New Anti-Money Laundering Rules for Investment Advisers

After more than 20 years and multiple iterations, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), has reissued a Notice of Proposed Rule Making (NPRM or proposed rule) to define as financial institutions, and impose Anti-Money Laundering (AML) requirements, on Registered Investment Advisors (RIAs) and exempt reporting advisers (ERAs).¹ The issuance of this rule comes at the heels of the 2024 U.S. Treasury Investment Adviser Risk Assessment and the U.S. Strategy on Countering Corruption, which note that the Investment Adviser (IA) industry serves as an entry point into the U.S. market for illicit proceeds associated with foreign corruption, fraud, and tax evasion.²  Additionally, and perhaps more importantly, China and Russia have used IAs and investments into early-stage companies to access services and technology, with “long-term national security implications.”³ If we can take away one thing from this, it is that interrupting funds from foreign illicit activity, from sanction evasion to corruption, is at the forefront of national security priorities.

As indicated in the NPRM, the IA industry in the United States consists of a wide range of business models and advisory services, including wealth management, financial planning, and pension consulting. Advisory services can be provided on a “discretionary” or “non-discretionary” basis, however more than 90 percent of RIAs manage client assets on a discretionary basis.⁴ IAs provide services to a wide range of customers, including retail investors, high-net-worth individuals, private institutions, and governmental entities (including local, state, and foreign government funds).⁵

Distinct from the previous 2015 Investment Rule, ERAs are now incorporated in the proposed rule, with Registered IAs,  and will be required to establish AML Programs. While many IAs have already started to establish risk-based AML programs, the new rule will establish uniformity in AML obligations and close the gap in U.S. anti-money laundering regulation noted by U.S. Regulators and the Financial Action Take Force (FATF)⁶ for years.

It should be noted that FinCEN is not proposing to cover state-registered IAs but will continue to monitor activity involving state-registered IAs for indicia of money laundering, terrorist financing, or other illicit finance activities. FinCEN is also proposing to exempt from this rule the activities of mutual funds, as they are already subject to comprehensive AML/CFT obligations under the BSA.

Requirements

With the proposed rule, the Treasury extends the definition of “financial institution” to include Investment Advisers because IAs engage in activities  similar to, related to, or a substitute for, financial services that other BSA-defined financial institutions (FIs) engage in. IAs would be subject to BSA/AML program requirements and examination by the U.S. Securities and Exchange Commission (SEC). Under the proposed requirements, both RIAs and ERAs would need to:

1. Implement risk-based anti-money laundering (AML) and counter terrorist financing (CFT) programs based on the core pillars of compliance, which include internal controls, policies and procedures, an employee training program, independent testing and designation of a compliance officer. 
2. File Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with FinCEN.
3. Maintain originator and beneficiary information for transactions (i.e., comply with the recordkeeping requirements and the Travel Rule).
4. Comply with information sharing obligations under Section 314(a) of the USA PATRIOT Act.⁷
5. Implement special due diligence for correspondent and private banking accounts under Section 312 of the USA PATRIOT Act and special measures under section 311 of the USA PATRIOT Act and 9714(a) of the Combatting Russian Money Laundering Act.⁸

Key Compliance Considerations for RIAs and ERAs

While the NPRM was only recently published, it was 20-plus years in the making and the industry should finally anticipate a final rule in the upcoming years. IAs can begin to prepare by considering the following:

Development of a Customer Identification Program (CIP) and Customer Due Diligence (CDD) is Recommended…even if not yet Required.
CIP and CDD rule requirements, including identifying and verifying beneficial ownership of legal entity customers, are not in the proposed rule. FinCEN, however, stated that they will promulgate CIP requirements jointly with the SEC in a separate rulemaking. FinCEN also intends to amend and reissue the CDD Rule to bring it into conformance with the Corporate Transparency Act to ensure consistency.

Additionally, regardless of official application of CIP and CDD, Guidehouse advises that the due-diligence process for determining the identity of investors and the source of their funding—similar to the process at banks dealing with high-net-worth clients—would likely be the most critical element necessary for IAs to comply with suspicious activity monitoring and reporting requirements in the proposed rule. CIP and CDD are also necessary to adequately screen customers to comply with the Office of Foreign Assets Control and sanctions laws and comply with Sections 311 and 312 of the USA PATRIOT Act.

Evaluate Protocol to Identify, Escalate, and Report Suspicious Activity
The IA relationship itself is, in many ways, more complicated than other financial relationships due to the number of parties involved, each responsible for different aspects of the customer AML/Know Your Customer (KYC) life cycle. Fund administrators, for example, provide certain services to IAs by maintaining books and records, managing subscriptions, and conducting due diligence on potential investors prior to onboarding. Prime Brokers provide services such as executing trades, settlement and financing to institutional clients, family offices, and hedge funds. Prime Brokers can be banks or broker-dealers and therefore are also subject to existing AML/CFT requirements. Qualified custodians custody investors’ funds and/or securities on behalf of the RIA and generally also maintain their own AML/CFT programs, either under BSA or similar foreign AML/CFT regimes if the custodian is operating outside of the U.S. 
In light of this complex relationship structure, it will be essential for RIAs and ERAs to establish clear lines of communication with other parties involved in servicing their investors, such as fund administrators and custodians to help identify and report suspicious activity. Without careful planning, IAs might miss information about their customer’s activity that would be critical to determining whether they should file a SAR. 

Engage Key Stakeholders
Early engagement of key stakeholders such as the board of directors and senior management is key. Under the proposed rule, each IA’s AML/CFT program would need to be approved by its board of directors or trustees. If the IA does not have a board, the AML/CFT program would need to be approved by the IA’s sole proprietor, general partner, trustee, or other persons that have functions similar to a board of directors.⁹ Ahead of a final rule, IAs may consider synthesizing pertinent information previously released for its key stakeholders, highlighting any foreseeable impacts on the business. 

Evaluate the Program You Have
If you have, as many RIAs and ERAs have, established an AML program, it will be important to evaluate whether that program is adequately risk-based, whether it meets the new regulatory requirements, and whether it is adequately implemented and sustainable. A risk assessment will be a critical element to ensuring you have the program that mitigates the risk of the business.

How Guidehouse Can Help

Not only do Guidehouse experts have decades experience in the IA and securities industry, but  some of our experts were at FinCEN helping to write rules that affected capital-market participants after the Sept. 11, 2001, terrorist attacks, including the first proposed rule for investment advisers in 2003. To ensure compliance, Guidehouse has a team of experts who are well-positioned to help entities in the IA industry with the following:

• AML/CFT and Sanctions Program Design, Execution and Management
• Staffing Assessment and designing Target Operating Models
• AML/CFT Program and Sanctions Assessments and Remediation
• KYC Risk Profiling, Risk Appetite, and File Remediation
• Program Risk Management
• Strategic Planning
• Vendor sourcing and governance
• AML/CFT and Sanctions Training

 
Contributions to this article: Trisha Gangadeen.