KYC Requirements for high volume small 401(k) Plans

[Guest bankcompliancemanager]

I work as a Compliance Manager for a large custody bank. We are the trustee and custodian for approximately 17,000 small 401(k) plans recordkept by a reputable recordkeeping shop. (As you've probably assumed, we don't custody the assets on a "participant or a plan level - it is one omnibus account in the recordkeeper's name). The plans are on a standardized prototype sponsored by the recordkeeper. It was recently discovered that a formalized KYC program was never put into place for these plans. We do sign a standardized trust agreement with all plan sponsors since we are trustee for their plans - (the plan sponsor is required to sign and a bank officer also signs). Each new client is required to complete a "Plan Application" as mandated by the recordkeeper. The Plan Sponsor must provide the official company name, address and EIN on the Plan Application. The new clients also (obviously) provide account statements so the plan can be converted to the new recordkeeper. My question is: are we (the bank and the recordkeeper) already fulfilling our KYC requirement by collecting a signed trust agreement and the recordkeeper collecting company information through their Plan Application? If not, what additional information would be required? I know 401(k) plans are considered very low risk for KYC purposes because they are probably the most tightly regulated type of account. We're hoping that what is already collected is sufficient because the recordkeeper is not to keen on trying to solicit more information from their clients. Also, these are extremely small businesses/companies who may not have documents like "articles of incorporation" readily avialable. I was thinking there are other banks who are in the very same situation Any help that anyone can provide would be greatly appreciated!

Thanks ahead of time.

[Guest Sieve]

KYC? Not familiar with the term.

[Guest mjb]

KYC? Not familiar with the term.

Know Your Client

[Guest bankcompliancemanager]

Yes, "Know Your Customer" required under the "Bank Secrecy Act".

"I FORGOT TO MENTION" - That we (the bank) perform regular 314(a) and OFAC screenings for all 17,000 of these small companies - this can be an important part of a KYC program!

Thanks!

[Guest bankcompliancemanager]

Help? Anyone? Is there another category this questions should fall under?

[Peter Gulia]

bankcompliancemanager, I'm knowledgeable about the rule (and experienced with the business process) you seek help in navigating. As you might guess, because 31 CFR 103.121 and other rules require that a bank's written customer identification program be risk-based and follow the particular setting of the class of customers and the operations of the bank, there is no one-size-fits-all answer. Because you must protect your employer's anonymity, you likely shouldn't reveal on a public bulletin board the information that a professional would need to consider what means of identification, with what controls over the identity of money sent, might be enough for your bank's CIP. If you'd like some practical suggestions about how to get good work out of your bank's inhouse and outside lawyers, please feel free to call me.

[Guest bankcompliancemanager]

Thanks Peter. I believe that 401(k) plans are actually exempt from CIP because they are considered such low risk. However, I know that a "KYC" Program is actually required under the Bank Secrecy Act. I think you're right that we have to make our own determination and way the risks. We also must ascertain that we can reasonably state that "we know our customer".

[Peter Gulia]

That a “customer” is a 401(k) or other retirement plan does NOT remove it from a CIP-program rule.

Rather, in response to financial-services providers’ lobbying, the agencies revised the rules to clarify that the customer to be vetted isn’t a plan’s participant, beneficiary, or alternate payee but rather the plan itself. 31 C.F.R. § 103.121(a)(1)(ii)©.

Some businesses decide that one’s CIP should vet a plan’s sponsor or the employer that sends the contributions. Likewise, some decide that a CIP should vet a plan’s administrator concerning its power to cause money to be paid in or taken out.

A bank also should consider whether to keep or destroy documents (if any) that the bank considered to identify a customer and, especially, a natural person who has authority to act for a customer. Keeping those documents poses obvious identity-theft risks. The rule permits a bank to keep a description of a document, or of a non-document method, it used and some information from the document or method. This alternative helps for a bank that chooses to examine computer-based records of documents of facts without touching an underlying document itself.

[Guest bankcompliancemanager]

§ 103.131© Exemptions.

The proposed rule provided that the SEC, with the concurrence of Treasury, may by order or regulation exempt any mutual fund or type of account from the requirements of the rule.123 Under the proposal, in issuing such exemptions, the SEC and Treasury were to consider whether the exemption is consistent with the purposes of the BSA, and in the public interest.124 The proposal stated that the SEC and Treasury could also consider other necessary and appropriate factors.125

Six commenters recommended that various types of accounts and customers be exempted from the final rule (e.g., participants in qualified retirement plans, court-appointed executors and guardians, and individuals granted authority to effect transactions in an account upon the death of a shareholder). We have incorporated any suggested exemptions that we have determined to be appropriate into the definitions of "account" and "customer," for the reasons described above.126 We are adopting this provision of the rule as proposed.

103.122 - Customer identification programs for broker-dealers.

(a) Definitions. For the purposes of this section:

(1)(i) Account means a formal relationship with a broker-dealer established to effect transactions in securities, including, but not limited to, the purchase or sale of securities and securities loaned and borrowed activity, and to hold securities or other assets for safekeeping or as collateral.

(ii) Account does not include: (A) An account that the broker-dealer acquires through any acquisition, merger, purchase of assets, or assumption of liabilities; or

(B) An account opened for the purpose of participating in an employee benefit plan established under the Employee Retirement Income Security Act of 1974.