AML/CFT Rules For Investment Advisers

On 12 June 2024, K2 Integrity and Schulte Roth & Zabel hosted a webinar discussing new regulatory obligations anticipated under proposed rules for investment advisers (IAs), timelines for finalization and compliance, and how IAs should prepare in the months ahead. The conversation included Sarah Runge, executive managing director at K2 Integrity; Alex Levitov, managing director at K2 Integrity; and Melissa Goldstein, partner at Schulte Roth & Zabel. To watch a recording of the full webinar, click here. To learn more, download a session handout and a brochure on implementing AML program requirements for investment advisers.

History and Context

The Financial Crimes Enforcement Network (FinCEN) has previously proposed anti-money laundering (AML) regulations for investment advisers, beginning with a Notice of Proposed Rulemaking (NPRM) for unregistered IAs in 2002 and one for certain investment advisers in 2003. In 2007, FinCEN announced that it was undertaking a review of its broader AML regulatory framework and, following this initiative, in 2008 it formally withdrew both proposed rules. A new NPRM that would have subjected certain IAs to AML program requirements and required such IAs to report suspicious activity to FinCEN was published in 2015; however, FinCEN has not issued a final rule based on this NPRM to date and, as part of the 2024 NPRM, announced the formal withdrawal of the 2015 NPRM.

In addition to FinCEN's proposed AML/countering the financing of terrorism (CFT) program and suspicious activity report (SAR) filing rule, a joint rulemaking on the Customer Identification Program (CIP) was published by FinCEN and the Securities and Exchange Commission (SEC). This is critical, because—in addition to requiring IAs to collect and verify their customers' identities—the CIP rule lays the foundation for IAs to be covered by wider customer due diligence (CDD) and beneficial ownership obligations. Although beneficial ownership requirements will require a subsequent rulemaking to update the existing CDD Rule, other components of CDD are already included in the proposed AML/CFT program and SAR filing rule, including IAs' obligation to understand the nature and purpose of their customers and to perform ongoing due diligence.

Scope and Proposed Rule

The proposed rules cover investment advisers registered or required to be registered with the SEC under Section 203 of the Advisers Act of 1940 (RIAs) and investment advisers that meet an exemption from SEC registration under Section 203(I) or Section 203(m) of the Advisers Act of 1940 and report to the SEC as an exempt reporting adviser (ERAs). State-registered investment advisers generally prohibited from registering with the SEC would not be covered by the proposed investment adviser rule, although FinCEN will continue to monitor the activity around such state-registered investment advisers. In general, non-U.S. investment advisers with U.S. clients must register with SEC and would be covered by the proposed rule unless eligible for an exception such as the "foreign private adviser" exception.

Investment advisers duly registered as broker-dealers or affiliated with a broker-dealer may not need a separate AML program if the broker-dealer already has one, provided the broker-dealer program covers the entity's relevant business activities.

AML/CFT programs for RIAs and ERAs must generally cover all advisory activities—including both primary advisory activities provided directly to the client and subadvisory activities provided to a primary adviser—with the exception of advisory services provided to mutual funds, which have their own obligations under the Bank Secrecy Act. This results in a fairly broad vision for the scope of advisory activities covered by the rule.

AML/CFT Program and SAR Filing Requirements

There are several key proposed requirements in the NPRM. The proposed rule for advisers contains requirements similar to banks and broker-dealer and would go well beyond the existing requirements for IAs. Under the proposed rule, advisers would need to implement a risk-based, written AML compliance program that is approved by leadership at the adviser. Such a program has five pillars:

• Risk based policies, procedures, and controls that are reasonably designed to detect money laundering and other illicit financial activity and ensure that the adviser complies with the other provisions of the Bank Secrecy Act;
• A designated AML compliance officer (or officers) responsible for implementing the program;
• Ongoing training for appropriate personnel (i.e., leadership, those that could be in a position to detect money laundering activity, or those that are directly engaged in interacting with customers and funds);
• Independent testing for AML compliance; and
• Risk based procedures to understand the nature of and purpose for each customer relationship and to conduct ongoing monitoring of such relationships.

A major requirement of the AML program rule is to monitor for suspicious activity and file SARs with FinCEN. Advisers should start preparing now as it is labor intensive to monitor transactions, investigate suspicious activity, and file suspicious activity reports. These reports may only be shared with FinCEN, law enforcement, or a federal regulator, so educating staff about SAR confidentiality will be important.

Another requirement of the rule is that FinCEN expects advisers to implement section 312 of the USA PATRIOT Act, which requires due diligence on private banking accounts held for foreign persons and correspondent accounts for foreign financial institutions. Additionally, FinCEN has extended section 314 of the USA PATRIOT Act to advisers, which requires information sharing with FinCEN when money laundering or terrorist financing is suspected (314[a]) and permits voluntary information sharing that advisers can opt in to (314[b]). These programs are used to foster information sharing communication to help prevent money laundering and terrorist financing.

There is a requirement in the proposed rule that advisers maintain records that support the AML program for a period of five years. This includes the written AML program, training logs, independent testing logs, SARs that are filed, documentation supporting such SARs, and other records that support the implementation of the program.

Customer Identification Program

The CIP rule for advisers requires RIAs and ERAs to implement risk-based procedures to identify and verify the identity of their customers in order to form a reasonable belief that the true identity of their customers is known. Advisers must provide customers with adequate notice that this information will be collected and verified.

There is a provision in the rulemaking that permits an adviser to rely on another financial institution that has acted to satisfy its CIP requirements so long as reliance is reasonable under the circumstances, the financial institution is subject to an AML program rule and is regulated by a federal functional regulator, and the adviser has entered into a contract with that financial institution that requires them to certify annually that it has implemented the adviser's AML program.

Key Takeaways

• Finalized rules may add significant compliance obligations.
• Covered investment advisers should seek to understand unfamiliar requirements, particularly as related to suspicious activity reporting.
• Proposed rules may impact delegation of certain functions to third-party service providers.
• Public comments on the proposed CIP rule must be submitted by 22 July 2024.
• Investment advisers should immediately consider conducting a risk assessment to inform the design of their compliance programs, as required under the proposed rules, and should assess the expected impact of the rules on compliance and risk management budgets.