ARTICLE
25 October 2024

Implementing FinCEN Final Rule Imposing Anti-Money Laundering Requirements On Investment Advisers

KI
K2 Integrity

Contributor

K2 Integrity is the preeminent risk, compliance, investigations, and monitoring firm built by industry leaders, driven by interdisciplinary teams, and supported by cutting-edge technology to safeguard our clients’ operations, reputations, and economic security. K2 Integrity represents the merger of K2 Intelligence, an industry-leading investigative, compliance, and cyber defense services firm founded in 2009 by Jeremy M. Kroll and Jules B. Kroll, the originator of the modern corporate investigations industry, and Financial Integrity Network (FIN), a premier strategic advisory firm founded by Juan Zarate and Chip Poncy dedicated to helping clients achieve their financial integrity goals.
On 28 August 2024, the Financial Crimes Enforcement Network (FinCEN) issued its Final Rulemaking to include certain investment advisers in the definition of a "financial institution" under the Bank Secrecy Act (BSA).
United States Government, Public Sector

On 28 August 2024, the Financial Crimes Enforcement Network (FinCEN) issued its Final Rulemaking to include certain investment advisers in the definition of a "financial institution" under the Bank Secrecy Act (BSA). The long-awaited final rule subjects certain registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to anti-money laundering and countering the financing of terrorism (AML/CFT) requirements pursuant to the BSA, including minimum standards for establishing AML/CFT programs, reporting suspicious activity to FinCEN, and fulfilling related BSA recordkeeping requirements.

This Policy Alert provides an overview of the investment advisers covered by the final rule, the new requirements, what is not included in the final rule, and key considerations for the investment adviser sector in both implementing the new requirements and preparing for the two related additional rulemakings anticipated in 2025.

As discussed below, firms will have until 1 January 2026 to comply with the final rule. Although it is recognized that some RIAs and ERAs have implemented voluntary programs to address AML risks and comply with the BSA, this rule changes the landscape for the investment adviser sector by (1) assigning examination and enforcement authority to the SEC and (2) making covered RIAs and ERAs fully responsible and legally liable for all facets of their AML/CFT programs, even when an investment adviser delegates the implementation and/or any operations of its AML/CFT program to financial institutions, service providers, or other intermediaries.

Investment Advisers Covered by the Final Rule

FinCEN's final rule adds "investment adviser" to the definition of a "financial institution" under the BSA's implementing regulations. The final rule generally applies to investment advisers that are:

  • Investment advisers registered with or required to register with the Securities and Exchange Commission (SEC), also known as registered investment advisers (RIAs);1 and
  • Investment advisers that report to the SEC as exempt reporting advisers (ERAs).2

In addition, the final rule specifically excludes from the definition of "investment adviser":

  • RIAs that do not manage clients' assets as part of their advisory activities and are not required to report any assets under AUM to the SEC on Form ADV;
  • RIAs that register with the SEC solely because they are (i) mid-sized advisers, (ii) multi-state advisers, or (iii) pension consultants;
  • State-registered investment advisers;
  • Foreign private advisers as defined in section 202(a)(30) of the Advisers Act; and
  • Family offices as defined in rule 202(a)(11)(G)-1 under the Advisers Act.

Lastly, the final rule provides further clarification on foreign-located investment advisors. The final rule defines a "foreign-located investment adviser" as an "investment adviser whose principal office and place of business is outside the United States."34

Minimum Requirements of the Final Rule

By including certain IAs in the definition of covered financial institutions, the final rule will require RIAs and ERAs to:

  • Implement a reasonably designed, risk-based AML/CFT program, to include risk-based internal policies, procedures, and controls reasonably designed to prevent the IA from being used for money laundering (ML) or terrorist financing (TF) or other illicit finance activity. These include:
    1. Internal policies for conducting initial and ongoing customer due diligence (CDD)56 and enhanced due diligence (EDD);7
    2. Independent testing of their AML/CFT programs;8
    3. Designation of a compliance officer; and
    4. Implementation of an ongoing employee training program.
  • File certain reports, specifically:
    1. Suspicious Activity Reports (SARs) to FinCEN;9
    2. Currency Transaction Reports (CTRs) for receipt of more than $10,000 in currency and certain negotiable instruments;10 and
    3. Foreign Bank and Financial Accounts (FBAR) reports.
  • Keep records such as those relating to the transmittal of funds (i.e., comply with the Recordkeeping and Travel Rules);
  • Apply information-sharing provisions between and among FinCEN, law enforcement, government agencies, and certain financial institutions (i.e., sections 314(a) and 314(b) of the USA PATRIOT Act); and
  • Fulfill other obligations applicable to financial institutions subject to the BSA and FinCEN's implementing regulations, including special due diligence requirements for correspondent and private banking accounts and special measures under section 311 of the USA PATRIOT Act and Section 9714(a) of the Combatting Russian Money Laundering Act.

Delegation of Examination Authority—As mentioned above, and consistent with FinCEN's existing delegation of its examination authority to the SEC for brokers and dealers in securities and mutual funds,11 FinCEN has delegated its examination authority to the SEC, the federal functional regulator currently responsible for the oversight and regulation of certain investment advisers. Overall authority for enforcement of compliance with the BSA and its implementing regulations is still the responsibility of FinCEN.

What Is Not Covered in Final Rule

Defining investment advisers as "covered financial institutions" would ordinarily place investment advisers within the scope of additional requirements placed on other "covered financial institutions" under the USA PATRIOT ACT and underlying BSA regulations; however, there are two related additional rulemakings not covered in the final rule, yet anticipated for final rule in 2025:

  • Customer Identification Program (CIP) Rule—Under the USA PATRIOT ACT, the final rule implemented section 326 of the USA PATRIOT Act of 2001 and requires banks, savings associations, credit unions, and certain non-federally regulated banks to have a customer identification program.
  • Customer Due Diligence Rule—A key part of FinCEN's CDD Rule set forth requirements for the collection and verification of beneficial ownership information of legal entity customers.

The final rule expressly provides that an investment adviser would not be considered a "covered financial institution" for the purposes of the CDD Rule, given that the requirement to identify and verify the beneficial owners of legal entity customers is predicated on the existence of a CIP requirement, which under the BSA must be prescribed jointly with the relevant federal functional regulator (in this case, the SEC). FinCEN has therefore announced its intention to address CIP requirements through a future joint rulemaking with the SEC (issued as a Notice of Proposed Rulemaking on 13 May 2024) and to address the requirement to collect and verify beneficial ownership information for legal entity customers through a separate future rulemaking.12

In addition, the AML Program Effectiveness Rule is not yet incorporated into the final rule for IAs to implement a reasonably designed risk-based AML/CFT program as prescribed within Section 6101(b) of the Anti-Money Laundering Act of 2020. The current proposed rulemaking would amend existing AML/CFT program regulations to require that covered financial institutions establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs with certain minimum components, including a mandatory risk assessment process.13 Currently this proposed rulemaking does not include IAs, although they could be incorporated in time.

Key Considerations

FinCEN's final rule for certain investment advisers marks the culmination of a multi-year, interagency effort by the U.S. government to understand, assess, and mitigate the illicit finance risks facing the IA industry. It is designed to address the risk of sanctioned individuals, corrupt officials, tax evaders, and other criminal actors abusing IAs to invest in U.S. securities, real estate, and other assets, including companies developing critical infrastructure or sensitive technologies. Global standard setters such as the Financial Action Task Force (FATF) have long pointed to the lack of uniform and comprehensive AML/CFT regulations for the IA sector as a key deficiency in the U.S. AML/CFT regime14—a view reinforced by the White House's 2021 Strategy on Countering Corruption,15 the 2024 National Money Laundering Risk Assessment,16 and a first-of-its-kind Investment Adviser Risk Assessment published by the U.S. Department of the Treasury in tandem with FinCEN's proposed investment adviser rule.17

Although it is recognized that some RIAs and ERAs have implemented voluntary programs to address AML risks and comply with the BSA, the publication of the final rule changes the landscape for the investment adviser sector. As such, certain IAs should consider the following as they work towards complying with this final rule and impending related rulemakings:

  • Educate your firm, including your board and executive leadership, of the new rule's requirements and potential impacts. In preparation of the new requirements, its critical to prepare your firm for how to provide evidence of compliance and manage your risks effectively. These include legal, exam/regulatory, geopolitical, export, and sanctions risks. Even those IAs that have programs in place to comply with aspects of CDD or EDD will need to evidence compliance with the new requirements as outlined above, particularly for SAR filing and other regulatory reporting. A thorough gap assessment, or regulatory readiness assessment, of current controls to new requirements is needed to ensure firms are prepared for these new requirements.
  • Reassess the delegation of certain activities. Many IAs, particularly small to mid-size firms, likely leverage third parties18 to perform certain required functions under the final rule. These requirements may require strong third-party risk management controls to ensure IAs have full understanding of all functions, appropriate governance controls to monitor the functions being performed, and a capacity to credibly challenge their effectiveness. Solely "relying" on delegation without a full understanding of and governance over the delegated functions can result in regulatory criticism or enforcement action.

K2 Integrity Solutions

Should you have any questions about the new proposed rule for certain investment advisers and its impact for your business, please contact our team of AML/CFT experts.

Our Financial Crime Risk Management Advisory practice can help you in your journey to comply with these new rules. We provide:

  • Strategic Advisory Services to assist you in education, outreach, training, and market analysis; and
  • Gap Assessment and Regulatory Readiness Assessment Services to help you understand your current business operations in relation to these new rules and develop a comprehensive assessment of your firm's compliance with the new rule or areas where additional measures are required to comply with new regulations. These assessment services include assessing your business's inherent and residual risk and leveraging your firm's business strategy and risk appetite to facilitate a tailored, risk-based approach to AML/CFT compliance.

Footnotes

1. Investment advisers generally must register with the SEC if they have over $110 million in AUM. As of 31 July 2023, there were 15,391 RIAs, reporting approximately $125 trillion in AUM for their clients. It is important to note that certain states may require investment advisers to register with SEC regardless of SEC registered minimum AUM requirements.

2. ERAs are investment advisers that (1) advise only private funds and have less than $150 million in AUM in the United States or (2) advise only venture capital funds. ERAs are exempt from SEC registration but still must file certain information with the SEC. As of 31 July 2023, there were 5,846 ERAs that were exempt from registering with the SEC but filed certain information with SEC.

3. 31 CFR 1032.110.

4. For these investment advisers (defined as "foreign-located investment advisers" in the final rule), the final rule only applies to their advisory activities that (i) take place within the United States, including through the involvement of U.S. personnel of the investment adviser, or (ii) provide advisory services to a U.S. person or a foreign-located private fund with an investor that is a U.S. person.

5. In determining which internal policies, procedures, and controls to implement, the Final Rule requires IAs to review the types of advisory services they provide and the nature of the customers they advise in order to understand their particular ML/TF and other illicit finance risks.

6. CDD must include two core elements: understanding the nature and purpose of customer relationships in order to develop a customer risk profile and conducting ongoing monitoring to identify (and report) suspicious transactions and to maintain (and update) customer information.

7. EDD should be performed on higher risk entities based on customer-level risk rating.

8. This can be performed by the IA's personnel or a qualified outside party, but must be independent from the personnel performing the function being tested.

9. The final rule requires IAs to file a SAR with FinCEN for any suspicious transaction (or pattern of transactions) conducted or attempted by, at, or through the AI that involves or aggregates at least $5,000 in funds or other assets.

10. The CTR filing obligation replaces the obligation to file a Form 8300.

11. 31 CFR 1010.810(b)(6).

12. Independent of the investment adviser final rule, FinCEN intends to amend the CDD Rule to bring it into alignment with the Corporate Transparency Act of 2021.

13. Although not mandatory, risk assessments are critical tool in developing an effective, risk-based AML/CFT program.

14. FATF, United States Fourth Round Mutual Evaluation Report (December 2016), p. 41, available at https://www.fatf-gafi.org/content/dam/fatf-gafi/mer/MER-United-States-2016.pdf.coredownload.inline.pdf.

15. United States Strategy on Countering Corruption (December 2021), pp. 22-23, available at https://www.whitehouse.gov/wp-content/uploads/2021/12/United-States-Strategy-on-Countering-Corruption.pdf.

16. U.S. Department of the Treasury, 2024 National Money Laundering Risk Assessment (February 2024), pp. 86-88, available at https://home.treasury.gov/system/files/136/2024-National-Money-Laundering-Risk-Assessment.pdf.

17. U.S. Department of the Treasury, 2024 Investment Adviser Risk Assessment (February 2024), available at https://home.treasury.gov/system/files/136/US-Sectoral-Illicit-Finance-Risk-Assessment-Investment-Advisers.pdf.

18. Third parties can include service providers, broker-dealers, fund administrators, etc.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Government Regulation and Public Sector Law

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More