United States: FinCEN Proposes Anti-Money Laundering Regulations For Registered Investment Advisers

In an attempt to address or prevent any money launderer's access to the U.S. financial system through accounts serviced by registered investment advisers, the Department of Treasury's Financial Crimes Enforcement Network ("FinCEN") published a Notice of Proposed Rulemaking on September 1, 2015. The proposed regulations would subject investment advisers registered (or required to be registered; collectively, "RIAs") with the Securities and Exchange Commission ("SEC") under the Investment Advisers Act of 1940 (the "Advisers Act") to regulations comparable to those imposed on financial institutions by the USA PATRIOT Act.

Money laundering is the processing of criminal proceeds through the financial system to disguise their illegal origin or the ownership or control of the assets, or the promoting of illegal activity with illicit or legal source funds. Generally, money laundering involves three stages, known as placement,1 layering,2 and integration.3 The crime of money laundering also encompasses the movement of funds to finance terrorism, whether these funds come from illegitimate or legitimate sources.

According to FinCEN, an RIA's asset management operations are vulnerable at each stage of the money laundering process. Money launderers may see the $61.9 trillion in assets under management by RIAs as a low-risk way to enter the U.S. financial system. FinCEN believes that RIAs are also uniquely situated to appreciate a broader understanding of their clients' movement of funds through the financial system because of the types of advisory activities in which they engage.

The proposed regulations are open to public comments until November 2, 2015.

The Proposed Regulations

The proposed regulations generally impose three obligations on RIAs under the Bank Secrecy Act (the "BSA"):

1. Implementing anti-money laundering ("AML") programs. 

The proposed regulations would require an RIA to develop and implement a written AML program approved by its board of directors, sole proprietor, general partner or other person(s) in a similar function. The AML program must be reasonably designed to prevent the RIA from being used to facilitate money laundering, and to achieve and monitor compliance with the applicable provisions of the BSA and FinCEN's regulations.

The four minimum requirements for the AML program are comparable to the requirements for banks, broker-dealers, mutual funds and other financial institutions under the BSA. They are:

i. Establishing and implementing risk-based and reasonable written policies, procedures, and internal controls;

ii. Providing for periodic independent testing of the AML program (employees of the RIA, its affiliates or unaffiliated service providers are considered independent to conduct such testing so long as those same employees are not involved in the operation and oversight of the AML program);

iii. Designating a compliance officer responsible for monitoring the operations and internal controls of the program; and

iv. Providing ongoing employee training that covers a general awareness of overall BSA requirements and money laundering issues as well as more job-specific guidance regarding particular employees' roles and functions in the AML program.

To meet these requirements, an RIA is expected to perform a risk analysis of the money laundering and terrorist financing risks posed by its clients to determine the extent and frequency of the programs. This analysis and implementation must cover all of an RIA's advisory activity, whether the adviser is acting as the primary adviser or a subadviser, and must include advisory activity that does not entail the management of client assets. FinCEN expects the AML program to extend to an RIA's services to all of its clients, including its separate account clients and fund clients based outside of the United States. As proposed, the AML program would need to be in effect six months from the date of the issuance of the final rulemaking.

2. Filing suspicious activity reports ("SARs").

An RIA would be required to report suspicious transactions that are conducted or attempted by, at, or through the RIA and involve or aggregate at least $5,000 in funds or other assets. An RIA who files SARs or any other voluntary reports of suspicious transactions is protected from liability against any other authority or person for such disclosure or any failure to provide notice of such disclosure; however, this limitation of liability does not extend to any civil or criminal action brought by any government to enforce any law or regulation.4

At a minimum, the rule requires an RIA to report a transaction if the RIA "knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part):"

i. involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity;

ii. is designed, whether through structuring or other means, to evade the requirements of the BSA;

iii. has no business or apparent lawful purpose, and the investment adviser knows of no reasonable explanation for the transaction after examining the available facts; or

iv. involves the use of the investment adviser to facilitate criminal activity.

FinCEN noted current industry reliance on "red flags" for purposes of detecting suspicious transactions: (i) a client exhibits an unusual concern regarding the adviser's compliance with government reporting requirements or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspicious identification or business documents; (ii) a client appears to be acting as the agent for another entity but declines, evades, or is reluctant to provide any information in response to questions about that entity; (iii) a client's account has a pattern of inexplicable and unusual withdrawals, contrary to the client's stated investment objectives; (iv) a client requests that a transaction be processed in such a manner as to avoid the adviser's normal documentation requirements; or (v) a client exhibits a total lack of concern regarding performance returns or risk.

Where the proposed regulations stray from comparable regulations for other financial institutions is their allowance for an RIA to share SARs with other RIAs. Therefore, where more than one RIA, or another financial institution with a separate suspicious activity reporting obligation, is involved in the same transaction, only one report is required to be filed. This alleviates an RIA's SARs compliance burden when working with other financial institutions required to file.

FinCEN would require an RIA to file an SAR within 30 days after the RIA becomes aware of a suspicious transaction by completing and filing an SAR with FinCEN in accordance with all form instructions and applicable guidance. Copies of the SAR filings and their supporting documents, which are deemed to have been filed with an SAR, are required to be kept for a period of five years from the date of filing. An SAR and any information that would reveal the existence of an SAR are confidential and cannot be disclosed by an RIA, except as authorized. SAR compliance applies only after the full initiation of the AML programs, and thus must begin six months from the date of the issuance of the final rulemaking.

3. Maintaining general recordkeeping requirements.

Defining an RIA as a "financial institution" would require an RIA to comply with all BSA regulatory requirements generally applicable to financial institutions, including (a) Currency Transaction Report ("CTR") filing requirements, (b) the recordkeeping, transmittal of records, and retention requirements for the transmittal of funds under the Recordkeeping and Travel Rules and other related recordkeeping requirements, (c) and information sharing requests pursuant to the USA PATRIOT Act.

An RIA would be required to file CTRs for a transaction involving a transfer of more than $10,000 in currency by, through or to the RIA in a single business day. CTR filings would replace the former requirement to file reports on Form 8300 for the receipt of more than $10,000 in cash and negotiable instruments, which are defined much more broadly than currency.5 It seems unlikely in view of the typical practices of an RIA that an RIA would engage in any reportable currency transactions. Moreover, an AML program should already include prohibitions or restrictions on forms of payment that figure in money laundering schemes, such as currency, money orders, travelers checks, multiple cashier's checks or third party payments.

Under the Recordkeeping and Travel Rules and proposed regulations, an RIA must create and retain records for transmittals of funds for a period of five years, and ensure that certain information pertaining to the transmittal of funds "travel" with the transmittal to the next financial institution in the payment chain.6 The dollar threshold to implicate these particular rules is $3,000. These rules would then require an RIA to obtain and retain not only the name, address and other information about the transmittor and the transaction, but also identifying information on the recipient.

The USA PATRIOT Act helps law enforcement identify, disrupt, and prevent terrorist acts and money laundering activities by encouraging further cooperation among law enforcement, regulators, financial institutions, and, now as proposed, RIAs, to share information regarding those suspected of being involved in terrorism or money laundering. Such information may include whether particular individuals, entities or organizations: (i) maintain a current account with the institution; (ii) have maintained an account with the institution during the preceding twelve months; or (iii) have been involved in any transaction or transmittal of funds by or through the institution during the preceding six months. If so, an RIA must thereafter provide the name of the person, entity or organization identified, together with other information such as the account number, social security number, date of birth or other similar identifying information as appropriate.

Looking Ahead

FinCEN has announced its intention to propose further regulations. Specifically, FinCEN stated that future proposals will contemplate an RIA implementing a customer identification program ("CIP") and customer due diligence ("CDD"). An RIA must undergo risk assessments to comply with the AML programs and SAR requirements, and these risk assessments overlap to satisfy similar requirements under CDD. CDD requirements (and enhanced due diligence or "EDD" requirements for higher risk customers) would include obtaining an understanding of who a customer (natural or legal) is, the nature of the person's wealth and sources of funds, and whether public information about the person raises money laundering red flags that the person's funds for investment could be from an illegal source. Therefore, it may be advantageous for an RIA preparing for compliance with these proposed regulations to prepare concurrently for CIP and CDD/EDD future compliance.

In addition, FinCEN stated in these proposed regulations that it may consider expanding the application of the BSA in future rulemakings to include investment advisers not registered or required to be registered with the SEC, since unregistered investment advisers may also be at risk for abuse by money launderers, terrorists financers, and other illicit actors.


It is prudent at this time to acknowledge that regulations regarding anti-money laundering programs covering RIAs will be implemented in the near future. Given the potentially short time periods in which to comply with the proposed regulations, now is the time to review your current compliance policies and procedures, and formulate additional provisions regarding the anticipated regulations. Unregistered investment advisers may also consider developing policies and procedures at this time.

For more information regarding these proposed regulations or for counsel on compliance policies and procedures, please feel free to contact Patrick D. Sweeney or Richard M. Morris of Herrick, Feinstein LLP or your Herrick, Feinstein LLP attorney.


1 At the "placement" stage, proceeds from illegal activity or funds intended to promote illegal activity are first introduced into the financial system. For example, this could occur in the investment advisory business when a money launderer tries to fund an investment advisory account with cash or cash equivalents derived from illegal activity. Money launderers also may approach investment advisers seeking to obtain the adviser's assistance as an intermediary in placing funds into custodial accounts.

2 The "layering" stage involves the distancing of illegal proceeds from their criminal source through a series of financial transactions to obfuscate and complicate their traceability. A money launderer could place assets under management with an investment adviser as one of many transactions in an ongoing layering scheme. Layering may involve establishing an advisory account in the name of a fictitious corporation or an entity designed to break the link between the assets and the true owner. A money launderer also may place assets under management with an adviser and then shortly thereafter arrange for their removal.

3 "Integration" occurs when illegal proceeds previously placed into the financial system are made to appear to have been derived from a legitimate source. For example, once illicit funds have been invested with an investment advisor, the proceeds from those investments may appear legitimate to any financial institution thereafter receiving such proceeds.

4 See Proposed 31 CFR 1031.320(e).

5 Currency is defined as the coin and paper of the United States or of any other country that is designated as legal tender and that circulates and is customarily used as a medium of exchange in a foreign country.

6 See 31 CFR 1020.410 and 1010.430(d).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.