On February 13, the Financial Crimes Enforcement Network ("FinCEN"), within the U.S. Treasury Department, issued a Notice of Proposed Rulemaking ("Proposed Rule") that would extend certain anti-money laundering program requirements to:
- investment advisers registered ("RIAs") with the Securities and Exchange Commission ("SEC"); and
- investment advisers that report to the SEC as exempt reporting advisers ("ERAs").
Among other requirements, the Proposed Rule would require RIAs and ERAs to (1) develop and implement anti-money laundering compliance programs (within 12 months after the effective date of a final rule) and (2) monitor for and report suspicious activity to FinCEN. FinCEN proposes to delegate its authority for examining compliance with the Proposed Rule's requirements—on which FinCEN has solicited comments through April 15, 2024—to the SEC.
Background
The Bank Secrecy Act ("BSA"), as amended by the USA PATRIOT Act ("PATRIOT Act"), requires "financial institutions" to establish and maintain anti-money laundering compliance programs, which at minimum must include: the development of internal policies, procedures, and controls; designation of a compliance officer; an ongoing employee training program; an independent testing function; and procedures for conducting ongoing customer due diligence. Currently, the definition of "financial institution" encompasses several categories of financial businesses, including banks, broker-dealers, and mutual funds. However, the definition does not cover RIAs or ERAs. As a result, RIAs and ERAs generally have been exempt from most affirmative anti-money laundering requirements under U.S. law.
In 2015, FinCEN published a similar proposal that would have extended affirmative anti-money laundering program requirements to certain investment advisers. The 2015 proposal was never finalized, however, and now has been formally withdrawn by FinCEN concurrent with issuance of the Proposed Rule.
Proposed Rule
The Proposed Rule would amend the BSA implementing regulations to add certain "investment advisers" (i.e., RIAs and ERAs) to the definition of "financial institution." This, in turn, would extend certain due diligence, recordkeeping, and reporting obligations to RIAs and ERAs for the first time, as discussed in greater detail below.
Anti-Money Laundering Program
The Proposed Rule would require RIAs and ERAs to adopt a written anti-money laundering compliance program, to include the following minimum requirements:
- implementation of policies, procedures, and controls reasonably designed to (1) detect money laundering and other illicit financial activity and (2) comply with other applicable provisions of the BSA;
- designation of one or more anti-money laundering compliance officers, who should be an officer of the investment adviser (or individual with similar authority);
- provision of ongoing anti-money laundering training for appropriate personnel;
- independent testing of the anti-money laundering program; and
- risk-based procedures for conducting ongoing customer due diligence to (1) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (2) identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
FinCEN acknowledges that the anti-money laundering compliance program requirement would be risk-based, as opposed to a one-size-fits-all requirement. RIAs and ERAs would have flexibility to tailor their programs to the specific risks associated with their businesses, subject to the minimum requirements discussed above. The Proposed Rule would require that each RIA's and ERA's anti-money laundering program be approved in writing by its board of directors or trustees (or, alternatively, by its sole proprietor, general partner, trustee, or other persons that have functions like a board of directors).
While aspects of an RIA's or ERA's anti-money laundering program may be delegated to third parties, the RIA or ERA would remain fully responsible and legally liable for the program. When delegating to a third party, the RIA or ERA would need to ensure that (1) the program complies with the minimum requirements discussed above and (2) FinCEN and the SEC are able to obtain information and records relating to the program.
Under the Proposed Rule, RIAs and ERAs would be required to develop and implement an anti-money laundering compliance program within 12 months of the effective date of a final implementing rule.
Customer Identification and Verification
Importantly, the Proposed Rule would not require RIAs and ERAs to:
- establish customer identification programs ("CIPs") that include risk-based procedures for identifying and verifying the identities of customers; or
- identify and verify the beneficial ownership of legal entity customers.
On the former, the Proposed Rule states that FinCEN expects to address customer identification and verification in a future joint rulemaking with the SEC. FinCEN contemplates that the latter will be addressed through a forthcoming revision to the Customer Due Diligence ("CDD") Rule, pursuant to the Corporate Transparency Act, which is expected by January 1, 2025.
Suspicious Activity Reporting
The Proposed Rule would introduce a suspicious activity reporting requirement for RIAs and ERAs. Under the Proposed Rule, a transaction attempted by, at, or through an RIA or ERA would be subject to reporting if:
- the transaction involves or aggregates funds or other assets of at least $5,000; and
- the adviser knows, suspects, or has reason to suspect that the
transaction (or a related pattern of transactions):
- involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity;
- is designed to evade any BSA reporting requirement;
- has no business or apparent lawful purpose or is not the sort in which the customer would normally be expected to engage, and the investment adviser knows of no reasonable explanation for the transaction after examining the available facts; or
- involves use of the investment adviser to facilitate criminal activity.
In addition, the Proposed Rule would encourage—but not require—the voluntary reporting of other suspicious transactions, such as those that do not meet the $5,000 threshold.
Recordkeeping
The Proposed Rule would require RIAs and ERAs to comply with the Recordkeeping and Travel Rules, which require financial institutions to create and retain records for transmittals of funds and ensure that certain information relating to the transmittal of funds "travels" with the transmittal to the next financial institution in the payment chain. FinCEN acknowledges, however, that RIAs and ERAs operate varying business models, and they may not engage in transactions within the scope of these Rules' requirements.
Special Information-Sharing Procedures
The Proposed Rule would subject RIAs and ERAs to FinCEN's rules implementing the special information-sharing procedures of Section 314 of the PATRIOT Act. These provisions would require an RIA or ERA, upon request from FinCEN, to expeditiously search its records to determine whether the RIA or ERA maintains any account for, or has engaged in any transaction with, a party named in FinCEN's request. RIAs and ERAs also would be able to participate in voluntary information sharing arrangements with other financial institutions, which would enable broader understanding of customer risk and inform potential suspicious activity reports.
Special Measures; Special Standards for Diligence
Inclusion of RIAs and ERAs in the definition of financial institution would subject these advisers to additional requirements under the following sections of the PATRIOT Act:
- Pursuant to Section 311, RIAs and ERAs would be required to implement certain "special measures" if the Secretary of the Treasury determines that a foreign jurisdiction, institution, class of transaction, or type of account is a "primary money laundering concern."
- Pursuant to Section 312, RIAs and ERAs would be required to maintain due diligence programs for correspondent accounts for foreign financial institutions and for private banking accounts established or maintained for non-U.S. persons.
Initial Observations
- Burden on RIAs and ERAs: Although, as FinCEN observes, many RIAs and ERAs operate subject to—or have voluntarily adopted—anti-money laundering compliance programs, the scope and sophistication of these programs varies significantly. In addition, in many cases, these programs focus on elements of anti-money laundering compliance (e.g., investor identification and verification) that would not be addressed under the Proposed Rule. Certain elements of the Proposed Rule—including the requirements to implement independent testing and risk-based procedures for conducting ongoing customer due diligence—foreseeably may require substantial investment by some investment advisers.
- Delegation: Many RIAs and ERAs delegate aspects of their anti-money laundering compliance programs to third parties, including custodians, transfer agents, and administrators. Consistent with the CIP and CDD Rules, the Proposed Rule would permit RIAs and ERAs to contractually delegate the implementation and operation of aspects of their compliance programs. However, if they choose to do so, RIAs and ERAs would be required to continue to demonstrate their programs' compliance with the Proposed Rule's requirements. In the preamble to the Proposed Rule, FinCEN states that, for this purpose, it would not be sufficient to obtain a "certification" from a third-party delegate that it maintains a satisfactory anti-money laundering program. This statement seems to suggest that appropriate oversight of third-party delegates would need to involve controls beyond certifications and contractual protections.
- Suspicious Activity Reporting: According to its preamble, the Proposed Rule's suspicious activity reporting requirements would not apply to non-advisory services provided by RIAs or ERAs, such as making managerial/operational decisions about portfolio companies. However, the distinction between advisory and non-advisory services foreseeably could become blurred in relation to due diligence and ongoing monitoring of portfolio investments. For example, would FinCEN (or the SEC) expect RIAs that advise private funds to file suspicious activity reports in respect of regulatory violations committed by current or prospective portfolio companies, even in situations that do not involve transactions attempted by, at, or through the RIA? Along similar lines, the Proposed Rule identifies as an example of potentially suspicious activity "an investor in [a venture capital] fund requesting access to detailed non-public technical information about a portfolio company that is inconsistent with a professed focus on economic return."
Conclusion
The Proposed Rule is an initial step toward requiring RIAs and ERAs to comply with the anti-money laundering requirements applicable to other financial institutions. The Proposed Rule will be subject to public comment prior to finalization, followed by future rulemaking that likely would extend CIP and CDD requirements to RIAs and ERAs.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.