FinCEN and SEC Move Closer to New AML Requirements for Investment Advisers & ERAs

by Joel M. Cohen, Claudette Druehl, Marietou Diouf, Tami Stark, Prat Vallabhaneni, and Robert DeNault

Photos of the authors

Top: Joel M. Cohen, Claudette Druehl, and Marietou Diouf
Bottom: Tami Stark, Prat Vallabhaneni, and Robert DeNault
(Photos courtesy of White & Case LLP)

On May 13, 2024, FinCEN and the SEC jointly proposed a new rule that would require SEC-registered investment advisers and exempt reporting advisers to maintain written customer identification programs (CIPs).  The new rule supplements a proposal in February to impose requirements on investment advisers similar to those that have existed for broker-dealers since 2001, as a means to address illicit finance and national security threats in the asset management industry.

For investment advisers who do not currently have an AML/CFT program, this compliance obligation will create a large shift in the way they operate.  This will require significant legal time and attention, but it will be time well spent considering potential regulatory exposure and likely indemnification obligations which flow through commercial agreements in favor of counterparties.

Background

A new proposed rule[1] by the Financial Crimes Enforcement Network (FinCEN) and the Securities and Exchange Commission (SEC) would, if adopted, require registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to implement procedures to identify and verify the identities of their customers with a CIP.  In a fact sheet accompanying the announcement, the agencies indicated that under the proposed requirements “it would be more difficult for persons to use false identities to establish customer relationships with investment advisers for the purposes of laundering money, financing terrorism, or engaging in other illicit finance activity.”[2] 

The proposal is generally consistent with CIP requirements for other regulated entities, such as broker dealers and mutual funds, and is designed to align with CIP requirements across the financial industry.  The proposed rule comes three months after the proposal of a new rule to expand the definition of “financial institution” under the Bank Secrecy Act (BSA) which will, if adopted, subject investment advisers to comprehensive anti-money laundering (AML) and countering the financing of terrorism (CFT) requirements.[3]

This new proposal brings FinCEN and the SEC closer to implementing rules that  would subject investment advisers to AML/CFT requirements.  Development of a CIP is an essential step in the process of implementing risk-based AML/CFT programs and includes reporting suspicious financial and transaction activity to FinCEN (e.g., through suspicious activity reports (“SARs”)), maintaining records concerning the transmittal of funds and other existing recordkeeping rules, and fulfilling other obligations applicable to financial institutions that are already subject to the BSA and FinCEN’s implementing regulations. 

Proposed Rules Follow Risk Assessment

The new proposed rule would require investment advisers to establish, document, and maintain written procedures in their CIPs appropriate for their respective sizes and businesses.[4]  The CIP would be required to include procedures for verifying identities for any person seeking to open an account, for maintaining records associated with such verification, and for consulting lists of known terrorists and terrorist organizations.  These procedures would have to be capable of verifying the identity of each customer to the extent reasonable and practicable within a reasonable time before or after a customer account is opened.  The procedures established as part of the CIP would also need to be sufficient to enable investment advisers to form a “reasonable belief” that they know true identities of customers.  Separately, the proposed rule requires procedures for maintaining records of the information used to verify customer identities.  Finally, the proposed rule established procedures for investment advisers to respond to circumstances in which they cannot form a reasonable belief that they know the true identity of a customer, including when they should not open an account, close an account, or file a SAR with FinCEN. 

The proposed CIP rule, and the February proposal to expand the definition of “financial institution” under the BSA to apply to investment advisers, follow a Department of Treasury risk assessment that identified the investment advisory industry as an entry point for illicit proceeds associated with foreign corruption, fraud, tax evasion and other criminal activities.[5]  When announcing the February rule, FinCEN indicated that it would likely follow up with an additional CIP requirement in future rulemaking which would be promulgated in joint rulemaking with the SEC.  The May 13 announcement of the joint rulemaking by FinCEN and the SEC was a significant—albeit predictable—next step in the process of subjecting investment advisers to these regulations.

The proposed rule concerning CIPs addresses only registered investment advisers and exempt reporting advisers, which comprise the universe of entities or individuals covered by the proposal.  Functionally, many investment advisers and other non-regulated financial entities have already adopted Know-Your-Customer (KYC) and Ultimate Beneficial Owner (UBO) policies in an effort to comply with routine BSA requirements even though they are not required to do so.  Those who have commercial partnerships with banks and other financial institutions—particularly investment advisers in the FinTech and digital assets space—may also have robust bank-like AML programs in place pursuant to their banking and payments partners’ commercial and regulatory pass-through requirements.  Some of these programs may already include CIPs, but mandating them as required will offer clear guidance about regulatory expectations for such programs and reduce the ability of foreign bad actors to shop around for investment advisers with lax AML/CFT protocols and enforcement.

Open for Comment

Since the first proposed rule was put forth in February, a significant number of comments have been submitted both in support and opposition.  As with the previous proposal, we expect that there will be a large number of comments to the new proposed rule regarding CIPs, particularly with respect to smaller advisers, those operating in the FinTech and digital asset industries, those with broad international exposures, and those who have avoided broker-dealer registration for what they have historically perceived as a more regulatory efficient investment adviser status.  Some of the areas for which the SEC and FinCEN invited comments include:

  • Whether accounts acquired through mergers or acquisitions should be excluded
  • Whether there are categories of entities that should be exempted from an investment adviser’s CIP program
  • How an investment adviser would apply identification and verification requirements to a private fund customer
  • Whether an investment adviser should still be permitted to engage in advisory activities with a customer if it cannot form a reasonable belief that it knows the customer’s true identity

The public comment period for the proposed rule expires on July 13, 2024.  If the rule is adopted, an investment adviser will have 12 months from the effective date of the final rule to implement these procedures. 

Footnotes

[1] Available at https://www.sec.gov/files/rules/proposed/2024/bsa-1.pdf.

[2] Available at https://www.sec.gov/files/bsa-1-fact-sheet.pdf.

[3] Our Alert on the FinCEN proposed rule to expand the definition of financial institution under the BSA is available [here][ https://www.whitecase.com/insight-alert/fincen-again-proposes-sweeping-aml-requirements-registered-investment-advisers-eras]

[4] Sec. Exch. Comm’n, SEC, FinCEN Propose Customer Identification Program Requirements for Registered Investment Advisers and Exempt Reporting Advisers, (May 13, 2024), available here.

[5] Dep’t of Treasury, 2024 Investment Adviser Risk Assessment (“Treasury Report”), at 1 (February 2024), available here.

Joel M. Cohen, Tami Stark, and Prat Vallabhaneni are Partners, Claudette Druehl and Marietou Diouf are Counsel, and Robert DeNault is an Associate at White & Case LLP. This post first appeared on the firm’s blog.

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).