News

Credit unions that violate the U.S. Treasury Department’s customer due-diligence rule in the coming months while making “a good faith effort” to comply will not expose themselves to enforcement by their primary federal regulator.

In an Aug. 17 statement, the National Credit Union Administration announced that it may begin gauging implementation of the CDD rule as early as September, but would not consider unintentional breaches as “significant BSA violation[s]” until 2019.

“The NCUA recognizes that some credit unions may need additional time to implement changes and to fully comply with the new requirements,” NCUA Chairman J. Mark McWatters wrote in a letter accompanying the disclosure.

The rule, issued by the Treasury Department’s Financial Crimes Enforcement Network, or FinCEN, requires credit unions and other covered institutions to identify any individuals who own at least 25 percent of a legal entity that opened an account on or after May 11, and at least one person who manages the operations of the client in question.

Legal-entity clients that opened accounts before that date are generally exempted from the rule absent a triggering event, such as a change in ownership or a series of suspicious transactions.

Credit unions must also use any beneficial ownership data collected to comply with “other relevant regulatory requirements” and U.S. sanctions, according to the NCUA.

Some credit unions have reported that many customers ignored mailed requests for further ownership documentation, said Stephanie Lyon, senior counsel with the National Association of Federally-Insured Credit Unions.

The Office of the Comptroller of the Currency and other federal regulators have suggested in public speeches that they will also refrain from fully enforcing the rule during the first round of examinations since it took effect.

McWatters warned that the NCUA’s gradual approach towards ensuring compliance has no bearing on FinCEN’s enforcement strategy, which the bureau has not publicly disclosed.

FinCEN has pursued punitive actions against credit unions in recent years, levying a $300,000 penalty in 2014 against Florida-based North Dade Community Development Federal Credit Union for failing to report millions of dollars in suspicious transfers through accounts held by money services businesses.

In 2016, the bureau ordered the Bronx-based Bethex Federal Credit Union to pay $500,000 for failing to adjust its compliance program to account for a six-fold jump in transactional volume after onboarding 70 MSBs as clients in 2011 and 2012.

According to the NCUA, most of the 5,500 federally insured credit unions in the United States hold less than $100 million each.

About 3,000 of those institutions maintain a staff of five employees at most, according to the Credit Union National Association, a Washington, D.C.-based industry group.

FinCEN estimated in a 2015 assessment that the rule would require financial institutions to train staff, revise their policies and upgrade their information-technology systems to comply, and estimated that onboarding times could increase by up to 40 minutes for each legal-entity client.

The Credit Union National Association and other trade groups roundly rejected the bureau’s subsequent finding that the costs incurred as a result would not have a significant impact on the industry.

FinCEN and NCUA spokespersons did not respond to a request for comment by press time.