INTRODUCTION
On 13 May 2024, the Securities and Exchange Commission (SEC) and the US Department of Treasury’s (DoT) Financial Crimes Enforcement Network (FinCEN) jointly proposed rulemaking to implement Section 326 of the USA Patriot Act1 (Proposed CIP Rule), which would require SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to establish written customer identification programs (CIP). The proposal comes on the heels of FinCEN’s February 2024 proposal (Proposed AML Rule) requiring advisers to maintain anti-money laundering (AML) compliance programs. The SEC and FinCEN are seeking public comments on the proposed rule with a submission deadline of 20 July 2024.
The Proposed CIP Rule, if adopted as proposed, would require RIAs and ERAs (CIP Advisers) to maintain CIPs that, at a minimum, implement reasonable procedures to require customer identity verification. The Proposed CIP Rule is conditioned on the adoption of the expanded definition of “financial institutions” outlined in the Proposed AML Rule and does not apply to certain funds that are already subject to their own AML procedures (such as mutual funds). As is permissible under the existing CIP rules, RIAs will be able to delegate their CIP obligations and responsibilities to third parties similarly subject to CIP rules, such as banks and broker-dealers.
Interestingly, in a novel (and maybe unprecedented) approach, the Proposed CIP Rule has been put forth for comment by the SEC, notwithstanding the fact that it is contingent on final adoption of the Proposed AML Rule which is still in the comment phase.
We discuss the implications of the Proposed CIP Rule as well as outline the Proposed AML Rule herein. For a quick review and analysis of the Proposed CIP Rule, please see our blog post.
KEY POINTS
Proposed Rule Making | Brief Summary of Changes |
Proposed AML Rule | The Proposed AML Rule would change the definition of “financial institutions” under the Bank Secrecy Act (BSA). RIAs and investment advisers that report to the SEC as ERAs would be required to: (i) implement an AML/counter-terrorist financing (CFT) program; (ii) file certain reports, such as Suspicious Activity Reports with FinCEN; (iii) keep records such as those relating to the transmitting of funds; and (iv) fulfill other obligations applicable to financial institutions subject to the USA Patriot Act, BSA and FinCEN’s implementing regulations. |
Proposed CIP Rule | The Proposed CIP Rule would require that CIP Advisers establish, maintain, and document written CIPs as a part of the advisers’ AML/CFT program. At a minimum, these CIP procedures would require CIP Advisers to implement reasonable procedures to identify and verify the identity of their customers, among other requirements, in order to form a reasonable belief that CIP Advisers know the true identity of their customers. Additionally, CIP Advisers would be responsible for maintaining records of the information used to verify a customer’s identity, including name, address, and other identifying information. |
PROPOSED AML RULE
On 13 February 2024, FinCEN published a Notice of Proposed Rulemaking that would impose AML and CFT requirements on both CIP Advisers. FinCEN previously made similar rule proposals in 2002, 2003, and 2015, which were never finalized and adopted. The comment period on the Proposed AML Rule ended 15 April 2024, with many industry groups criticizing the overly stringent requirements associated with the Proposed AML Rule. If adopted as proposed, covered investment advisers would need to comply with the final rules within 12 months after they become effective.
The Proposed AML Rule would expand the list of covered “financial institutions” under the BSA to include “investment advisers.” As a result, both CIP Advisers would be required to implement risk-based AML/CFT programs, report suspicious behavior to FinCEN, and comply with other reporting and recordkeeping requirements, including records pertaining to fund transfers.
In support of the Proposed AML Rule, the DoT published its 2024 Investment Adviser Risk Assessment on the same day as the Proposed AML Rule in which it outlined its concern that “the uneven application of AML/CFT requirements across the [investment industry] allows … illicit investors to ‘shop around’ for advisers which [do] not need to inquire into their source of wealth.” The DoT explained that the Proposed AML Rule is intended “to keep criminals and foreign adversaries from exploiting the US financial system and assets through investment advisers” by “[adding] further transparency to the US financial system and [helping] assist law enforcement in identifying illicit proceeds entering the US economy.”
The SEC and FinCEN also note that the Proposed AML Rule would help bring the United States into full compliance with several international AML/CFT standards established by the Financial Action Task Force (FATF).
As with the AML/CFT regulations currently applicable to banks, broker-dealers, and mutual funds, FinCEN continues to advocate a “risk-based” approach for AML/CFT programs in the Proposed AML Rule. This risk-based approach is intended to “give investment advisers the flexibility to design their programs so that they are commensurate with the specific risks of the advisory services they provide and the customers they advise.” In developing an AML/CFT program, investment advisers would need to assess their client base, advisory services and size, and tailor their programs accordingly. Programs would need to be “reasonably designed and risk-based consistent with investment advisers’ respective risk profiles.”
SUMMARY OF CIP RULEMAKING
The Proposed CIP Rule will essentially extend the CIP regulation that currently applies to other financial institutions and require investment advisers to establish policies and procedures to verify the identity of their customers. If adopted as proposed, CIP Advisers would be required to maintain CIPs that, at a minimum, implement reasonable procedures to:
- Verify the identity of individuals seeking to open accounts to the extent reasonable and practicable;
- Respond to circumstances in which the adviser cannot form a reasonable belief that it knows the true identity of a client;
- Regularly consult government-provided lists of known or suspected terrorists or terrorist organizations to screen prospective account holders; and
- Maintain thorough records of the information used for identity verification.
Under the Proposed CIP Rule, CIP Advisers would be responsible for verifying the identity of their customers within a reasonable amount of time before or after the customer’s account is opened. Accordingly, under the Proposed CIP Rule, “[a] person becomes a customer each time the person opens a new account with an investment adviser. Therefore, upon the opening of each account, the verification requirements of this proposed rule would apply.”2 The Proposed CIP Rule defines account3 as “any contractual or other business relationship between a person and an investment adviser under which the investment adviser provides investment advisory services.”4 In the case of private funds, the Proposed CIP Rule would require that the investment adviser collect CIP for the private fund and, in some cases, individuals with authority or control over such private fund as those individuals would be considered the customers opening the account, rather than those invested in such fund.5 RIAs would not have to comply with the Proposed CIP Rule with respect to mutual funds, exchange traded funds, and other similar open-ended investment companies that are already subject to regulatory CIP requirements. Closed-end investment companies, however, are not proposed to be subject to the Proposed AML Rule, and, as such, Investment advisers advising closed-end funds would be required to apply the Proposed CIP Rule requirement to these types of funds.
Methods of Verification
At a minimum, to properly verify a customer’s identity, a CIP Adviser would have to obtain each customer’s name, date of birth for an individual (or the date of formation for any person other than an individual), address, and relevant identification number. For higher risk customers and accounts, CIP Advisers would be required to obtain additional information “in order to enable the investment adviser to form a reasonable belief that it knows the true identity of the customer.”6
The type of methods for identity verification, under the Proposed CIP Rule, are nearly identical to the current CIP rules in place for financial institutions; identity can be verified through documents or through non-documentary means. From a documentary perspective, CIP Advisers would require customers to produce “unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard[s].”7 From a non-documentary perspective, CIP Advisers may use methods such as “contacting a customer; obtaining a financial statement; comparing the identifying information obtained with respect to the customer against relevant fraud, bad check databases to determine whether any of the information is associated with known incidents of fraudulent behavior; comparing the identifying information with information available from a trusted third-party source, such as a credit report from a consumer reporting agency or an account verification database; and checking references with other financial institutions”8 to determine the true identity of the customer. The proposed rules would further require CIP Advisers to crosscheck the identity of the potential customer with government lists, such as the lists routinely circulated by DoT’s Office of Foreign Assets Control and to provide adequate notice to prospective and current customers that such verification information is now being requested by the adviser.
The Proposed CIP Rule would require CIP Advisers to retain records related to the operation of the adviser’s CIP program and the verification of a customer’s identity for a period of five years.
Higher Risk Customers
The Proposed CIP Rule also requires CIP Advisers to adopt policies and procedures for the additional verification of certain higher risk customers as well as policies and procedures that apply when a potential customer’s identity could not be verified.
Reliance on Other Financial Institutions
As under the current CIP rules for financial institutions, CIP Advisers will be allowed to rely on the performance of some or all of the CIP requirements by another financial institution. Currently, a financial institution may rely on the CIP of another financial institution provided that “(i) such reliance is reasonable under the circumstances, (ii) the other financial institution is subject to a rule implementing 31 U.S.C. 5318(h) [rules governing compliance, exemptions and summons authority] and is regulated by a Federal functional regulator; and (iii) the other financial institution enters into a contract requiring it to certify annually to the [relying institution] that it has implemented its anti-money laundering program, and that it will perform (or its agent will perform) the specified requirements of the [relying institution’s] CIP.”9 Under the Proposed CIP Rule, reliance would be permitted if a customer of the RIA or ERA is opening or has opened an account with another financial institution to provide or engage in similar services and subject to the requirements of the current CIP rules discussed above.
EFFECTIVE DATE
The effective date of the Proposed CIP Rule will be 60 days after the date on which a final rule is published in the Federal Register. The compliance date, according to the Proposed CIP Rule, will likely be six months from the effective date, but no sooner than the compliance date of the Proposed AML Rule, if adopted.10
INDUSTRY INFLUENCE
Currently, it is common for financial institutions subject to CIP rules and regulations to seek to rely on third parties, such as banks and broker-dealers, to conduct such diligence on their behalf as permitted by the current CIP rules (and the Proposed CIP Rules). The Proposed CIP Rule states that investment advisers would not be held responsible for any AML or CIP failures of other financial institutions if an agreement to rely on such financial institutions’ AML and CIP program was in place. As a practical matter, however, given the increased liability associated with these reliance agreements and based on the varied success that other financial institutions have had in obtaining agreements with appropriate reliance provisions, if adopted it may be difficult for investment advisers to obtain reliance agreements with other financial institutions on terms that the regulators would deem to be satisfactory.
INDUSTRY RESPONSE
In the past, AML rulemaking has come with significant push back from investment advisers and similarly situated interest groups; the Proposed AML Rules were met with similar, but less critical, pushback from industry participants. For example, in a comment letter to FinCEN (IAA Comment Letter), the Investment Advisers Association (IAA), among other things, stressed the differences in business activities and AML risks for RIAs as compared to organizations such as banks or broker-dealers, including in the case of non-discretionary financial planning or research reports.11 According to critics of the Proposed AML Rule and Proposed CIP Rule, many investment advisers currently rely on client relationships with other financial institutions as a means to satisfy AML concerns and the introduction of the strict AML and CIP requirements of the Proposed AML Rule and the Proposed CIP Rule would burden many advisers with significant cost increases. Notably, the IAA Comment Letter criticized the provisions of the Proposed CIP Rule; however, in contrast to previous comment letters with respect to prior proposed AML regulation of investment advisers, industry commentors did not argue against the principle that investment advisers may need to be subject to AML regulations. This time around, industry participants are seemingly open to a change in the AML/CFT regime, so long as the SEC and FinCEN address their implementation concerns.
This time around, industry participants seemingly recognize the necessity of new AML rules for certain investment advisers given the FATF’s 2016 Mutual Evaluation of the United States (2016 FATF Report) and the DoT report cited above. In the 2016 FATF Report, the lack of beneficial ownership requirements for investment advisers and similar industry participants was outlined as a major AML risk present in the United States, with some industry participants worrying that, absent any major updates, the US AML program may be marked as deficient if even non-compliant under one of FATF’s AML lists. By introducing the Proposed AML Rules and Proposed CIP Rules, FinCEN is clearly attempting to strengthen the US AML program, which would hopefully alleviate the FATF concerns.
SEC COMMISSIONER CONCERNS
Notably, SEC Commissioner Mark Uyeda did not vote in favor of the Proposed CIP Rule. Commissioner Uyeda expressed a fair bit of skepticism regarding the Proposed CIP Rule, especially due to the intertwining of the Proposed CIP Rule and the Proposed AML Rule. Specifically, Commissioner Uyeda found it difficult to thoughtfully assess the economic impact of the Proposed CIP Rule, before clarifying the types of investment advisory activity that should be included in the definition of “financial institution.” Effectively, Commissioner Uyeda stated that the implementation of the Proposed AML Rule and Proposed CIP Rule should be a two-step process, where first the regulators determine how investment advisers fit within the “financial institution” definition and then the SEC proposes the implementing regulations applicable to investment advisers. Furthermore, Commissioner Uyeda expressed concerns that given the “mountain of new regulations” that have been imposed on smaller investment advisers in recent years, there are legitimate concerns as to whether these additional burdens will meaningfully contribute to the goal of preventing money laundering and terrorist financing.
CONGRESSIONAL REVIEW ACT TIMING
Another interesting point surrounding the Proposed CIP Rule is the timing of the publication. With the 2024 election approaching, the SEC (and other federal agencies) are pushing to finalize rules before the Congressional Review Act (CRA) lookback window begins. Under the CRA, a new president is given the authority to review rules and regulations that were finalized at the end of the previous administration under an expedited procedure. The lookback window many vary, but based on the current schedule issued by Congress any final rule published after 22 May 2024 would be subject to CRA review at the beginning of the next congressional session.12
Additionally, the CRA prevents agencies from issuing substantially similar rules in the future, thus the SEC and FinCEN may be barred from introducing a similar rule proposal in the future if Congress enacts a join resolution of disapproval under the CRA.13
CONCLUSION
While FinCEN’s similar proposals were never ultimately finalized, given the major growth in both the investment industry and the number of bad actors since its 2015 proposal, as well as the recent increase in regulations targeted at investment advisers, it is likely that some form of FinCEN’s latest AML and CIP proposal will ultimately be adopted. CIP Advisers should consider reviewing the Proposed AML Rule and the Proposed CIP Rule, in consideration of future compliance expectations. Investment advisers should also consider reviewing their current AML/CFT programs and policies to determine what changes may be necessary to bring programs into compliance with the BSA, and those investment advisers that do not currently have AML/CFT programs should begin assessing their clients, advisory services, and size in consideration of the programs they may need to implement in the future.
FOOTNOTES
1 The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 is commonly referred to as the “USA Patriot Act.”
2 Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 44571, 44575 (proposed May 13, 2024) (to be codified at 17 C.F.R. pt. 275)
3 The proposed definition excludes an account that an investment adviser acquires through an acquisition, merger, purchase of assets, or assumption of liabilities. Additionally, the definition of “account” would include accounts opened for the purpose of participating in an employee benefit plan established pursuant to the Employee Retirement Income Security Act of 1974. The Proposed CIP Rules do not define business relationship and do not provide further guidance as to when a relationship becomes a formal business relationship (i.e., providing models, performance statistics, etc.).
4 supra note 2 at 9.
5 Id. at 46.
6 Id. at 17.
7 Id. at 20.
8 Id. at 22.
9 31 C.F.R. § 103.121 (2023).
10 supra note 2 at 30.
11 See Investment Adviser Association, IAA Recommends Changes to FinCEN’s AML Rule for Investment Advisers at Section II.A.1. (April 15, 2024), available at https://www.investmentadviser.org/resources/iaa-recommends-changes-to-fincens-aml-rule-for-investment-advisers/.
12 See Christopher M. Davis, The 118th Congress and the Congressional Review Act “Lookback” Mechanism, CONG. RSCH. SERV., Dec. 1, 2022, at 1, https://crsreports.congress.gov/product/pdf/IN/IN12056; see also , House of Representatives Schedules, U.S. HOUSE OF REPRESENTATIVES, https://www.house.gov/legislative-activity(last visited June 20, 2024).
13 Congressional Review Act, 5 U.S.C. § 801(b)(2).