Key Takeaways:

• On February 15, 2024, the U.S. Treasury Department’s Financial Crimes Enforcement Network published its long-anticipated proposal to require certain investment advisers to establish anti-money laundering (“AML”) programs and report suspicious activity to the government.
• The proposed rule would apply to investment advisers registered with the Securities and Exchange Commission and exempt reporting advisers, including non-U.S. advisers meeting these threshold qualifications.
• If adopted as proposed, the rule would impose significant new compliance responsibilities on asset managers, including those that currently implement voluntary AML programs.
• Comments on the proposal are due April 15, 2024, and we expect that many industry participants and their trade associations will comment.

---

On February 15, 2024, the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) published a proposed rule (the “Proposed Rule”) to impose certain anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) requirements on Securities and Exchange Commission (“SEC”)-registered investment advisers and exempt reporting advisers. Comments on the Proposed Rule are due April 15, 2024.

In this Debevoise In Depth, we highlight certain key provisions of the Proposed Rule and key changes from FinCEN’s 2015 proposal to adopt AML requirements for certain investment advisers.

Key Components of the Proposed Rule

To which entities would the Proposed Rule apply?

The Proposed Rule would apply to two types of investment advisers:

1. those that are registered or required to register with the SEC under section 203 of the Investment Advisers Act of 1940 (the “Advisers Act”) (such advisers, “RIAs”); and
2. those that are exempt from SEC registration under section 203(l) or 203(m) of the Advisers Act (“ERAs”), namely:
• advisers solely to one or more venture capital funds; and
• advisers solely to private funds with less than $150 million in assets under management in the United States.

In this Update, we refer to advisers that FinCEN has proposed to subject to the Proposed Rule as “Covered IAs.”

Would the Proposed Rule cover any non-U.S. investment advisers?

Yes. The definition of “investment adviser” under the Proposed Rule would include non-U.S. investment advisers that are registered with the SEC or file Forms ADV as ERAs.

However, FinCEN seeks comment on compliance challenges for such advisers and potential conflicts of law, including whether requiring Covered IAs based outside of the United States to file suspicious activity reports (“SARs”) poses concerns under foreign privacy or other laws.

Notably, the Proposed Rule provides that a Covered IA’s duty to establish, maintain and enforce an AML/CFT program must remain the responsibility of, and be performed by, persons in the United States. The Proposed Rule does not exempt non-U.S. advisers within the scope of the rule from this requirement.

What would the Proposed Rule require for Covered IAs?

Under the Proposed Rule, a Covered IA would be required to:

1. Implement a written AML/CFT program that is risk-based and reasonably designed to prevent the Covered IA from being used for money laundering, terrorist financing or other illicit finance activities and to comply with the Bank Secrecy Act (“BSA”). Under the Proposed Rule, the AML/CFT program must be approved in writing by the Covered IA’s board of directors or other persons having similar functions.

A Covered IA’s AML/CFT program would be required to include, at a minimum, the following elements:

• Policies, procedures and internal controls reasonably designed to prevent the Covered IA from being used for illicit finance activities.
• In assessing its illicit finance risk and implementing appropriate policies, procedures and controls, a Covered IA would be expected to review the types of advisory services and investment products it provides, the nature of the customers it advises, their geographic locations and sources of wealth, the Covered IA’s distribution channels and intermediaries that it may operate through.
• A Covered IA that is the primary adviser to a private fund would be expected to consider the fund’s structure or ownership and to assess the illicit finance risk presented by investors in the fund by considering the same types of relevant factors, as appropriate, as the adviser would consider for clients for which the adviser manages assets directly.
• Where a Covered IA is unable to obtain identifying information about the investors in a private fund, the private fund may pose higher illicit finance risk and the Covered IA’s procedures would need to reasonably address this heightened risk.
• FinCEN requests comment on how the Proposed Rule should apply to Covered IAs that manage private funds that receive “investments from in-funds or who have funds-of-funds as investors.”
• Independent testing to be conducted by personnel of the Covered IA or its affiliates, provided the same employees are not involved in the operation and oversight of the program, or by a qualified outside party.
• The frequency of the independent testing would depend on the Covered IA’s illicit finance risk and overall risk management strategy. Testing could be conducted over periodic intervals or when there are significant changes to the Covered IA’s risk profile, systems, compliance staff or processes.
• Recommendations from testing would need to be promptly implemented or submitted to senior management for consideration.
• Designation of a responsible person or persons (including in a committee) to implement and monitor the operations and internal controls of the program.
• The Proposed Rule states that a person designated as AML/CFT compliance officer should be an officer of the Covered IA (or individual with similar authority).
• Ongoing training for appropriate persons to provide a general awareness of AML/CFT requirements and illicit finance risks, as well as job-specific guidance tailored to particular employees’ roles and functions.
• Ongoing customer due diligence (“CDD”) to include, but not be limited to:
• understanding the nature and purpose of the customer relationships for the purpose of developing a customer risk profile; and
• conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
2. Comply with reporting obligations related to currency transactions or suspicious activity:
• Currency transaction reports (“CTRs”). The Proposed Rule would require a Covered IA to file a CTR with FinCEN for certain transactions in currency of more than $10,000. This requirement would replace the current requirement that Covered IAs report such transactions on Form 8300.
• SARs. A Covered IA would be required to report on a SAR any suspicious transaction (or pattern of transactions) conducted or attempted by, at or through the Covered IA that involves or aggregates at least $5,000 in funds or other assets and that the Covered IA knows, suspects or has reason to suspect:
• involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;
• is designed, whether through structuring or other means, to evade BSA requirements;
• has no business or apparent lawful purpose, and the Covered IA knows of no reasonable explanation for the transaction after examining the available facts; or
• involves the use of the Covered IA to facilitate criminal activity.
• Situations involving suspected terrorist financing or ongoing money laundering schemes would require immediate notification by telephone to an appropriate law enforcement authority in addition to a SAR filing.
• A safe harbor from liability would apply to both SARs mandated by the regulation and any voluntary SARs filed on activity that may not meet the regulatory reporting thresholds.
3. Comply with certain information-sharing procedures that implement sections 314(a) and 314(b) of the USA PATRIOT Act:
• Section 314(a). Under FinCEN regulations implementing Section 314(a) of the USA PATRIOT Act, a law enforcement agency with criminal investigative authority may request that FinCEN solicit on the agency’s behalf certain information from financial institutions related to persons suspected of terrorist acts or other criminal activities. Currently, banks and broker-dealers receive such requests on a regular (typically bi-weekly) basis and are required to search their account and transactional records and report back on any matches. Under the Proposed Rule, a Covered IA would be subject to this requirement.
• Section 314(b). Section 314(b) of the USA PATRIOT Act authorizes voluntary information sharing between financial institutions for AML/CFT purposes. The Proposed Rule would authorize Covered IAs to participate in voluntary information sharing with each other and with other financial institutions, which information sharing would facilitate their AML/CFT compliance efforts.
4. Apply special standards of diligence to correspondent and private banking accounts involving foreign persons.
• A Covered IA would be required to maintain due diligence programs for “correspondent accounts” for foreign financial institutions and for “private banking accounts” that include policies, procedures and controls that are reasonably designed to detect and report any known or suspected money laundering or suspicious activity conducted through or involving any such accounts.
• A Covered IA would be required to follow minimum standards for such due diligence and to apply enhanced due diligence to accounts for certain types of customers.
• A “correspondent account” is defined generally to mean an account established for a foreign financial institution to receive deposits from, or to make payments or other disbursements on behalf of, such institution or to handle other financial transactions related to such institution.
• As applied to Covered IAs, the Proposed Rule would define “correspondent account” to mean “any contractual or other business relationship established between a person and an investment adviser to provide advisory services.”
• FinCEN seeks comment on the extent to which investment advisers provide advisory services or enter into advisory relationships that are similar to correspondent accounts as currently defined in FinCEN’s regulations.
• A “private banking account” under FinCEN’s current regulations is an account (or a combination of accounts) maintained at a covered financial institution that (1) requires a minimum aggregate deposit of at least $1 million, (2) is established on behalf of or for the benefit of one or more non-U.S. persons who are direct or beneficial owners of the account and (3) is assigned to or administered or managed by a relationship manager or other liaison between the financial institution and the direct or beneficial owner of the account.
• FinCEN seeks comment on the extent to which investment advisers enter into advisory relationships that are similar to private banking account relationship as defined in FinCEN’s current regulations.
5. Comply with special measures that the Treasury Secretary may impose under section 311 of the USA PATRIOT Act if (s)he finds that reasonable grounds exist to conclude that a foreign jurisdiction, institution, class of transaction or type of account is of primary money laundering concern. These special measures can include recordkeeping, information collection or reporting requirements or limitations on correspondent or payable-through accounts.
6. Keep records related to the transmittal of funds under rules requiring financial institutions to create and retain records for transmittals of funds (such as funds transfers) and ensure that certain information pertaining to a transmittal of funds travels with the transmittal to the next financial institution in the payment chain. These requirements apply to transmittals that equal or exceed $3,000, unless an exception applies.

Under the Proposed Rule, a Covered IA would also be required to create and maintain records for extensions of credit and cross-border transfers of currency, monetary instruments, checks, investment securities and credit over $10,000.

Will Covered IAs be subject to specific requirements related to customer and beneficial owner identification and verification?

Not yet. Many financial institutions (including banks, broker-dealers and mutual funds) are currently subject to customer identification program (“CIP”) obligations under FinCEN regulations that require them to identify and verify the identities of their customers. FinCEN expects to address this type of requirement for Covered IAs in a future joint rulemaking with the SEC.

Under the so-called “CDD rule,” FinCEN also requires certain financial institutions to identify and verify beneficial owners of customers that are legal entities. FinCEN is currently considering revisions to the CDD rule in connection with its implementation of the Corporate Transparency Act and has a statutory deadline of January 1, 2025 to complete these changes. Accordingly, FinCEN assessed that Covered IAs should not be required to apply the current requirement to identify and verify beneficial owners of legal entity customers but FinCEN seeks comment on this proposed approach.

However, as noted above, Covered IAs’ AML/CFT programs would be required to include ongoing monitoring to identify and report suspicious transactions, among other requirements.  FinCEN has stated that, although Covered IAs would not be required to “categorically collect” identifying information, Covered IAs would need to collect sufficient customer information to comply with ongoing CDD requirements.

Will a Covered IA be required to apply its AML/CFT program to all of its advisory activities?

Generally yes, with one exception: the Proposed Rule would not require a Covered IA’s AML/CFT program to be applied to activities undertaken with respect to mutual funds, as mutual funds are already subject to their own comprehensive AML/CFT obligations under the BSA.

Covered advisory activities include, for example, the management of customer assets, the provision of financial advice and the execution of transactions for customers. Non-advisory services, such as the activities of fund personnel who play roles with respect to portfolio companies (e.g., making managerial or operational decisions about portfolio companies), would not be in scope.

FinCEN seeks comment on whether there are other categories of entities that, like mutual funds, could be reasonably exempted from a Covered IA’s AML/CFT program. FinCEN also requests comment on whether certain advisory activities, such as advising clients without managing client assets or acting as a sub-adviser, present lower risk.

Can Covered IAs outsource AML/CFT compliance obligations?

Yes. FinCEN acknowledges that investment advisers regularly delegate compliance and other activities to third parties, including fund administrators, and the Proposed Rule would permit a Covered IA to delegate the implementation and operation of aspects of its AML/CFT program. However, as noted above, a Covered IA’s AML/CFT program must be maintained by persons in the United States. In addition, a Covered IA that delegates AML/CFT activities would remain fully responsible and legally liable for the program’s compliance with applicable requirements, and the Covered IA would need to ensure that FinCEN and the SEC are able to obtain information and records relating to the AML/CFT program.

A Covered IA would be required to identify and document the procedures implemented to address illicit finance risk and would need to undertake reasonable steps to assess whether any service provider to which it has delegated AML/CFT activities carries out the Covered IA’s procedures effectively. The Proposed Rule expressly states that “it would not be sufficient to simply obtain a ‘certification’ from a service provider that the service provider has a satisfactory AML/CFT program.”

FinCEN does not propose to restrict delegation to offshore service providers, but warns that the “due diligence and verification practices of … offshore fund administrators are not uniform, and may vary based upon the requirements of the local regulatory regime.” Accordingly, FinCEN suggests that delegation to non-U.S. service providers may be subject to closer scrutiny. FinCEN seeks comment on the quality of AML/CFT programs maintained by such fund administrators; the extent to which such fund administrators are able to collect and provide information on investors in offshore pooled investment vehicles upon the request of a U.S. investment adviser; the quality of suspicious activity or suspicious transaction reports submitted by such fund administrators; and the ability of U.S. investment advisers to effectively monitor the implementation of proposed requirements by fund administrators.

Are Covered IAs that are dually registered required to establish separate AML/CFT programs for their advisory activities?

Generally no. A Covered IA that is dually registered as a broker-dealer or is a bank or bank subsidiary would not be required to establish multiple or separate AML programs so long as a comprehensive AML/CFT program covers all of the entity’s relevant business and activities that are subject to BSA requirements.

Will a Covered IA that already has an AML program need to make changes to that program?

Likely yes. The Proposed Rule would impose additional requirements and obligations beyond those typically included in AML programs currently implemented by many Covered IAs. These include the obligation to file SARs, to comply with law enforcement requests for information pursuant to Section 314(a) of the USA PATRIOT Act, to keep certain records related to funds transmittals and to engage in more comprehensive reviews and assessment of service providers. In addition, Covered IAs’ voluntary AML programs have not been subject to formal supervisory review or examination.

Under the Proposed Rule, Covered IAs would be subject to specified AML/CFT requirements, and compliance with those requirements would be subject to examination by the SEC, to which FinCEN proposes to delegate examination authority. Both the SEC and FinCEN would have enforcement authority related to violations of the AML/CFT rules for Covered IAs, and Covered IAs would want to ensure they dedicate appropriate efforts and resources to updating existing compliance programs as necessary to comply with the new requirements.

Why is FinCEN considering this rulemaking at this time?

FinCEN provides an extensive discussion of its justification for the rulemaking in the preamble to the Proposed Rule and the 2024 Investment Adviser Risk Assessment (the “Risk Assessment”), which was published concurrently with the Proposed Rule and identifies illicit finance risks posed by the investment adviser industry. Among other things, FinCEN describes a regulatory gap in the current U.S. AML regime because investment advisers “overseeing the investment of hundreds of trillions of dollars into the U.S. economy” are not covered, and financial institutions subject to AML/CFT reporting and recordkeeping obligations that engage in trading or transactional activities on behalf of investment advisers often lack independent knowledge of the advisers’ customers and their sources of wealth.

The preamble and Risk Assessment identify instances in which corrupt individuals, sanctioned businesses, tax evaders, Russian oligarchs and criminals have been able to gain access to U.S. securities, real estate and other assets through investment advisers. For example, according to FinCEN, certain advisers have been found to manage billions of dollars ultimately controlled by Russian oligarchs and their associates who help facilitate Russia’s war against Ukraine, while certain RIAs, ERAs and the private funds that they advise are used by foreign adversaries to access certain technologies and services with long-term U.S. national security implications through investments in early-stage companies. While recognizing that venture capital and private equity funds may not always be attractive options for laundering illicit proceeds due to their longer lock-up periods, the preamble and Risk Assessment also state that these restrictions are unlikely to deter illicit actors who have longer investment horizons and do not require immediate access to their funds.

Hasn’t FinCEN previously proposed AML rules for investment advisers? How is this proposal different?

Yes. FinCEN proposed to impose AML program and SAR requirements on RIAs in 2015 (and previously proposed AML requirements for certain advisers in 2003). The Proposed Rule includes most of the requirements from the 2015 proposal but makes several notable changes, including that:

• ERAs, in addition to RIAs, are included within the scope of the proposed requirements.
• Covered IAs would be subject to foreign correspondent account and private banking account due diligence requirements, as described above.
• Covered IAs would not be required to apply most of the proposed AML/CFT requirements to mutual funds.
• A Covered IA’s AML/CFT program would need to include ongoing CDD to understand the nature and purpose of customer relationships and to conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information.
• The proposed compliance date would be longer than previously proposed (12 months, versus the previously proposed six months).
• Persons in the United States who are accessible to, and subject to oversight by FinCEN and the SEC would need to be responsible for establishing and maintaining a Covered IA’s AML/CFT program.

The Proposed Rule formally withdraws the 2015 proposal.

When would the Proposed Rule take effect?

As noted above, FinCEN proposes a compliance date of 12 months after the effective date of the final rule. Thus, at the very earliest, any effective date would not be until mid- to late 2025.

Next Steps

FinCEN invites comment on all aspects of the Proposed Rule and includes 60 specific questions covering primary components of the proposal. We encourage interested stakeholders to consider the implications of the Proposed Rule on their organizations, and we anticipate that many industry participants and their trade associations will comment.

The impact of related rulemakings also will need to be considered as they are proposed. FinCEN has indicated that it anticipates addressing CIP requirements for Covered IAs in a future joint rulemaking with the SEC and suggests that it will require Covered IAs to identify and verify the beneficial owners of legal entity customers pursuant to the revised CDD rule. In addition, FinCEN intends to implement changes to AML/CFT program requirements as part of its establishment of national exam and supervision priorities through a separate rulemaking process.

We are closely monitoring developments and expect to provide updates, as appropriate.

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.