In an attempt to address or prevent any money launderer's access to the U.S. financial system through accounts serviced by registered investment advisers, the Department of Treasury's Financial Crimes Enforcement Network ("FinCEN") published a Notice of Proposed Rulemaking on September 1, 2015. The proposed regulations would subject investment advisers registered (or required to be registered; collectively, "RIAs") with the Securities and Exchange Commission ("SEC") under the Investment Advisers Act of 1940 (the "Advisers Act") to regulations comparable to those imposed on financial institutions by the USA PATRIOT Act.

Money laundering is the processing of criminal proceeds through the financial system to disguise their illegal origin or the ownership or control of the assets, or the promoting of illegal activity with illicit or legal source funds. Generally, money laundering involves three stages, known as placement,1 layering,2 and integration.3 The crime of money laundering also encompasses the movement of funds to finance terrorism, whether these funds come from illegitimate or legitimate sources.

According to FinCEN, an RIA's asset management operations are vulnerable at each stage of the money laundering process. Money launderers may see the $61.9 trillion in assets under management by RIAs as a low-risk way to enter the U.S. financial system. FinCEN believes that RIAs are also uniquely situated to appreciate a broader understanding of their clients' movement of funds through the financial system because of the types of advisory activities in which they engage.

The proposed regulations are open to public comments until November 2, 2015.

The Proposed Regulations

The proposed regulations generally impose three obligations on RIAs under the Bank Secrecy Act (the "BSA"):

1. Implementing anti-money laundering ("AML") programs. 

The proposed regulations would require an RIA to develop and implement a written AML program approved by its board of directors, sole proprietor, general partner or other person(s) in a similar function. The AML program must be reasonably designed to prevent the RIA from being used to facilitate money laundering, and to achieve and monitor compliance with the applicable provisions of the BSA and FinCEN's regulations.

The four minimum requirements for the AML program are comparable to the requirements for banks, broker-dealers, mutual funds and other financial institutions under the BSA. They are:

i. Establishing and implementing risk-based and reasonable written policies, procedures, and internal controls;

ii. Providing for periodic independent testing of the AML program (employees of the RIA, its affiliates or unaffiliated service providers are considered independent to conduct such testing so long as those same employees are not involved in the operation and oversight of the AML program);

iii. Designating a compliance officer responsible for monitoring the operations and internal controls of the program; and

iv. Providing ongoing employee training that covers a general awareness of overall BSA requirements and money laundering issues as well as more job-specific guidance regarding particular employees' roles and functions in the AML program.

To meet these requirements, an RIA is expected to perform a risk analysis of the money laundering and terrorist financing risks posed by its clients to determine the extent and frequency of the programs. This analysis and implementation must cover all of an RIA's advisory activity, whether the adviser is acting as the primary adviser or a subadviser, and must include advisory activity that does not entail the management of client assets. FinCEN expects the AML program to extend to an RIA's services to all of its clients, including its separate account clients and fund clients based outside of the United States. As proposed, the AML program would need to be in effect six months from the date of the issuance of the final rulemaking.

2. Filing suspicious activity reports ("SARs").

An RIA would be required to report suspicious transactions that are conducted or attempted by, at, or through the RIA and involve or aggregate at least $5,000 in funds or other assets. An RIA who files SARs or any other voluntary reports of suspicious transactions is protected from liability against any other authority or person for such disclosure or any failure to provide notice of such disclosure; however, this limitation of liability does not extend to any civil or criminal action brought by any government to enforce any law or regulation.4

At a minimum, the rule requires an RIA to report a transaction if the RIA "knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part):"

i. involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity;

ii. is designed, whether through structuring or other means, to evade the requirements of the BSA;

iii. has no business or apparent lawful purpose, and the investment adviser knows of no reasonable explanation for the transaction after examining the available facts; or

iv. involves the use of the investment adviser to facilitate criminal activity.

FinCEN noted current industry reliance on "red flags" for purposes of detecting suspicious transactions: (i) a client exhibits an unusual concern regarding the adviser's compliance with government reporting requirements or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspicious identification or business documents; (ii) a client appears to be acting as the agent for another entity but declines, evades, or is reluctant to provide any information in response to questions about that entity; (iii) a client's account has a pattern of inexplicable and unusual withdrawals, contrary to the client's stated investment objectives; (iv) a client requests that a transaction be processed in such a manner as to avoid the adviser's normal documentation requirements; or (v) a client exhibits a total lack of concern regarding performance returns or risk.

Where the proposed regulations stray from comparable regulations for other financial institutions is their allowance for an RIA to share SARs with other RIAs. Therefore, where more than one RIA, or another financial institution with a separate suspicious activity reporting obligation, is involved in the same transaction, only one report is required to be filed. This alleviates an RIA's SARs compliance burden when working with other financial institutions required to file.

FinCEN would require an RIA to file an SAR within 30 days after the RIA becomes aware of a suspicious transaction by completing and filing an SAR with FinCEN in accordance with all form instructions and applicable guidance. Copies of the SAR filings and their supporting documents, which are deemed to have been filed with an SAR, are required to be kept for a period of five years from the date of filing. An SAR and any information that would reveal the existence of an SAR are confidential and cannot be disclosed by an RIA, except as authorized. SAR compliance applies only after the full initiation of the AML programs, and thus must begin six months from the date of the issuance of the final rulemaking.

3. Maintaining general recordkeeping requirements.

Defining an RIA as a "financial institution" would require an RIA to comply with all BSA regulatory requirements generally applicable to financial institutions, including (a) Currency Transaction Report ("CTR") filing requirements, (b) the recordkeeping, transmittal of records, and retention requirements for the transmittal of funds under the Recordkeeping and Travel Rules and other related recordkeeping requirements, (c) and information sharing requests pursuant to the USA PATRIOT Act.

An RIA would be required to file CTRs for a transaction involving a transfer of more than $10,000 in currency by, through or to the RIA in a single business day. CTR filings would replace the former requirement to file reports on Form 8300 for the receipt of more than $10,000 in cash and negotiable instruments, which are defined much more broadly than currency.5 It seems unlikely in view of the typical practices of an RIA that an RIA would engage in any reportable currency transactions. Moreover, an AML program should already include prohibitions or restrictions on forms of payment that figure in money laundering schemes, such as currency, money orders, travelers checks, multiple cashier's checks or third party payments.

Under the Recordkeeping and Travel Rules and proposed regulations, an RIA must create and retain records for transmittals of funds for a period of five years, and ensure that certain information pertaining to the transmittal of funds "travel" with the transmittal to the next financial institution in the payment chain.6 The dollar threshold to implicate these particular rules is $3,000. These rules would then require an RIA to obtain and retain not only the name, address and other information about the transmittor and the transaction, but also identifying information on the recipient.

The USA PATRIOT Act helps law enforcement identify, disrupt, and prevent terrorist acts and money laundering activities by encouraging further cooperation among law enforcement, regulators, financial institutions, and, now as proposed, RIAs, to share information regarding those suspected of being involved in terrorism or money laundering. Such information may include whether particular individuals, entities or organizations: (i) maintain a current account with the institution; (ii) have maintained an account with the institution during the preceding twelve months; or (iii) have been involved in any transaction or transmittal of funds by or through the institution during the preceding six months. If so, an RIA must thereafter provide the name of the person, entity or organization identified, together with other information such as the account number, social security number, date of birth or other similar identifying information as appropriate.

Looking Ahead

FinCEN has announced its intention to propose further regulations. Specifically, FinCEN stated that future proposals will contemplate an RIA implementing a customer identification program ("CIP") and customer due diligence ("CDD"). An RIA must undergo risk assessments to comply with the AML programs and SAR requirements, and these risk assessments overlap to satisfy similar requirements under CDD. CDD requirements (and enhanced due diligence or "EDD" requirements for higher risk customers) would include obtaining an understanding of who a customer (natural or legal) is, the nature of the person's wealth and sources of funds, and whether public information about the person raises money laundering red flags that the person's funds for investment could be from an illegal source. Therefore, it may be advantageous for an RIA preparing for compliance with these proposed regulations to prepare concurrently for CIP and CDD/EDD future compliance.

In addition, FinCEN stated in these proposed regulations that it may consider expanding the application of the BSA in future rulemakings to include investment advisers not registered or required to be registered with the SEC, since unregistered investment advisers may also be at risk for abuse by money launderers, terrorists financers, and other illicit actors.

Conclusion

It is prudent at this time to acknowledge that regulations regarding anti-money laundering programs covering RIAs will be implemented in the near future. Given the potentially short time periods in which to comply with the proposed regulations, now is the time to review your current compliance policies and procedures, and formulate additional provisions regarding the anticipated regulations. Unregistered investment advisers may also consider developing policies and procedures at this time.

For more information regarding these proposed regulations or for counsel on compliance policies and procedures, please feel free to contact Patrick D. Sweeney or Richard M. Morris of Herrick, Feinstein LLP or your Herrick, Feinstein LLP attorney.

Footnotes

1 At the "placement" stage, proceeds from illegal activity or funds intended to promote illegal activity are first introduced into the financial system. For example, this could occur in the investment advisory business when a money launderer tries to fund an investment advisory account with cash or cash equivalents derived from illegal activity. Money launderers also may approach investment advisers seeking to obtain the adviser's assistance as an intermediary in placing funds into custodial accounts.

2 The "layering" stage involves the distancing of illegal proceeds from their criminal source through a series of financial transactions to obfuscate and complicate their traceability. A money launderer could place assets under management with an investment adviser as one of many transactions in an ongoing layering scheme. Layering may involve establishing an advisory account in the name of a fictitious corporation or an entity designed to break the link between the assets and the true owner. A money launderer also may place assets under management with an adviser and then shortly thereafter arrange for their removal.

3 "Integration" occurs when illegal proceeds previously placed into the financial system are made to appear to have been derived from a legitimate source. For example, once illicit funds have been invested with an investment advisor, the proceeds from those investments may appear legitimate to any financial institution thereafter receiving such proceeds.

4 See Proposed 31 CFR 1031.320(e).

5 Currency is defined as the coin and paper of the United States or of any other country that is designated as legal tender and that circulates and is customarily used as a medium of exchange in a foreign country.

6 See 31 CFR 1020.410 and 1010.430(d).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.