Thu, Nov 28, 2024

Navigating New Regulations: FinCEN’s AML/CFT Compliance Rule Mandates Elevated Standards for Investment Advisers

The Impact on Investment Advisers

The Financial Crimes Enforcement Network (FinCEN) recently adopted a landmark final rule (the “Final Rule”) imposing anti-money laundering (AML) and countering the finance of terrorism (CFT) requirements on certain investment advisers.1 This marks a significant shift in the regulatory landscape, positioning investment advisers within the framework of financial institutions under the Bank Secrecy Act (BSA). The Final Rule’s impact will be substantial, necessitating advisers to enhance their compliance programs, redefine operational procedures and potentially reshape client relationships.

Background

Historically, investment advisers have not been subject to specific AML/CFT requirements despite two prior proposals aiming to impose such regulations. The latest attempt, following the 2024 Treasury Investment Adviser Risk Assessment (“Risk Assessment”), successfully amends the BSA’s definition of “financial institution” to include certain SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs).2

The Risk Assessment, released alongside the SEC’s notice of rule proposal3, identified several threats to the U.S. financial system involving investment advisers. It highlighted instances where RIAs and ERAs serve as entry points into the U.S. market for illicit proceeds from foreign corruption, fraud, and tax evasion. Additionally, the Risk Assessment noted that private fund advisers, particularly those advising venture capital funds, are being used by foreign states, notably China and the Russian Federation, to access technology and services with potential long-term national security implications. The Final Rule aims to mitigate these risks and deliver on a key component of the Biden-Harris administration’s 2021 U.S. Strategy on Countering Corruption.

Risk Assessment Findings4

Additional specific risks identified in the Risk Assessment include risks to the U.S. financial system as well as investment advisers:

  • An investment adviser may be the only person or entity with a complete understanding of the source of a customer's invested assets. Because investment advisers are currently prevented from participating in the USA PATRIOT Act 314(a) and 314(b) information sharing programs, law enforcement and other financial institutions cannot obtain information related to suspected illicit finance activity that only investment advisers may have access to.
  • Investment advisers are not currently included in the BSA’s definition of “financial institution,” therefore they are not afforded the protection from liability (safe harbor) that applies to financial institutions when voluntarily filing suspicious activity reports (SARs).
  • RIAs and ERAs often depend on third parties, including offshore entities, for administrative and compliance tasks. These entities are subject to varying AML/CFT regulations. Due diligence and verification practices differ based on local regulatory requirements and the fund adviser’s stipulations.
  • For private funds, investors often use multiple layers of legal entities, some registered or organized outside the U.S. This complexity makes it difficult to gather information on illicit finance risks. For example, an investor might use a shell company in the Cayman Islands, complicating the due diligence process.

Applicability of the Final Rule

Including Foreign-Located Investment Advisers

The Final Rule applies specifically to RIAs and ERAs. However, FinCEN chose to exclude certain categories of advisers from its reach. Notably, the Final Rule does not cover mid-sized advisers (advisers with assets under management between $25 million and $100 million), multi-state advisers, pension consultants or advisers with no assets under management reported on Form ADV.

The Final Rule addresses concerns about its application to RIAs or ERAs with principal offices outside the U.S. It defines a “foreign-located investment adviser” as one whose principal office and place of business is outside the U.S. The Final Rule applies to advisory activities that (1) occur within the U.S., (2) involve U.S. personnel, or (3) are provided to U.S. persons or foreign-located private funds with U.S. investors. Foreign-located advisers that trigger SEC registration may be covered by the Final Rule because they have a sufficient nexus to U.S. activity. 

This focused applicability aims to target those segments of the investment adviser industry that are most susceptible to illicit finance risks while excluding lower-risk entities. The Final Rule also intentionally leaves out state-registered advisers, though FinCEN reserves the right to revisit this decision should future assessments indicate a need for broader coverage.

Key Final Rule Requirements

AML/CFT Program Development

Investment advisers are now mandated to develop, implement and enforce an AML/CFT program tailored to the risks inherent in their operations. This program must be comprehensive and risk-based, meaning that it should be designed to identify, assess and mitigate the specific risks associated with the adviser’s business model, client base and transactions.

Program Elements:

  • Internal Policies and Procedures: The AML/CFT program must include comprehensive policies and procedures for detecting and reporting suspicious activities. These policies should be based on a thorough risk assessment and regularly updated to address emerging risks.
  • Risk Assessment: Advisers must conduct a detailed risk assessment considering the types of clients they serve, the products and services they offer, the geographical areas in which they operate and the channels through which they deliver services. This assessment will inform the design of the AML/CFT program.
  • Independent Testing: Advisers must ensure independent testing of the AML/CFT program by either the adviser’s personnel or a qualified external party. This testing can be conducted by employees of the adviser, its affiliates or unaffiliated service providers, provided they are not involved in the operation or oversight of the AML/CFT program. The frequency of this testing should be based on the specific AML-related risks and the adviser’s overall risk management strategy.
  • Monitoring and Reporting: The program must include robust monitoring mechanisms to detect suspicious activities and ensure timely reporting to FinCEN. Advisers must also establish processes for ongoing monitoring of client relationships and transactions.

Meeting these requirements is crucial for complying with the Final Rule and preventing advisory services from being used for money laundering or terrorist financing. By tailoring AML/CFT programs to their specific risk profiles, advisers can better protect themselves and the financial system from illicit activities. Key program elements include comprehensive internal policies and procedures, detailed risk assessments, independent testing and robust monitoring and reporting mechanisms.

Appointment of an AML/CFT Compliance Officer

As part of the AML/CFT program, investment advisers must appoint a designated compliance officer who is responsible for the oversight and implementation of the AML/CFT program. The compliance officer must have the requisite authority, resources and expertise to carry out this role effectively. This includes a deep understanding of AML/CFT regulations, experience in compliance management and the ability to ensure the program is adequately resourced and supported within the organization.

Responsibilities of the AML/CFT Compliance Officer:

  • Program Implementation: The compliance officer is tasked with ensuring that the firm’s AML/CFT program is fully implemented across all levels of the organization.
  • Training and Education: The compliance officer must develop and oversee ongoing training programs for employees, ensuring that staff are well-informed about AML/CFT regulations and the firm’s policies and procedures.
  • Internal and External Liaison: The compliance officer serves as the primary point of contact for both internal stakeholders and external regulatory bodies, including FinCEN. This includes coordinating responses to regulatory inquiries and managing any potential compliance issues that arise.

The appointment of a compliance officer is crucial for ensuring dedicated oversight of AML/CFT compliance within the organization. This role is integral to upholding the integrity of the firm’s AML/CFT initiatives and ensuring continuous adherence to regulatory requirements. By having a designated individual responsible for these efforts, the firm can effectively manage compliance risks, respond promptly to regulatory inquiries and maintain robust internal controls, thereby safeguarding the organization against potential illicit activities.

Customer Due Diligence (CDD) and Customer Identification Program (CIP)

The Final Rule requires investment advisers to implement risk-based procedures for ongoing CDD without changes from the proposed rule. Risk-based procedures for conducting ongoing CDD include (1) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (2) identifying and reporting suspicious transactions and, on a risk basis, to maintain and update customer information.
The Final Rule does not mandate the categorical collection of beneficial ownership information for legal entity customers; instead, advisers should determine the need for such information based on the customer’s risk profile. FinCEN may consider future rulemaking on this issue.
FinCEN indicated its intention to address CIP requirements for investment advisers through joint rulemaking with the SEC. On May 21, 2024, FinCEN and the SEC published a joint Notice of Proposed Rulemaking to apply CIP requirements to RIAs and ERAs. The proposed rule mandates that RIAs and ERAs establish, document and maintain written CIPs suitable for their sizes and businesses. These CIPs must include risk-based procedures to identify and verify customer identities within a reasonable time frame before or after account opening.5
The proposed rule requires RIAs and ERAs to form a reasonable belief of knowing their customers’ true identities by obtaining specific identifying information, such as name, date of birth or formation, address and identification number. The rule also requires maintaining records of verification information, notifying customers about identity verification and consulting government-provided lists of known or suspected terrorists or terrorist organizations. Notably, the current proposal allows investment advisers to rely on other financial institutions to perform CIP provided those institutions meet specific AML/CFT compliance program requirements and are regulated by a federal functional regulator.6,7

CDD/CIP Procedures:

CDD/CIP procedures are critical for understanding the nature of client relationships, verifying client identities and identifying the beneficial owners of legal entities. Components of a CDD/CIP program may include the following:

  • Client Identification: Obtain and verify key information about investment advisers’ clients, including names, addresses, dates of birth (for individuals) and identification numbers. 
  • Ongoing Monitoring: Engage in ongoing monitoring of client activities to detect any suspicious behavior that could indicate money laundering or terrorist financing. This includes regular reviews of client profiles and transaction patterns.
  • Enhanced Due Diligence: For clients or transactions that present a higher risk, advisers must implement enhanced due diligence measures. This may involve obtaining additional information, conducting more frequent monitoring or imposing stricter controls on the client relationship.
  • Beneficial Ownership Identification and Verification: Identify and verify the beneficial owners of legal entity customers to ensure transparency and accountability.
  • Understanding Customer Relationships: Understand the nature and purpose of customer relationships to develop a comprehensive customer risk profile.
  • Politically Exposed Persons (PEPs): Take a risk-based approach to identify and verify the source of funds and wealth for PEPs. This includes obtaining information on the PEPs’ country of residence, the level of corruption and money laundering risk associated with that country and details about immediate family members and close associates.8
  • Source of Funds: Verify the source of funds for clients, particularly those presenting higher risks, to ensure that the funds do not derive from illicit activities.

CDD and CIP are cornerstones of any effective AML/CFT program. By thoroughly understanding their clients and monitoring their activities, investment advisers can identify and mitigate risks more effectively, thereby protecting themselves and the broader financial system.

Suspicious Activity Reporting

Investment advisers are now obligated to file SARs with FinCEN when they detect activities that may involve money laundering, terrorist financing or other illicit activities. The SAR filing requirement is a critical component of the AML/CFT framework.

SAR Filing Requirements:

  • Detection of Suspicious Activities: Advisers must have procedures to detect unusual or suspicious transactions, such as those that do not fit the client’s profile, are unusually large or complex or lack a clear economic or lawful purpose.
  • Reporting Obligations: Once suspicious activity is detected, advisers must file a SAR with FinCEN. The report should include detailed information about the client, the transaction and the reasons for suspicion. SARs must be filed within 30 days of detecting the suspicious activity.

SARs are vital tools in the fight against financial crime. They provide law enforcement with critical intelligence to identify and investigate money laundering, terrorist financing and other illicit activities. For investment advisers, fulfilling SAR obligations is not only a regulatory requirement, but also a key component of their contribution to the integrity of the financial system. “SARs are also subject to strict confidentiality restrictions,” adds Daniel G. Viola, Partner of Seward & Kissel LLP. “With certain exceptions, investment advisers and their agents can only disclose the underlying facts of a SAR; provided that no person involved in the reported transaction is notified that the transaction has been reported.”

Recordkeeping Requirements

The Final Rule imposes recordkeeping requirements on investment advisers, ensuring that they maintain comprehensive records of their transactions and compliance activities.

Recordkeeping Obligations:

  • Transaction Records: Under the Final Rule, investment advisers are added to the list of institutions that are exempt from certain requirements of the Recordkeeping and Travel Rules under the BSA. However, for transactions equal to or exceeding $3,000 that are not excepted transfers, advisers must collect and retain identifying information about the sender. If an adviser’s customer has a direct account relationship with a qualified custodian subject to AML/CFT requirements, the RIA/ERA generally does not need to comply with the Recordkeeping and Travel Rules. Additionally, advisers must file Currency Transaction Reports for transactions exceeding $10,000, similar to other BSA-defined financial institutions.
  • Retention Period: All records must be retained for a minimum of five years and must be readily accessible for examination by regulatory authorities. This includes records related to SAR filings, client due diligence and AML/CFT program activities.
  • Compliance Documentation: Advisers must document their compliance with the AML/CFT program requirements, including evidence of ongoing monitoring, risk assessments and any actions taken in response to detected risks.

Maintaining accurate and comprehensive records is essential for ensuring compliance with AML/CFT regulations and providing a clear audit trail for regulatory inspections. These records also serve as critical evidence in investigations of financial crimes.

Independent Testing

The Final Rule imposes an independent testing requirement that needs to be based on the adviser’s specific AML-related risks and overall risk management strategy.

Independent Testing Obligations:

  • Personnel Restrictions: To ensure independence and effectiveness, personnel involved in implementing or overseeing the adviser’s AML/CFT program cannot participate in independent testing.
  • Qualified Internal Staff: Advisers may use trained internal staff for testing provided they are not involved in the function being tested. The AML/CFT officer or anyone reporting to them is generally not considered independent for this purpose.
  • Complexity and Risk Profile Considerations: Advisers with less complex operations and lower risk profiles may use shared resources for independent testing as long as the testing remains independent.
  • Testing Frequency: The frequency of testing is determined by the adviser based on overall AML-related risks and the adviser’s risk management strategy.

These obligations ensure that the AML/CFT program is effectively tested and verified by an independent party, maintaining the integrity and effectiveness of the program. Advisers can ensure independent AML testing by utilizing internal audit teams or hiring external consultants.

Information Sharing and Special Measures

Investment advisers are now subject to information-sharing provisions under the USA PATRIOT Act, enhancing their ability to collaborate with other financial institutions and law enforcement agencies in combating financial crime.

Information-Sharing Provisions:

  • Sections 314(a) and 314(b): Under Sections 314(a) and 314(b) of the USA PATRIOT Act, investment advisers are required to participate in information sharing to detect and prevent money laundering and terrorist financing. Section 314(a) mandates that advisers respond to information requests from FinCEN to identify and report suspicious activities. Section 314(b) allows advisers to voluntarily share information with other financial institutions to better identify and mitigate risks associated with money laundering and terrorist financing. These provisions aim to enhance collaboration and information flow among financial institutions, thereby strengthening the overall AML/CFT framework.
  • Special Measures: The Final Rule also incorporates special measures under section 311 of the USA PATRIOT Act. Advisers must apply enhanced due diligence when dealing with correspondent and private banking accounts, particularly those involving high-risk jurisdictions or clients.

Information sharing is a powerful tool in the fight against financial crime. By enabling collaboration between financial institutions and law enforcement, these provisions help to identify and disrupt illicit activities that might otherwise go undetected.

Exclusions and Special Conditions

The Final Rule provides certain exclusions and special conditions for investment advisers, allowing flexibility in how they apply their AML/CFT programs.

Exclusions:

  • RIAs that register with the SEC solely because they are (1) mid-sized advisers, (2) multistate advisers (3) or pension consultants or (4) are not required to report any assets under management to the SEC on Form ADV
  • Mutual Funds: Investment advisers may exclude any mutual funds they advise from their AML/CFT program provided that these funds have their own compliant AML/CFT programs in place.
  • Bank and Trust Company-Sponsored Collective Investment Funds: These funds are also excluded from the adviser’s AML/CFT program if they comply with applicable regulations that incorporate AML/CFT requirements.
  • Sub-Advisers: Advisers may exclude other investment advisers they oversee if those advisers are already subject to the AML/CFT requirements of the Final Rule.

These exclusions recognize that certain entities are already subject to rigorous AML/CFT oversight and therefore do not require duplicative efforts. By allowing these exclusions, FinCEN ensures that the focus remains on entities that present higher risks of money laundering and terrorist financing.

Implementation Timeline

The Final Rule’s effective date is set for January 1, 2026, giving investment advisers a window to fully implement the required AML/CFT programs and compliance measures. By this date, advisers must have established all necessary controls, implemented SAR filing procedures and ensured that their recordkeeping practices are fully compliant with the new regulations. This timeline underscores the importance of beginning the compliance process immediately to avoid any disruption to business operations. “Advisers defined in the Rule will virtually have the same requirements that certain other financial institutions have with respect to AML programs, including broker-dealers,” adds Viola. “It will take substantial time and investment for advisers to implement independent training and to ensure that suspicious activities are appropriately evaluated and filed on a timely basis,” Viola stated. 

How Kroll Can Help

Kroll’s Financial Services Compliance and Regulation practice provides comprehensive lifecycle AML solutions. Leveraging advanced analytics, technology and a specialized team, Kroll can help ensure compliance with regulatory expectations through tailored risk assessments, ongoing monitoring and independent compliance reviews designed to help financial institutions maintain robust AML controls and effectively manage AML risks.

 

Sources:

1 https://www.federalregister.gov/documents/2024/09/04/2024-19260/financial-crimes-enforcement-network-anti-money-launderingcountering-the-financing-of-terrorism

2 Department of the Treasury. (2024). 2024 Investment Adviser Risk Assessment. https://home.treasury.gov/system/files/136/US-Sectoral-Illicit-Finance-Risk-Assessment-Investment-Advisers.pdf

3 Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers. (2024, May 13). SECURITIES AND EXCHANGE COMMISSION. https://www.sec.gov/files/rules/proposed/2024/bsa-1.pdf

4 Department of the Treasury. (2024). 2024 Investment Adviser risk assessment. https://home.treasury.gov/system/files/136/US-Sectoral-Illicit-Finance-Risk-Assessment-Investment-Advisers.pdf

5See FinCEN and SEC, Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers, Notice of Proposed Rulemaking, 89 FR 44571 (May 21, 2024)

6 89 FR at 44578-79 (discussing section 1032.220(a)(6) of the proposed CIP rule)

7 Definition: Federal functional regulator from 15 USC § 6809(2) | LII / Legal Information Institute. (n.d.). https://www.law.cornell.edu/definitions/uscode.php?width=840&height=800&iframe=true&def_id=15-USC-904463897-707328617&term_occur=999&term_src=#:~:text=(2)%20Federal%20functional%20regulator%20The,of%20Thrift%20Supervision%3B%20(E)

8 Stankevičiūtė, G. (2024, September 26). Domestic PEPs and foreign PEPs — what you need to know. iDenfy. https://www.idenfy.com/blog/domestic-peps-and-foreign-peps/


Financial Services Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.

Financial Crime Advisory

Kroll’s global Financial Crime Advisory team is comprised of seasoned compliance, investigative and regulatory professionals to help enterprises around the world defend against the rapid growth of financial crime.

Anti-Money Laundering

Kroll’s anti-money laundering (AML) solutions are designed to help minimize the risks associated with money laundering and other illicit activities and to ensure compliance through the development and management of ongoing compliance programs and processes.