FINCEN'S NOTICE OF PROPOSED RULEMAKING

On August 25, the Financial Crimes Enforcement Network (FinCEN), a bureau of the US Department of the Treasury (Treasury), published a notice of proposed rulemaking (NPRM) to impose anti-money laundering (AML) programs and additional reporting requirements on investment advisers registered with the US Securities and Exchange Commission (SEC).1

FinCEN's proposal would require registered investment advisers to have anti-money laundering programs in place, file suspicious activity reports, and comply with additional reporting requirements. The proposal furthers the United States' efforts to comply with international AML standards and recommendations.

If adopted, the NPRM would do the following:

  1. Require that SEC-registered investment advisers (RIAs) develop and maintain written AML programs reasonably designed to prevent the RIA from being used for money laundering and terrorist financing and to achieve compliance with the Bank Secrecy Act (BSA).2
  2. Include RIAs within the meaning of a "financial institutions" for purposes of the BSA's implementing regulations3 and impose specific reporting requirements.
  3. Require that RIAs monitor for suspicious activity and file suspicious activity reports (SARs) with FinCEN.
  4. Delegate examination authority for compliance to the SEC.4

The long-awaited NPRM comes as the United States is due to undergo in 2016 a mutual evaluation by the Financial Action Task Force (FATF), the inter-governmental body that promotes international AML standards.5 In FATF's previous evaluation of the United States, it noted (among other things) the lack of AML and CIP requirements applicable to investment advisers in the United States.6

If adopted as proposed, the rules would require RIAs to establish AML programs and begin to file SARs within six months of their effective date. Comments on the NPRM are due on or before November 2, 2015.

BACKGROUND

The BSA, as amended by the USA PATRIOT Act (Patriot Act),7 establishes the framework for AML obligations imposed on US financial institutions. The BSA provides Treasury with the authority to implement, administer, and enforce compliance with the BSA and implement regulations to that effect. This authority has been delegated to FinCEN. While broker-dealers in securities and investment companies have been subject to AML requirements for some time due in part to their being included within the definition of a "financial institution" under the BSA,8 investment advisers are not included in that definition. As a result, most of the BSA's substantive requirements are not directly applicable to investment advisers unless Treasury exercises its discretionary authority to include them within the definition.9 While FinCEN had previously proposed AML requirements for investment advisers in 200310 and unregistered investment companies (i.e., private funds) in 2002,11 FinCEN withdrew those proposals in 2007.12 At the time of withdrawal FinCEN noted that, since investment advisers conduct their activities through financial institutions that are subject to the BSA, investment adviser activities are at least indirectly subject to BSA requirements.

FINANCIAL INSTITUTION DEFINITION

For purposes of the BSA's implementing regulations, the NPRM would define an "investment adviser" as "[a]ny person who is registered or required to be registered with the SEC under Section 203 of the Investment Advisers Act of 1940."13 FinCEN indicated that the proposed definition of investment adviser would capture both primary advisers and subadvisers. In addition, FinCEN indicated that the following types of advisers may be within scope:

(i) dually-registered investment advisers, and advisers that are affiliated with or subsidiaries of entities required to establish AML programs;

(ii) certain non-U.S. investment advisers;

(iii) investment advisers to registered investment companies;

(iv) financial planners;

(v) pension consultants; and

(vi) entities that provide only securities newsletters and/or research reports.

The inclusion of RIAs within the definition of a financial institution for purposes of the BSA's implementing regulations would require RIAs to comply with the BSA regulatory requirements that are generally applicable to financial institutions, including the information sharing provisions of Section 314(a) of the Patriot Act, the currency transaction report (CTR) requirements,14 the recordkeeping and travel rule (subject to certain exceptions),15 and the requirement to create and retain records for extensions of credit and cross-border transfers of currency, monetary instruments, checks, investment securities, and credit when transactions exceed $10,000.16

AML PROGRAM REQUIREMENT

General

Proposed rule 31 C.F.R. 1010.210 (the Proposed AML Rule) would require RIAs to develop and implement an AML program reasonably designed to prevent the RIA from being used to facilitate money laundering or the financing of terrorist activities and to achieve and monitor compliance with applicable BSA provisions and implementing regulations. The Proposed AML Rule requires that each RIA's AML program be approved in writing by its board of directors or trustees, or if it does not have a board, by its sole proprietor, general partner, trustee, or other persons who have similar functions to a board of directors.

Minimum Requirements

Under the Proposed AML Rules, an RIA's AML program must, at a minimum, do the following:

  1. Establish and implement policies, procedures, and internal controls reasonably designed to prevent the investment adviser from being used for money laundering or the financing of terrorist activities and to achieve and monitor compliance with the applicable provisions of the BSA and its implementing regulations.
  2. Provide for independent testing for compliance to be conducted by the investment adviser's personnel or by a qualified outside party.
  3. Designate a person or persons responsible for implementing and monitoring the operations and internal controls of the program.
  4. Provide ongoing training for appropriate persons.

These minimum requirements are substantively the same as the AML program requirements that apply to other classes of regulated financial institutions, including banks, broker-dealers, and registered investment funds. As mentioned in the NPRM, the AML program requirement is not "one-size-fits all." Rather, it requires a risk-based approach that provides RIAs with flexibility in designing their programs to meet the specific risks presented by the advisory services they provide, as well as their client base. FinCEN, however, emphasizes its expectation that an RIA's AML program will cover all of its advisory activities (including activity that does not entail the management of client assets) whether the RIA is the primary adviser or the subadviser.

Dually Registered RIAs and Enterprise-Wide Programs

In discussing the AML program requirement, FinCEN indicated that RIAs that are dually registered as broker-dealers would not have to implement a separate AML program, but rather could rely on a comprehensive program that covers both the advisory and brokerage functions of the dual-registrant. Similarly, an RIA affiliated with, or a subsidiary of, an entity required to establish an AML program in another capacity would not have to implement multiple or separate programs as long as the program covers all of the entity's activities and businesses that are subject to the BSA.

Contractual Delegation

FinCEN indicates that an RIA may delegate the implementation and operation of aspects of its AML program to another financial institution, agent, third-party service provider, or other entity. FinCEN makes clear, however, that the RIA would remain fully responsible for the effectiveness of the AML program and for ensuring that FinCEN and the SEC are able to obtain information and records relating to the program.

SUSPICIOUS ACTIVITY REPORTS

The NPRM would also require that RIAs monitor for suspicious activities and file SARs. Under proposed rule 31 C.F.R. 1031.320 (Proposed SAR Rule), an RIA would be required to file a SAR with FinCEN if a transaction is conducted or attempted by, at, or through an RIA and involves funds or other assets of at least $5,000 and the RIA knows, suspects, or has reason to suspect that the transaction (or pattern of transactions of which the transaction is a part):

  1. Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation;
  2. Is designed, whether through structuring or other means, to evade any requirements of 31 C.F.R Chapter X or any other regulations promulgated under the BSA;
  3. Has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the investment adviser knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or
  4. Involves use of the investment adviser to facilitate criminal activity.

FinCEN stated that whether a SAR should be filed depends on all the facts and circumstances related to the transaction and the client in question. In this regard, FinCEN identified the following non-exclusive "red flags" that could be observed by an RIA and that may merit further investigation to determine whether a SAR should be filed:

  • A client exhibits an unusual concern regarding the RIA's compliance with government reporting requirements or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspicious identification or business documents;
  • A client appears to be acting as the agent for another entity but declines, evades, or is reluctant to provide any information in response to questions about that entity;
  • A client's account has a pattern of inexplicable and unusual withdrawals, contrary to the client's stated investment objectives;
  • A client requests that a transaction be processed in such a manner as to avoid the adviser's normal documentation requirements;
  • A client exhibits a total lack of concern regarding performance returns or risk;
  • A client's use of money orders or travelers checks in the context of private funds; or
  • Use of multiple wire transfers from different accounts at different financial institutions or other unusual wire activity.

Joint Filings

In situations where multiple RIAs or financial institutions with SAR filing obligations are involved, as with SAR rules applicable to other financial institutions, the Proposed SAR Rule would permit joint filings.

Filing and Notification Procedures

The Proposed SAR Rule would require that a SAR be filed no later than 30 calendar days after the date of initial detection by the RIA that may constitute a basis for filing a SAR, with an additional 30 calendar day delay built in for an RIA to identify a suspect. In addition to filing a SAR, if a matter violation involves immediate attention (e.g., terrorist financing or ongoing money laundering schemes), the Proposed SAR Rule requires an RIA to also notify appropriate law enforcement by telephone. Under the Proposed SAR Rule, supporting documentation relating to each SAR would have to be collected and maintained separately by an RIA and made available upon request to FinCEN; Federal, state, or local law enforcement; or any Federal regulatory authority (e.g., the SEC).

Retention of Records

An RIA would have to maintain copies of filed SARs and supporting documentation for a period of five years from the date of filing.

Confidentiality

SARs are highly confidential, and the Proposed SAR Rule would prohibit disclosure of a SAR (or information that would reveal the existence of a SAR) except under very limited circumstances. In instances where an RIA or personnel are subpoenaed or otherwise requested to disclose a SAR or reveal information that would disclose the existence of a SAR, an RIA would have to decline to produce the SAR (or such information) and notify FinCEN. The Proposed SAR Rule contains certain rules of construction that permit limited disclosure of SARs (or information that would reveal the existence of a SAR) and underlying facts and documents. A third rule of construction would permit the

sharing by an investment adviser, or any director, officer, employee, or agent of the investment adviser, of a SAR, or any information that would reveal the existence of a SAR, within the investment adviser's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance (emphasis added).17

While this provision would initially appear to permit an RIA to share a SAR within its organizational structures, that permission is conditioned on there being guidance or regulation that permit such sharing. While there is guidance that permits financial institutions to share SARs within their corporate organizational structure,18 FinCEN specifically declined to permit RIAs to engage in such sharing and instead, requested comment on this issue.19

Limitation on Liability

The Proposed SAR Rule would limit an RIA and its personnel's liability in connection with filing SARs.

SEC EXAMINATION AUTHORITY

Finally, FinCEN proposes to delegate its examination authority to the SEC. The SEC currently has delegated authority to examine broker-dealers and investment companies with their respective obligations under the BSA and its implementing regulations.

OBSERVATIONS

In light of FATF's upcoming evaluation of the United States and the weaknesses with respect to investment advisers identified in the United States' last mutual evaluation in 2006, the Proposed AML Rule is likely to be adopted without much, if any, modification. As noted by FinCEN, many RIAs already have AML compliance programs in place in connection with a series of no-action letters issued by the SEC staff regarding a broker-dealer's CIP obligations.20 These letters have permitted a broker-dealer in securities to rely on RIAs to perform some or all aspects of the broker-dealer's CIP obligation subject to certain conditions, including that the RIA have an AML and CIP program in place. In addition, many RIAs have voluntarily instituted AML programs as a best practice or because certain counterparties require them. For such RIAs, compliance with the Proposed AML Rule should not necessarily impose additional substantial burdens.

RIAs that do not have AML programs in place may want to consider building the appropriate infrastructure in anticipation of a final rule. RIAs without programs may find useful an AML program template provided by the Financial Industry Regulatory Authority (FINRA) for use by its smaller brokerdealer members.21 While the FINRA Small Firm Template may be a helpful starting point, RIAs should be mindful that AML programs will need to be tailored to account for the risks associated with a firm's specific business and its clients. Further, all RIAs may find it helpful to review guidance from the federal banking regulators22 regarding compliance with the BSA, literature from FATF regarding money laundering and terrorist financing in the securities industry,23 as well as commentary from FinCEN in the NPRM regarding the expected scope of an RIA's AML program as well as the risk profile of certain advisory clients.24 In this regard, FinCEN placed particular emphasis on those advisory services that may present higher risks, such as advisory activities in connection with private funds and other unregistered pooled investment vehicles.25 In addition, these resources identify "red flags" that could be useful with respect to compliance with the Proposed SAR Rule.

While the Proposed SAR Rule is generally consistent with similar SAR rules applicable to other financial institutions, the prohibition on sharing within a corporate organizational structure can present logistical challenges if such sharing is not permitted when the final rule is adopted. As mentioned above, other financial institutions are permitted to share SARs within their corporate organizational structures,26 and the prohibition as applied to RIAs may cause interpretive difficulties with respect to joint filings and could otherwise hamper the effectiveness of an enterprise-wide AML program.

Notably, FinCEN has made the intentional decision (for the time being) to limit the applicability of the Proposed AML Rule and Proposed SAR Rule to federally-registered investment advisers and to exclude state-registered investment advisers, and to not require RIAs to establish and maintain a formal CIP. These exclusions, however, may be relatively short-lived inasmuch as FinCEN stated in the NPRM that it would consider whether to extend the AML, SAR, and related reporting requirements to state-registered advisers, and that it expected to address the CIP issue in a future joint rulemaking with the SEC. In any event, the absence of a formal CIP requirement would not relieve RIAs from their risk-based customer due diligence obligations.

Based on the definition of "investment adviser" in the proposed rules, exempt reporting advisers (ERAs) should not be subject to the Proposed AML Rule and Proposed SAR Rule because these advisers are exempt (i.e., not required to register) from the SEC's registration requirements.27 Similarly, a foreign private adviser as defined in Section 202(a)(30)28 of the Advisers Act is exempt from SEC registration and therefore should also not be within scope for purposes of Proposed AML Rule and the Proposed SAR Rule. That said, there may still be some interpretive questions that FinCEN may have to address with respect to investment advisers that rely on SEC no-action letters in connection with their registration requirements. For instance, relying advisers are advisers that rely on the investment adviser registration of a related entity pursuant to SEC no-action relief.29 Because these advisers are relying on another entity's registration and are not directly registered with the SEC, it is unclear whether they would be deemed RIAs for purposes of FinCEN's proposed rules. Another interpretive issue that FinCEN may have to address involves SEC registered foreign advisers operating under the "Regulation Lite" regime in reliance on an SEC no-action letter.30 Under guidance issued to the American Bar Association Subcommittee on Private Investment Companies, an SEC-registered foreign adviser could avoid applying the entirety of the Advisers Act's substantive requirements to their non-U.S. clients. Because foreign advisers relying on that letter are SEC-registered, they would presumably be subject to the Proposed AML Rule and the Proposed SAR Rule. Unlike the relief provided in the SEC's no-action letter, and absent additional guidance from FinCEN, these advisers may have to apply the entirety of FinCEN's proposed rules to their U.S. and non- U.S. clients in light of FinCEN's view that the proposed rules should apply to all of an RIA's advisory activities.

Finally, we note that while FinCEN proposes to delegate examination authority over an RIAs compliance to the SEC, this is not the same as delegation of enforcement authority. While the SEC has brought enforcement actions against broker-dealers for failing to file SARs31 and for having an inadequate CIP,32 the SEC's enforcement authority is limited to recordkeeping and reporting violations under Rule 17a-8 under the Securities Exchange Act of 1934 (Exchange Act).33 We are not aware of any case brought by the SEC against a broker-dealer or mutual fund that alleges a direct violation of the BSA's implementing regulations.34 It is unclear whether the SEC will seek to implement a rule similar to Exchange Act Rule 17a-8 applicable to RIAs in order to enforce some of the proposed rules' requirements or whether all potential violations uncovered during an examination will be referred to FinCEN for enforcement. Given the significant number of RIAs—approximately 11,235 as of June 2, 2014 according to FinCEN—it is also unclear whether the SEC and FinCEN will have the resources to meaningfully examine and enforce the proposed rules' requirements once they are final.

Footnotes

1 FinCEN, Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers, 80 Fed. Reg. 52680 (Sept. 1, 2015) (NPRM) available at gpo.gov/fdsys/pkg/FR-2015-09-01/pdf/2015-21318.pdf.

2 Currency and Foreign Transactions Reporting Act of 1970 (commonly referred to as the BSA), 12 U.S.C. § 1829b, 12 U.S.C. §§ 1951-1959, and 31 U.S.C. §§ 5311-5330.

3 The BSA's implementing regulations are located at 31 C.F.R. Chapter X.

4 At this time, FinCEN is not proposing customer identification program (CIP) requirements on RIAs or the expanded beneficial ownership due diligence requirements that it proposed on July 30, 2014. For information about the due diligence proposal, please see our August 2014 LawFlash on this topic, "FINCEN Proposes to Expand Financial Institution Customers Due Diligence Requirements," available at morganlewis.com/pubs/fs_lf_fincenproposesexpandedcustomerduediligencereqs_05aug14.

5 FATF, Global Assessments Calendar (July 2015) available at fatf-gafi.org/media/fatf/documents/assessments/Global-assessmentcalendar.pdf.

6 See FATF, Third Mutual Evaluation Report on Anti-Money Laundering And Combating The Financing Of Terrorism, United States (June 23, 2006), available at fatf-gafi.org/countries/u-z/unitedstates/documents/mutualevaluationoftheunitedstates.html.

7 Pub. L. No. 107-56, 115 Stat. 296 (2001).

8 See 31 U.S.C. § 5312(a)(2) and (c)(1).

9 See 31 U.S.C. § 5312(a)(2)(Y)(defining a financial institution to include, among others, "any business or agency which engages in any activity which the Secretary of the Treasury determines, by regulation, to be an activity which is similar to, related to, or a substitute for any activity in which any business described in this paragraph is authorized to engage.").

10 See Anti-Money Laundering Programs for Investment Advisers, 68 Fed. Reg. 23646 (May 5, 2003).

11 See Anti-Money Laundering Programs for Unregistered Investment Companies, 67 Fed. Reg. 60617 (Sept. 26, 2002).

12 See Withdrawal of the Notice of Proposed Rulemaking; Anti-Money Laundering Programs for Unregistered Investment Companies, 73 Fed. Reg. 65569 (Nov. 4, 2008); and Withdrawal of the Notice of Proposed Rulemaking; Anti-Money Laundering Programs for Investment Advisers, 73 Fed. Reg. 65568 (Nov. 4, 2008).

13 See Proposed Rule 31 C.F.R. 1010.100(nnn).

14 See 31 C.F.R. 1010.310 through 1010.314. The CTR requirement would replace an RIA's obligation to file reports on Form 8300 for the receipt of more than $10,000 in cash and negotiable instruments. See, e.g., 31 CFR 1010.330.

15 31 C.F.R. 1010.410 and 1010.430. These rules require financial institutions to create and maintain records of transmittals of funds and ensure that certain information pertaining to the transmittal of funds "travel" with the transmittal to the next financial institution in a payment chain.

16 31 C.F.R. 1010.410(a)-(c).

17 See Proposed Rule 31 C.F.R. 1031.320(d)(1)(ii)(B).

18 See, e.g., Sharing Suspicious Activity Reports by Securities Broker-Dealers, Mutual Funds, Futures Commission Merchants, and Introducing Brokers in Commodities with Certain U.S. Affiliates, FIN-2010- G005 (Nov. 23, 2010) and Sharing Suspicious Activity Reports by Depository Institutions with Certain U.S. Affiliates, FIN-2010-G006 (Nov. 23, 2010).

19 See NPRM, 80 Fed. Reg. at 52690.

20 See, Request for No-Action Relief Under Broker-Dealer Customer Identification Rule (31 C.F R. 1023.220) (Jan. 9, 2015), which is the most recent of this series of letters, available at sec.gov/divisions/marketreg/mr-noaction/2015/sifma-010915-17a8.pdf.

21 FINRA's small firm template (FINRA Small Firm Template), available at finra.org/industry/anti-money-laundering-template-smallfirms.

22 See Bank Secrecy Act Anti-Money Laundering Examination Manual, Federal Financial Institutions Examination Council (April 1, 2014), available at occ.gov/publications/publications-by-type/other-publications-reports/ffiec-bsa-aml-examination-manual.pdf.

23 See FATF, Money Laundering and Terrorist Financing in the Securities Sector (October 2009), available at fatfgafi. org/media/fatf/documents/reports/ML%20and%20TF%20in%20the%20Securities20Sector.pdf.

24 NPRM, 80 Fed. Reg. at 52687-88.

25 Id.

26 See supra note 18.

27 ERAs include investment advisers relying on either the "Private Fund Adviser Exemption" or the "Venture Capital Fund Adviser Exemption". More specifically, section 203(m) of the Investment Advisers Act of 1940 (Advisers Act) and Rule 203(m)-1 thereunder exempt from registration an investment adviser who only provides investment advice to private funds and has assets under management in the U.S. of less than $150 million. Section 203(l) of the Advisers Act and Rule 203(l)-l thereunder exempts from registration an investment adviser providing advice to one or more venture capital funds. While not subject to registration, ERAs are required to make certain filings with the SEC.

28 A foreign private adviser is generally defined as an investment adviser that (1) has no place of business in the United States, (2) has, in total, fewer than 15 clients and investors in the United States in private funds advised by the adviser, (3) has less than $25 million in assets under management attributable to clients in the United States and investors in the United States in private funds advised by the adviser (or such higher amount permitted by the SEC through rule), and (4) neither holds itself out generally to the public in the U.S. as an investment adviser nor acts as an investment adviser to any registered investment company or as a business development company.

29 See American Bar Association, Business Law Section, SEC No-Action Letter (Jan. 18, 2012), available at sec.gov/divisions/investment/noaction/2012/aba011812.htm.

30 See American Bar Association Subcommittee on Private Investment Companies, SEC No-Action Letter (Aug. 19, 2006).

31 See, e.g., In the matter of Ronald S. Bloomfield, Robert Georgia, Victor Labi, John Earl Martin, Sr., and Eugene Miller, Exchange Act Release No. 61988 (April 27, 2010), available at sec.gov/litigation/admin/2010/33-9121.pdf.

32 See, e.g., In the Matter of Pinnacle Capital Markets, LLC and Michael A. Paciorek, Exchange Act Release No. 62811 (September 1, 2010) available at sec.gov/litigation/admin/2010/34-62811.pdf.

33 31 C.F.R. 240.17a-8.

34 Unlike the SEC, FINRA has a broader ability to bring enforcement actions against broker-dealers for BSA-related violations because the broker-dealer AML rule specifically contemplates that self-regulatory organizations can have rules requiring their members to comply with the BSA's implementing regulations. See 31 C.F.R. 1030.210 (generally indicating that a broker-dealer will be deemed to satisfy the requirements of the BSA's AML program requirement if the broker-dealer, among other things, implements and maintains an AML program that complies with SRO rules); see also FINRA Rule 3310 (Anti-Money Laundering Compliance Program).

This article is provided as a general informational service and it should not be construed as imparting legal advice on any specific matter.