At Dwolla we take pride in our ability to deliver a great platform experience to our partners and their customers. In order to protect Dwolla’s partners, their users and the health of the platform, Dwolla maintains a customer identification program to verify user identities in accordance with United States Federal law.
On May 11, 2018, a new customer due diligence requirement went into effect. This FAQ explains what these changes mean for Dwolla partners and the business Verified Customer Records (VCR) created within the API.
What is the Customer Due Diligence Rule?
The customer due diligence rule is an amendment of the existing United States Federal rules meant to clarify and strengthen customer due diligence requirements. This rule was issued under the Bank Secrecy Act by the Financial Crimes Enforcement Network, a bureau of the United States Treasury.
The rule imposes a new requirement for verifying the identity of beneficial owners of Dwolla’s partners and users that are not natural persons (i.e. corporations, LLCs, partnerships and other corporate entities). For simplicity, Dwolla will refer to these customers as “companies” in this FAQ.
How Does This Affect Me as a Dwolla Customer?
There are a few modifications to the signup flow for some Dwolla customers’ users, which involve requesting additional information during the registration process.
If a customer has users that open business VCR accounts and are corporate entities (i.e. corporations, partnerships, etc), then Dwolla will require them to collect beneficial owner information and controller information, which is passed to Dwolla. Customers also need to collect a certification from the person creating the business VCR (i.e. typing the data into the fields) in order to verify that the information is accurate.
Dwolla is proactive in ensuring that the beneficial owner fields are presented to users and that the information is being collected appropriately. If there are irregularities in that data, Dwolla works with customers to determine the cause.
Dwolla’s customer support team is available throughout the process to answer any questions that may arise.
What is the New Requirement?
The customer due diligence rule requires Dwolla to collect and verify specific information for a company’s: (1) controller and (2) beneficial owner(s).
What is a Controller?
A controller is a natural person who holds significant responsibilities to control, manage or direct a company or other corporate entity (i.e. CEO, CFO, General Partner, President, etc). A company may have more than one controller, but only one controller’s information must be collected.
What is a Beneficial Owner?
A beneficial owner is a natural person who, directly or indirectly, owns 25% or more of a company. If there are no natural persons who own 25% or more of a company, then no information needs to be collected. A beneficial owner cannot be another company (or other corporate entity), nor a nominee owner.
How is the 25% Ownership Determined for a Beneficial Owner?
If a natural person owns 25% or more of a company, then he or she is a beneficial owner. For example, if three people each directly own 33% of a company, then each individual is a beneficial owner. However, where a company is owned by other companies (or other corporate entities), indirect ownership must be identified.
For example, Big Corp, Inc. opens a business VCR account. Big Corp’s ownership structure is as follows:
- Kathy Smith, an individual, owns 25%
- Jane Lee, an individual, owns 25%.
- Small Corp, Inc., a corporate entity, owns 50%.
The customer due diligence rule requires the identification of any natural person who owns 25% or more of a company. Therefore, both Kathy Smith and Jane Lee must have their information collected and verified.
In our example, we must also extend our examination into the ownership structure of Small Corp, Inc. Small Corp’s ownership structure is as follows:
- Michael Doe, an individual, owns 50%
- Several other individuals, who each own less than 10%
Michael Doe owns 50% of Small Corp, which owns 50% of Big Corp, which means that Michael Doe indirectly owns 25% of Big Corp. As a natural person who owns 25% or more of Big Corp, Michael Doe is a beneficial owner of Big Corp, and his information must be collected and verified as well.
What Information Needs to be Collected From Beneficial Owners and Controllers?
Impacted customers will need to collect the following:
– Date of birth
– Physical address
– Identification number
— For U.S. persons, a social security number or other taxpayer identification number (TIN).
— For non-U.S. persons, a TIN or a passport number and country of issuance.
What Does Dwolla Do With This Information?
Dwolla verifies the information using the same standards applied under its existing customer identification program. Note that Dwolla does not validate the underlying equity stakes specified by a company, as this is not required by the rule.
Are There Any Exceptions to This Rule?
Yes. The new rule does not apply to sole proprietorships, unincorporated associations, and most trusts (statutory trusts created by a filing with the Secretary of State or a similar office are subject to the new rule). Note that all entities are still subject to Dwolla’s existing customer identification program.
In addition, the rule does not require the collection of this information for any existing business VCR accounts, as of May 11, 2018. Going forward, if an existing user opens a new business VCR account or Dwolla determines that additional information is needed on an existing user, then the information set out above needs to be collected.
Are Nonprofits Affected?
Yes. Nonprofits must provide the controller’s information and certify the accuracy of the information provided; however, they do not need to provide beneficial owner information.
What Does This Really Mean for Me and My Users?
If a user tries to open a business VCR account, the partner must collect identification information from their beneficial owner(s) and controller, unless they are a sole proprietorship, unincorporated association, or other exempt entity. For each business VCR account, partners need to collect a minimum of one controller’s information, and a maximum of one controller and four beneficial owners’ information.
The person opening the account (i.e. actually typing the data into the fields) must certify the accuracy of the information gathered.
Once the information is received, it is reviewed in accordance with Dwolla’s existing identity verification program.
What is the Difference Between a Beneficial Owner, Controller and Authorized Representative (aka “Auth Rep”)?
A Beneficial Owner is an individual who directly or indirectly owns 25% or more of the equity interests of a legal entity customer (such as a company).
A Controller is a natural person who holds significant responsibilities to control, manage, or direct a company or other corporate entity (e.g. a CEO, CFO, General Partner, President, etc.). A company may have more than one Controller, but only one Controller’s information must be collected. The Controller does not necessarily have to be the person who signs up for the master account. Information that we will require to be collected for a Controller include name, title, personal address, social security number and date of birth.
The Authorized Representative role is being replaced by the Controller role. Depending on who is currently the Authorized Representative on your account, you may be able to use your existing Authorized Representative as your Controller going forward, once you provide a few additional pieces of information. Previously, the Authorized Representative was assumed to be the person that signed up for the master account. The information requested for the Authorized Representative included name, social security number and date of birth.
Bank Secrecy Act (BSA): The BSA is the nation’s first and most comprehensive Federal anti-money laundering and counter-terrorism financing statute. It authorizes the Secretary of the Treasury to issue regulations requiring financial institutions to take a number of precautions against financial crime, including the establishment of anti-money laundering programs.
Customer Due Diligence (CDD): Customer due diligence is a process that enables a financial institution to predict, with relative certainty, the types of transactions in which a customer is likely to engage.
Customer Identification Program (CIP): A program that financial institutions are required to maintain to gather and verify the name, date of birth (for individuals), address and identification number for entities opening accounts.
Financial Crimes Enforcement Network (FinCEN): A bureau of the U.S. Department of the Treasury, that acts as the primary regulatory body for the BSA.
Ultimate Beneficial Ownership (UBO): The requirement to gather the CIP information on the natural person(s) who ultimately own a legal entity.
Verified Customer Record (VCR): A Dwolla account type that is able to maintain a balance at one of our financial institution partners and is subject to the CIP and may be subject to UBO.