Advisers, it’s time to prepare! As of September 4, 2024, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has adopted a rule that will deem certain investment advisers, including ERAs, as “financial institutions” and require implementation of an Anti-Money Laundering and Counter the Financing of Terrorism (AML/CFT) programs. The rule has requirements pursuant to the Bank Secrecy Act (BSA), including but not limited to implementing risk-based AML and CFT programs, monitoring for and reporting suspicious activity to FinCEN, and fulfilling recordkeeping requirements.[1]
In other words, Registered Investment Advisers (RIAs) and exempt reporting advisers (ERAs) will be required to implement all aspects of an Anti-Money Laundering Program by the compliance deadline of January 1, 2026.
Best Practices for Building an AML Program
- OFAC Screening: Determine whether the Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) and Foreign Evaders lists will be checked by a third-party vendor or in-house and establish the necessary systems for periodic reviews.
- Customer Identification and Verification:
- Collect unexpired government identification for each customer, and for entity customers, identification of signatories or beneficial owners with 25% or greater ownership. Entity customers should also provide relevant documents (e.g., trust documents, articles of organization).
- Provide notice to customers that the firm will seek identification information and compare it with government-provided lists of suspected terrorists. Consider including this notice in client contracts or providing it separately at account opening.
- Establish a “reasonable” timeframe for collecting this information, as regulatory guidelines are not specific.
- Employee Training:
- Offer initial and annual training, either in-house or through a third-party vendor.
- Training should cover recognizing money laundering red flags, customer identification procedures, and appropriate actions when risks are identified.
- Maintain records of employee training, including dates and subject matter.
- Account Closure and Enhanced Supervision Policies:
- Develop procedures for closing or freezing accounts if the client’s true identity cannot be reasonably verified, and for enhanced supervision or additional verification of higher-risk customers.
- AML Program Testing:
- Testing must be conducted by a person with a working knowledge of Bank Secrecy Act (BSA) requirements.
- Internal testing is allowed, but it must not be conducted by the person who performs the tested functions, or anyone reporting to the person performing the tested function.
- Reporting Suspicious Activity:
- Report any suspicious behavior to FinCEN.
Currently, many advisers depend on their clients’ custodians to carry out due diligence and maintain a comprehensive AML program. Under the adopted AML rule, advisers are able to continue to rely on other financial institutions, such as their custodians, but only so long as certain conditions are met. Specifically, the reliance must be reasonable under the circumstances, and the financial institution must be regulated by a federal regulator, enter into a formal written agreement with the adviser, and provide an annual certification confirming that they have implemented an AML program.
As a best practice, advisers should also request a copy of the financial institution’s AML policy and perform due diligence on the financial institution to help ensure they are fulfilling their contractual AML obligations.
Importantly, despite reliance on another financial institution, regulators will ultimately hold the adviser responsible for compliance.
Preparing for AML Rule Changes
RIAs and ERAs will have significant responsibilities in developing and implementing their AML programs, even when they continue to rely on their custodians. Key requirements include:
- Written Policies and Procedures: Implement policies and procedures addressing the steps taken for verifying a customer’s identity (both individuals and entities), including times where a reasonable belief of the true identity of a customer cannot be formed, and the records of the verification process that must be maintained.
- Customer Screening: Conduct initial and periodic customer screening using lists of known or suspected terrorists and government watchlists (e.g., OFAC SDN List).
- Recordkeeping: Records must detail the identifying information of each customer and include a description of any documents relied upon for identity verification. Additionally, advisers are obligated to document the methods employed for verifying customer identities. This includes both documentary and, where applicable, non-documentary methods. Furthermore, any discrepancies identified during the verification process must be recorded, along with the steps taken to resolve them.
Firms will need to decide whether to rely on another financial institution or handle AML compliance in-house. Either way, it is crucial to build a robust AML program with detailed written policies and procedures.
Proposed CIP Requirements
While Customer Identification Program (CIP) requirements are closely tied with AML, the new AML rule as adopted does not include a CIP requirement for investment advisers. However, the Securities and Exchange Commission (SEC) and FinCEN have jointly proposed a new rule that would mandate RIAs and ERAs to establish a written CIP[2] This requirement would be similar to the “know your customer” requirements that have applied to broker-dealers, custodians, and other financial institutions since 2003.[3]
Conclusion
The newly adopted AML rule presents significant changes for investment advisers and ERAs. Although the compliance deadline is January 1, 2026, it is crucial for firms to begin preparations now. Implementing a robust AML program that includes due diligence, training, and ongoing monitoring will not only ensure compliance but also help mitigate risk and protect the firm from potential enforcement actions. Advisers who proactively build these systems will be better positioned to adapt to regulatory expectations, safeguard their clients, and maintain the integrity of their operations in an increasingly scrutinized environment.
The Core Compliance consulting team is well versed in this area and can assist with implementation, testing, and training. For more information, please contact us at info@corecls.com, at (619) 278- 0020 or visit us at www.corecls.com.
Author: Apryl Thompson, Compliance Consultant; Editor: Tina Mitchell, Managing Director, Consultation Services, Core Compliance & Legal Services (“Core Compliance”). Core Compliance works extensively with investment advisers, broker-dealers, investment companies, and private fund managers on regulatory compliance issues.
This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon regarding any particular facts or circumstances without first consulting with a lawyer and/or tax professional.
[1] Federal Register :: Financial Crimes Enforcement Network: Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers
[2] Joint notice of proposed rulemaking: Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers (sec.gov)
[3] SEC.gov | Customer Identification Programs for Broker-Dealers