In a sequel to FinCEN's proposal earlier this year to extend anti-money laundering and Bank Secrecy Act regulations to investment advisers (AML/BSA Proposal), on May 13, 2024, FinCEN and the SEC jointly issued a new Notice of Proposed Rule Making. This rule would extend formal customer identification program (CIP) obligations to investment advisers, something not otherwise included in FinCEN's earlier proposal. If adopted, certain investment advisers would be required to establish and maintain a CIP similar to those of financial institutions such as banks and brokers/dealers. The combined AML/BSA and CIP proposals together would bring investment advisers squarely into the same financial compliance arena of other financial institutions with obligations for clearly identifying customers, monitoring transactions, and filing Suspicious Activity Reports (SAR) with FinCEN. Interested parties have sixty days to comment.
Will all investment advisers to be subject to the CIP rule?
No. Similar to the AML/BSA Proposal, the proposed CIP rule would apply only to certain investment advisers. Specifically, the rule would apply to registered investment advisers (RIAs) and exempt reporting advisers (ERAs) such as private funds advisers with less than $150 million in assets or advisers who only advise for venture capital funds. The rule would exempt: (1) state registered investment advisers; (2) advisory work related to mutual funds; and (3) non-US SEC registered advisers of non-US clients. However, as stated in the AML/BSA Proposal, non-US advisers who meet the requirements to report as ERAs to the SEC should anticipate being subject to the rule requirements for activities with US clients.
What would the proposed investment adviser CIP rule require if adopted?
Similar to CIP requirements applicable to banks, investment advisers would have to establish and implement reasonable, risk-based CIP procedures tailored to the investment adviser's size, business, and customer base, including:
- Verifying a customer's identity within a
reasonable time before or after opening a new
account. In connection with this step, the investment
adviser would be required to collect certain information including:
- Name,
- Date of birth for an individual, or date of formation for an entity,
- Address,
- Identification number (e.g., tax identification number), subject to certain exceptions for those who are in the process of obtaining an identification number or for foreign businesses, and
- Information relating to the identity of the individual with authority or control over a business account in the event the investment adviser is unable to verify the identity of a business.
An investment adviser can perform identity verification using both documentary and non-documentary methods (e.g., reviewing financial statements, utilizing third-party databases). In addition, its CIP procedures should discuss how the investment adviser will handle circumstances where it cannot verify the true identity of the customer, including, but not limited to, refusing to open the account, closing the account after failure of verification attempts, and filing a SAR.
- Retaining records associated with its CIP program. Investment advisers must retain (a) records of identifying information (i.e., customer name, address, DOB, etc.) for a period of five years after the account is closed; and (b) records of verifying information (i.e., records used to verify the customer's identity using documentary or non-documentary methods) for a period of five years after the record is made.
- Notifying customers about the CIP. Investment advisers must provide or make available to customers' notice that the firm is requesting information to verify their identities prior to account opening.
- Screening customers against government lists. While there have not been such designated lists for CIP purposes, the procedures must address how the investment adviser will determine whether a customer appears on any list of known or suspected terrorists or terrorist organizations maintained by a government entity.
- Reliance on another financial institution. Investment advisers will be able to formally rely on certain other financial institutions in performing their CIP obligations without the liability of a traditional third-party outsourcing agreement. As for other regulated financial institutions, to alleviate the liability risk, the reliance must satisfy certain requirements for the provision of specified customer identification information including, (1) the reliance is reasonable; (2) the third-party is subject to an AML program pursuant to 31 U.S.C. 5318(h) and is regulated by a federal functional regulator; and (3) the reliance is documented in a contract between the parties requiring the third party to certify annually to the investment adviser that it has implemented an AML/CFT program and will perform the specified requirements of the investment adviser's CIP.
Will investment advisers have to verify the identity of all customers, including existing customers?
No. While the rule requires that investment advisers know and verify the identity of their customers, the rule provides some exemptions and efficiencies. For example, the investment adviser would not have to verify the identity of existing customers provided the investment adviser has a reasonable belief that it already knows the customer's true identity. The rule would also exempt investment advisers from verifying the identity of the beneficiary of a trust or similar account unless the investment adviser's risk assessment of the new account indicates that it should be subject to heighted review or additional investigations. Also, similar to the existing CIP rule applicable to other financial institutions, the rule would exclude certain categories of entities from the definition of a "customer," including: (1) financial institutions regulated by a federal functional regulator, or a bank regulated by a state bank regulator; (2) certain government entities; and (3) certain entities publicly listed on a US securities exchange or certain of their subsidiaries. However, investment advisers would be required to verify identifies of new customers, which include (1) "a natural person or a legal entity—who opens a new account with an investment adviser"; and (2) the individual who opens a new account for a minor or non-legal entity.
Does the rule exempt any accounts from its purview?
Yes. The proposed rule defines an "account" as follows:
- any contractual or other business relationship between a person and an investment adviser under which the investment adviser provides investment advisory services, and
- employee benefit plan accounts established pursuant to ERISA in the definition of an account.
However, the rule would exclude accounts acquired "through an acquisition, merger, purchase of assets, or assumption of liabilities".
Additionally, dually registered investment advisers should not be significantly impacted since they likely already perform CIP under their banking or broker/dealer CIP regulations.
In short, this proposal will bring investment advisers, who have long been a sore spot for government regulators, within the full purview of AML/KYC regulatory requirements applicable to other mainstream financial institutions.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.