• The Proposed Rule would require registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to establish, document and maintain written customer identification programs (CIPs).
• The Proposed Rule comes shortly after a separate rule proposal in February 2024 requiring RIAs and ERAs to establish an anti-money laundering/counter-terrorism financing program (AML/CFT Program).

The Securities and Exchange Commission (SEC) and U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) jointly published a notice of proposed rulemaking (Proposed Rule or Rule) in the Federal Register that would require certain investment advisers to establish, document and maintain CIPs. The proposal is designed to “prevent illicit finance activity involving the customers of investment advisers by strengthening the anti-money laundering and countering the financing of terrorism (AML/CFT) framework for the investment adviser sector.”¹

The Proposed Rule complements a separate FinCEN rule proposal from February 2024 (February Proposal) that would include RIAs and ERAs in the definition of “financial institution” under the Bank Secrecy Act and require them to establish an AML/CFT Program.² The February Proposal did not include a CIP requirement but noted that FinCEN and SEC would be addressing identifying and verifying their legal entity customers in subsequent rulemakings. The new Proposed Rule addresses that requirement through a proposal that is more limited than the onerous CIP obligations applicable to other financial institutions under the BSA.

The comment period for the Proposed Rule closes on July 22, 2024.

Scope of the Proposed Rule

The Proposed Rule would apply to RIAs and ERAs.

The scope of CIPs under the Proposed Rule is limited to an adviser’s direct customers. The Rule defines “customer” for purposes of advisers’ CIP obligations as a person – including a natural person or a legal entity – who opens a new account with an investment adviser (i.e., the person identified as the accountholder). The Proposed Rule would not require advisers to look through a trust or similar account to its beneficiaries.

As a result, unlike “covered financial institutions” that are required to identify and verify persons who hold a 25 percent or more beneficial ownership interest in their legal entity customers under 31 C.F.R. Part 1010 (such as banks, mutual funds and broker dealers), RIAs and ERAs generally would not be required to identify or verify persons who hold a 25 percent or more beneficial ownership interest in their direct customers. This difference should help reduce the compliance burden for RIAs and ERAs under the Proposed Rule. For example, private funds advised by RIAs or ERAs would be considered the “customer” under the Proposed Rule and advisers would not need to apply the CIP to the funds’ underlying investors. FinCEN could, however, propose to apply beneficial ownership identification and verification requirements to advisers in the future.

The definition of “customer” excludes:

1. financial institutions regulated by a Federal functional regulator or a bank regulated by a State bank regulator;
2. certain government entities;
3. certain persons (other than banks) that are publicly listed on U.S. securities exchanges or certain subsidiaries of persons listed on U.S. securities exchanges;
4. individuals with authority or control over the accounts if such persons are not the accountholders;
5. persons who fill out account opening paperwork or provide information necessary to set up an account but who are not the accountholder; and
6. persons with existing accounts with the adviser, provided the adviser has a reasonable belief that it knows the person’s true identity.

These exclusions are similar, but not identical, to carveouts under other AML requirements promulgated under the BSA for other financial institutions, such as accountholders who are excluded from the definition of “legal entity customers” under AML beneficial ownership requirements applicable to other financial institutions.

The Rule further defines “account” as any contractual or business relationship between a person and an adviser under which the adviser provides advisory services. “Account” does not include an account that the adviser acquires through any acquisition, merger, purchase of assets or assumption of liabilities. Importantly, accounts opened to participate in an employee benefit plan established pursuant to the Employee Retirement Income Security Act of 1974 (ERISA) are included within the scope of “accounts” that must be covered under the CIP even though such accounts are excluded under CIP rules applicable to other financial institutions.

Proposed Rule Requirements

• General Requirements:
  • The Proposed Rule would require RIAs and ERAs to establish, document and maintain written CIPs appropriate for the respective adviser’s size and business.
  • The CIP must be a part of the adviser’s AML/CFT Program that will be required under the February Proposal.
• Identity Verification Procedures:
  • The CIP must include risk-based procedures to verify the identity of each customer to the extent reasonable and practicable. Such procedures must enable the adviser to form a reasonable belief that it knows the true identity of each customer.
  • Customer Information Required:
    • RIAs and ERAs must obtain, at minimum, the following information from a customer prior to opening an account:
      • Name
      • Date of birth or date of formation
      • Address
      • Identification number
  • Customer Verification:
    • The CIP must contain risk-based procedures to verify the identity of each customer through either documentary (e.g., driver’s license or documents of formation) or non-documentary (use of an account verification database or reference checks) within a reasonable time before or after the customer’s account is opened.
    • The CIP also must address situations where the adviser cannot verify the true identity of a customer that is not an individual using documentary or non-documentary methods.
  • Lack of Verification:
    • The CIP must include procedures for responding to circumstances in which the adviser cannot form a reasonable belief that it knows a customer’s true identity.
• Recordkeeping:
  • The CIP must include procedures for making and maintaining a record of all information obtained pursuant to the CIP minimum requirements, including, at minimum, (i) all identifying information obtained about a customer; (ii) a description of any key document relied on as part of documentary verification; (iii) a description of the methods and results of any measures undertaken to verify a customer’s identity; and (iv) a description of the resolution of each substantive discrepancy discovered when verifying identifying information.
  • Records must be retained for five years after an account is closed or after a record is made, as applicable.
• Comparison with Government Lists
  • The CIP must include reasonable procedures to determine whether a customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency.
• Customer Notice
  • The CIP must include procedures for providing customers with adequate notice that the adviser is requesting information to verify the customer’s identity.
  • Notice is deemed “adequate” under the Proposed Rule if the adviser generally describes the identification requirements of the Proposed Rule and provides notice in a manner reasonably designed to ensure that a prospective customer is able to view the notice, or is otherwise given notice, before opening an account.
• Reliance on Another Financial Institution
  • The CIP may include procedures specifying when an adviser will rely on other financial institutions’ CIP procedures, which is permitted when the following conditions are met:
    • The other financial institution is subject to AML compliance program requirements and is regulated by a federal functional regulator.
    • The other financial institution enters into a contract with the adviser requiring it to certify annually that it has implemented an AML program and will perform (or its agent will perform) the specified requirements of the CIP.
    • Such reliance is reasonable under the circumstances.

Conclusion

The Proposed Rule, together with the February Proposal, illustrate the SEC’s and FinCEN’s focus on applying AML obligations to investment advisers.

1. SEC, FinCEN Propose Customer Identification Program Requirements for Registered Investment Advisers and Exempt Reporting Advisers, SEC Press Release (May 13, 2024).
2. For a summary of the February Proposal, see Treasury Proposes Investment Advisers AML/CFT Program Rule, Dechert OnPoint (March 12, 2024).