Wednesday, July 24, 2024

May 2018 OBA Legal Briefs

  • Beneficial ownership rules update
  • Policies
  • Appraisals

Beneficial ownership rules update

By John S. Burnett

By the time you read this, the May 11, 2018, compliance date for FinCEN’s Beneficial Ownership requirements will be only a couple of days away or already have past. As you know by now, FinCEN issued a second set of FAQs on the Beneficial Ownership requirements and the rest of its Customer Due Diligence rule on April 3. And, as the compliance date looms closer and closer, the number of questions that we have fielded on the rule has grown ever larger.

In this article, I will address some of the questions we have handled most often, from Oklahoma bankers and others.

Under the rule, when a legal entity customer opens a new account on or after May 11, 2018, the bank must obtain from the legal entity customer the names and identity information of up to four beneficial owners of the legal entity and of an individual in control of the entity. The bank then has to verify the identities of those individuals and maintain records of the information supplied by the customer and of the bank’s verification.

To understand the rule, you have to know what types of customer relationships are covered, what constitutes a new account and what the terms “legal entity customer” and “beneficial owner” mean.

Accounts covered

What is an account under the Beneficial Ownership requirements? The list is exactly the same as the list of accounts covered by the Customer Identification Program (CIP) requirements. In fact, rather than provide a separate definition, the Beneficial Ownership rule says to use the definition in § 1020.100(a) of FinCEN’s regulations, which is the definition of account for purposes of the CIP rules.

A formal banking relationship established to provide or engage in services, dealings, or other financial transactions including a deposit account, a transaction or asset account, a credit account, or other extension of credit. Account also includes a relationship established to provide a safety [Sic; should be “safe”] deposit box or other safekeeping services, or cash management, custodian, and trust services.”

There are some exceptions to the definition. If there is no formal banking relationship established, there is no account. So, check cashing, wire transfers and sales of checks or money order aren’t “accounts.” Also excluded are accounts that the bank “acquires through an acquisition, merger, purchase of assets, or assumption of liabilities,” and accounts opened for the purpose of participating in an employee benefit plan under ERISA.

Related question: If your bank purchases a loan to a legal entity customer from an auto dealer, do you need to obtain beneficial ownership information on the legal entity customer?

Answer: It depends. If the dealer is the creditor and you purchased the loan, the transaction qualifies as a “purchase of assets” for exclusion from the definition of “account,” and won’t be subject to the beneficial ownership rules. But if the dealer extends the credit as your agent, the bank is the creditor, the loan transaction is an account under the CIP and beneficial ownership rules, and you will have to obtain a beneficial ownership certification from the legal entity customer.

New account

The beneficial ownership rule doesn’t apply to accounts opened before May 11, 2018 (you may need to obtain beneficial ownership information on some of these pre-existing accounts later). It applies to new accounts on or after May 11. It’s important to understand that FinCEN’s definition of “new account” doesn’t agree with a banker’s perspective. That’s because FinCEN considers loan renewals and renewal of auto-rollover certificates of deposit to be new accounts, too. On the other hand, bankers often refer to an extension of a safe deposit box lease as a renewal, but FinCEN has not said that a lease extension is a new account. That’s because there isn’t really a renewal involved. There is only a periodic payment on an “at will” lease.

If loan renewals and rollovers of CDs are new account events, does your bank need to obtain a new certification of beneficial ownership for each renewal or rollover if the account relationship is with a legal entity customer? Not necessarily! FinCEN created an optional “workaround” that you can use to avoid having to get a new certification with each rollover or renewal. You can have the legal entity customer sign a statement on or with the next certification (or a later certification if you don’t add it to the first certification after May 11) that the legal entity customer agrees to notify your institution if any of the information on the certification changes. That statement will allow that certification to cover the current and all future rollovers/renewals of the CD/loan until the legal entity customer notifies you the information has changed or until your bank has reason to believe that it’s no longer correct.

Without the statement, you will need a new certification of beneficial ownership at each rollover/renewal of the account.

Legal entity customer

The beneficial ownership requirements only apply to a “legal entity customer” as that term is defined in the regulation. A legal entity customer is a—

  • Corporation
  • Limited liability company (LLC)
  • Other entity created by the filing of a public document with a Secretary of State or similar state office, including a business trust, or any similar entity formed under the laws of a foreign jurisdiction
  • General partnership
  • Limited partnership

“Legal entity customer” does not include a sole proprietorship (including a sole proprietorship of spouses, when allowed under state law, who have not formed a partnership), an unincorporated association, or natural persons opening accounts on their own behalf. A trust (other than a statutory or business trust created by a public filing with a Secretary of State or similar office) is also not a legal entity customer.

Excluded entities. There is also a lengthy list of specific exclusions from the definition of legal entity customer in § 1010.230(e)(2) of the regulation. The list includes businesses that are legal entities that are subject to federal or state regulation and information on their beneficial ownership and management is available from federal or state agencies. You should review that section of the regulation for the complete list, but I’m highlighting here three groups in that list, because of the numbers of questions we have received about them.

The first group of excluded entities includes financial institutions regulated by a federal functional regulator (Federal Reserve Board, OCC, FDIC, NCUA, etc.), banks regulated by a state banking regulator, bank holding companies, and savings and loan holding companies.

The second group includes state-regulated insurance companies. These are companies that issue insurance policies, not insurance agencies that sell those policies.

And the third group are “persons” that are exempt from CTR filing requirements under § 1020.315(b)(2) through (5) of FinCEN’s regulations. These are commonly referred to as “phase one” CTR exemptions, which include:

  • Any department or agency of the United States, of any State, or of any political subdivision of any State. This includes federal agencies, a state, the District of Columbia, a tribal government, state agencies, county, city or local government bodies, public school districts, etc.
  • An entity established under federal, state or local law or under an interstate compact between two or more states, that exercises governmental authority
  • Any entity other than a bank whose common stock or other equity interests are listed on the New York Stock Exchange, American Stock Exchange or whose common stock or equity interests have been designated as a Nasdaq National Market Security (with exceptions noted in the rule) and subsidiaries of such entities at least 51% owned by such entities.

If any of the excluded entities opens a new account with your institution, you are not required to obtain beneficial ownership information from them.

Beneficial owner

There are two “prongs” in the regulation’s definition of “beneficial owner,” the ownership prong and the control prong.

Ownership: An individual who owns, directly or indirectly, 25% or more of the equity interest in the legal entity customer. Direct ownership means the individual’s equity interest in the legal entity is not through another entity such as a trust, corporation, LLC, etc. Indirect ownership means that the individual is an owner of an entity that is an owner of the legal entity customer.

Example 1: John Jones, Mary Smith and Harry Comick each own 1/3 of ABC Inc. John, Mary and Harry are direct owners, each with a 33-1/3% interest, and each would be a beneficial owner of ABC Inc.

Example 2: DEF LLC is 50% owned by DEF Inc. and 50% owned by Jones & Smith, Inc. There are no individuals with direct ownership of DEF LLC. The sole owner of DEF Inc. is Harry Comick; Mary Smith and John Jones each own half of Jones & Smith, Inc. Therefore, Comick, Smith and Jones are (indirect) beneficial owners of DEF LLC. Harry Comick owns all of DEF Inc. and its 50% ownership of DEF LLC, so he is a 50% beneficial owner of DEF LLC. Mary Smith and John Jones each own half of Jones & Smith, Inc., and its 50% ownership of DEF LLC, so they are each 25% beneficial owners (50% of 50%) of DEF LLC.

There may be so many individual owners (directly or indirectly) that none of them owns 25% of your legal entity customer. In such cases, there would be no individuals identified as a beneficial owner under the ownership prong. And, because 25% ownership is the threshold for listing a beneficial owner, there won’t be more than four such individuals under the ownership prong.

Some banks may have adopted a risk-based policy of identifying individuals with less than 25% ownership (for example, they may use an ownership percentage threshold of 20% or 10%), and they may list more than four beneficial owners under the ownership prong. Such banks are exceptions. The regulation requires that the threshold can’t be greater than 25%, and most banks will use the 25% threshold.

If a trust owns directly or indirectly 25% or more of a legal entity customer, the regulation requires that the trustee (one trustee if there is more than one) of the trust be listed as the beneficial owner (labeled as trustee), and you don’t need to get any other information on owners of the trust.

If an excluded entity (one listed in § 1010.230(e)(2), discussed earlier) is a direct or indirect owner of 25% or more of the legal entity customer, no individual needs to be identified as a beneficial owner with respect to the excluded entity’s ownership.

Beneficial owners may be, but do not have to be, signers on the account being opened or other accounts of the legal entity customer.

There are two “special cases” in the regulation for which you aren’t required to obtain ownership prong information from a legal entity customer:

  • A pooled investment vehicle operated or advised by a financial institution that’s not an excluded entity under § 1010.230(e)(2), because ownership of these vehicles is so fluid and frequently changing that it’s impractical to track.
  • Any legal entity that is established as a nonprofit corporation (or similar entity) and has filed organizational documents with the appropriate state authority, since such entities don’t have owners. Approval as a charity under IRS rules is not a requirement.

Legal entity customers fitting either of those “special case” descriptions must, however, provide the name of a control-prong individual (see below).

Control: The rule also defines as a beneficial owner under the control prong a single individual with significant responsibility to control, manage, or direct the legal entity customer. Examples in the regulation include an executive officer or senior manager (chief executive officer, chief financial officer, chief operating officer, managing member, general partner, president, vice president, treasurer) or other individual who regularly performs similar functions.

The title of the individual is not important (although it is one of the pieces of information to be collected); the individual’s duties or responsibilities for the legal entity customer are what matters. In the case of a local office, store or branch (not a franchisee) of a larger company, the control prong individual won’t be a local manager. He or she should be someone at the corporate level with control, management or direction responsibilities.

The individual identified under the control prong may be, but does not have to be, a signer on the account, and may or may not be an owner of the entity.

Two-part process

The legal entity customer (the individual opening the account) is to provide the names and identity information for the individuals identified under the ownership and control prongs of the rule. The information to be supplied includes the same information you are to collect on an individual open a new account under the CIP rules:

  • Name (and title for control-prong individual)
  • The individual’s residential or business street address (the same rules applicable to the CIP address requirement apply here)
  • Date of birth
  • Identifying number (SSN for U.S. persons; SSN, passport number and issuing country, or other similar number, including an alien ID card number or the number and issuing country of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard).

The representative of the legal entity customer must certify, to the best of his/her knowledge, the completeness and accuracy of the information provided.

The bank is required to verify the identity of the individuals listed in the certification. The bank is not required to make its own inquiry into the beneficial ownership of the entity unless it has information leading the bank to doubt the completeness or accuracy of the information provided.

The bank’s verification of the identity of the individuals should use methods similar to those used in the bank’s CIP (the same rules describing the resources to be used apply to both CIP and Beneficial Ownership). They don’t have to be identical processes. For example, you are permitted under the Beneficial Ownership rules to accept a copy of an ID document, and you cannot use a consumer report (as defined under the Fair Credit Reporting Act), because you don’t have a permissible purpose to pull such a report under these rules. You may use identity-verification services that provide information that isn’t a consumer report.


You are required to obtain a certification of beneficial ownership at or prior to the time the new account is opened. This includes renewal or rollovers of loans and auto-rollover CDs (but see the “workaround” discussion under “New accounts” earlier in this article).

If the legal entity customer does not provide a certification of beneficial ownership at or prior to opening the account, the account should not be opened. There is no grace period. If you aren’t able to get a certification of beneficial ownership at or before a loan renewal or CD rollover, you should not complete the loan renewal or CD rollover unless an earlier certification included the statement described in the “workaround” discussion and you don’t have information calling the earlier certification into question.

Ideally, the bank’s verification of identities will also be completed before the new account is opened. However, you can permit it to be completed within a reasonable time after the new account is opened. You should keep that reasonable time as short as possible.

If you are unable to verify the identity of an individual listed as a beneficial owner (ownership or control prong), you must take steps to check the information supplied by the legal entity and other reasonable extra steps (including, perhaps, contacting the individual owner(s)) to complete the verification. If the extra steps still don’t complete the verification of identity, your bank should have a procedure in its program for closing the account, when possible. At minimum, no renewal or rollover of the account should be permitted until verification of identity of the owner(s) can be completed.

Form, format and content of certification

You do not have to use the form in Appendix A to § 1010.230. The Appendix A form is not a “safe harbor” form. Its principal purpose is to indicate the information that is to be supplied by the legal entity and to indicate the need for a certification of that information. It also includes instructions to the legal entity’s representative that you should consider including in whatever form and format your bank uses.

You can collect the beneficial ownership information from the legal entity in any way you wish as long as you are able to document the certification and comply with the recordkeeping requirements of the rule, which are virtually identical to those applicable to CIP records.


By Andy Zavoina

Before your eyes begin to glaze over I need to explain to you why I am writing about policies your bank must have (and those it should have). There are few “required” policies and many, many more policies your bank should have based on what your bank does in the marketplace. Policies provide direction to staff, typically from senior management and the board of directors. They are based on the goals of the bank, its strategic plan for where it wants to be in the future and how it wants to get there. Policies answer questions.

An examiner or consultant may suggest the bank have a policy on a topic for one of three reasons:

  1. It is a requirement in a law or regulation.
  2. It would be good to have this guidance because this issue comes up frequently.
  3. It would be good to have this guidance because this issue comes up infrequently, but the risks due to non-compliance are high.

Here is the impetus for this article, and it is IMPORTANT. The Department of Justice (DOJ) has sued an auto dealer because it repossessed one vehicle without a court order. It was aware of the borrower’s military status, but it had no Servicemembers Civil Relief Act (SCRA) policy. The DOJ maintained that, absent a policy and procedures, the lender does not know if it has violated the law other times. Although there has been only one complaint, DOJ is proceeding as though there is a pattern or practice of violations.

For years bankers have heard that examiners want banks to have a policy addressing the SCRA. National banks have been told to expect exams on the SCRA each time examiners are in the bank. Many banks have told me they have very few or no SCRA designated loans. This puts the need for a policy pertaining to the SCRA in category three above.

I must ask those banks: Without a policy or procedures, how does a bank employee know when a customer calls and mentions “active duty” or “joining the service” or anything similar, whether the whole account relationship needs to be flagged as subject to SCRA protections? How does the bank know before it implements a repossession order or foreclosure proceedings whether a borrower is protected under the SCRA? Policies and procedures are called for because they can guide employees to listen for buzzwords about being in the service, to search the military database to verify SCRA protected status, to recognize that the protections on a vehicle are different than those on a mortgage and to understand that an overdraft and a safe deposit box may also be subject to SCRA protections.

What about banks that do very little business with servicemembers? I recently asked a banker if her bank had a National Guard unit nearby, and she answered “Yes.” So, they have a lot of National Guardsmen but few active duty military. Bear in mind that in April 2018, the Defense Secretary signed an authorization, as requested by the president, for up to 4,000 National Guard troops to be activated for border security. These guardsmen will be activated but likely for short periods of time. Many guard units could be activated to protect the border on a rolling basis.

Revisiting the definition of “military service” in the SCRA and commentary I have added from my teaching documents, National Guard and military service includes, “service under a call to active service authorized by the President or the Secretary of Defense for a period of more than 30 consecutive days under section 502(f) of title 32, United States Code, for purposes of responding to a national emergency declared by the President and supported by Federal funds (normally Title 32 activation is not for more than 30 days and often Title 32 is not considered military service);”

Each bank would need to be familiar with the orders, but these Guardsmen will be paid by federal dollars based on what I have read and are being called up by the president and there is a good chance that if they serve more than 30 days they could be entitled to these SCRA protections. This means it is an excellent time to revisit the SCRA if the bank has not done so recently.

The March 28, 2018, case that prompted this article is United States vs California Auto Finance (CAF), Case No. 8:18-cv-00523. CAF is a large sub-prime lender in Southern California and the southwest. The suit alleges CAF repossessed a servicemember’s car after being made aware the borrower was in the service.

Andrea Starks purchased a car in Glendale, AZ in September 2015. She made her first payment in October 2015 which was pre-service and meets the requirements for SCRA protection. She enlisted in April 2016 and reported for active duty on May 9, 2016, the same day her vehicle was repossessed. Two days after enlisting she provided CAF with a copy of her orders. She would not have been protected as a reservist being called to active duty based on receipt of her orders, but rather when she met the definition of “military service” which, in this case, would be when she was paid by the government. Had the vehicle been repossessed the day before, Starks would not have been technically protected. CAF sold the vehicle on or about May 25, 2016.

This was the single complaint against CAF made by Starks to the DOJ in November 2016. There were no other complaints against CAF mentioned. In describing the violations committed by CAF, the DOJ explains the facts it reviewed in its investigation, which began in December 2016.

  • The Defense Manpower Data Center (DMDC) is a free database allowing lenders to determine is a person is protected under the SCRA. The CAF did not verify her status prior to repossessing the vehicle. (It would be interesting to know if Starks would have been shown as currently serving, being her first day.) Regardless, CAF had already been given a copy of Starks orders by Starks herself.
  • This was pre-service debt under the SCRA.
  • No court order was obtained prior to the act of repossessing the vehicle.
  • The CAF believed at the time, and still as of this court filing, that only deployment orders would have provided protections to a servicemember. (This is incorrect. It is the act of serving, whether that be in the continental United States or overseas.)
  • The CAF had and still has no policies or procedures to provide staff with SCRA compliance guidance.
  • Because of a demonstrated lack of knowledge and guidance (the policy or procedures) the DOJ stated they “may have repossessed motor vehicles without court orders from other servicemembers” and as such viewed this as a pattern or practice of violating the SCRA protections and requirements of the SCRA. This means that Starks and other servicemembers have suffered damages.
  • The actions of CAF were “intentional, willful, and taken in disregard for the rights of servicemembers.”

This case begs for a discussion on the requirement for having a policy and procedures. Of the three reasons stated above, the SCRA would fit under reason two or three because there is no legal requirement for a policy in the Act. Examiners have been urging banks to create them and to ensure that repossession and foreclosure procedures are expressed, trained on and followed under the SCRA rules. Some banks may have resisted creating such documents because it would be one more thing to keep up with and they didn’t feel it was needed because it wasn’t required, and the low volume of accounts did not demand it. The DOJ might be accused of practicing regulation by enforcement. In many cases however, a servicemember can be viewed as close to a protected person under fair lending laws as any minority because they do have unique rights that lender must be aware of. The fact that the lender violated the law, expressed a misunderstanding of the requirements, and demonstrated no desire to immediately remedy the issues it created did not help. The CAF did not create a policy or procedures to provide guidance or repossession requirements and it did not attempt to replace the vehicle or compensate Starks when the problems came to light.

It is important to note the fact that the CAF is not being penalized because it did not have an SCRA policy which is not legally required; it is being pursued because it incorrectly interpreted the SCRA requirements, had no guidance information from which to operate, and did not attempt to correct those deficiencies after it was being investigated for violations. Another important note is that “ignorance is not bliss.” Because there was no policy or procedures to follow, CAF could not say it has tracked or provided special handling for SCRA protected loans. Even though there was only a single complaint against CAF, its own lack of knowledge is forcing the CAF to prove it is innocent on multiple counts of a violation. There is no evidence proving this repossession and sale was part of a pattern or practice, but the CAF cannot prove otherwise. Whether you agree with the DOJ position or not, the CAF will pay to settle this claim or pay to prove its innocence.

In Part 2 to this article, I’ll provide a list of key bank policies and discuss how policies can be written and kept current.


By Andy Zavoina

On April 2, 2018, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency issued a final rule that increased the threshold for commercial real estate transactions requiring an appraisal from $250,000 to $500,000.

Originally the 1994 figure of $250,000 was going to be raised to $400,000 but it was determined that the $500,000 limit would further reduce the regulatory burden and the number of transactions requiring appraisals while not exposing the loans to excessive risk.

The bank may now use evaluations for those loans up to the new limit if desired. Evaluations can provide the market value of real estate that will secure a loan while avoiding the need for a formal appraisal prepared in accordance with the Uniform Standards of Professional Appraiser Practices (USPAP). They do not have to be completed by a state licensed or certified appraiser. Evaluations can both expedite the loan process and reduce costs when commercial real estate is involved.

Note that this change is for commercial accounts and not loans for 1-4 family residential properties.