The US Department of the Treasury FinCEN (Financial Crimes Enforcement Network), has issued final rules under the Bank Secrecy Act to clarify and strengthen customer due diligence requirements for financial institutions. Payrix is not a covered financial institution as defined by the regulation, however, Payrix’ Sponsor Banks are covered financial institutions and have therefore cascaded the Customer Due Diligence (“CDD”) Rule to Payrix prior to opening a merchant account.
The CDD Rule, which amends Bank Secrecy Act regulations, aims to improve financial transparency and prevent criminals and terrorists from misusing companies to disguise their illicit activities and launder their ill-gotten gains. The CDD Rule clarifies and strengthens customer due diligence requirements for U.S. banks, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in Commodities. The CDD Rule requires these covered financial institutions identify and verify the identity of the natural persons (known as beneficial owners) of legal entity customers who own, control, and profit from companies when those companies open accounts. The CDD Rule has four core requirements. It requires covered financial institutions to establish and maintain written policies and procedures that are reasonably designed to:
identify and verify the identity of customers
identify and verify the identity of the beneficial owners of companies opening accounts
understand the nature and purpose of customer relationships to develop customer risk profiles
conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information
With respect to the requirement to obtain “beneficial ownership” information, financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity. This is referred to as the two-prong approach. As noted, Beneficial Ownership has 2 prongs: an “ownership prong” and a “control prong.” With limited exceptions (see “Variants and Exceptions” section below), Payrix must perform due diligence on each of the following 2 types of individuals associated with merchant accounts.
Beneficial Owner(s) (“ownership prong”):
Each individual, if any, who, directly or indirectly , through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a merchant. A drill-down through several layers of legal entities may be needed to determine each individual that meets this threshold.
At minimum, the following information about the individual(s) must be collected, verified and screened:
Legal name
Date of birth
Address
Social security number (SSN) [For non-U.S. persons without an SSN or ITIN, their foreign passport number and country of issuance or similar identification]
Individual with Significant Responsibility (“control prong”):
An individual with significant responsibility for managing the merchant and/or significant responsibility to enter the company contractually with Payrix, such as an executive officer or senior manager (e.g., Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, Treasurer, or any other individual who regularly performs similar functions). At minimum, the following information about the individual must be collected, verified and screened:
Legal name
Date of birth
Address (residential or business street address)
Social Security Number (SSN) [For non-U.S. persons without an SSN or ITIN, their foregin passport number and country of issuance or similar identification]
Title
Note:
At times, the same individual could fulfill 2 or more of the roles above.
A merchant may have as few as zero or as many as four individuals who fulfill the ownership prong, but at least one individual is required under the control prong.
Beneficial Owners are sometimes referred to as “Ultimate Beneficial Owners” (UBOs).
The full 9-digit SSN is required for a U.S. person.
For non-U.S. persons without a U.S. SSN or Individual Taxpayer Identification Number (ITIN), obtain a current, non-expired foreign passport number and country of issuance, alien identification card number, or reference number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photo or similar safeguard.
The collection of the % beneficial ownership of each individual representing the “ownership prong” (Beneficial Owners with 25%+ ownership) is required by Payrix
If a non-statutory business trust directly or indirectly owns 25% or more of a legal entity, the trustee(s) is deemed the Beneficial Owner.
Variants and Exceptions
The following types of merchants are subject to alternate requirements, as described below:
Sole Proprietors
Nonprofits
Excluded Legal Entities (e.g., government entities, certain publicly traded corporations, financial institutions)
Firearms Merchants (see compliance guide here for requirements).
A. Sole Proprietors
The following information about the sole proprietor must be collected, verified and
OFAC/MATCH screened:
Legal name
Date of birth
Residential Address
Social Security Number (SSN) [For non
B. Nonprofits
Nonprofit corporations or similar entities such as charitable, not-for-profit, nonstock, or public benefit corporations that have filed organizational documents with the appropriate state authority are excluded from the “ownership prong” (only) requirements.
Legal name
Date of birth
Address (residential or business street address)
Social Security Number (SSN) [For non
C. Excluded Legal Entities
Certain legal entities that are subject to significant regulatory oversight are excluded from BOTH the “ownership prong” (Beneficial Owners with 25%+ ownership) and “control prong” (Individual with Significant Responsibility) requirements. “Excluded Legal Entities” include:
U.S. government entities
U.S. publicly traded corporations (and their wholly owned subsidiaries) that are
listed on the New York, American, or NASDAQ stock exchanges (only)
Regulated U.S. financial institutions, including their holding companies
U.S. state regulated insurance companies
Public accounting firms registered under section 10 2 of the Sarbanes-Oxley Act
Entity or Business Type | Information Required On | Data Required | Notes |
Sole Proprietorship (one single owner) | | | Sole Proprietorships can only have one owner |
Partnership, Limited Liability Company | | | It is possible for an owner to also satisfy the obligation of Controlling Authority in the business |
Private Corporation | ownership interest, and controlling authority (only one individual required) | | |
Tax Exempt (e.g. NPO, Political Campaign) | | | Tax Exempt entities must be grated tax exempt status from the IRS via a 501(c)(2)(3) form |
Government Entity | | | Applies to Federal, State, and Local |
Publicly Held Companies (US Only) | | | A US Publicly Traded entity that trades on a US Stock Exchange such as the Nasdaq or NYSE. Underwriting must capture the Company’s Ticket Symbol |
Federal or State Regulated Financial Institutions | | Full Name Title Business Address DOB (optional)
| A Corporation Entity type, whether Public or Private, can also be a Financial Institution. If the FI is regulated by a Federal o State regulator, the entity is exempt from providing personal details (example: full name and title) |
Non-Federal or Non-State Regulated Financial Institution | | | If the Financial Institution is not regulated by a Federal or State Regulator, all KYC/CIP data elements must be obtained. |