Update On FinCEN Regulation Of Anti-Money Laundering

I. Background
The Department of the Treasury, through the Financial Crimes Enforcement Network ("FinCEN"), has recently issued joint final rules (the "Final Rules")¹ which require financial institutions such as mutual funds, broker-dealers, futures commission merchants, introducing brokers and banks to establish customer identification programs by October 1, 2003.

FinCEN has also proposed additional rules (the "Proposed Rules") including rules that would require certain investment advisers that manage client assets ("IAs") and certain commodity trading advisers that direct client commodity futures or options accounts ("CTAs") to establish an Anti-Money Laundering program ("AML Program").²

The Proposed Rules and the Final Rules were issued pursuant to the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 (the "Act"), which made a number of amendments to the anti-money laundering provisions of the Bank Secrecy Act ("BSA").

II. Final Rules: Customer Identification Programs
The Final Rules require banks, mutual funds, broker-dealers, future commission merchants and introducing brokers (collectively "Financial Institutions") to implement and
maintain a written customer identification program ("CIP") to verify the identity of new accountholders. The CIP must be established as a part of the Financial Institution’s AML Program. The CIP must, at a minimum, provide reasonable procedures for: (1) verifying the identity of any person seeking to open an account to the extent reasonable and practicable when accounts are opened; (2) maintaining records of the information used to verify a person’s identity; and (3) consulting government lists of known or suspected terrorists or terrorist organizations provided to the Financial Institution to determine whether a person seeking to open an account appears on any such list.

A. Account
With respect to mutual funds, the Final Rules define "account" to mean any contractual or other business relationship between a person and a mutual fund established to effect transactions in securities issued by the mutual fund, including the purchase or sale of securities. Similarly, with respect to broker-dealers the Final Rules define "account" to mean a formal relationship with a broker-dealer established to effect transactions in securities, including, but not limited to, the purchase or sale of securities and securities loaned and borrowed activity, and to hold securities or other assets for safekeeping or as collateral.³

Under both definitions, the Final Rules have excluded from the definition of "account" accounts opened for the purpose of participating in an employee benefit plan established pursuant to the Employee Retirement Income Security Act of 1974. These accounts are deemed less susceptible to being used for the financing of terrorism and money laundering. Also excluded are those accounts acquired through any acquisition, merger, purchase of assets or assumption of liabilities.

B. Customer
The Final Rules define a "customer" as a person who opens a new account. Significantly, the Final Rules do not define "customer" to include persons authorized to effect transactions in the account. This is a change from the proposed rules. As a result of this change, Financial Institutions do not need to verify the identity of every person with authority to effect transactions in an account (e.g. all of a corporate account holder’s officers). Despite this change, the Final Rules contemplate that Financial Institutions will verify the identities of such persons when necessary to determine the true identity of an account holder.

The Final Rules contain several other changes to the definition of a "customer," including the addition of several exclusions. The definition of customer excludes certain readily identifiable entities including financial institutions regulated by a federal functional regulator, banks, governmental agencies, and publicly traded companies. The definition of customer also excludes a person who has an existing account with the Financial Institution provided that the Financial Institution has a reasonable belief that it knows the true identity of the customer.

In addition, the Final Rules clarify that with respect to omnibus accounts, trust accounts and other similar accounts, the Financial Institution is generally not required to look through the intermediary to the underlying beneficial owners.

C. Board Approval
The proposed rules had a requirement that the CIP be approved in writing by the Financial Institution’s board of directors, managing partners, board of managers or other governing body performing similar functions. The Final Rules require the CIP to be a part of the overall AML Program which must be approved by such bodies, but do not require independent approval of the CIP. However, Financial Institutions with an AML Program that has been approved as required must nonetheless obtain approval of a new CIP because it would be a material change to the AML Program.

D. Documentary and Non-Documentary Verification Methods
At a minimum, prior to opening an account, the Financial Institution must obtain certain identification information, including the customer’s name, date of birth, address and tax identification number (or a passport number, alien identification card number or similar document evincing nationality or residence in the cases of a foreign customer). The CIP must set forth procedures delineating when documentary and/or non-documentary methods will be used to obtain this information and to verify a customer’s identity.

Documentary Methods. The CIP must set forth the documents that the Financial Institution will use to verify the customer’s identity. In the case of an individual, documents may include an unexpired government-issued identification evidencing nationality or residence and bearing A Financial Institution may also use other documents provided they allow the Financial Institution to form a reasonable belief that it knows the true identity of the customer.

Non-Documentary Methods. A Financial Institution may also rely on non-documentary methods to verify a customer’s identity, including independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database or other source. Financial Institutions are encouraged to use non-documentary methods even if the customer has provided identification documents.

Additional Verification For Certain Customers. The Final Rule includes a new provision on verification procedures. This provision requires that the CIP address circumstances in which, based on the Financial Institution’s risk assessment of a new account opened by a customer that is not an individual, the Financial Institution also will obtain information about individuals with authority or control over the account, including persons authorized to effect transactions in the account, in order to verify the customer’s true identity. This additional verification method applies only when the Financial Institution cannot adequately verify the customer’s true identity using documentary and non-documentary verification methods.

The specific requirements may vary depending upon the nature and type of the customer. For example, a customer whose stock is publicly traded on a national exchange and who files regular SEC reports may require less demanding scrutiny than a small private partnership with overseas bank accounts.

Government Watch Lists. The Final Rules state that a Financial Institution’s CIP must include procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by the Treasury Department in consultation with the federal functional regulators.

E. Reliance on Other Financial Institutions
A Financial Institution (e.g., a mutual fund) may rely on other Financial Institutions to perform any portion of its CIP with respect to any customer that has or is opening an account or has a similar formal business relationship with the other Financial Institution to provide or engage in services, dealings or other Financial Institutions, provided that: (i) such reliance is reasonable under the circumstances; the other Financial Institution is subject to a rule implementing 31 U.S.C. 5318(h) (which requires Financial Institutions to establish AML policies), (ii) such Financial Institution is regulated by a federal functional regulator; and (iii) the other Financial Institution enters into a contract requiring it to certify annually to the relying Financial Institution that it has implemented its AML Program, and that it (or its agent) will perform the specific requirements of the mutual fund’s CIP.

F. Notice to Customers
The Final Rules require a Financial Institution’s CIP to include procedures for providing customers with adequate notice that the firm is requesting information to verify their identities. The notice must generally describe the identification requirements of the Final Rules (as applicable to the respective Financial Institutions) and be reasonably designed to ensure that a customer views the notice before opening an account. The Final Rules state that, depending on how an account is opened, a broker-dealer may post a notice in the lobby or on its website, or use any other form of oral or written notice, such as a statement on an account application. In addition, the Final Rules include sample language that, if appropriate, will be deemed adequate notice to a Financial Institution’s customers when provided in accordance with the requirements of the Final Rules.

G. Record Keeping Requirements
Under the Final Rules, a Financial Institution must make a record of the identifying information obtained about each customer. However, rather than requiring copies of verification documents, the Final Rules require that the Financial Institution’s records include a description of any document that the Financial Institution relied on to verify the identity of the customer, noting the type of document, any identification number contained in the document, the place of issuance, and the issuance and expiration dates, if any. With respect to non-documentary verification, the Final Rules now require the records to include "a description" of the methods and results of any measures undertaken to verify the identity of the customer. The Final Rules also require Financial Institutions to keep a record of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained.

As originally proposed, Financial Institutions would have been required to keep all related records for five years after the closure of an account. The Final Rules instead prescribe a bifurcated record retention schedule. Under the Final Rules the Financial Institution must retain the information obtained about a customer including the customer’s name, date of birth, address and tax identification number (or a passport number in the cases of a foreign customer) for five years after the date the account is closed. The remaining records, including those pertaining to persons applying for taxpayer identification numbers, additional identification procedures for certain accounts and resolution of information discrepancies, need only be retained for five years after the record is made.

II. Proposed Rules: Anti-money Laundering Programs for Investment Advisers
FinCEN, consistent with its approach to other regulated entities such as broker-dealers and mutual funds which have been required to establish an AML Program pursuant to the Act, did not propose a one-size-fits-all requirement for AML Programs. Rather, an AML Program must be reasonably designed to prevent the IA and CTA (together, the "Advisers") from being used for money laundering or the financing of terrorist activities and to achieve and monitor compliance with the BSA. The AML Program must be tailored to address the individualized risks presented by an Adviser’s services and clients, as well as the Adviser’s size and resources. For example, FinCEN notes in the preamble to the Proposed Rules that it expects large investment advisory firms to adopt detailed procedures addressing the responsibilities of the individuals and departments involved in implementing and maintaining the AML Program, while smaller firms are expected to adopt procedures that are consistent with their simpler, centralized organizational structure. Similarly, a CTA that directs a wide variety of commodity interest trading accounts may require more extensive oversight by its compliance officer than a CTA that directs a smaller number of individual accounts.

A. Investment Advisers Subject To The Proposed Rules
The Proposed Rules would apply to investment advisers that:

• have a principal office and principal place of business in the U.S. ("U.S. Advisers");
• are registered or required to be registered as an investment adviser with the Securities and Exchange Commission ("SEC"); and
• are required to report to the SEC that they have assets under management, regardless of whether the investment adviser has discretionary or non-discretionary authority to manage client assets.

The Proposed Rules would also apply to U.S. Advisers that:

• are exempt from SEC registration under Section 203(b) of the Investment Advisers Act of 1940 because they have fewer than 15 clients and do not hold themselves out generally to the public as an investment adviser; and
• have $30 million or more of assets under management.

Notably, IAs to many hedge funds are encompassed within this category. Such unregistered investment advisers would not be required to comply with the Proposed Rules if they are required to maintain an AML Program under the BSA because they are dually registered as a Financial Institution in another capacity (e.g., as a broker-dealer) and are examined by a Federal functional regulator (e.g., SEC, CFTC, etc.) for compliance in such capacity.

B. Required Elements of Anti-Money Laundering Programs
Policies, Procedures & Internal Controls To Prevent Money Laundering. The Proposed Rules would require Advisers to establish and implement policies, procedures, and internal controls to prevent the IA or CTA from being used for money laundering or the financing of terrorist activities and to achieve and monitor compliance with the BSA. In this regard, an Adviser would be required to identify its vulnerabilities for money laundering and terrorist financing activities in light of the types of services it provides and the nature of its clients. The AML Program should implement procedures and controls that reasonably address each vulnerability, and periodically assess the effectiveness of its procedures and controls.

Assets Under IA’s Management And Direction Of Client Account By CTA. In designing its AML Program, an IA would be permitted to exclude clients for whom the IA does not manage assets because the IA’s vulnerability to money laundering with respect to such clients is minimal. Similarly, a CTA would be permitted to exclude clients for whom it does not direct accounts.

Unusual Transactions; Frequent Additions Or Withdrawals; Cash Transactions. The AML Program should identify unusual transactions in connection with the placement or withdrawal of assets under management of the IA or the direction of the CTA. For example, the AML Program should identify unusual transactions whereby clients place funds under the Adviser’s management through checks drawn (or wire transfers made from) accounts of third parties with no family or business relationship to the client, or through numerous checks or transfers from one or more issuers or institutions. In addition, the procedures should address the reasonableness of frequent additions or withdrawals and cash transactions.

Pooled Investment Vehicles. The Proposed Rule would permit Advisers subject to the Rule to exclude from the AML Program any clients which are investment vehicles, such as mutual funds, if the vehicle is subject to an AML Program requirement under another provision of the BSA. However, the Adviser must include other pooled vehicles it advises in its AML Program, using different approaches depending on whether the pooled vehicle was created or is administered by a third party.

If the Adviser advises a pooled investment vehicle not subject to the BSA anti-money laundering requirements, and that was created and is administered by a third party, the Proposed Rules recognize that the Adviser would have little or no information about the investors in the pooled vehicle or their transactions. Accordingly, the Adviser would need to establish procedures to assess whether the entity that created and administers the vehicle, or the nature of the vehicle itself, reduces the risk of money laundering. For example, an offshore fund would generally present a greater risk of money laundering than an employee retirement savings plan sponsored by a public corporation which only accepts assets in the form of payroll deductions or rollovers from similar plans. The AML Program should include a risk-based evaluation of the entity that created or administers the pooled investment vehicle, including the type of entity, its location, the statutory and regulatory regime of the location (i.e., if the entity is a foreign entity, does the foreign jurisdiction comply with the European Union anti-money laundering directives, and has the jurisdiction been identified by the Financial Action Task Force as non-cooperative), and the Adviser’s historical experience with the entity or the references of other Financial Institutions.

If an IA also creates or administers a pooled investment vehicle not subject to BSA anti-money laundering program requirements, the IA should handle the investors in the pooled vehicle in the same manner the IA handles non-pooled vehicle clients. However, if the investor in a pooled vehicle is itself a pooled vehicle (i.e., hedge funds or pension funds), the IA should handle the investor in the same manner it handles pooled investment vehicles it advises directly.

BSA Requirements. The AML Program should also be reasonably designed to ensure compliance with BSA requirements such as the requirement to report on Form 8300 the receipt of cash totaling more than $10,000 in one transaction or two or more related transactions.

Advisers That Function In More Than One Capacity. If an Adviser is a Financial Institution (e.g., an IA that is dually-registered as a broker-dealer or a CTA that is also registered as a futures commission merchant or introducing broker) that has already implemented and maintains a Program pursuant to other BSA requirements, the Adviser is not required to maintain multiple Programs. However, the AML Program must be designed to address the different risks posed by the different features of the Adviser’s businesses and must satisfy each of the anti-money laundering requirements to which the Adviser is subject to in each of its capacities.

Contract With Third Party Service Provider. An Adviser may delegate the implementation and operation of appropriate elements of its AML Program to a third party service provider by contract. The Adviser, however, would remain fully liable for the effectiveness of its AML Program. Accordingly, the Adviser would be required to identify the particular procedures appropriate to address its vulnerabilities to money laundering and terrorist financing, and then undertake reasonable steps to ensure that the service provider carries out such procedures effectively. For example, a certification from a service provider that the Program is satisfactory is not sufficient.

C. Independent Testing For Compliance
The Proposed Rules would require the Adviser to provide for periodic independent testing of its Program for compliance. The testing must be conducted by the Adviser’s personnel or a qualified outside party who has working knowledge of the applicable BSA requirements. The frequency of the testing is dependent upon the size and complexity of the Adviser’s business and the extent to which its business model may be subject to a higher risk of money laundering than other business models. The individual performing the review should prepare a written report detailing his/her findings, and the Adviser should promptly address any recommendations made by the reviewing individuals.

D. Designation Of Person Responsible For Implementing And Monitoring The Program
The Adviser would be required to designate an individual (or a group of individuals) to be responsible for implementing and monitoring the operations and internal controls of the AML Program. The individual(s) charged with overseeing the AML Program should be competent and knowledgeable regarding money laundering risks and empowered with full authority to develop and enforce appropriate anti-money laundering procedures. The overseeing individual(s) should also have adequate time and resources to carry out their oversight duties in light of the nature and complexity of the AML Program and their other duties. In addition, the person charged with overall supervision of the AML Program should be an officer of the Adviser. Furthermore, the individual charged with testing the AML Program (see Section B immediately preceding) may not also be designated as the individual responsible for implementing and monitoring the AML Program.

E. Ongoing Training
An Adviser would be required to provide employees with ongoing training with respect to BSA requirements that are relevant to their employment duties, and which will assist employees in recognizing possible signs of money laundering. The training could be conducted by outside or in-house seminars, and may also include computer-based training. The level, frequency and focus of the training would be determined by the employees’ responsibilities and the extent to which their duties bring them into contact with the BSA requirements or possible money laundering activities. In this regard, a training program should provide general awareness of the BSA requirements and money laundering issues, as well as job-specific guidance regarding particular employees’ duties in the AML Program. Appropriate training topics include, but are not limited to, the following: BSA requirements, a description of money laundering and how it is carried out, a description of the activities and transactions that should raise concerns, steps to take when suspicions arise, and the Office of Foreign Assets Control and other government lists of suspected terrorists and terrorist organizations. Employees should also receive updates and refreshers regarding the AML Program.

F. Written Program and Written Board Approval
The Proposed Rules would require the AML Program to be in writing, and would require it to be approved in writing by the Adviser’s board of directors (or if the adviser does not have a board, by its sole proprietor, general partner, or other persons who have similar functions).

G. Notice For Unregistered Investment Advisers
Unregistered IAs subject to the Proposed Rules would be required to file a notice with FinCEN not later than 90 days after the IA first becomes subject to the Proposed Rules, and thereafter annually not later than 90 days after then end of the IA’s fiscal year. The notice must contain (1) the IA’s name, including all family or complex names, trade names, and doing-business-as names; (2) the IA’s complete street address, telephone number, and e-mail address; (3) the name, telephone number, and e-mail address of the individual(s) designated responsible for overseeing the Program; (4) the IA’s total number of clients; and (5) the total assets under management of the unregistered IA as of the end of the adviser’s most recent fiscal year.

An unregistered IA must file a revised notice if there is change in the information set forth in (1), (2) or (3) above no later than 30 days after the date of the change. If an unregistered IA subsequently terminates its advisory business or ceases to be subject to the Proposed Rules, the IA must notify the FinCEN no later than 90 days thereafter.

The Proposed Rules include a model notice to assist IAS in complying with this notice requirement.

H. Written Comments
Written comments on the Proposed Rules must be received by FinCEN by July 7, 2003.