FinCEN Provides Additional Guidance on Customer Due Diligence Requirements for Covered Financial Ins

Legal & Regulatory Update

FinCEN Provides Additional Guidance on Customer Due Diligence Requirements for Covered Financial Institutions, Issues COVID-19 Cyber Advisory

August 10, 2020


The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) released additional frequently asked questions (FAQs) about customer due diligence (CDD) requirements for covered “financial institutions” under the Bank Secrecy Act. The CDD Rule applies to financial institutions including banks, broker-dealers, mutual funds, futures commission merchants, and introducing brokers in commodities. These three new FAQs supplement FinCEN’s 2016 and 2018 FAQs. FinCEN has proposed, but has not yet adopted, an anti-money laundering rule for investment advisers. FinCEN recently moved this rule from its short-term regulatory agenda to its long-term agenda. The IAA opposes an AML rule for advisers because advisers do not hold client assets. Nevertheless, for advisers with voluntary AML programs, these FAQs cover the following topics:


  • Collecting Customer Information. The FAQs address the initial and ongoing collection of information about customers, including through media searches, and the collection of information about underlying transacting parties. Covered financial institutions are expected to adopt policies, procedures, and processes to determine whether and when, based on risk, to update customer information to ensure information is current and accurate.


  • Customer Risk Profile. The CDD Rule does not require covered financial institutions to use any specific method or categorization to establish a customer risk profile. Firms should have an understanding of the financial crime risk of their customers to develop customer risk profiles in sufficient detail to identify significant variations among customers. There are no prescribed risk profile categories.


  • Monitoring and Updating Customer Relationships. The CDD Rule does not require covered financial institutions to update customer information continuously or on a specific schedule, but firms may, on the basis of risk, choose to review customer information on a regular or periodic basis. Updating customer information is risk-based and results from normal monitoring. A covered financial institution must update customer information if it becomes aware as a result of its monitoring of a change in customer information that is relevant to assessing the risk posed by the customer.


FinCEN COVID-19 Advisory. FinCEN has also released a COVID-19 advisory relating to cybercrime and cyber-related crime. The advisory describes 20 financial red flag indicators of cybercrime and cyber-enabled crime that is exploiting the pandemic, including targeting and exploitation of remote platforms and processes, phishing, malware, extortion, and business email compromise schemes. Other FinCEN COVID-19 advisories are available here.   


TAGS: AMLCoronavirus, COVID-19, FinCEN

Latest Edition

Issue_September2021.jpgRead our Latest Print Edition


Regulatory Proposals

See Upcoming Regulatory Proposals

Compliance Dates

See Upcoming Compliance Dates

IACCP Certification & Training

See the 2021 Training Schedule








SEC COMMISSIONER PEIRCE KEYNOTE AT 2021 IAA COMPLIANCE CONFERENCE–In her keynote conversation with IAA President & CEO Karen Barr, SEC. Commissioner Hester Peirce discussed her concerns about recent agency initiatives involving climate change and ESG initiatives and other challenges facing the SEC.

MORE IAA VIDEOS – including sessions with SEC officials at our 2021 Compliance Conference and videos on Diversity, Equity & Inclusion – are on our VIDEOS page.