In issuing its final rule on beneficial ownership, the Financial Crimes Enforcement Network (FinCEN) exempted charities and nonprofit entities from the ownership prong of the requirement, but not the control prong.

The rule, Customer Due Diligence Requirements for Financial Institutions (81 FR 29398, May 11, 2016), which became effective July 11, 2016, creates explicit customer due diligence requirements for banks and other financial institutions and includes a new requirement to identify and verify the identity of beneficial owners of legal entity customers. FinCEN exercises its regulatory authority under the Currency and Foreign Transactions Reporting Act of 1970 (Bank Secrecy Act), as amended by the USA PATRIOT Act. The BSA authorizes U.S. Treasury to require financial institutions to keep records and file reports that “have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism,” the rule explains.

Under the rule, a beneficial owner is defined as (1) each individual, if any, who directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a legal entity customer; and (2) a single individual with significant responsibility to control, manage, or direct a legal entity customer. The fist part is known as the “ownership prong” and the second as the “control prong.”

All nonprofit entities, regardless of tax-exempt status, are excluded from the ownership prong of the requirement. This was based on the recognition that nonprofits do not have ownership interests. As such, they are only required under the rule to identify an individual with significant responsibility to control, manage, or direct the customer. To qualify for this exclusion, the organization must be established as a nonprofit corporation or similar entity and have filed its organizational documents with the appropriate state authority as necessary.

FinCEN believes that identifying and verifying an individual under the control prong is “not an onerous requirement, and understands from its outreach that in the cases of many nonprofits such an individual is already identified to the financial institution as a signatory,” the rule states.

Despite receiving comments urging it to permit covered financial institutions to take a risk-based, rather than categorical, approach to the identification and verification requirements, FinCEN decided to require categorical application of the requirement. The agency believes that this approach “will reduce illicit actors’ opportunities to slip into the financial system by masking their legal entities with markers indicative of a low risk profile,” the rule states.

Read the full text of the rule here.