Category Archives: Know Your Customer and Customer Due Diligence (KYC/CDD)

FinCEN Adopts Rule Extending AML/CFT Requirements to RIAs and ERAs, Further Increasing Regulatory Obligations on Investment Advisers

Photos of authors

Left to Right: David Sewell, Timothy Clark, Ivet Bell, David Nicolardi, and Nathaniel Balk (photos courtesy of authors)

On August 28, 2024, the Financial Crimes Enforcement Network (FinCEN)  adopted a final rule that extends anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance obligations to certain types of investment advisers (the Final Rule), and delegates to the U.S. Securities and Exchange Commission (SEC) the authority to examine investment advisers’ compliance with these obligations.[1] The Final Rule ends a long-running debate over whether to subject investment advisers to AML/CFT obligations after multiple prior proposals to do so had stalled. 

The Final Rule imports standards and requirements that will be familiar to investment advisers affiliated with financial institutions already subject to AML/CFT obligations, but may be new to  smaller and independent investment advisers.  For these entities, the compliance uplift required could be substantial.

Continue reading

FinCEN and SEC Move Closer to New AML Requirements for Investment Advisers & ERAs

by Joel M. Cohen, Claudette Druehl, Marietou Diouf, Tami Stark, Prat Vallabhaneni, and Robert DeNault

Photos of the authors

Top: Joel M. Cohen, Claudette Druehl, and Marietou Diouf
Bottom: Tami Stark, Prat Vallabhaneni, and Robert DeNault
(Photos courtesy of White & Case LLP)

On May 13, 2024, FinCEN and the SEC jointly proposed a new rule that would require SEC-registered investment advisers and exempt reporting advisers to maintain written customer identification programs (CIPs).  The new rule supplements a proposal in February to impose requirements on investment advisers similar to those that have existed for broker-dealers since 2001, as a means to address illicit finance and national security threats in the asset management industry.

For investment advisers who do not currently have an AML/CFT program, this compliance obligation will create a large shift in the way they operate.  This will require significant legal time and attention, but it will be time well spent considering potential regulatory exposure and likely indemnification obligations which flow through commercial agreements in favor of counterparties.

Continue reading

Crypto Experts React to Recent SDNY Ethereum Fraud Indictment

The NYU Law Program on Corporate Compliance and Enforcement (PCCE) is following the U.S. Attorney’s Office for the Southern District of New York’s recent indictment of two individuals for allegedly attacking and stealing $25 million from the Ethereum blockchain. The indictment in the case, United States v. Peraire-Bueno, 24 Cr. 293 (SDNY), is available here.  Below, several crypto experts and former prosecutors provide their reactions to the case.

Photos of the authors

Left to right: Maria Vullo, Daniel Payne, Elizabeth Roper, Usman Sheikh, Justin Herring, and Robertson Park (photos courtesy of the authors)

Continue reading

A Whole New National Security Ballgame: Key Practical Takeaways for Export Control Compliance from the 2024 BIS Update Conference

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

On March 27–29, 2024, the U.S. Department of Commerce’s Bureau of Industry & Security (“BIS”) hosted an Update Conference on Export Controls & Policy. The event was a major outreach effort by the U.S. government. Nearly 100 BIS and other U.S. agency officials engaged with 1,200 attendees over three days.

As was appropriate for an event coinciding with Opening Day of the U.S. Major League Baseball season, BIS officials emphasized that they—and those they regulate—are playing a whole new national security ballgame. This theme ran through every topic. It also drives the key practical takeaways that we highlight below for in-house compliance professionals assessing evasion and diversion risks and responding to reports of the same—particularly reports that some U.S. companies recently received directly from the U.S. government. Continue reading

Monitoring What Matters: A Fresh Look Proposal to Government and Industry for How Post-Resolution Oversight Can Best Deny Hostile Actors the Means to Cause Deadly Harm

by Brent Carlson and Michael Huneke

Photos of the authors.

From left to right: Brent Carlson and Michael Huneke (Photos courtesy of authors)

U.S. economic sanctions and export controls serve a wide range of national security interests. When hostile actors rely on U.S.-designed or -manufactured components in weapons used in fatal attacks on U.S. and coalition military personnel and civilian populations, there is an acute need to quickly identify the illicit trade flows and stop those components from reaching the battlefield. Continue reading

Commerce Department Proposes Cybersecurity/AI Reporting and “KYC” Requirements for Certain Cloud Providers

by Robert Stankey, K.C. Halm, Michael T. Borgia, Andrew M. Lewis, and Assaf Ariely

Photos of authors

Left to right: Robert Stankey, K.C. Halm, Michael T. Borgia, Andrew M. Lewis, and Assaf Ariely (photos courtesy of Davis Wright Tremaine LLP)

IaaS providers would need to verify foreign users’ identities (aka “know your customer”) and report certain AI model training activities under the proposed rules

The U.S. Department of Commerce’s (“Commerce”) Bureau of Industry and Security (“BIS”) has issued a proposed rule (the “Proposed Rule”) that would impose significant diligence, reporting, and recordkeeping requirements on U.S. providers of Infrastructure as a Service (IaaS) and their foreign resellers. IaaS is generally considered to be a cloud computing model that provides users with remote access to servers, storage, networking, and virtualization.

The Proposed Rule would require U.S. IaaS providers to:

  • Implement and maintain a “Customer Identification Program” (CIP), which must include detailed know-your-customer (KYC) procedures for identifying and reporting foreign customers to Commerce; and
  • Report transactions involving foreign persons that “could result in the training of a large AI model with potential capabilities that could be used in malicious cyber-enabled activity.”

Continue reading