Blog
Learn the strengths, weaknesses, and best practices of an institution’s beneficial ownership program.
Financial institutions may be familiar with conducting Bank Secrecy Act/Anti-Money Laundering (AML) risk assessments, but the recent raft of Beneficial Ownership-focused regulations, standards and recommendations demands a deeper, more granular examination of new and existing clients. Know Your Customer (KYC) due diligence not only means identifying and verifying a client’s identity, but any Beneficial or Ultimate Ownership by using reliable, timely independently sourced documents, data and information rather than relying on self-certification. Multiple Beneficial Ownership definitions and thresholds, as well as delays to the creation of central data registries, add to the compliance challenge.
Financial institutions therefore need a well-designed integrated Beneficial Ownership management program demonstrating that “all reasonable measures” have been exhausted to meet regulatory obligations and successfully manage compliance risk.
For many organizations, Beneficial Ownership may not have been a mandatory element in customer identification/onboarding processes and therefore not highlighted as a key factor in existing customer risk models.
It is also likely that Beneficial Ownership data management obligations and controls were not considered as a separate factor in the overall compliance risk assessment. Conducting an enterprise-wide AML risk assessment is crucial to identifying potential gaps in existing controls, policies, procedures, and processes. The risk re-assessment should also consider how the Beneficial Ownership/UBO risk is being managed and controlled throughout the entire compliance program including policies, procedures, risk ranking, customer due diligence, reporting, record keeping, ongoing monitoring, internal controls, and auditing.
Risk assessments not performed, documented, or shared with other business units
Ineffectual policies and procedures
Reliance on manual input (re-keying errors)
Poor communication between front line and compliance staff
Inadequate AML risk rating
Lack of AML risk “ownership”
Costly and burdensome remediation cycle
Poor staff training
Follow the FATF AML Framework
The program should manage the full Beneficial Ownership data governance life cycle and should be integrated into each component of the entire compliance program including policies, procedures, risk management, due diligence, reporting, record keeping, training, culture, independent testing, and audit.
Embrace a Risk-Based Approach
Implement a reasonable risk assessment process to evaluate how the Beneficial Ownership data as a factor would impact the customer risk profile as well as the overall enterprise-wide compliance and audit risk assessment. The risk level elevation should lead to a deeper due diligence, requiring a higher level of approval and closer monitoring, testing, and auditing.
Utilize a Combination of the Best Available Mechanisms
Adopt a combination of these mechanisms, which include customer self-certification, integrating/cross referencing with the registry, or reputable third-party Beneficial Ownership data with the addition of adverse media and open source findings for enhanced due diligence.
Centralize the Enterprise-wide Beneficial Ownership Structures to Meet Compliance and Business Needs
Actively pursue and develop the capability to share and obtain the Beneficial Ownership information across the enterprise and associated affiliates. Ideally, this should allow automated regulatory reporting based on self-configured ownership.
Consistent and updated identification of regulatory risks/obligations
Collaboration between stakeholders
Clearly defined processes for data collection, identification, and verification as well as triggers for refreshing and reviewing
An escalation process if information is missing or inaccurate
Creation of a comprehensive risk-scoring model
Effective executive and departmental sponsorship
Access to Beneficial Ownership data through a central data repository
Adopting these best practices will help stakeholders demonstrate to auditors and regulators that “all reasonable measures” have been utilized, and risks uncovered by increased Beneficial Ownership scrutiny have been successfully mitigated.
The information provided in articles are suggestions only and based on best practices. Dun & Bradstreet is not liable for the outcome or results of specific programs or tactics undertaken based on your use of the information. Please contact an attorney or financial/tax professional if you are in need of legal or financial/tax advice.
There are multiple Contact Forms popups in the page. Only one Contact Form popup could be present on single page. Please reconfigure Contact Forms and refresh the page.