SEC and FinCEN Propose Customer Identification Program Requirements for Certain Investment Advisers
Key Points
- On May 13, 2024, the U.S. Securities and Exchange Commission (“SEC”) and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a joint notice of proposed rulemaking, Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers (“Joint NPRM”), that would require SEC-registered investment advisers (“RIAs”) and exempt reporting advisers (“ERAs”) to establish, document and maintain written customer identification programs (“CIPs”) appropriate for their respective sizes and businesses. The SEC and FinCEN concurrently issued a fact sheet that summarizes the Joint NPRM.
- The Joint NPRM follows on the heels of FinCEN’s notice of proposed rulemaking in February 2024 (“February 2024 NPRM”) that would include RIAs and ERAs in the definition of “financial institution” under the Bank Secrecy Act (“BSA”), subjecting them to anti-money laundering/countering the financing of terrorism (“AML/CFT”) program requirements and suspicious activity report (“SAR”) filing obligations. Akin’s alert on the February 2024 NPRM can be read here.
- There is a 60-day public comment period for the Joint NPRM with comments accepted through regulations.gov for 60 days after the Joint NPRM’s publication to the Federal Register. If adopted as proposed, RIAs and ERAs would be required to implement a CIP that complies with the requirements of the Joint NPRM no later than six months after the effective date of the final rule.
Background
In February 2024, the U.S. Department of the Treasury issued its 2024 Investment Adviser Risk Assessment, which explains that there are “several illicit finance threats involving investment advisers,” including that investment advisers have served as an entry point into the U.S. market for illicit proceeds associated with corruption, fraud and tax evasion and that foreign states, notably China and Russia, are using investment advisers to “access certain technologies and services with long-term national security implications through investments in early-stage companies.” Of particular note, FinCEN Director Andrea Gacki stated in a recent speech that there are “several venture capital funds serving as an entry point into the U.S. financial system for Russian oligarchs, and the Office of Foreign Assets Control (OFAC) has several ongoing investigations of sanctions evasion through U.S. venture capital and private funds.”
In its February 2024 NPRM, FinCEN explained that it was “not proposing to include a customer identification program (CIP) requirement” at that time and noted that it “anticipates addressing CIP via a future joint rulemaking with the SEC.” The SEC and FinCEN have now issued the Joint NPRM to prevent illicit financial activity involving the customers of investment advisers, noting that requiring CIPs would “make it more difficult for criminal, corrupt, or illicit actors to establish customer relationships — including by using false identities — with investment advisers for the purposes of laundering money, financing terrorism, or engaging in other illicit finance activity.” These themes, along with others, were highlighted in the Treasury Department’s 2024 National Strategy for Combating Terrorist and Other Illicit Financing issued on May 16, 2024.
Issuance of Proposed Rule
The Joint NPRM would require RIAs and ERAs to, among other things, establish, document and maintain written CIPs appropriate for their respective sizes and businesses. The Joint NPRM emphasizes that the CIP is not a separate program, but rather would be incorporated into the existing AML/CFT program under 31 U.S.C. 5318(h). The SEC and FinCEN intend for the Joint NPRM to be consistent with existing rules requiring other financial institutions, such as brokers or dealers in securities, open-end investment companies (e.g., mutual funds), credit unions, banks and other financial institutions (including RIAs or ERAs that are jointly registered or affiliated with other financial institutions) to adopt and implement CIPs.
The CIP would include risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable within a reasonable time before or after the customer’s account is opened. The procedures must enable the RIA and ERA to form a reasonable belief that it knows the true identity of each customer. RIAs and ERAs would be required to obtain certain identifying information with respect to each customer, such as the customer’s name, date of birth or date of formation, address and identification number. The Joint NPRM also includes procedures for maintaining records of the information used to verify a customer’s identity and notifying customers that the adviser is requesting information to verify their identities.
Under the Joint NPRM, an RIA or ERA would not be required to “look through” a customer account to its beneficial owners and would only be required to verify the identity of the named account holder. However, based on an RIA’s or ERA’s risk assessment of a new account opened by a customer that is not an individual (such as a private investment fund), an RIA or ERA may need to take additional steps to verify the identity of the customer by seeking information about individuals with authority or control over the account to identify the customer, or may need to look through the account in connection with the customer due diligence procedures described in the February 2024 NPRM.
Notably, the definition of “customer” of an RIA or ERA would not include a “financial institution,” as defined in the BSA, and an RIA or ERA would be permitted to rely on the other financial institution’s CIP procedures under certain circumstances. Accounts acquired through an acquisition, merger, purchase of assets or assumption of liabilities are also excluded from the Joint NPRM’s requirement on the basis that such accounts are not “opened” because of such transactions.
Next Steps and Recommendations
The SEC and FinCEN seek comments on the Joint NPRM, including the proposed definition of “account” and “customer” and how an RIA or ERA would apply the proposed identification and verification requirements to a customer that is a private fund. Comments may be submitted on regulations.gov (Docket Number FINCEN-2024-0011) for 60 days after the Joint NPRM’s publication to the Federal Register.
Many RIAs and ERAs already administer AML/CFT programs, often in conjunction with their service providers’ (e.g., placement agents, administrators) AML/CFT programs. However, considering the Joint NPRM, RIAs and ERAs should assess their current AML/CFT programs to identify any adjustments or enhancements that may be needed considering the Joint NPRM’s requirements.
As we noted in our alert on the February 2024 NPRM, current geopolitical trends, including the recent U.S. government focus on facilitators of Russia’s war on Ukraine and China’s investments in advanced technology (and the connections between this Joint NPRM and the February 2024 NPRM) may indicate a greater political appetite for these proposed regulations to proceed through the rulemaking process.