BSA/AML Manual

Business Entities (Domestic and Foreign) — Overview

Objective. Assess the adequacy of the bank’s systems to manage the risks associated with transactions involving domestic and foreign business entities, and management’s ability to implement effective due diligence, monitoring, and reporting systems.

The term "business entities" refers to limited liability companies, corporations, trusts, and other entities that may be used for many purposes, such as tax and estate planning. Business entities are relatively easy to establish. Individuals, partnerships, and existing corporations establish business entities for legitimate reasons, but the entities may be abused for money laundering and terrorist financing.

Domestic Business Entities

All states have statutes governing the organization and operation of business entities, including limited liability companies, corporations, general partnerships, limited partnerships, and trusts. Shell companies registered in the United States are a type of domestic²⁹³The term "domestic" refers to entities formed or organized in the United States. These entities may have no other connection to the United States, and ownership and management of the entities may reside abroad. business entity that may pose heightened risks.²⁹⁴The term "shell company" generally refers to an entity without a physical presence in any country. FinCEN has issued guidance alerting financial institutions to the potential risks associated with providing financial services to shell companies and reminding them of the importance of managing those risks. Refer to Potential Money Laundering Risks Related to Shell Companies, FIN-2006-G013, November 2006. Shell companies can be used for money laundering and other crimes because they are easy and inexpensive to form and operate. In addition, ownership and transactional information can be concealed from regulatory agencies and law enforcement, in large part because most state laws require minimal disclosures of such information during the formation process. According to a report by the U.S. Government Accountability Office (GAO), law enforcement officials are concerned that criminals are increasingly using U.S. shell companies to conceal their identity and illicit activities.²⁹⁵Refer to GAO's Company Formations — Minimal Ownership Information is Collected and Available, GAO-06-376, April 2006. For additional information, Refer to Failure to Identify Company Owners Impedes Law Enforcement, Senate Hearing 109-845, held on November 14, 2006, and Tax Haven Abuses: The Enablers, The Tools & Secrecy, Senate Hearing 109-797, held on August 1, 2006, (particularly the Joint Report of the Majority and Minority Staffs of the Permanent Subcommittee on Investigations).

Shell companies can be publicly traded or privately held. Although publicly traded shell companies can be used for illicit purposes, the vulnerability of the shell company is compounded when it is privately held and beneficial ownership can more easily be obscured or hidden. Lack of transparency of beneficial ownership can be a desirable characteristic for some legitimate uses of shell companies, but it is also a serious vulnerability that can make some shell companies ideal vehicles for money laundering and other illicit financial activity. In some state jurisdictions, only minimal information is required to register articles of incorporation or to establish and maintain "good standing" for business entities — increasing the potential for their abuse by criminal and terrorist organizations.

Foreign Business Entities

Frequently used foreign entities include trusts, investment funds, and insurance companies. Two foreign entities that can pose particular money laundering risk are international business corporations (IBC) and Private Investment Companies (PIC) opened in offshore financial centers (OFC). Many OFCs have limited organizational disclosure and recordkeeping requirements for establishing foreign business entities, creating an opportune environment for money laundering.

International Business Corporations

IBCs are entities formed outside of a person’s country of residence which can be used to maintain confidentially or hide assets. IBC ownership can, based on jurisdiction, be conveyed through registered or bearer shares. There are a variety of advantages to using an IBC which include, but are not limited to, the following:

• Asset protection.
• Estate planning.
• Privacy and confidentiality.
• Reduction of tax liability.

Through an IBC, an individual is able to conduct the following:

• Open and hold bank accounts.
• Hold and transfer funds.
• Engage in international business and other related transactions.
• Hold and manage offshore investments (e.g., stocks, bonds, mutual funds, and certificates of deposit), many of which may not be available to "individuals" depending on their location of residence.
• Hold corporate debit and credit cards, thereby allowing convenient access to funds.

Private Investment Companies

PICs are separate legal entities. They are essentially subsets of IBCs. Determining whether a foreign corporation is a PIC is based on identifying the purpose and use of the legal vehicle. PICs are typically used to hold individual funds and investments, and ownership can be vested through bearer shares or registered shares. Like other IBCs, PICs can offer confidentiality of ownership, hold assets centrally, and may provide intermediaries between private banking customers and the potential beneficiaries of the PICs. Shares of a PIC may be held by a trust, which further obscures beneficial ownership of the underlying assets. IBCs, including PICs, are frequently incorporated in countries that impose low or no taxes on company assets and operations or are bank secrecy havens.

Nominee Incorporation Services

Intermediaries, called nominee incorporation services (NIS), establish U.S. shell companies and bank accounts on behalf of foreign clients. NIS may be located in the United States or offshore. Corporate lawyers in the United States often use NIS to organize companies on behalf of their domestic and foreign clients because such services can efficiently organize legal entities in any state. NIS must comply with applicable state and federal procedures as well as any specific bank requirements. Those laws and procedures dictate what information NIS must share about the owners of a legal entity. Money launderers have also utilized NIS to hide their identities. By hiring a firm to serve as an intermediary between themselves, the licensing jurisdiction, and the bank, a company’s beneficial owners may avoid disclosing their identities in state corporate filings and in corporate bank account opening documentation.

An NIS has the capability to form business entities, open full-service bank accounts for those entities, and act as the registered agent to accept service of legal process on behalf of those entities in a jurisdiction in which the entities have no physical presence. Furthermore, an NIS can perform these services without ever having to identify beneficial ownership on company formation, registration, or bank account documents.

Several international NIS firms have formed partnerships or marketing alliances with U.S. banks to offer financial services such as Internet banking and funds transfer capabilities to shell companies and non-U.S. citizens. U.S. banks participating in these marketing alliances by opening accounts through intermediaries without requiring the actual accountholder’s physical presence, accepting by mail copies of passport photos, utility bills, and other identifying information may be assuming increased levels of BSA/AML risk.²⁹⁶Money Laundering Threat Assessment Working Group, U.S. Money Laundering Threat Assessment, December 2005.

Risk Factors

Money laundering and terrorist financing risks arise because business entities can hide the true owner of assets or property derived from or associated with criminal activity.²⁹⁷For a general discussion of the risk factors associated with the misuse of business entities, refer to the Financial Action Task Force's The Misuse of Corporate Vehicles, Including Trust and Company Service Providers, October 13, 2006. The privacy and confidentiality surrounding some business entities may be exploited by criminals, money launderers, and terrorists. Verifying the grantors and beneficial owner(s) of some business entities may be extremely difficult, as the characteristics of these entities shield the legal identity of the owner. Few public records will disclose true ownership. Overall, the lack of ownership transparency; minimal or no recordkeeping requirements, financial disclosures, and supervision; and the range of permissible activities all increase money laundering risk.

While business entities can be established in most international jurisdictions, many are incorporated in OFCs that provide ownership privacy and impose few or no tax obligations. To maintain anonymity, many business entities are formed with nominee directors, officeholders, and shareholders. In certain jurisdictions, business entities can also be established using bearer shares; ownership records are not maintained, rather ownership is based on physical possession of the stock certificates. Revocable trusts are another method used to insulate the grantor and beneficial owner and can be designed to own and manage the business entity, presenting significant barriers to law enforcement.

While the majority of U.S.-based shell companies serve legitimate purposes, some shell companies have been used as conduits for money laundering, to hide overseas transactions, or to layer domestic or foreign business entity structures.²⁹⁸Failure to Identify Company Owners Impedes Law Enforcement. Refer to Senate Hearing 109-845 held on November 14, 2006. For example, regulators have identified shell companies registered in the United States conducting suspicious transactions with foreign-based counterparties. These transactions, primarily funds transfers circling in and out of the U.S. banking system, evidenced no apparent business purpose. Domestic business entities with bank-like names, but without regulatory authority to conduct banking, should be particularly suspect.²⁹⁹The federal banking agencies notify banks and the public about entities engaged in unauthorized banking activities, both offshore and domestic. These notifications can be found on the federal banking agencies' Web sites.

The following indicators of potentially suspicious activity may be commonly associated with shell company activity:

• Insufficient or no information available to positively identify originators or beneficiaries of funds transfers (using Internet, commercial database searches, or direct inquiries to a respondent bank).
• Payments have no stated purpose, do not reference goods or services, or identify only a contract or invoice number.
• Goods or services, if identified, do not match profile of company provided by respondent bank or character of the financial activity; a company references remarkably dissimilar goods and services in related funds transfers; explanation given by foreign respondent bank is inconsistent with observed funds transfer activity.
• Transacting businesses share the same address, provide only a registered agent’s address, or other address inconsistencies.
• Many or all of the funds transfers are sent in large, round dollar, hundred dollar, or thousand dollar amounts. Unusually large number and variety of beneficiaries receiving funds transfers from one company.
• Frequent involvement of multiple jurisdictions or beneficiaries located in higher-risk OFCs.
• A foreign correspondent bank exceeds the expected volume in its client profile for funds transfers, or an individual company exhibits a high volume and patternamount of funds transferssporadic activity that is inconsistent with its normal business activitypatterns.
• Multiple high-value payments or transfers between shell companies with no apparent legitimate business purpose.
• Purpose of the shell company is unknown or unclear.

Risk Mitigation

Management should develop policies, procedures, and processes that enable the bank to identify account relationships, in particular deposit accounts, with business entities, and monitor the risks associated with these accounts in all the bank’s departments. Business entity customers may open accounts within the private banking department, within the trust department, or at local branches. Management should establish appropriate due diligence at account opening and during the life of the relationship to manage risk in these accounts. The bank should gather sufficient information on the business entities and their beneficial owners to understand and assess the risks of the account relationship. Important information for determining the valid use of these entities includes the type of business, the purpose of the account, the source of funds, and the source of wealth of the owner or beneficial owner.

The bank’s CIP should detail the identification requirements for opening an account for a business entity. When opening an account for a customer that is not an individual, banks are permitted by 31 CFR 1020.100 to obtain information about the individuals who have authority and control over such accounts in order to verify the customer’s identity (the customer being the business entity). Required account opening information may include articles of incorporation, a corporate resolution by the directors authorizing the opening of the account, or the appointment of a person to act as a signatory for the entity on the account. Particular attention should be paid to articles of association that allow for nominee shareholders, board members, and bearer shares.

If the bank, through its trust or private banking departments, is facilitating the establishment of a business entity for a new or existing customer, the money laundering risk to the bank is typically mitigated. Because the bank is aware of the parties (e.g., grantors, beneficiaries, and shareholders) involved in the business entity, initial due diligence and verification is easier to obtain. Furthermore, in such cases, the bank frequently has ongoing relationships with the customers initiating the establishment of a business entity.

Risk assessments may include a review of the domestic or international jurisdiction where the business entity was established, the type of account (or accounts) and expected versus actual transaction activities, the types of products that will be used, and whether the business entity was created in-house or externally. If ownership is held in bearer share form, banks should assess the risks these relationships pose and determine the appropriate controls. For example, in most cases banks should choose to maintain (or have an independent third party maintain) bearer shares for customers. In rare cases involving lower-risk, well-known, established customers, banks may find that periodically recertifying beneficial ownership is effective. The bank's risk assessment of a business entity customer becomes more important in complex corporate formations. For example, a foreign IBC may establish a layered series of business entities, with each entity naming its parent as its beneficiary.

Ongoing account monitoring is critical to ensure that the accounts are reviewed for unusual and suspicious activity. The bank should be aware of higher-risk transactions in these accounts, such as activity that has no business or apparent lawful purpose, funds transfer activity to and from higher-risk jurisdictions, currency intensive transactions, and frequent changes in the ownership or control of the nonpublic business entity.