Skip Nav

Beneficial Ownership-Existing Bank Requirements

Articles
FAQs

Question: We are opening a campaign account for a local government position. Is this account subject to Customer Due Diligence Beneficial Ownership rules? If so, do we collect information under both the ownership and control prongs, or only the control prong? What if the campaign committee files a DR-1 with the Iowa Ethics Board?

Answer: Generally, most campaigns are exempt from the beneficial ownership requirements. The beneficial ownership rule applies only to legal entity customers and the rule defines a “legal entity customer” as “a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account.” Thus, the beneficial ownership rules applicability would depend on the entity structure of the campaign committee.

Most campaign committees are not created by a filing with the Secretary of State. Campaign committees are neither specifically included in the definition nor are they listed in the exemptions. There are rare occasions where campaign committees have a formal structure that would cause them to be a “legal entity customer.” However, those instances are few and far between. So, while this is something to be aware of, if the campaign committee is not a legal entity, it would not be subject to beneficial ownership rules – neither the ownership nor the control prongs.

A campaign filing a DR-1 with the Iowa Ethics Board does not inherently make a campaign committee a “legal entity customer.” Rather, the Ethics Board helps keep the campaign committee in line with relevant rules and regulations.

Question: If an estate owns 25% or more of a legal entity, is the executor(s) of the estate considered a “beneficial owner” under the BSA’s Beneficial Ownership rules?

Answer: Yes, the executor would be considered a beneficial owner of the estate under the ownership prong, and if the executor has the responsibility to control, manage or direct the legal entity, may also be listed under the control prong. The IBA reached out FinCEN to confirm this. FinCEN indicated the executor would be considered a fiduciary parallel to the trustee in FinCEN FAQ 19 and 20, provided in part below, and therefore should be listed as the beneficial owner in place of the trustee in the ownership prong, and if applicable, in the control prong as well.

If a trust owns directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner for purposes of the ownership/equity prong is the trustee, regardless of whether the trustee is a natural person or a legal entity.

In circumstances where a natural person does not exist for purposes of the ownership/equity prong, a natural person would not be identified. However, a covered institution should collect identification information on the legal entity trustee as part of its CIP, consistent with the covered institution’s risk assessment and the customer risk profile. In addition to the ownership/equity prong, covered financial institutions are also required to identify and verify a natural person as the beneficial owner of the legal entity customer under the control prong to comply with the Rule.

The ownership/equity and control prongs, although related, are independent requirements. Thus, satisfaction of, or exclusion from, regulatory obligations under one prong does not mean a covered financial institution’s obligations under the other prong are also satisfied or excluded.

Question: What are the requirements for covered financial institutions to collect beneficial ownership information?

Answer: The CDD Rule requires covered financial institutions to establish and maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers. These procedures must enable the institution to identify the beneficial owners of each customer at the time a new account is opened, unless the customer is otherwise excluded or the account is exempted. Also, the procedures must establish risk-based practices for verifying the identity of each beneficial owner identified to the covered financial institution, to the extent reasonable and practicable. The procedures must contain the elements required for verifying the identity of customers that are individuals under applicable customer identification program (“CIP”) requirements. (See 31 CFR 1020.220(a)(2), 31 CFR 1023.220(a)(2), 31 CFR 1024.220, and 31 CFR 1026.220(a)(2) for applicable CIP requirements.) In short, covered financial institutions are now required to obtain, verify and record the identities of the beneficial owners of legal entity customers.

Question: Are covered financial institutions required to include the procedures for identifying and verifying the identity of the beneficial owners of legal entity customers in the institution’s AML compliance program?

Answer: Yes. The CDD procedures must be included in the covered financial institution’s AML compliance program.

Question: Who is a beneficial owner?

Answer: The Rule defines beneficial owner as each of the following:

  • Each individual, if any, who, directly or indirectly, owns 25 percent or more of the equity interests of a legal entity customer (i.e., the ownership prong); and,
  • A single individual with significant responsibility to control, manage or direct a legal entity customer, including an executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President or Treasurer); or any other individual who regularly performs similar functions (i.e., the control prong). This list of positions is illustrative, not exclusive, as there is significant diversity in how legal entities are structured.

Under this definition, a legal entity will have a total of between one and five beneficial owners (i.e., one person under the control prong and zero to four persons under the ownership prong).

Question: Are covered financial institutions required to obtain information directly from the beneficial owners of legal entity customers?

Answer: No. The Rule requires financial institutions to obtain information about the beneficial owners of a legal entity from the individual seeking to open a new account at the covered financial institution on behalf of the legal entity customer. This individual could, but would not necessarily, be a beneficial owner.

Question: How is “account” defined in the CDD Rule?

Answer: In order to maintain consistency with CIP, FinCEN added to the CDD Rule the same definition of the term “account” that is in the CIP rules for banks, brokers or dealers in securities, mutual funds and futures commission merchants and introducing brokers in commodities.

Question: We understand the BSA Beneficial Owner provisions are triggered each time a legal entity customer opens a “new account.” We also understand an account is defined as, “a formal banking relationship established to provide or engage in services, dealings, or other financial transactions including a deposit account, a transaction or asset account, a credit account, or other extension of credit. Account also includes a relationship established to provide a safety deposit box or other safekeeping services, or cash management, custodian, and trust services.” We have read an interpretation of the rule which indicates, based on the underlined statement above, when a service is added to an existing deposit account such as ACH origination, business online banking, remote deposit capture, etc., that the requirement to collect, verify and certify beneficial owners status is triggered. Is that true?

Answer: Thankfully, no. For clarification, the IBA reached out to FinCEN for guidance. FinCEN’s Regulatory Hotline indicated that the addition of a service, while considered an “account” under CIP, does not trigger the beneficial ownership requirement as the addition of a service does not constitute a “new account” under the rule.

Should you have further questions related to this topic or other Beneficial Owner rule provisions, contact FinCEN’s Regulatory Hotline at 800-949-2732 or enter your question online at www.fincen.gov/contact.

Question: What types of information are covered institutions required to collect on the beneficial owners of legal entity customers?

Answer: As with CIP for individual customers, covered financial institutions must collect from the legal entity customer the name, date of birth, address and social security number or other government identification number (passport number or other similar information in the case of foreign persons) for individuals who own 25 percent or more of the equity interest of the legal entity (if any), and an individual with significant responsibility to control/manage the legal entity at the time a new account is opened.

Question: What types of individuals satisfy the definition of a person with “significant responsibility to control, manage or direct a legal entity customer?”

Answer: Under the Rule, a legal entity must provide information on a control person with “significant responsibility to control, manage or direct the company.” The rule also provides examples of the types of positions that could qualify, including “[a]n executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President or Treasurer).” FinCEN’s expectation is that the control person identified must be a high-level official in the legal entity, who is responsible for how the organization is run, and who will have access to a range of information concerning the day-to-day operations of the company. The list of positions is illustrative, not exclusive.

Question:  How do we decide who to list for the Control prong and are we limited to just one person?  Who should we list…the CEO, President, CFO, etc.?

Answer:  First, the bank is not responsible for determining the individual(s) who qualify as the Beneficial Owner(s) under the control and ownership prongs. It is the responsibility of the person opening the account on behalf of the legal entity to identify these individuals.   So, the bank may rely on the information that is provided by the person opening the account for the legal entity.  The examples of individuals who meet that definition of a Beneficial Owner with control that are provided in the rule are CEOs, Presidents, CFOs, senior managers, and directors. The person opening the account must provide at least one person who exercises significant control over the legal entity, but is not limited to just one person.

Question: Our trust department is named as trustee for several trusts. The trusts are not created by a filing with the Secretary of State, but they do have EINs. When a new account is opened for one of these trusts, does the trust department need to complete a beneficial ownership form?

Answer: No. Trusts that are not created by a filing with the Secretary of State are entirely exempt from the beneficial ownership requirements. Trusts that are created by a filing with the Secretary of State, statutory trusts, are legal entities and are subject to the requirements of beneficial ownership.

Question: Please settle a debate at our bank. I believe the Beneficial Ownership rules do not apply to accounts opened by a school district because government entities are exempt from the rule. However, I have co-workers who believe we still have to identify who is in “control” of the legal entity. Please clarify.

Answer: You both could be correct! The correct response depends upon the type of school opening the account – is the school a public school? A private for-profit school? Or a private not-for-profit school?

  • A public school district is exempt from the rule entirely under the government exemption. The government exclusion applies to “any entity established under the laws of the United States, of any State, or of any public subdivision of any State or under in interstate compact between two or more States, that exercises government authority on behalf of the United States or in any such State or political subdivision.” In other words, if your school district has the ability to tax, they are exempt from beneficial ownership rule requirements as well as CIP and other BSA requirements.
  • A private school, a legal entity formed under the laws of the State in which it is located and registered with the Secretary of State, is subject to the Beneficial Owner rule, but the information you must collect from the school is based upon whether or not the private school is a for-profit or not-for-profit legal entity:
    • If the school operates as a not-for profit entity, the bank should verify the school’s not-for-profit status with the IRS. Once verified, the partial exemption can be applied and the bank need only collect and retain information under the control prong for the school.
    • However, if the school is a for-profit entity, there are no exemptions or exclusions and the full beneficial ownership rule applies. In other words, treat a for-profit school just like any other legal entity, obtaining required information under both the ownership prong (if any one individual owns 25% equity interest or more) and the control prong.

Question: Existing customers as beneficial owners of new legal entity customer accounts: If an individual named as a beneficial owner of a new legal entity account is an existing customer of the covered financial institution subject to the financial institution’s CIP, is a covered financial institution still required to identify and verify the identity of this individual, or may it rely on the CIP identification and verification of the individual that it previously performed? (FinCEN Question 7)

Answer: In general, covered financial institutions must identify and verify the identity of the beneficial owner(s) of legal entity customers at the time each new account is opened. However, if the individual identified as the beneficial owner is an existing customer of the financial institution and is subject to the financial institution’s CIP, a financial institution may rely on information in its possession to fulfill the identification and verification requirements, provided the existing information is up-to-date, accurate, and the legal entity customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information. For example, a representative of X Corp opens a new account for the company at a covered financial institution and identifies John Doe, who has a personal account at the institution, as a 25 percent equity owner of X Corp. As required under the CIP rule, the institution identified and verified John Doe’s identity at the time the personal account was established. In this situation, a covered financial institution may rely on the pre-existing CIP identification and verification information it maintains for John Doe, provided that X Corp’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing information on John Doe in order to comply with the Rule. The covered financial institution’s records of beneficial ownership for the new account could cross-reference the relevant CIP records and the verification of information would not need to be repeated.

Question: Multiple sets of beneficial ownership certification documents: If a covered financial institution has updated the beneficial ownership information on the account(s) of a legal entity customer, and subsequently a new account is opened on behalf of the same legal entity customer, is the institution required to retain all sets of beneficial ownership documentation, thereby retaining up to three sets of information: the original set collected at account opening, the updated set, and a third, a duplicate of the second (updated) set for the new account? (FinCEN Question 9)

Answer: Yes. Covered financial institutions are required to retain all beneficial ownership information collected about a legal entity customer. Identifying information, including the Certification Form or its equivalent, must be maintained for a period of five years after the legal entity’s account is closed. (See 31 CFR 1010.230(i)(2)). However, all verification records must be retained for a period of five years after the record is made. Therefore, whether a financial institution must retain a set of identification or verification records is dependent upon the date an account is opened and closed, or the date a record is made. For example, if a covered financial institution relies on pre-existing beneficial ownership information in its possession as true and accurate identification information when opening a new account for a legal entity customer, the financial institution should maintain the original records, and any updated information, including a record of any verbal or written confirmation of pre-existing information (for example, as described in Questions 7 and 10), until five years after the closing of the new account in order to comply with the recordkeeping requirements in the regulation. Covered financial institutions must also retain a description of every document relied on for verification, any non- documentary methods and results of measures undertaken for verification, as well as the resolution of any substantive discrepancies discovered in identifying and verifying the identification information for five years after the record is made.

Question: Certification when a single legal entity customer opens multiple accounts: If a legal entity customer opens multiple accounts at a covered financial institution (whether or not simultaneously), must the financial institution identify and verify the customer’s beneficial ownership for each account? (FinCEN Question 10)

Answer: Generally, covered financial institutions must identify and verify the legal entity customer’s beneficial ownership information for each new account opening, regardless of the number of accounts opened or over a specific period of time. However, an institution that has already obtained a Certification Form (or its equivalent) for the beneficial owner(s) of the legal entity customer may rely on that information to fulfill the beneficial ownership requirement for subsequent accounts, provided the customer certifies or confirms (verbally or in writing) that such information is up-to-date and accurate at the time each subsequent account is opened and the financial institution has no knowledge of facts that would reasonably call into question the reliability of such information. The institution would also need to maintain a record of such certification or confirmation, including for both verbal and written confirmations by the customer.

Question: Are covered financial institutions required to collect or update beneficial ownership information on customers with accounts opened prior to May 11, 2018, the Rule’s applicability date? (FinCEN Question 13)

Answer: Financial institutions are not required to conduct retroactive reviews to obtain beneficial ownership information from customers with accounts opened prior to May 11, 2018. The obligation to obtain or update beneficial ownership information on legal entity customers with accounts established before May 11, 2018, is triggered when a financial institution becomes aware of information about the customer during the course of normal monitoring relevant to assessing or reassessing the risk posed by the customer, and such information indicates a possible change of beneficial ownership.

Question: Are financial institutions required to have their legal entity customers certify the beneficial owners for existing customers during the course of a financial product renewal (e.g., a loan renewal or certificate of deposit)?

Answer: It depends. On September 7, 2018, FinCEN issued FIN-2018-R004 which provided exceptive relief under the Beneficial Ownership rule for:

  • Rollover of certificates of deposits (CD) which meets their definition (has a specific maturity date, cannot be withdrawn during term without penalty, and cannot add additional funds);
  • Renewal, modification, and extension of a loan that does not require underwriting review and approval;
  • Renewal, modification, extension of a commercial line of credit or credit card account that does not require underwriting and approval; and
  • Renewal of a safe deposit box.  For accounts not meeting these requirements, covered financial institutions are required to obtain information on the beneficial owners of a legal entity.

Question: Question No. 7 in FinCEN’s 2018 FAQ series indicates, if an individual who has been identified as a beneficial owner is already a bank customer and has already had his or her identity verified under the bank’s CIP procedures, the bank may elect to rely on information already on file to verify that person’s identity provided the existing information is accurate and up-to-date and the legal entity customer’s representative confirms the accuracy of the information on file. If we do rely on information already on file, how are the record retention requirements adjusted?

Answer: The record retention requirements are not “adjusted;” rather they remain the same. Banks are required to retain all information collected about a beneficial owner for each “new account”, even if that information duplicates information already on file. Information used to identify a beneficial owner must be retained for five years after the account is closed. Verification information must be retained for five years after the record is made.

If a bank relies on information already on file for a beneficial owner, it must take steps to ensure that information is retained for the appropriate length of time related to each account that is established. For example, if an account is opened on June 1, 2018, and the bank relies on identification information on file in its CIP records for a beneficial owner, it must document that fact and retain those identity verification records for a period of five years after each account was opened. Therefore, for the new account just opened, the bank would need to retain that information through June 1, 2023. If the same legal entity opens another account on Nov. 1, 2019, and again, the bank is able to rely on identification information on file in its CIP records for a beneficial owner because the information is accurate and current, the bank would again document that fact and those verification records must now be maintained until after Nov. 1, 2024. Some record retention systems may find this “moving target” end date a challenge to maintain.

Question: Our loan software provider has recently released an update which includes an option for lenders to choose to include a statement such as “Certification of Accuracy of Prior Certification” for when a Beneficial Ownership certification was previously obtained. The statement gives specific details on the name of the person opening the account, the legal entity and the date of the previously obtained certification. It then has verbiage that the beneficial ownership information is “complete and correct as of today” and goes on to state that the customer should notify the bank of changes since the prior certification. It seems like this might be a good short cut for our lenders to use in satisfying this rule. Is that correct? If our bank chooses to use this alternative option instead of obtaining a new Beneficial Ownership form each and every time a new account is opened, what are the risks related to doing so?

Answer: Due to the timing and certification requirements of the rule, this would not constitute a short-cut for your lenders and in fact could create violations of the BSA if proper steps were not taken to ensure the information is accurate and up-to-date for each new account opened. The bank is responsible for compliance when the rule is triggered and cannot just rely on the customer to notify them of changes. So let’s review the requirements briefly.

First and foremost, it is the bank’s responsibility to ensure Beneficial Ownership information has been collected, verified, and certified at account opening and remains up-to-date with every new account opened on or after May 11, 2018 by a Legal Entity Customer (LEC).

If the beneficial owner identified is an existing customer, the bank can allow the representative of the LEC to certify the information on file is accurate and up-to-date and can do so verbally or in writing, but documentation of this certification would be imperative to prove compliance with the rule.  If the bank would choose to use this language embedded in the note, the bank will still need to implement procedures to ensure the LEC representative confirms and verifies the identification information previously relied on is unexpired and still accurate. This would require bank personnel to provide to the representative the information currently on file so they can determine its accuracy. If the identification documentation has expired or been updated since the prior certification, the LEC representative would be required to provide updated information and then certify to its accuracy.

In addition, if the bank decides to use such statement, the bank’s BSA policy and/or procedures should address when it can be utilized and how bank personnel will confirm and document the LEC representative certified the accuracy of the previously obtained Beneficial Ownership identification information. Once policy and/or procedures have been set, bank personnel must be appropriately trained and ongoing monitoring should take place to ensure bank personnel are following the policy/procedures. During a review or exam when the bank is relying on such statement, the bank should be ready to supply the prior certification with all supporting documentation as well as the “re-certification” to evidence compliance with the rule.

The bank may also want to consider how it will handle other non-loan accounts, for example a checking account, when the beneficial owner(s) identified is an existing customer. Would the bank request a new certification form or document the accuracy in some other fashion (for example, initials on the prior certification form)? It might be best to have this practice consistent between loan and other account types, especially if bank personnel could assist a client with either a loan or a deposit product. Consistency between the two may reduce the risk of errors. Another consideration is the trigger for when and how this statement is added to the note. The bank would only want the language added on loans when the identified beneficial owner(s) is an existing LEC.

Record retention may also be a challenge. If the bank chooses to use the verbiage within the Note, the note would need to be retained for a minimum of 5 years from when the legal entity’s account is closed. Record retention could get slightly messy due to the fact that the accuracy of prior certification is kept outside of the actual certification.

Ultimately, the decision to use or not use what the software provider has supplied as an alternative is a risk-management decision. Regardless, the bank is responsible for demonstrating compliance with the Beneficial Ownership rules.

Question: If there is a discrepancy (for example, address discrepancy) when Beneficial Ownership information is gathered for a new account, are we required to resolve the discrepancy? If we are required to resolve the discrepancy, when should it be resolved and what is required for resolution and documentation?

Answer: Yes, the discrepancy is required to be resolved. The discrepancy must be resolved prior to the account being opened or within a reasonable time after the account is opened to ensure the Beneficial Owner’s true identity is known. Consult your bank’s BSA Policy/Procedures or Beneficial Ownership program for timing requirements related to identification verification. Documentation of the substantive discrepancy and resolution of the discrepancy must be maintained for five years after the record is made.

For the resolution and documentation requirements, review your bank’s BSA Policy/Procedures to determine how to resolve and document that the discrepancy has been resolved. If the bank’s BSA Policy/Procedures do not include how to resolve and document the resolution of the discrepancy specifically for a Beneficial Owner and this information is not contained in a separate Beneficial Ownership document, consider adding this to the BSA Policy and/or Procedures to ensure bank staff are consistent with their process. The bank’s resolution to the discrepancy may be similar to the Customer Identification Program, but the BSA Policy/Procedures should specifically address this for Beneficial Owners.

If the discrepancy involves an existing customer and the bank feels the discrepancy was already resolved, ensure documentation was previously received and maintained to resolve this discrepancy. It might be advantageous to document how the previous discrepancy was resolved on your Beneficial Ownership form. If the discrepancy involves a new customer, review your bank’s BSA Policy/Procedures to determine what documentary or non-documentary evidence is required. Follow the bank’s policy and procedures for documenting and retaining discrepancy resolution.

Question:  For the beneficial owner rule, if we are only changing signers on the account and not changing the account itself, do we need to re-verify beneficial owners?

Answer:  Section 1010.230 which covers the Beneficial Owners Rule states that the FI must obtain the beneficial owners information (individuals owning 25% or more of the legal entity and person with control) for each new account opened by a covered FI by a legal entity customer on or after the applicability date. However, the second part of the CDD Rule requires FIs to establish a system of internal controls to ensure ongoing compliance; independent testing for compliance conducted by appropriately trained independent personnel; designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance; provide training to appropriate personnel; and develop/implement appropriate risk-based procedures for conducting ongoing customer due diligence to include, but not limited to, conducting ongoing monitoring to identify and report suspicious transactions and on a risk basis, to maintain and update customer information.  The part underlined is the new requirement under BSA. Customer information includes beneficial owners of legal entity customers and the person with control.  Based on this requirement, the bank should at a minimum review the information and update their records if changes to the beneficial owners has occurred.

Question: Please share the website for the Legal Entity Identifier.

Answer:  The website address for the centralized database of the legally entities who are registered is found at www.lei-identifier.com/leicert/. However, remember that completion of the Legal Entity Identifier field is not required. Also, since legal entities are not required to register and obtain this identifier, many will not be found in the database. The bank may choose to remove this field or leave it blank on the certification form.

Question:  Do Beneficial Owners need to be checked against the OFAC list?

Answer:  OFAC requires the bank to block accounts and transactions of persons appearing on the Specially Designated Nationals and Blocked Person List. This includes any entity that is at least 50% owned, in the aggregate, by at least one blocked person, regardless of whether the entity is listed. Since it is possible that one or more of the Beneficial Owners could be a blocked person and their ownership share could total 50% or more, it is in the bank’s best interest to OFAC checks on Beneficial Owners in order to reduce the risk that it would enter into a transaction with an individual on the Specially Designated Nationals and Blocked Person List.

Question:  Should I update my existing Customer Identification Program (CIP) to add Beneficial Owner requirements or create a separate CIP for Beneficial Owners?

Answer:  The rule provides banks lots of flexibility in this area.   You can either add Beneficial Ownership provisions to your existing CIP or create a separate CIP program for entities and Beneficial Owners. Either is permitted under the rule so do what you think will work best for your organization!

Question: Is there a requirement to have written procedures for complying with the beneficial ownership portion of the customer due diligence rule, or can we just demonstrate compliance via our forms and systems?

Answer: The bank must develop written risk-based procedures to ensure compliance and the Rule provides flexibility in doing so. The bank may choose to use a certification form similar to the form in Appendix A of §1010.230 which can be utilized to both collect and certify the information. Based on risk, the procedure should provide the steps required for a new legal entity customer and an existing legal entity customer. Consider including specific procedures for personnel to follow in the case of renewals and the requirement to reconfirm previously obtained beneficial ownership information. Additionally, the bank’s procedures may address relying on information the bank has collected on an existing customer through its Customer Identification Program (CIP). FinCEN’s FAQ #7 states when a bank’s existing customer is a beneficial owner of a legal entity, the bank may rely upon CIP identification and verification documentation it has on file. To do so the legal entity customer’s representative must certify or confirm (verbally or in writing) that the documentation/information is up-to-date and accurate.

Based on the common scenario of multiple agricultural or commercial purposed loans being completed throughout the year, the burning question many bankers are asking is “must we go through the entire process for existing legal entity customers”? Question 10 of the FinCEN FAQs reminds us that “yes” banks need to identify and verify the beneficial ownership information for each new account opening. “However, an institution that has already obtained a Certification Form (or its equivalent) for the beneficial owner(s) of the legal entity customer may rely on that information to fulfill the beneficial ownership requirement for subsequent accounts, provided the customer certifies or confirms (verbally or in writing) that such information is up-to-date and accurate at the time each subsequent account is opened and the financial institution has no knowledge of facts that would reasonably call into question the reliability of such information. The institution would also need to maintain a record of such certification or confirmation, including for both verbal and written confirmations by the customer.”

Tools