Third Time’s the Charm? Anti-Money Laundering Compliance Requirements Proposed for Registered and Exempt Reporting Investment Advisers
Introduction
On February 13, 2024, the Financial Crimes Enforcement Network (“FinCEN”) proposed anti-money laundering (“AML”) compliance obligations for certain investment advisers (the “Proposal”).1 As proposed, investment advisers (based on the definition of “investment adviser” in the Investment Advisers Act of 1940 (the “Advisers Act”)) registered or required to be registered with the Securities and Exchange Commission (“SEC” and such advisers, “RIAs”), as well as investment advisers that report to the SEC as exempt reporting advisers2 (“ERAs” and, together with RIAs, “SEC Advisers”) would be subject to AML compliance obligations, as described below.3
Since 2002, investment advisers have not been subject to direct AML compliance obligations, although many are familiar with parts of the AML framework due to their relationships with banks, securities broker-dealers, futures commission merchants, introducing brokers in commodities, and mutual funds, all of which are subject to extensive AML compliance obligations. The Proposal would change the status quo, fulfilling FinCEN’s long-stated goal of imposing AML compliance obligations on certain investment advisers. This will likely require SEC Advisers to devote substantial resources to satisfying comprehensive compliance obligations.
Notably, the Proposal would not require SEC Advisers to identify and verify client identities through a formal Customer Identification Program (CIP), and would not require such advisers to collect details about who ultimately owns the legal entity customers the adviser works with (beneficial ownership information). However, the Proposal is only the first in a series of AML-related rulemakings that FinCEN is planning for SEC Advisers. FinCEN anticipates addressing (i) CIP requirements in a joint rulemaking with the SEC, and (ii) beneficial ownership requirements in connection with its obligation to update its existing Customer Due Diligence (CDD) Rule, in accordance with the specific beneficial ownership requirements set forth in the Corporate Transparency Act (CTA).4 Although not part of this Proposal, FinCEN has nevertheless invited comment on the issue of whether SEC Advisers should be subject to the beneficial ownership requirements of its forthcoming revision to the CDD rule.5
Comments on the Proposal must be submitted to FinCEN by April 14, 2024. As proposed, compliance would be required by 12 months from the effective date of the regulation.
In this Legal Update, we provide background on the current US AML compliance framework, including the role of investment advisers in it, as well as a summary of the Proposal.
Background
Since 2001, the Bank Secrecy Act (“BSA”) has required financial institutions to establish AML compliance programs.6 Although the statutory definition of “financial institution” is extremely broad, as an initial matter, FinCEN generally applied the BSA’s AML compliance requirements only to institutions that were subject to pre-existing AML compliance program requirements (e.g., certain banks, broker-dealers, money services businesses, and mutual funds).
Institutions that were considered financial institutions under the BSA, but were not subject to a FinCEN rule, generally were exempted from the BSA’s AML compliance requirements. Further, investment advisers, which are not expressly included in the statutory definition of financial institution, also were not subject to AML compliance requirements.
Over time, FinCEN has removed exemptions and added categories of institutions to the definition of a financial institution. This includes residential mortgage lenders and originators (2012), housing GSEs (2014), and banks that do not have a federal functional regulator (2020).7 Some investment advisory firms became subject to AML compliance obligations if they were also registered with the SEC as broker-dealers, through affiliation with a banking organization or broker-dealer, in their role as the investment adviser/sponsor of mutual funds, through reliance arrangements with broker-dealers through which advisory client transactions are effected, or in some cases by virtue of their relationships with advisory client bank custodians.8
In 2003, and again in 2015, FinCEN proposed to include certain investment advisers within the definition of “financial institution” and impose AML compliance obligations on such advisers.9 These proposals were not finalized, and the international community has continued to cite the lack of requirements for investment advisers as a significant vulnerability to preventing money laundering and terrorist financing.10
Proposal
The Proposal would subject SEC Advisers to comprehensive AML compliance obligations, including AML compliance programs and suspicious activity reporting, as described below:
AML Compliance Program Requirement: Like other financial institutions, SEC Advisers would be required to develop and implement a written AML compliance program that is risk-based and reasonably designed to prevent the SEC Adviser from being used for money laundering, terrorist financing, or other illicit finance activities.11 The program would need to be approved by the
SEC Adviser’s board of directors/trustees or similar governing body (e.g., board of managers), or, if it does not have a board, by its sole proprietor, general partner, trustee, or other persons that have functions similar to a board of directors.
Like other financial institutions, an SEC Adviser’s AML compliance program would need to include a comprehensive “five pillar” approach, including:
(i) establishment and implementation of policies, procedures, and internal controls;
(ii) independent testing of the program (at intervals determined based on risk);
(iii) designation of an AML compliance officer;
(iv) ongoing training for personnel; and
(v) implementation of risk-based procedures for ongoing advisory client due diligence that includes understanding the nature and purpose of client relationships for the purpose of developing a client risk profile, conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update client information.12
Suspicious Activity Reporting: SEC Advisers also would be required to monitor for and report suspicious activity to FinCEN in the same way as other financial institutions are required to do. The Proposal provides examples of suspicious activity in the investment management sector, such as an investor in a private fund requesting access to detailed non-public technical information about a portfolio company that is inconsistent with a professed focus on economic return.
Reporting, Recordkeeping, and Enhanced Due Diligence: SEC Advisers would be required to file currency transaction reports (replacing the Form 8300 obligation for non-financial institutions) and comply with the recordkeeping and “Travel” rules that apply to other financial institutions. SEC Advisers also would be subject to the enhanced due diligence requirements for private banking and correspondent bank accounts and the special measures for primary money laundering concerns.
Scope: The required AML compliance program would need to cover all advisory activities of the SEC Adviser, with the exception of activities undertaken with respect to mutual funds,13 which have their own specific AML compliance obligations.14 This would include the management of customer assets, the provision of financial advice, and the execution of transactions for customers, among other advisory activities. It would not include non-advisory services, such as actions that fund personnel may take with respect to the portfolio companies in which the fund invests (e.g., making managerial/operational decisions about portfolio companies).
FinCEN recognized that an SEC Adviser may provide clients with advisory services that do not include the management of customer assets or knowledge of customers’ investment decisions, such as pension consulting, securities newsletters, research reports, or financial planning. It also recognized that an SEC Adviser may act as the “primary adviser” or a “subadviser,” where the primary adviser may contract directly with the advisory client, and a subadviser has contractual privity with the primary adviser, though there is variation across the industry. As proposed, SEC Advisers would be required to apply AML compliance obligations to these activities, although FinCEN has requested comment on this aspect of the proposal.
Regulatory Oversight: The AML programs must be written, updated, stored, and made available for inspection by FinCEN and the SEC. SEC Adviser compliance with the AML requirements would be subject to inspection by both FinCEN and the SEC, although FinCEN is proposing to delegate its examination authority to the SEC given the SEC’s expertise in the regulation of investment advisers.
Information Sharing (Required and Voluntary) – The proposal would subject SEC Advisers to the special information-sharing procedures under Sections 314(a) and 314(b) of the USA PATRIOT Act. Section 314(a) and its implementing regulations require financial institutions to respond to FinCEN requests for information about accounts for, and recent transactions with, subjects, persons, or entities that may be involved in terrorism or money laundering. Section 314(b) and its implementing regulations permit financial institutions and certain associations of financial institutions to transmit, receive, or otherwise share information with any other financial institution or association of financial institutions for purposes of identifying, and where appropriate, reporting activities that the financial institution or association suspects may involve possible money laundering or terrorist activity.
Delegation: Like other financial institutions, SEC Advisers would be permitted to delegate contractually the implementation and operation of aspects of its AML compliance program to another financial institution, agent, fund administrator, third-party service provider, or other entity, the SEC Adviser would remain fully responsible and legally liable for the program’s compliance with the AML requirements.15
Foreign and Multi-National Advisers and Operations: As proposed, the duty to establish, maintain, and enforce the AML program must remain the responsibility of, and be performed by, persons in the United States who are accessible to, and subject to oversight and supervision by, FinCEN and the financial institution’s appropriate federal functional regulator (i.e., the SEC). FinCEN recognizes that many SEC Advisers are located outside the United States, conduct or outsource certain of their operations outside the United States, or have personnel outside the United States. FinCEN recognizes that the Proposal may present challenges for non-US SEC Advisers or US SEC Advisers with international operations, and has sought comment this topic.
Takeaways
The Proposal is not surprising in that it has been long-expected and, in many respects, mirrors the AML compliance obligations of other financial institutions. As noted by FinCEN, most SEC Advisers conduct advisory client-facing businesses, with direct relationships with their advisory clients. Particularly for SEC Advisers with a large number of advisory clients, implementing the relevant AML controls over such a large population is likely to impose a significant burden.
While the Proposal does not seek to impose CIP or beneficial ownership due diligence requirements on SEC Advisers at this stage, that is likely to change. FinCEN states in the Proposal that it expects to address such requirements for SEC Advisers through additional, subsequent rulemakings. Application of the CDD rule’s beneficial ownership identification and verification requirements to SEC Advisers would, in particular, generate significant and sometimes complex undertakings for legal and compliance departments. As FinCEN’s revised CDD rule is due to be published by January 1, 2025,16 we encourage SEC Advisers to accept FinCEN’s invitation to comment on the issue now, in connection with the Proposal, in an effort to help shape the forthcoming rulemaking. For more information and advice on submitting a comment, contact us or submit a comment directly.
1 89 Fed. Reg. 12,108 (Feb. 15, 2024), https://www.federalregister.gov/public-inspection/2024-02854/anti-money-launderingcountering-the-financing-of-terrorism-program-and-suspicious-activity-report.
2 Generally, ERAs are investment advisers that rely on exemptions from registration with the SEC available if the adviser (1) advises only private funds and has less than $150 million in assets under management in the United States, or (2) advises only “venture capital funds,” as such term is defined.
3 Thus, as proposed, exempt foreign private advisers and state-registered investment advisers who are prohibited from registering with the SEC would not be subject to these AML compliance obligations. Additionally, the proposal does not address AML compliance obligations for commodity trading advisors or commodity pool operators. Such entities are exempt from AML compliance requirements, although FinCEN proposed AML compliance requirements for commodity trading advisors in 2003. 31 C.F.R. § 1010.205(b); 68 Fed. Reg. 23,640 (May 5, 2003).
4 The CTA requires FinCEN to revise the CDD Rule no later than January 1, 2025.
5 FinCEN, Customer Due Diligence Requirements for Financial Institutions, final rule, 81 FR 29398 (May 11, 2016).
7 85 Fed. Reg. 57,129 (Sep. 15, 2020); 79 Fed. Reg. 10,365 (Feb. 25, 2014); 77 Fed. Reg. 8148 (Feb. 14, 2012).
8 See, e.g., Letter from Lourdes Gonzalez-Diez, Assistant Chief Counsel, Division of Trading and Markets, SEC, to Bernard V. Canepa, Managing Director and Associate General Counsel, SIFMA (Dec. 9, 2022) (permitting broker-dealers to treat investment advisers as being subject to an anti-money laundering program and relying on an adviser’s customer identification program, if, among other things, the adviser has entered into a written agreement with the broker under which it agrees to implement an AML program consistent with the requirements of the Bank Secrecy Act).
9 80 Fed. Reg. 52,680 (Sept. 1, 2015); 68 Fed. Reg. 23,646 (May 5, 2003).
10 FATF, Mutual Evaluation Report for the United States, ch. 5 (Nov. 30, 2016).
11 In this regard, the Proposal specially mentioned consideration of the types of advisory services provided, the nature of the adviser’s clients, investment products offered, distribution channels, intermediaries, and geographic locations of operations and clients.
12 Like other financial institutions, ongoing client due diligence includes four core elements: (1) identifying and verifying the identity of advisory clients; (2) identifying and verifying the identity of the beneficial owners of legal entity clients opening accounts; (3) understanding the nature and purpose of client relationships; and (4) conducting ongoing monitoring.
13 Thus, advisory activities with respect to closed-end funds, private funds, and other pooled investment vehicles and wrap programs would be included. FinCEN appears to recognize that many of these arrangements do not pose a high risk related to AML, and requested comment on certain aspects of this part of the proposal.
14 FinCEN is not proposing to require SEC Advisers that are dually registered as broker-dealers or are themselves banks (or bank subsidiaries) to establish multiple or separate AML programs so long as a comprehensive AML program covers all of the entity’s relevant business and activities that are subject to AML requirements and is designed to address the different money laundering, terrorist financing, or other illicit finance activity risks posed by the different aspects of the entities’ businesses.
15 The Proposal notes that an investment adviser would actually need to assess its service providers’ compliance with law and may not rely simply on certifications of compliance. Further, the SEC Adviser would need to demonstrate the program’s compliance with AML requirements and ensure that FinCEN and the SEC are able to obtain information and records relating to the AML program. Although not suggested in the Proposal, an RIA might consider coordinating oversight controls for AML delegates with its policies and procedures for oversight of service providers. See also 87 Fed. Reg. 68,816 (Nov. 16, 2022).
16 The CDD rule’s requirement to identify and verify the beneficial owners of legal entity customer accounts is predicated on the existence of a CIP requirement, i.e., that the financial institution identify and verify the identity of its customers. We, therefore, expect a joint FinCEN-SEC rulemaking on CIP for SEC Advisers to be proposed prior to January 1, 2025.