2 March 2026

FinCEN issues exceptive relief from beneficial ownership identification and verification requirements at each account opening

Written by:David StierJeffrey HareDillon GuthrieChristian Ford

On February 13, 2026, the United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an order (Order) granting certain banks, mutual funds, brokers, and dealers exceptive relief from the Customer Due Diligence Rule's (CDD Rule) requirement to identify and verify beneficial owners of legal entity customers at each new account opening.

This alert provides background on the CDD Rule, explores key provisions of the Order, and provides practical guidance on incorporating the relief into existing anti-money laundering and countering the financing of terrorism (AML/CFT) compliance programs under the Bank Secrecy Act (BSA).

Background on the CDD Rule

FinCEN’s promulgation of the CDD Rule in 2016 required “covered financial institutions” to establish and maintain written procedures for identifying and verifying the beneficial owners of each “legal entity customer” at each “new account” opening.

The CDD Rule, which took effect in 2018, sets out the following definitions:

  • A “covered financial institution” includes US banks, mutual funds, securities brokers or dealers, futures commission merchants, and introducing brokers in commodities

  • A “legal entity customer” is a corporation, limited liability company, general partnership, or other entity created by the filing of a public document with a state’s Secretary of State or similar office, or any similar entity formed under foreign law

  • A “new account” is “each account opened at a covered financial institution by a legal entity customer on or after the rule’s applicability date”

The CDD Rule has four core requirements. Covered financial institutions must maintain written policies and procedures reasonably designed to:

  1. Identify and verify the identities of legal entity customers

  2. Identify and verify the identities of the beneficial owners of legal entity customers opening accounts

  3. Understand the nature and purpose of these customer relationships in order to develop customer risk profiles

  4. Conduct ongoing monitoring to identify and report suspicious transactions and, according to the institution’s risk assessment, maintain and update such customer information

Specifically, the CDD Rule requires covered financial institutions to collect the name, date of birth, address, and Social Security number (or other permitted identification number for non-US persons) for 1) each individual with a 25-percent or greater ownership interest in any legal entity customer and 2) any individual with significant responsibility to control, manage, or otherwise direct such customer.

As a result, prior to the Order, covered financial institutions were required to identify and verify a legal entity customer’s beneficial owners each time that customer opened an account with the institution – regardless of how little time had passed between account openings, and even if the institution had no knowledge of facts that would reasonably call into question the reliability of the beneficial ownership information previously obtained.

Since the CDD Rule took effect, numerous covered financial institutions and trade associations have argued that this account-by-account verification requirement imposed significant compliance burdens without commensurate benefits to AML/CFT efforts.

In response, FinCEN has taken steps, including prior to the Order, to reduce the burden of beneficial ownership verification. In 2018, FinCEN issued guidance explaining that a covered financial institution could refrain from obtaining a new beneficial ownership information certification form (or equivalent) each time a legal entity customer opened a new account if certain conditions were met. Also in 2018, FinCEN granted exceptive relief from collecting this information in certain limited circumstances, including rollovers of certificates of deposit, renewals, or modifications of loans or credit lines not requiring underwriting review, and safe deposit box rental renewals. In 2020, during the COVID-19 pandemic, FinCEN provided additional guidance that federally insured depository institutions and credit unions were not generally required to re-verify beneficial ownership information for existing customers receiving Paycheck Protection Program loans.

Key provisions of the Order providing exceptive relief

In the Order, FinCEN issued more comprehensive exceptive relief to covered financial institutions from the CDD Rule’s requirements to identify and verify the beneficial owners of legal entity customers at each new account opening. Under the Order, covered financial institutions may now limit their identification and verification of beneficial owners to three specific circumstances:

  1. Initial account opening: When a legal entity customer first opens an account with the covered financial institution

  2. When reliability is called into question: Any time afterward when the covered financial institution has “knowledge of facts that would reasonably call into question the reliability of beneficial ownership information previously obtained about the legal entity customer”

  3. Risk-based procedures: As needed based on the covered financial institution’s risk-based procedures for conducting ongoing customer due diligence

In the third circumstance, the institution may still rely on beneficial ownership information previously obtained in accordance with the CDD Rule, provided the customer certifies or confirms that such information is up to date and accurate. The institution must maintain a record of such certification or confirmation. If a customer is unable to certify or confirm that previously obtained beneficial ownership information is up to date and accurate, or if the covered financial institution has knowledge of facts that would reasonably call into question the reliability of such information, the institution must identify and verify the beneficial owners as if the account were being opened for the first time.

Notably, the Order does not prevent covered financial institutions from continuing to verify beneficial ownership information in situations other than the three scenarios identified above. Instead, FinCEN stated in the Order that the relief “does not discourage covered financial institutions from exceeding minimum compliance requirements should doing so align with their risk profile and tolerance.” Covered financial institutions must continue to comply with all other applicable AML/CFT requirements under the BSA and, as discussed below, sanctions authorities.

The Order aligns with Executive Order 14192, “Unleashing Prosperity Through Deregulation,” issued on January 31, 2025, which announced the Trump Administration’s goal to significantly reduce the private expenditures required to comply with Federal regulations. FinCEN also noted that the Order comports with the Department of the Treasury’s broader efforts to modernize the BSA. The Order also references FinCEN’s obligations under the Corporate Transparency Act (CTA) to revise the CDD Rule. Although FinCEN was required under the CTA to issue a proposed rule change to the CDD Rule by January 1, 2025, that rule proposal has not yet been issued. FinCEN stated in the Order that it still expects to revise the CDD Rule.

Practical guidance and takeaways

The Order is intended to provide meaningful relief for covered financial institutions with respect to legal entity customers that frequently open new accounts, potentially streamlining the account opening process. Shifting customer due diligence (CDD) obligations to a customer’s initial onboarding – rather than requiring beneficial ownership full re-verification every time a new account is opened – could allow institutions to devote anti-financial crime resources to detecting and preventing illicit financial activity rather than potentially duplicative compliance exercises.

Nonetheless, covered financial institutions should carefully consider the implications of the Order and exercise caution before making changes to their CDD procedures for several reasons.

  • First, because the Order did not alter any obligations with respect to filing suspicious activity reports (SARs), covered financial institutions may still need to collect beneficial ownership information for filing SARs. Under the Order, a covered financial institution would still be required to re-verify this information when having “knowledge of facts that would reasonably call [it] into question.” By contrast, the broader standard for filing SARs – which may require obtaining such information – arises when an institution “knows, suspects, or has reason to suspect” that activity is reportable. Therefore, compliance with SAR obligations may depend on an institution’s maintenance of accurate and up-to-date beneficial ownership information, and any efforts to relax procedures in line with the Order could have the unintended effect of impairing an institution’s ability to comply with its independent SAR obligations.

  • Second, the knowledge qualifier in the second identified circumstance prompting collection of beneficial ownership information warrants consideration. For example, if a covered financial institution maintains separate AML/CFT programs for various regulated financial institutions within its structure, rather than a single enterprise-wide program, “knowledge of facts that would reasonably call into question the reliability of beneficial ownership information previously obtained about the legal entity customer” held by one affiliate under its program may be expected to be imputed to other affiliates. This may require specific controls and policies regarding sharing of information across affiliates.

  • Third, the Order did not change obligations on covered financial institutions under various sanctions authorities. Violations of US economic sanctions are strict liability offenses. A covered financial institution that is also subject to US economic sanctions may not rely on the Order’s relaxed requirements for obtaining beneficial ownership information for CDD compliance purposes if doing so would run afoul of US economic sanctions, including the 50 Percent Rule of the Office of Foreign Assets Control. Under this rule, any entity owned in the aggregate, directly or indirectly, 50 percent or more by one or more persons blocked by US economic sanctions is itself blocked. Thus, a covered financial institution may still be required to collect beneficial ownership information to comply with US sanctions authorities.

  • Fourth, the Order acknowledges that exceptions may be revoked at FinCEN’s discretion. A change in presidential administration or other event could prompt FinCEN to revert to the status quo with little notice, causing covered financial institutions to re-adjust their procedures.

  • Fifth, although FinCEN promulgates rules for BSA-regulated financial institutions, it does not have general examination authority over the institutions subject to the rule. As a result, the federal banking regulators, other federal and state agencies, and self-regulatory authorities could, in theory, find that institutions no longer collecting such information at the time each new account is opened are engaging in unsafe, unsound, or similarly proscribed practices.

All told, any cost savings associated with revising customer due diligence procedures in response to the Order could outweigh the potential benefits. Covered financial institutions evaluating whether to incorporate the Order’s exceptive relief into their operations may wish to consider:

  • Reviewing customer due diligence procedures by assessing whether and how to modify current beneficial ownership verification procedures in light of the relief

  • Updating policies, procedures, and training to help to ensure that they consistently reflect the Order’s new framework, including in circumstances where full re-verification of legal entity beneficial owners that open new accounts according to the CDD Rule is still required

  • Documenting risk-based decisions if electing to rely on previously obtained beneficial ownership information

  • Evaluating customer risk profiles by considering whether current practices serve legitimate risk management purposes beyond merely technical regulatory compliance

  • Monitoring further developments given FinCEN’s clear signal that additional changes to the CDD Rule are forthcoming

  • Discussing with examiners or other regulatory or self-regulatory authorities how potentially streamlined customer due diligence procedures align with their risk-based approach generally, as well as identifying the circumstances that trigger the “when reliability is called into question” standard

Conclusion

The Order could support a more efficient, risk-based approach to CDD for legal entity beneficial ownership verification. This relief should, however, be understood within its proper context: The BSA’s foundational requirements remain in place, and the expectation that financial institutions maintain effective AML/CFT programs has not changed. Prior to implementing any changes to customer due diligence procedures, best practice warrants a careful weighing of the potential increased reputational and legal risks inherent in adoption of the relief against the benefits in onboarding efficiency and cost savings.

For more information, please contact the authors.

Related insights

Publication

DOJ’s first whistleblower payout signals a new era of antitrust enforcement

6 February 2026

Publication

False Claims Act Year in Review: 2025 trends and what’s ahead in 2026

27 February 2026 .1 minute read

Publication

OFAC sanctions enforcement in fintech and crypto: Key takeaways from Exodus and ShapeShift

11 February 2026

Print

Related capabilities

Financial Services