Avoiding Guilt by Association


Winter 2021


From manufacturers to financial and other professional service providers, no prudent company welcomes attention based upon an unfortunate client or customer affiliation. Still, in our media-saturated world, “foreign” and “wealthy” can be quick shorthand for “corrupt,” even where the label is not sustainable. In a world where the very act of engaging in high-asset and/or international commerce can open the door to suggestive scrutiny, the real story should be whether a respective entity acts in good faith to avoid doing business with bad actors. This is not a new challenge, but rather one with established guidance in both the financial services industry and beyond.


Specific to the banking and financial services industries, a multitude of federal and state regulations play a role in overseeing any respective entity’s overall operations. Such regulatory schemes focus on a wide range of issues, including institutional viability and risk, cybersecurity, internal controls, and conflicts of interest, among other issues and concerns. That said, they may or may not consistently highlight affiliations that ultimately prove to be problematic or otherwise appear unseemly under the microscope of public opinion.


The challenge known by various versions of “know your customer” is neither new nor unique to financial institutions. A review of the prominent regulatory schemes reveals some common themes that translate to practical guidance for any company wishing to protect its reputation while engaging in otherwise legal international commerce with wealthy clients or customers.

The U.S.’s Financial Crimes Enforcement Network (FinCEN) has for many years advocated for focused customer due diligence programs to address such ills as money laundering and terrorism financing. While money laundering and terrorism financing are obvious corporate threats, the over-riding goal with customer due diligence is broadly useful and readily summarized: How do you avoid unwitting engagement with a rogue client or customer?

Many find implementation of FinCEN’s ultimate rulemaking frustratingly vague. With limited guidance as to what efforts satisfy the obligation, the final rule requires that financial institutions: (1) identify and verify the identity of customers; (2) identify and verify the identity of the beneficial owners of companies opening accounts; (3) understand the nature and purpose of customer relationships to develop customer risk profiles; and (4) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

The range of potential efforts and investment is broad. And as an initial challenge, the rule presumes that institutions appropriately categorize customers on the spectrum of low to high risk and then, as they inch from low risk, implement practices such as:

  • collecting information about customers at account opening and on an ongoing or periodic basis;
  • conducting media searches or screening for news articles on all customers or other related parties, such as beneficial owners; and
  • collecting information that identifies related parties.

Outside observers have provided practical guidance as to the implementation of FinCEN’s rule, including helpful inquiries that any industry might ask when engaged in international high-net-worth commerce. Such questions generally include:

  • Where is the customer located? This question includes whether the relevant jurisdiction has enacted effective monetary regulations and/or has high levels of corruption.
  • Is the client forthcoming about affiliates?
  • Does the institution have a direct face-to-face relationship with the client or customer?
  • Is the customer or client involved in a heavily regulated industry?
  • If the client or customer owns a relevant business, how complex is the ownership structure, and how available is related information?
  • Is the client’s or customer’s primary enterprise cash-based?

The approach from other regulatory agencies overseeing lucrative international commerce confirms and supplements the spirit of this guidance. The Bureau of Industry and Security (“BIS”) oversees, among other things, foreign exports as well as commerce with non-U.S. businesses and individuals. While generally concerned with manufacturing and technology, the approach taken by BIS bears some light beyond its official jurisdiction.

Broadly, BIS requires that companies account for abnormal circumstances or “Red Flags” that, while specific to manufacturing and technology, provide an analogy to the type of inquiry that might be warranted by any company. Generally these would include disconnects in the client or customer’s profile; a practice of cash-based transactions; identifiable connections with problematic individuals, companies, or countries; and reluctance to provide information. In addition, and perhaps most important, BIS requires that business not “self-blind.” In the most basic terms, to “self-blind” means putting on blinders that prevents a company from learning bad information about a client or customer.

We live in a complex world—that fact should not discourage lucrative international commerce. And while you engage in these efforts, earnest due diligence about your customers and clients should go a long way.

Denise S. Rahne


Co-Chair, Wealth Planning, Administration, and Fiduciary Disputes Group

Back to Top