Trulioo GM: FinCen, Technology And ID’ing Beneficial Owners

Customer due diligence rules are changing via FinCEN, with a focus on identifying and monitoring beneficial owners. Trulioo GM Zac Cohen notes that the nuances in making sure that FIs are on the “up and up” — and short circuiting bad actors — go far beyond just finding out who owns 25 percent or more.

The Financial Crimes Enforcement Network’s (FinCEN's) customer due diligence (CDD) final requirements take effect on May 11.

The rules, put forth by FinCEN two years ago, mandate that financial institutions (FIs) adopt more robust customer due diligence procedures.

Among the most significant changes, firms must collect and report information tied to beneficial owners. When it comes to identifying those beneficial owners (sometimes abbreviated to BO), the FI must also identify owners of legal entity customers, spanning limited liability corporations and partnerships both general and limited, among others.

In an interview with PYMNTS’ Karen Webster, Zac Cohen, general manager of Trulioo, explained some of the potential that lies behind the requirements of the latest guidance, which trace back to the Bank Secrecy Act.

Cohen explained that beneficial owners are classified as individuals who own — directly or indirectly — at least 25 percent of an entity via equity stakes. Alternatively, beneficial owners might be individuals who have significant responsibility to control, manage or direct those firms.

With the new rules in place, Cohen noted that financial institutions are assisting U.S. government agencies in efforts to detect and prevent money laundering, including terrorist financing.

In recent years, he remarked to Webster, the publication of documents, such as those known collectively as the Panama Papers, shows how individuals have been able to obfuscate their identities and bury ownership stakes deep within opaque corporate structures.

Opaqueness means that bad actors have the cover they need to conduct illicit activities, at times for financial gain.

For financial institutions, then, the caution and the questions revolve around: Just who are you doing business with?

Cohen noted that FinCEN’s final CDD rule is a confluence of the old and the new, at least in terms of business practices.

“The old is that you have a risk-based approach for consumer identification. There is also codification of … event-based monitoring of behavior,” he said.

As for what is new, he told Webster, it’s a matter of really digging deep into who owns these legal entities with which an FI does business.

“Those processes,” he added, “can go down a variety of rabbit holes.”

When venturing down those rabbit holes, technology proves a useful guide, he noted. Otherwise, if processes are done manually, firms can incur significant costs through satisfying the mandates of the most well-intentioned regulations.

Webster queried: How ready are firms to embrace more robust CDD mandates — and how might they get ready?

In reference to the regulators, Cohen said that when they enforce and impose these new rules, the attempt is always to look at the impact from a holistic point of view.

“The regulators say, ‘okay, all these financial institutions are currently doing X and Y and how can we help them take that to the next level without totally replacing all the infrastructure [of] all the processes they have in place?’”

The result is that FIs can work within the parameters of their existing customer identification programs.

But there is a wrinkle, Cohen noted. “Where things get interesting is: How do you manage this for an international customer base?”

Verifying data is challenging enough; doing so on a global scale is even harder.

The May 11 regulation now represents a new baseline of FinCEN’s final rule, but FIs need to look back and appreciate the spirit of the rule, which aims to create a safer environment that protects businesses.

As Cohen put it, “Why not take the extra step and look at someone who is in the network and is going to be a high-risk situation?”

Considering the 25 percent threshold, noted both Webster and Cohen, there are, of course, individuals who might have (much) smaller stakes than the 25 percent threshold, and still be bad actors.

Cohen said a deeper analysis of what he termed second, third and fourth levels of ownership may uncover suspicious behavior. He explained that there can be multiple legal entity structures. Consider an FI that encounters one legal entity, which is 50 percent-owned by another legal entity: CDD efforts must dig relatively deep to find out who the trustees are and who owns which slices of those entities.

“Just because someone doesn’t have 25 percent ownership right at the top, you are going to want to look at that, because it’s almost suspicious to begin with, that you have multiple levels of beneficial owners,” he said.

Of his own firm, Trulioo, he stated that the company seeks to ensure that onboarding and implementation of beneficial owner review and business verification are simplified.

He added that “you’re better to go to the absolute max in terms of creating the safest environment possible without sacrificing your user experience, removing friction and having these things automated.”



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.