In 2016, the Financial Crimes Enforcement Network (FinCEN) issued the “Customer Due Diligence Requirements for Financial Institutions” (CDD Rule). The CDD Rule amends existing Bank Secrecy Act (BSA) regulations, and is intended to clarify and strengthen customer due diligence requirements for certain financial institutions covered in the rule.

The CDD Rule outlines explicit customer due diligence requirements, and imposes upon the covered financial institutions a new requirement to identify and verify the identity of beneficial owners of legal entity customers (subject to certain exclusions and exemptions). These financial institutions then pass down these requirements to their service provider customers (e.g. Forte Payment Systems). The intent is for the legal entity merchant customer to identify its ultimate beneficial owner(s).


As stated above, the CDD Rule applies only to covered financial institutions. Covered financial institutions are federally regulated banks and federally insured credit unions, mutual funds, brokers or dealers in securities, futures commission merchants and introducing brokers in commodities. These institutions will have until May 11, 2018 to implement and comply with the CDD Rule requirements.

While Forte is not considered a covered financial institution under the rule, we adopt a risk-based approach in regards to relevant regulations and is subject to the requirements of our Originating Depository Financial Institutions (ODFIs) to comply with relevant regulations including the CDD Rule.

Legal Entity Merchant Customers

The CDD Rule requires covered financial institutions to establish and maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers. These procedures must enable the institution to identify the beneficial owners of each customer at the time a new account is opened, unless the customer is otherwise excluded or the account is exempted.

Pursuant to the rule, “legal entity merchant customers” include the following entities created by a filing with a state office or with a Secretary of State:

  • corporations
  • limited liability companies
  • limited partnerships
  • general partnerships
  • business trusts
  • any other entity created by a filing with a state office
  • any similar entities formed under the laws of a non-US jurisdiction

“Legal entity merchant customers” do not include:

  • natural persons
  • sole proprietorships
  • unincorporated associations, such as a local Girl Scout troop or a neighborhood association
  • trusts (other than statutory trusts created by a filing with a state office)


These legal entities are exempt from the CDD Rule:

  • State-regulated insurance companies
  • Publicly held companies listed on the New York, American, or NASDAQ Stock Exchanges
  • Registered investment advisers and investment companies
  • SEC-registered exchanges or clearing agencies
  • Entities registered with the SEC
  • Federal or state regulated financial institutions (e.g. federally regulated banks, brokers or dealers in securities and mutual funds)
  • Bank and savings and loan holding companies

Beneficial Owners

The CDD Rule defines a beneficial owner as each of the following:

  • each individual, if any, who, directly or indirectly, owns 25% or more of the equity interests of a legal entity customer (i.e. the ownership prong); and
  • a single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (e.g. a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or any other individual who regularly performs similar functions (i.e. the control prong). This list of positions is illustrative, not exclusive, as there is significant diversity in how legal entities are structured.

The following entities are exempt from the ownership prong under the CDD Rule:

  • NGOs, charities, and religious organizations (e.g. churches). In these cases, Forte will collect information relating to one person who has significant control over the entity for the control prong.

Required Information

For entities considered beneficial owners under the CDD Rule, Forte is required to collect the following information:

  • Name
  • Date of birth
  • Address
  • Social Security Number or other government identification number (e.g. passport number).


If an entity covered under the CDD Rule does not provide the required information, Forte will not open an account for that entity.

Note: While Forte is not required under the CDD Rule to collect Social Security Numbers from government agencies, we will collect that agency’s Tax Identification Number.
For entities sending data through REST:

  • When there are multiple owners, Forte will run a full check on the owner/controller which is captured on the first applicable column on the form.
  • For additional owners, OFAC requirements will be sufficient for verification.