Although compliance with the final rule isn’t required until May 11, 2018, credit unions have had since May 11, 2016 to begin their compliance with the amendments to the Bank Secrecy Act that relate to these four core elements:
- Identification and verification of customers;
- Identification and verification of beneficial owners of legal entity customers, subject to certain exceptions;
- Development of a customer risk profile through an understanding of the nature and purpose of the customer relationship, and
- Ongoing monitoring for reporting suspicious activity, and on a risk basis, maintaining and updating customer information.
Several of these elements are part of the existing customer identification program (CIP) rules, with others implied through suspicious activity reporting (SAR) requirements. The beneficial ownership identification requirement is new and not part of any existing rule.