On May 13, 2024, the Securities and Exchange Commission (SEC) and the Financial Crimes Enforcement Network (FinCEN) issued a joint notice of proposed rulemaking (proposed rule) that would impact how investment advisers handle anti-money laundering (AML) compliance. The proposed rule would establish Customer Identification Programs (CIPs) for certain Registered Investment Advisers (RIAs) and Exempt Reporting Advisers (ERAs). These CIPs would mirror existing requirements already in place for banks and broker-dealers.
The public comment period for the proposed rule lasts for 60 days (until July 12, 2024).
BACKGROUND
The goal of the proposed rule is to combat money laundering, terrorist financing and other illicit activities by deterring the use of false or hidden identities. The proposed rule was expected, following FinCEN's February 2024 related notice of proposed rulemaking (February proposal) that would add certain RIAs and ERAs as financial institutions subject to the Bank Secrecy Act (BSA). The BSA subjects those financial institutions to anti-money laundering/countering the financing of terrorism (AML/CFT) program requirements and Suspicious Activity Report (SAR) filing obligations. Thus, the pending February proposal would subject certain investment advisers to AML/CFT program requirements and SAR filing obligations, as well as other BSA requirements. While the February proposal stopped short of applying the BSA's CIP requirements to those investment advisers, this proposed rule would do just that. Like the February proposal, the proposed rule's requirements would not apply to investment advisers registered only at the state level.
Thus, as FinCEN and the SEC explain, the proposed rule complements the February proposal, with the aim of these two complementary proposals being “to prevent illicit finance activity in the investment adviser sector and further safeguard the U.S. financial system.”
UNDER THE PROPOSED RULE, RIAS AND ERAS WOULD BE OBLIGATED TO:
- Gather identifying information from their clients, including basic details like names, dates of birth or formation, addresses and identification numbers. Exceptions might exist for current clients where the adviser already has a “reasonable belief” about their true identity.
- Implement procedures to verify the identities of their clients using a risk-based approach. This verification should occur within a reasonable timeframe, either before or after an account is opened. The adviser’s goal is to establish a “reasonable belief” that they know the true identity of each client.
- Maintain records of the information used to verify client identities for a period of five years.
- Consult with government lists of suspected terrorists and terrorist organizations.
- Notify clients about the requirement to provide information for identity verification purposes.
DEFINING “CUSTOMER” AND “ACCOUNT”
The proposed rule defines who qualifies as a “customer” and what constitutes an “account.” This scope potentially encompasses a broader range of interactions than some advisers might anticipate.
- Who is a customer? The proposed rule defines a “customer” as a person — including a natural person or a legal entity — who opens a new account with an investment adviser. The proposed definition focuses on the person identified as the account holder, excluding certain individuals and entities, such as existing clients with established identities. However, the proposed rule contemplates situations where advisers might need to take additional steps to verify non-individual customers (e.g., partnerships, corporations) deemed to be high-risk.
- What is an account? The proposed rule defines an “account” as any contractual or other business relationship between a person and an investment adviser under which the investment adviser provides investment advisory services. The proposed definition encompasses any contractual or business relationship where the adviser provides investment services. This broad definition could capture non-traditional arrangements beyond typical investment accounts, potentially including employee benefit plans.
- Notably, the proposed definition excludes an account that an investment adviser acquires through an acquisition, merger, purchase of assets or assumption of liabilities. However, such accounts may still be subject to other AML/CFT requirements applicable to advisory activities, including activities within the scope of the February proposal, to the extent it is adopted.
Importantly, for investment advisers to private funds, an investment adviser would not generally be required to look through an account to its beneficiaries under the proposed rule. However, a private fund adviser may be required to look through the fund for its owners in certain cases (for example, where an individual has authority or control over the fund account) or pursuant to AML/CFT due diligence under the February proposal.
VERIFICATION PROCEDURES
The proposed rule outlines risk-based procedures for verifying customer information. Advisers would need to utilize documentary or non-documentary methods, or a combination of both, depending on the assessed risk level. The timing of verification would also be flexible, occurring within a reasonable timeframe before or after an account is opened.
The proposed rule acknowledges the potential for collaboration by allowing advisers to rely on CIP procedures performed by other financial institutions. However, this reliance hinges on specific conditions, including a written agreement, confirmation of the other institution’s AML/CFT compliance and annual certifications demonstrating their adherence to the adviser’s specified CIP requirements. Importantly, the ultimate responsibility for ensuring proper CIP fulfillment remains with the investment adviser. There is also specific language in the proposed rule allowing advisers to deem these CIP requirements satisfied for compliant mutual funds it advises.
RECORDKEEPING AND NOTICE
As mentioned above, the proposed rule mandates recordkeeping obligations, requiring advisers to retain verification information for a specific period. Additionally, advisers would be obligated to check client information against government watch lists and notify clients about the verification process itself. The proposed rule might necessitate duplicating verification efforts already undertaken by account custodians who hold clients’ funds and securities. Even if another financial institution performs the verification, advisers would still need to establish their own procedures and maintain separate records under the proposed rule's CIPs.
CONCLUSION
While many investment advisers already maintain AML/CFT policies with some elements of CIPs as a best practice, the proposed rule would usher in a more prescriptive and resource-intensive approach. Advisers would be required to develop and implement formal CIPs, potentially requiring dedicated personnel and technological infrastructure. While obtaining the required customer information might not be inherently difficult, the definitions of “customer” and “account” could expand the scope of CIP requirements for RIAs and ERAs. This could be another significant burden, especially for smaller firms.
Overall, the CIP requirements under the proposed rule would represent a significant change for investment advisers. While the intent of enhancing AML/CFT efforts is laudable, advisers should carefully consider the potential impact on their operations and resource allocation. Actively participating in the comment period offers a valuable opportunity to shape any final rule and ensure it strikes a balance between effective AML/CFT compliance and manageable implementation for investment advisers.