In an attempt to address or prevent any money launderer's
access to the U.S. financial system through accounts serviced by
registered investment advisers, the Department of Treasury's
Financial Crimes Enforcement Network
("FinCEN") published a Notice of
Proposed Rulemaking on September 1, 2015. The proposed regulations
would subject investment advisers registered (or required to be
registered; collectively, "RIAs") with
the Securities and Exchange Commission
("SEC") under the Investment Advisers
Act of 1940 (the "Advisers Act") to
regulations comparable to those imposed on financial institutions
by the USA PATRIOT Act.
Money laundering is the processing of criminal proceeds through the
financial system to disguise their illegal origin or the ownership
or control of the assets, or the promoting of illegal activity with
illicit or legal source funds. Generally, money laundering involves
three stages, known as placement,1 layering,2
and integration.3 The crime of money laundering also
encompasses the movement of funds to finance terrorism, whether
these funds come from illegitimate or legitimate sources.
According to FinCEN, an RIA's asset management operations are
vulnerable at each stage of the money laundering process. Money
launderers may see the $61.9 trillion in assets under management by
RIAs as a low-risk way to enter the U.S. financial system. FinCEN
believes that RIAs are also uniquely situated to appreciate a
broader understanding of their clients' movement of funds
through the financial system because of the types of advisory
activities in which they engage.
The proposed regulations are open to public comments until November
2, 2015.
The Proposed Regulations
The proposed regulations generally impose three obligations on RIAs under the Bank Secrecy Act (the "BSA"):
1. Implementing anti-money laundering ("AML") programs.
The proposed regulations would require an RIA to develop and
implement a written AML program approved by its board of directors,
sole proprietor, general partner or other person(s) in a similar
function. The AML program must be reasonably designed to prevent
the RIA from being used to facilitate money laundering, and to
achieve and monitor compliance with the applicable provisions of
the BSA and FinCEN's regulations.
The four minimum requirements for the AML program are comparable to
the requirements for banks, broker-dealers, mutual funds and other
financial institutions under the BSA. They are:
i. Establishing and implementing risk-based and reasonable written policies, procedures, and internal controls;
ii. Providing for periodic independent testing of the AML program (employees of the RIA, its affiliates or unaffiliated service providers are considered independent to conduct such testing so long as those same employees are not involved in the operation and oversight of the AML program);
iii. Designating a compliance officer responsible for monitoring the operations and internal controls of the program; and
iv. Providing ongoing employee training that covers a general awareness of overall BSA requirements and money laundering issues as well as more job-specific guidance regarding particular employees' roles and functions in the AML program.
To meet these requirements, an RIA is expected to perform a risk analysis of the money laundering and terrorist financing risks posed by its clients to determine the extent and frequency of the programs. This analysis and implementation must cover all of an RIA's advisory activity, whether the adviser is acting as the primary adviser or a subadviser, and must include advisory activity that does not entail the management of client assets. FinCEN expects the AML program to extend to an RIA's services to all of its clients, including its separate account clients and fund clients based outside of the United States. As proposed, the AML program would need to be in effect six months from the date of the issuance of the final rulemaking.
2. Filing suspicious activity reports ("SARs").
An RIA would be required to report suspicious transactions that are conducted or attempted by, at, or through the RIA and involve or aggregate at least $5,000 in funds or other assets. An RIA who files SARs or any other voluntary reports of suspicious transactions is protected from liability against any other authority or person for such disclosure or any failure to provide notice of such disclosure; however, this limitation of liability does not extend to any civil or criminal action brought by any government to enforce any law or regulation.4
At a minimum, the rule requires an RIA to report a transaction if the RIA "knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part):"
i. involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity;
ii. is designed, whether through structuring or other means, to evade the requirements of the BSA;
iii. has no business or apparent lawful purpose, and the investment adviser knows of no reasonable explanation for the transaction after examining the available facts; or
iv. involves the use of the investment adviser to facilitate criminal activity.
FinCEN noted current industry reliance on "red flags"
for purposes of detecting suspicious transactions: (i) a client
exhibits an unusual concern regarding the adviser's compliance
with government reporting requirements or is reluctant or refuses
to reveal any information concerning business activities, or
furnishes unusual or suspicious identification or business
documents; (ii) a client appears to be acting as the agent for
another entity but declines, evades, or is reluctant to provide any
information in response to questions about that entity; (iii) a
client's account has a pattern of inexplicable and unusual
withdrawals, contrary to the client's stated investment
objectives; (iv) a client requests that a transaction be processed
in such a manner as to avoid the adviser's normal documentation
requirements; or (v) a client exhibits a total lack of concern
regarding performance returns or risk.
Where the proposed regulations stray from comparable regulations
for other financial institutions is their allowance for an RIA to
share SARs with other RIAs. Therefore, where more than one RIA, or
another financial institution with a separate suspicious activity
reporting obligation, is involved in the same transaction, only one
report is required to be filed. This alleviates an RIA's SARs
compliance burden when working with other financial institutions
required to file.
FinCEN would require an RIA to file an SAR within 30 days after the
RIA becomes aware of a suspicious transaction by completing and
filing an SAR with FinCEN in accordance with all form instructions
and applicable guidance. Copies of the SAR filings and their
supporting documents, which are deemed to have been filed with an
SAR, are required to be kept for a period of five years from the
date of filing. An SAR and any information that would reveal the
existence of an SAR are confidential and cannot be disclosed by an
RIA, except as authorized. SAR compliance applies only after the
full initiation of the AML programs, and thus must begin six months
from the date of the issuance of the final rulemaking.
3. Maintaining general recordkeeping requirements.
Defining an RIA as a "financial institution" would
require an RIA to comply with all BSA regulatory requirements
generally applicable to financial institutions, including (a)
Currency Transaction Report ("CTR") filing requirements,
(b) the recordkeeping, transmittal of records, and retention
requirements for the transmittal of funds under the Recordkeeping
and Travel Rules and other related recordkeeping requirements, (c)
and information sharing requests pursuant to the USA PATRIOT
Act.
An RIA would be required to file CTRs for a transaction involving a
transfer of more than $10,000 in currency by, through or to the RIA
in a single business day. CTR filings would replace the former
requirement to file reports on Form 8300 for the receipt of more
than $10,000 in cash and negotiable instruments, which are defined
much more broadly than currency.5 It seems unlikely in
view of the typical practices of an RIA that an RIA would engage in
any reportable currency transactions. Moreover, an AML program
should already include prohibitions or restrictions on forms of
payment that figure in money laundering schemes, such as currency,
money orders, travelers checks, multiple cashier's checks or
third party payments.
Under the Recordkeeping and Travel Rules and proposed regulations,
an RIA must create and retain records for transmittals of funds for
a period of five years, and ensure that certain information
pertaining to the transmittal of funds "travel" with the
transmittal to the next financial institution in the payment
chain.6 The dollar threshold to implicate these
particular rules is $3,000. These rules would then require an RIA
to obtain and retain not only the name, address and other
information about the transmittor and the transaction, but also
identifying information on the recipient.
The USA PATRIOT Act helps law enforcement identify, disrupt, and prevent terrorist acts and money laundering activities by encouraging further cooperation among law enforcement, regulators, financial institutions, and, now as proposed, RIAs, to share information regarding those suspected of being involved in terrorism or money laundering. Such information may include whether particular individuals, entities or organizations: (i) maintain a current account with the institution; (ii) have maintained an account with the institution during the preceding twelve months; or (iii) have been involved in any transaction or transmittal of funds by or through the institution during the preceding six months. If so, an RIA must thereafter provide the name of the person, entity or organization identified, together with other information such as the account number, social security number, date of birth or other similar identifying information as appropriate.
Looking Ahead
FinCEN has announced its intention to propose further
regulations. Specifically, FinCEN stated that future proposals will
contemplate an RIA implementing a customer identification program
("CIP") and customer due diligence
("CDD"). An RIA must undergo risk
assessments to comply with the AML programs and SAR requirements,
and these risk assessments overlap to satisfy similar requirements
under CDD. CDD requirements (and enhanced due diligence or
"EDD" requirements for higher risk customers) would
include obtaining an understanding of who a customer (natural or
legal) is, the nature of the person's wealth and sources of
funds, and whether public information about the person raises money
laundering red flags that the person's funds for investment
could be from an illegal source. Therefore, it may be advantageous
for an RIA preparing for compliance with these proposed regulations
to prepare concurrently for CIP and CDD/EDD future
compliance.
In addition, FinCEN stated in these proposed regulations that it
may consider expanding the application of the BSA in future
rulemakings to include investment advisers not registered or
required to be registered with the SEC, since unregistered
investment advisers may also be at risk for abuse by money
launderers, terrorists financers, and other illicit actors.
Conclusion
It is prudent at this time to acknowledge that regulations
regarding anti-money laundering programs covering RIAs will be
implemented in the near future. Given the potentially short time
periods in which to comply with the proposed regulations, now is
the time to review your current compliance policies and procedures,
and formulate additional provisions regarding the anticipated
regulations. Unregistered investment advisers may also consider
developing policies and procedures at this time.
For more information regarding these proposed regulations or for counsel on compliance policies and procedures, please feel free to contact Patrick D. Sweeney or Richard M. Morris of Herrick, Feinstein LLP or your Herrick, Feinstein LLP attorney.
Footnotes
1 At the "placement" stage, proceeds from illegal activity or funds intended to promote illegal activity are first introduced into the financial system. For example, this could occur in the investment advisory business when a money launderer tries to fund an investment advisory account with cash or cash equivalents derived from illegal activity. Money launderers also may approach investment advisers seeking to obtain the adviser's assistance as an intermediary in placing funds into custodial accounts.
2 The "layering" stage involves the distancing of illegal proceeds from their criminal source through a series of financial transactions to obfuscate and complicate their traceability. A money launderer could place assets under management with an investment adviser as one of many transactions in an ongoing layering scheme. Layering may involve establishing an advisory account in the name of a fictitious corporation or an entity designed to break the link between the assets and the true owner. A money launderer also may place assets under management with an adviser and then shortly thereafter arrange for their removal.
3 "Integration" occurs when illegal proceeds previously placed into the financial system are made to appear to have been derived from a legitimate source. For example, once illicit funds have been invested with an investment advisor, the proceeds from those investments may appear legitimate to any financial institution thereafter receiving such proceeds.
4 See Proposed 31 CFR 1031.320(e).
5 Currency is defined as the coin and paper of the United States or of any other country that is designated as legal tender and that circulates and is customarily used as a medium of exchange in a foreign country.
6 See 31 CFR 1020.410 and 1010.430(d).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.