United States: AML Best Practices For Private Fund Managers: The Prudence Of Establishing An AML Compliance Program

I. Introduction

U.S. hedge funds, private equity funds, and venture capital funds (collectively, the Private Funds),¹ and their U.S. general partners, sponsors, and managers (Advisers), are not directly subject to the requirements of the Bank Secrecy Act of 1970 and its amendments (BSA). The current regulatory framework, including the most recent amendment to the BSA, the Anti-Money Laundering Act of 2020 (AMLA), excludes Advisers from the BSA's definition of financial institution (FI).²

Notwithstanding the foregoing, as a good business practice and to align with industry standards, Advisers are increasingly implementing for themselves and their Private Funds limited anti-money laundering (AML) programs that, at a minimum, conform to certain BSA requirements. Furthermore, the nature of an Adviser's or a Private Fund's relationship with the FIs in which it holds accounts (whether custody, trading, banking, debt, or otherwise) is often subject to (and may be contingent on) the Adviser having implemented a compliance program and conducted due diligence on the Private Fund's investors. In addition, an AML compliance program also aids in the Advisers' Office of Foreign Asset Control (OFAC) and Money Laundering Control Act (MLCA) obligations, to which every United States business is subject. Accordingly, Advisers must understand the AML and OFAC risks and associated red flags, and must implement a compliance program that effectively mitigates the specific risks presented by the Private Funds.

Section II of this client alert will set forth the relevant regulatory regimes and recent relevant developments. Section III will further analyze why Advisers should consider implementing an AML compliance program, and Section IV will provide a high-level description of a model AML compliance program.

II. Relevant Regulatory Regimes and Recent Developments

A. BSA and Recent Developments

The BSA was enacted in 1970 to prevent bad actors from using FIs to hide or launder money and to protect FIs from facilitating money laundering. Since 1970, the BSA has undergone multiple amendments to further facilitate law enforcement and regulatory agencies' efforts in combating money laundering and terrorist financing.

In 2001, Section 352 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act) required FIs to implement an AML compliance program that includes, at a minimum: (1) a designated compliance officer; (2) internal policies, procedures, and controls; (3) independent testing of the AML compliance program; and (4) ongoing employee AML training. These four components of an AML compliance program are generally referred to as the "four pillars."³

In January 2021, Congress enacted AMLA as part of the National Defense Authorization Act for Fiscal Year 2021. AMLA is the most significant change to existing BSA requirements since the USA PATRIOT Act. Among its many provisions, AMLA provides for (1) new and increased penalties under the BSA; (2) an expanded scope of BSA to include the regulation of entities dealing with digital currency; (3) the ability to share details of suspicious activity reports with certain affiliates; (4) the establishment of a whistleblower program; (5) the creation of a national beneficial ownership registry that requires "reporting companies" to submit details of their beneficial owners to FinCEN;⁴ and most importantly, (6) the necessity for FIs to take into account FinCEN's AML priorities when performing their risk assessment as part of their risk-based AML program. FinCEN's priorities are updated every four years.

B. OFAC and Recent Developments

Sanctions have been imposed on various foreign countries, regions, businesses, and nationals by the Treasury Department dating back to prior to 1812. However, the formal regulatory framework for OFAC was developed in 1950 and has since evolved to facilitate the U.S.'s foreign policy and national security goals, including stopping terrorist financing and drug trafficking, and furthering international humanitarian efforts.

OFAC regularly publishes lists of Specially Designated Nationals (SDNs), countries, and regions that are sanctioned, and lists of additional sanctions to which U.S. Persons5 must adhere. All U.S. Persons are subject to OFAC regulations, including Advisers and their Private Funds. The burden is on U.S. Persons to be aware of OFAC sanctions and not engage in transactions that would violate them.

III. Why Advisers Should Consider Implementing an AML Compliance Program

Instituting an AML program facilitates an Adviser's compliance with the MLCA⁶ and OFAC requirements. All U.S. and non-U.S. Persons who conduct transactions in the U.S. are subject to the MLCA, and all U.S. Persons must comply with the strict liability regime of OFAC sanctions (including U.S. incorporated entities). Information collected under an AML compliance program can reveal previously undisclosed sanctioned individuals or entities. In addition, reviewing red flags and suspicious activity from an AML compliance program can reveal attempts to circumvent OFAC sanctions and AML regulations.

It is also important for Advisers to implement conforming AML compliance programs in order to more effectively conduct business with FIs in the Adviser's and Private Fund's daily operations, whether that business is opening trading accounts or bank accounts, custodial arrangements, seeking loans, or conducting other transactional matters. If the Adviser does not have an AML compliance program prior to onboarding with an FI, the FI may choose to either (1) onboard the Private Fund as a high-risk client with required enhanced due diligence (EDD) reviews conducted annually (or, in certain instances, at more frequent intervals), or (2) refuse to establish a relationship with the Private Fund. At a minimum, most FIs will require the Adviser to have a compliance program in place to collect basic Customer Identification Program (CIP) data from the Private Fund's investors, including customer name, date of birth, address, and an identification number. This CIP information is usually verified via documentary means such as a driver's license or passport, tax document, and/or proof of address.⁷ Other supplementary measures may be used depending on the specific transaction.

FIs also bear OFAC risks in establishing a relationship with a Private Fund whose Adviser has not implemented an AML compliance program. As a result, failure to implement an AML compliance program, which enhances an Adviser's ability to adhere to OFAC regulations, may subject such Adviser's Private Funds to offboarding or denial of services by the FI due to the perceived increase in OFAC risk to the FI.

FIs have also incurred substantial financial penalties in recent years from various regulatory authorities for failure to collect appropriate CIP information, failure to monitor, or failure to report suspicious activity.⁸ Advisers should anticipate enhanced FI review during a Private Fund's onboarding and any additional burdens or delays this may cause to a pending transaction. FI delays to onboarding may extend to several months, delaying trading, transactions, or other relationships with the FI. Such scrutiny may be effectively mitigated by the Adviser implementing a robust, risk-based AML compliance program in advance.

IV. Adviser AML Compliance Program Best Practices

Advisers seeking to establish or enhance their AML compliance program should utilize the BSA's first four pillars as a guideline to effectively detect and address AML, Securities Exchange Commission (SEC), OFAC, MLCA, or other compliance violations. Potential AML/OFAC compliance issues raised by transactional reviews are also known as red flags. In addition, FIs are now expected to establish additional AML/know-your-customer (KYC) guidelines in their dealings with their onboarding clients due to the new AMLA provisions. Advisers should expect increasing AML/KYC requests from FIs when onboarding their Private Funds and during the course of the relationship. As an example, FIs are requesting detailed information regarding the AML compliance program instituted by an Adviser, including, without limitation, such program's OFAC reviews/controls, employee training, and CIP. With respect to each potential FI relationship, the Adviser's AML compliance program will be factored into such FI's AML and OFAC risk analysis.

Advisers that outsource their AML compliance program to a fund administrator (Admin) should also review the Admin's AML compliance program to ensure that it aligns with the guidance set forth in this article, and as may be set forth in an Adviser's AML compliance policies and procedures. While an Admin may be contractually assigned to execute an Adviser's AML compliance program, the Adviser remains ultimately responsible for their own AML, OFAC, and MLCA obligations. As a result, the Adviser should ensure their AML compliance program includes procedures for reviewing/auditing the Admin's performance of the Adviser's AML compliance program.⁹

Key considerations for Advisers when designing or enhancing their AML compliance program include (1) designating a qualified individual responsible for overseeing the program, who has sufficient authority and resources to execute such program (AML Officer); (2) ensuring the AML compliance program documents all of the Adviser's risk-based AML compliance policies and processes; (3) implementing risk-based transaction monitoring;¹⁰ and (4) clearly articulating internal reporting and escalation procedures.¹¹

An Adviser's AML compliance program should be independently tested every 12 months in conjunction with the Adviser's other annual reviews to ensure its effectiveness, with the test results being reported directly to the Adviser's Board of Directors or equivalent governing body (Board). Additionally, the Adviser's employees, including senior management and the Board, should undergo general and role-specific training on a periodic and, as necessary, event-driven basis.

A. Sample Investor Onboarding to a Private Fund

The following is an example of an investor's initial onboarding to a Private Fund whose Adviser has implemented a risk-based AML compliance program:

1. When an investor seeks to invest in a Private Fund, a due diligence review is conducted from the data contained in the subscription document and from supplemental information the investor provides to the Private Fund. The due diligence review will begin with the collection and verification of investor CIP information. An investor will also be asked to deliver their source of wealth and source of funds. If the investor is an entity, formation and operating documentation will be required, as well as certain CIP information on the entity's officers/directors/managing members.
2. Once the investor's identity and general AML risk profile are established from an analysis of the above documentation/information, the Adviser (or the Private Fund's Admin) will begin conducting investor screening, which includes searches for negative news (also referred to as adverse media) on the investor and all affiliates, politically exposed persons (PEP), and sanctions.
3. Any positive compliance red flag hits will be reported directly to the Private Fund's designated AML Officer. The AML Officer, or his/her designee, will review and evaluate the compliance hit, and will coordinate a response, generally with outside counsel. The AML Officer's review may include an assessment of the compliance, geographic, political, and reputational risks to the Private Fund if the investor is onboarded. Such review will take the totality of the circumstances into account, and may include a deep dive into the investor's relationships and foreign account dealings.
4. Based on such review, the AML Officer may implement additional controls on the investor's account as a condition to onboarding, including EDD review. If the Investor's AML risk profile exceeds the Adviser's risk appetite, the AML Officer may recommend that the Adviser refuse such investor's subscription.

Once the investor is onboarded, the above AML reviews should be conducted periodically either at risk-based intervals or in response to trigger events (e.g., deal transactions with the Private Fund, change in investor information).

V. Conclusion

This client alert is a high-level explanation of an AML compliance program for Advisers. Lowenstein Sandler LLP will discuss investor red flag hits and proposed Adviser responses in a future client alert.

Footnotes

1 For the purposes of this article, "Private Funds" applies to privately placed pooled investment vehicles exempt from registration under the Investment Company Act of 1940 and managed by registered investment advisers, exempt reporting advisers, or nonregistered investment advisers.

2 There have been attempts to require Advisers to be subject to the BSA. In 2015, the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) proposed that Advisers be deemed "financial institutions" and subject to the BSA. The proposal was ultimately withdrawn. Congress recently introduced the Establishing New Authorities for Business Laundering and Enabling Risks to Security Act, which would allow FinCEN to require the "enabling industry" to establish anti-money laundering programs and enforce reporting requirements. Advisers are explicitly named as members of the enabling industry.

3 In May 2016, FinCEN introduced a "fifth pillar" by enacting the Customer Due Diligence Rule (CDD Rule). It became effective in May 2018 and required certain FIs to collect beneficial ownership certifications. Advisers and Private Funds are not considered FIs for the purposes of the CDD Rule, but will likely collect similar information as part of the subscription process. However, FIs will request such certifications from the Advisers and Private Funds when onboarding. See 31 CFR §1010.230.

4 This provision is pursuant to the Corporate Transparency Act of 2020, which is part of the AMLA.

5 U.S. Person is defined as all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the U.S., and all U.S.-incorporated entities and their foreign branches. Under certain sanctions programs, foreign subsidiaries owned or controlled by U.S. companies or foreign persons in possession of U.S.-origin goods must comply.

6 The MLCA criminalizes all financial transactions that have the intent to promote unlawful activity, and financial transactions of $10,000 or greater where the parties have knowledge that the transaction proceeds are the proceeds of specified unlawful activity, regardless of whether the defendant is attempting to disguise it. The knowledge requirement includes willful blindness and conscious disregard, meaning that participants cannot ignore red flags in the course of the transaction. Under the MLCA, Advisers and Private Funds that are involved in money laundering transactions or to which such transactions are traceable can be subject to civil forfeiture (subject to the "innocent owner" defense).

7 Depending on the AML capabilities of the Adviser, CIP information is generally reviewed by a fund administrator, certain compliance software, and/or an internal Adviser.

8 See, e.g., In the matter of TD Ameritrade Inc., Admin. Proc. File No. 3-18829 (Sept. 24, 2018), available at https://www.sec.gov/litigation/admin/2018/34-84269.pdf, and Securities and Exchange Commission v. Charles Schwab & Co. Inc., Civil Action No. 18-cv-3942 (U.S. District Court for the Northern District of California, July 2, 2018), available at https://www.sec.gov/litigation/complaints/2018/comp24189.pdf.

9 The SEC recently published a proposed rule under the Investment Advisers Act of 1940 seeking to prohibit registered investment advisers from outsourcing certain services and functions without conducting due diligence and monitoring of the service providers. See https://www.sec.gov/rules/proposed/2022/ia-6176.pdf. See also Lowenstein's client alert SEC Proposes Rule Requiring Service Provider Due Diligence and Monitoring by Registered Investment Advisers, dated November 21, 2022.

10 Advisers are not required to file suspicious activity reports (SARs). FIs are subject to the SAR reporting rule. However, Advisers should implement a review and reporting process to address any suspicious activity to comply with their other regulatory obligations. Most Admins also will file SARs with FinCEN at the Adviser's request.

11 Advisers may wish to consider addressing regulatory reporting and recordkeeping, including internal implementation of incentives to comply with AML policies, such as making AML and OFAC compliance a part of performance reviews.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.