By Osvaldo Torres, Shareholder, Torres Law PA; Reid Thomas, Executive Vice President, NES Financial; Steven Lechter, Associate Attorney, Torres Law PA
Any new commercial enterprise (NCE) that is an issuer of EB-5 securities (EB-5 Issuer) should understand and comply, as applicable, with the so-called “know your customer” (KYC) rules. Although the KYC rules principally apply to banks and other financial institutions, Issuers should not be surprised if their escrow bank imposes some of their obligations on them.
Under the KYC rules, banks and other financial institutions are subject to certain regulations promulgated by the Financial Crimes Enforcement Network (FinCEN), a bureau of the Department of Treasury. One primary law that governs these banks is the Currency and Foreign Transactions Reporting Act of 1970 as amended by the PATRIOT Act of 2001. This law, along with a set of affiliated laws, became known collectively as the Bank Secrecy Act (BSA). The BSA places several obligations on the part of financial institutions to ensure that its customers are not committing fraud, terrorism, or other similar crimes through their bank accounts.
Financial institutions’ obligation to comply with FinCEN regulations may be categorized into two main components: Customer Identity Protection (CIP) and Customer Due Diligence (CDD).
CIP is the “fact-checking” prong of the obligation. Under CIP, financial institutions must essentially run a background check on potential new account holders. They generally will collect information from the customer’s driver’s license or passport to ensure the identity of the individual.
CDD concerns itself with monitoring customer account behavior. It deals more with tracking the customer’s account use once the account is opened. As part of CDD protocol, the financial institution must create a customer risk profile when the customer opens an account. The factors that go into the profile are institution-specific; the institution may choose to include categories such as location of customer, type of business or employment of customer, and type of account. The institution would also take into account new circumstantial information, as appropriate, that reflects on the customer’s risk profile. For example, the institution would note if it saw that the customer was suspiciously sending wire transfers for no apparent reason, or rapidly changing its volume of transactions.