AML/CFT program that includes risk-based customer due diligence procedures, including beneficial ownership procedures.  
• Conduct ongoing monitoring to: (i) identify and report suspicious activity; and (ii) maintain and, on a risk basis, update customer information, including beneficial ownership information.  
• Comply with all applicable program, recordkeeping, and reporting requirements under the BSA and its implementing regulations.  

Importantly, when a risk-based trigger arises:

• Institutions may rely on previously obtained beneficial ownership information if the customer certifies or confirms (verbally or in writing) that the information remains accurate and up to date; and  
• The institution must maintain a record of that certification or confirmation (including a record of verbal confirmations).  

If the customer cannot confirm accuracy, or the institution has reason to doubt the information, the institution must reidentify and reverify the beneficial owners in accordance with the CDD rule.

Discretion to Exceed the Minimum Requirements

FinCEN is not prohibiting institutions from implementing and adhering to stricter practices.

• Institutions may decide to continue to collect and verify beneficial ownership information at each account opening if a more frequent practice aligns with risk appetite and internal policies.  
• The extent to which an institution uses this exceptive relief is within its discretion, provided its approach is consistent with its risk-based AML/CFT program and other legal obligations.  

Practical Implications and Next Steps for Covered Financial Institutions

1. Policy and Procedure Updates. CFIs should revise their customer due diligence and account opening procedures so that beneficial ownership information is collected and verified at initial account opening and recollected or reverified when reliability concerns arise or risk-based triggers from ongoing monitoring warrant such action. CFIs should also establish clear thresholds for when employees must escalate and reconfirm or update beneficial ownership information.  
2. Risk-Based Framework Enhancements. CFIs should strengthen their risk-rating methodologies to ensure higher-risk legal entity customers are subject to more frequent review and potential reverification, and clearly define the specific events — such as unusual transaction activity, negative media, ownership or control changes, or major structural changes — that will trigger review.  
3. Documentation and Recordkeeping. CFIs should implement controls to record customer certifications or confirmations (including verbal confirmations) that previously provided beneficial ownership information. This is a best practice to ensure recorded information remains accurate, and to document the rationale when a CFI decides not to refresh beneficial ownership information at new account openings where risk considerations remain relevant.  
4. Training and Communication. CFIs should train front-line staff, relationship managers, and compliance personnel on the scope and application of the new exceptive relief, how to handle customer confirmations going forward, and when to escalate the need for updated beneficial ownership information. Compliance personnel and legal should work on efforts to communicate these changes to frequent legal entity customers to streamline the account opening process while reinforcing robust monitoring and adhering to AML controls.  
5. Coordination With CTA Framework. CFIs should coordinate their internal beneficial ownership practices with emerging beneficial ownership information reporting frameworks under the CTA to avoid unnecessary duplication and ensure consistency between internally maintained and externally filed ownership information for each account.