[co-author: Walter Donaldson II - Freeh Group International Solutions, Inc.]

This article was originally prepared for the September 29, 2015 webinar presented by West LegalEdcenter.

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) published a notice of proposed rulemaking (the Proposed Rule) on September 1, 2015 that would impose anti-money laundering (AML) requirements for investment advisers that are registered or required to be registered (Covered RIAs) with the Securities and Exchange Commission (SEC). As far back as 2002, FinCEN had proposed rules to require unregistered investment advisers and registered investment advisers to establish AML programs. FinCEN withdrew those proposals in 2008. Under the Dodd-Frank Act, the Investment Advisers Act of 1940 was amended and now requires those previous categories of unregistered advisers, such as investment advisers to hedge funds and private equity funds, to register with the SEC. FinCEN intends for the Proposed Rule to bring all such SEC-registered investment advisers under the Bank Secrecy Act (BSA).

Impact of the Proposed Rule
If adopted, Covered RIAs would need to file currency transaction reports (CTRs) and maintain records relating to the transmittal of funds. Covered RIAs would need to implement an AML program and file Suspicious Activity Reports (SARs). In addition, Covered RIAs would become subject to BSA rules and certain portions of the USA PATRIOT Act. Examination of Covered RIAs for AML compliance would be delegated to the SEC. While we cannot be certain, this Proposed Rule likely will lead to more frequent SEC examinations of Covered RIAs, if for no other reason than FinCEN likely will pressure the SEC to fight terrorist financing.

Scope of the Rule
For now, the Proposed Rule only applies to large advisers unless mid-sized ($25 million—$100 million in AUM) or small advisers (<$25 million in AUM) are in states that do not examine mid-sized or small advisers, which is currently the case in Wyoming and New York.

Are you an investment adviser with $100 million or more in AUM?*

If yes, you are required to be registered with the SEC and therefore fall under the scope of the Proposed Rule.
If no, is your principal place of business in Wyoming, which does not examine advisers?

If yes, you are required to register with the SEC and therefore fall under the scope of the Proposed Rule.
If no, do you have at least $25 million in assets under management and your principal place of business and principal offices are in New York, which does not examine mid-sized advisers?

If yes, you have to register with the SEC and therefore fall under the scope of the Proposed Rule.
If no, then you do not fall under the scope of the Proposed Rule.

* For investment advisers that manage only private funds, the threshold to register with the SEC is $150 million AUM.
* Investment advisers that only manage SBIC funds are not required to register with the SEC.
* Venture capital managers are not required to register with the SEC, provided they only manage venture capital.

Do Covered RIAs need to have a customer identification program, such as Know Your Customer (KYC)?
Not yet. FinCEN indicated that it plans to address this issue in a future joint rulemaking with the SEC. However, we question how it will be possible for Covered RIAs to implement initial AML policies without some type of KYC approach.

What are the CTR reporting requirements for Covered RIAs under the Proposed Rule?
Under the Proposed Rule, Covered RIAs would be required to file CTRs with FinCEN for any transaction involving a payment or transfer of more than $10,000 in currency by, through or to the Covered RIA.

Do Covered RIAs obligated to file CTRs under the Proposed Rule also still need to file Form 8300?
No. Schematically:

Are You a Covered RIA?

If yes, the Proposed Rule would replace the requirement to file Form 8300 with the requirement to file CTRs for any transaction involving a payment or transfer of more than $10,000 in currency by, through or to the investment adviser.

If not a Covered RIA, Form 8300 requirements to report transactions involving more than $10,000 in cash and negotiable instruments still apply.

Are Covered RIAs required to follow BSA recordkeeping requirements under the Proposed Rule?
Yes. That means that, for transmittals of funds of $3,000 or more, Covered RIAs must create and retain certain records regarding each transmittal to the next financial institution in the payment chain. The Proposed Rule would also require Covered RIAs to create and retain records for extensions of credit and cross-border transfers of currency, credit, monetary instruments, checks and investment securities that amount to more than $10,000.

What type of AML programs would Covered RIAs need to implement under the Proposed Rule?
Covered RIAs would be required to implement written risk-based AML programs that have the following "pillars":

• Establish and implement policies, procedures and internal controls based on the internal assessment of the money laundering and terrorism financing risks associated with the lines of business
• Be independently tested periodically to ensure functionality and compliance
• Designate a person or committee responsible for implementing and monitoring the operations and internal controls of the AML program
• Provide ongoing training for employees.

Plus, the AML programs must be:

• Approved in writing by the board of directors or trustees, or similar functioning body
• Available to the SEC or FinCEN upon request.

What are the requirements for SARs?
The Proposed Rule would require Covered RIAs to:

• Report suspicious transactions that are conducted or attempted by, at or through a Covered RIA and involve or aggregate at least $5,000 in funds or other assets
• File an SAR with FinCEN within 30 days after the Covered RIA becomes aware of the suspicious transaction, except in situations requiring immediate attention, such as suspected terrorist financing or ongoing money laundering schemes, where Covered RIAs must notify immediately by telephone the appropriate law enforcement authority in addition to filing a timely SAR
• Collect, maintain and make available supporting documentation for each SAR for five years from the date of the filing.

Examples of red flags that FinCEN believes an investment adviser may see that would necessitate further investigation and possibly a filing of an SAR are:

1. A client exhibits an unusual concern regarding the adviser’s compliance with government reporting requirements, or furnishes unusual or suspicious identification or business documents
2. A client appears to be acting as an agent for another entity but declines, evades or is reluctant to provide any information in responses to questions about the entity
3. A client’s account has a pattern of inexplicable and unusual withdrawals, contrary to the client’s stated investment objectives
4. A client requests that a transaction be processed in such a manner as to avoid the adviser’s normal documentation requirements
5. A client exhibits a total lack of concern regarding performance returns of risk.

Confidentiality of SARs
The Proposed Rule provides that SARs and any information that would reveal the existence of an SAR are confidential and may not be disclosed, except under limited circumstances, such as to an SEC examiner. The Proposed Rule does not permit Covered RIAs to share SARs within their corporate organizational structures in the absence of further guidance. Under current law, in 2010, the federal banking agencies finalized proposed amendments that, among other things, clarified the scope of the statutory prohibition against disclosure by a financial institutions of an SAR. FinCEN is requesting comment on whether additional guidance should be issued to change these requirements.

USA PATRIOT Act
The Proposed Rule would subject Covered RIAs to FinCEN rules that implement the special information-sharing procedures to detect money laundering or terrorist activity requirements of the USA PATRIOT Act.

Section 314(a): Requests under this section would allow FinCEN to mandate that Covered RIAs search their records to identify accounts or transactions of named persons suspected by law enforcement agencies of engaging in money laundering or terrorist financing. Section 314(a) likely is not restricted to only prospective requests. Thus, Section 314(a) likely could be used to look backwards in time to the records of a Covered RIA to before this rule is finalized. While an AML program would not be required to be in place until six months after a rule is finalized, it likely would not preclude FinCEN from requesting information from an earlier time period.

Section 314(b): This section allows financial institutions to voluntarily share information with other financial institutions subject to an AML program requirement to identify and report activities that may involve money laundering or terrorist activity. When sharing such information, the financial institutions will receive certain protections from civil liability and must file an annual notice of sharing with FinCEN.

Are there any lesser known parts of an institution’s required AML program that could be an area of interest for examiners?
Yes, examiners are becoming increasingly interested in documentation of internal investigations, regardless of whether they are eventually communicated to the regulator or not through an SAR or otherwise.

What about Covered RIAs that have already implemented AML programs voluntarily?
These Covered RIAs should ensure that their existing policies and procedures are amended where appropriate to meet the proposed AML program requirements.

What about Covered RIAs that are part of existing AML programs through other entities?

Dually Registered Investment Advisers and Advisers Affiliated with or Subsidiaries of Entities Required to Establish Anti-Money Laundering Programs

Some investment advisers are dually registered with the SEC as advisers and broker-dealers in securities. FinCEN’s Proposed Rule does not require multiple or separate AML programs so long as a comprehensive AML program covers all of the entity’s advisory and broker-dealer activities and businesses.

What about the expectations for Covered RIAs to tailor their AML programs by services provided?

Other Advisory Services
Are you a Covered RIA that provides clients with advisory services, such as pension consulting, securities newsletters, research reports, financial planning that does not include the management of client assets, or any combination of asset management and the advisory services above?

If yes, FinCEN expects Covered RIAs to address in their AML programs all of their advisory activity, including activity that does not entail the management of client assets.

Subadvisory Services
Are you a Covered RIA that provides subadvisory services to a client?

If yes, you would be required to address these services in your AML program.

Real Estate Funds
Are you a Covered RIA that provides advisory services to a publicly or privately offered real estate fund?

If yes, the Proposed Rule would require you to include those advisory activities in your AML program.

Are investments advisers that are registered with the SEC and provide unique services (such as financial planners or pension consultants) subject to the AML requirements of the Proposed Rule?
Yes. FinCEN recognizes that all types of investment advisers that are registered with the SEC or are required to be registered with the SEC may present varying degrees of money laundering and terrorist financing risks. FinCEN, therefore, anticipates that the burden of establishing an AML program would also correspondingly be reduced due to the risk-based nature of the program and the types of advisory services these entities provide. Some examples include: 1) dually registered investment advisers and advisers that are affiliated with or subsidiaries of entities required to establish AML programs; 2) certain foreign investment advisers; 3) financial planners; 4) pension consultants; and 5) entities that provide only securities newsletters and/or research reports.

Will all Covered RIAs be subject to the same level of scrutiny by FinCEN and the SEC?
No, as a version of FinCEN’s own road map, here are its likely areas of concerns:

FinCEN’s expectations regarding how a Covered RIA’s AML program should address the money laundering or terrorist financing risks that may be presented by certain specific types of advisory clients.

Non-Pooled Investment Vehicles Clients: FinCEN views these as high-risk clients and a Covered RIA’s assessment of the risks presented by advisory services to these types of clients should take into account the types of accounts offered, the type of clients opening such accounts, and how the accounts are funded.

Registered Open-End Fund Clients (Mutual Funds): FinCEN views these as lower-risk clients because open-end investment companies are already required to establish AML and customer identification programs and report suspicious activity.

Registered Closed-End Fund Clients: FinCEN views these as lower-risk clients as purchases and sales of closed-end fund shares are executed through broker-dealers or banks, and these entities are already required to establish and implement AML programs under the BSA.

Private Fund Clients/Unregistered Pooled Investment Vehicles: FinCEN realizes that these types of clients have risks that vary and therefore expects Covered RIAs to assess the money laundering and terrorist financing risks associated with the underlying investors of each client and implement AML policies according to the risks involved.

Wrap Fee Programs: FinCEN realizes that, in certain circumstances, these types of advisory services may provide issues for Covered RIAs to have complete access to investor information and transactions, but FinCEN expects that the adviser will use the information accessible to it to identify money laundering, terrorist financing and other illicit activity.

Are there any other parts of the Proposed Rule not to be overlooked?

• Legal liability lies with the Covered RIA at all times. This includes any delegation of AML operations.
• Robust recordkeeping: Covered RIAs would not only need to keep records of those events and transactions that rise to the level of filing a FinCEN report. Covered RIAs would also need to keep comprehensive records and documentation for events and transactions that do not rise to the level of reporting to FinCEN and to be able to show why they did not need to report such transactions.

Implementation Date
FinCEN is proposing that Covered RIAs must develop and implement their AML programs on or before six months from the effective date of any finalized regulation. This is likely to be sometime in mid-2016, given the current understanding of FinCEN’s likely schedule to finalize the Proposed Rule.

Request for Comment
FinCEN has requested comment from industry, including 24 specific questions related to the Proposed Rule. Unlike other rules of this type, the Proposed Rule does not include any evidence or examples of money laundering/terrorist funding that would have been mitigated or stopped by this Proposed Rule. This presents a unique opportunity for the industry to influence the shape of the final rule with detailed comments and feedback.

All comments are due to FinCEN by November 2, 2015.

Pepper Points

• FinCEN has stated in the Proposed Rule that the scope of the rule is not set in stone. FinCEN could expand the scope as part of the issuance of the final rule or in subsequent rulemakings after this rule has become final. We anticipate that FinCEN will not likely change the scope of the rule before it is finalized. Instead, we believe that, after they have finalized this rule and a number of examination cycles have passed to work out any glitches in the rules, FinCEN will revaluate how the rule is working and possibly expand the scope of the rule at that point.
• The entire implementation process, which includes finalizing the Proposed Rule, training examiners, industry applying the standards, examinations, joint rulemaking with the SEC to incorporate CIP requirements and subsequent enforcement actions, is likely to take a number of years (at least five). This is a legacy issue for the FinCEN director, and the agency will take its time to get this rule finalized, implemented and operational to its satisfaction.
• The Proposed Rule has no flexibility regarding the asset-test standard used to identify large investment advisers that are also required to comply with the additional AML requirements of the Proposed Rule. Specifically, the $100 million in AUM is the bright-line threshold for identifying large investment advisers, all of whom must comply with the Proposed Rule. Accordingly, if an investment adviser is approaching the $100 million in AUM metric, and does not qualify for any type of exemption from SEC registration, that investment adviser should prepare to comply with the requirements of the Proposed Rule from the moment they are required to register with the SEC.
• For those investment advisers that otherwise are not required to register with the SEC, but nonetheless have voluntarily registered as investment advisers with the SEC, such advisers will be treated as Covered RIAs. If, for any reason, the voluntary registrant concludes that it no longer needs to maintain its SEC registration, in the event that adviser deregistered and is not required to be registered, then this Proposed Rule would not apply.