Proposed Customer Identification Program Requirements for Investment Advisers

21 May 2024
View Debevoise In Depth
Key Takeaways:
  • Earlier today, the Securities and Exchange Commission (the “SEC”) and the Financial Crimes Enforcement Network (“FINCEN”) published a joint proposal to require certain investment advisers to establish and maintain customer identification programs (“CIPs”).
  • The proposed rule, which complements FinCEN’s February 2024 proposal to extend certain anti-money laundering compliance obligations to investment advisers, would apply to investment advisers registered with the SEC and exempt reporting advisers.
  • Importantly, if adopted as proposed, the rule would require advisers to private funds to treat those funds, and not the underlying investors, as the advisers’ customers for CIP purposes.
  • Comments on the proposal are due July 22, 2024, and we expect that many industry participants and their trade associations will comment.

Earlier today, the U.S. Securities and Exchange Commission (the “SEC”) and the Financial Crimes Enforcement Network (“FinCEN”) published a joint rule proposal (the “Proposed Rule”) to require investment advisers registered under the Investment Advisers Act of 1940 (“RIAs”) and exempt reporting advisers (“ERAs”) (together, “Covered Advisers”) to establish and maintain customer identification programs (“CIPs”).

The Proposed Rule complements a separate FinCEN proposal, issued in February 2024, to designate RIAs and ERAs as “financial institutions” under the Bank Secrecy Act, to subject them to anti-money laundering (“AML”)/countering the financing of terrorism (“CFT”) program requirements and to obligate them to file suspicious activity reports (“SARs”) (the “AML/CFT Program and SAR Proposed Rule”).

Comments on the Proposed Rule are due July 22, 2024. In this Debevoise In Depth, we highlight key provisions of the Proposed Rule.

Key Components of the Proposed Rule

Which Investment Advisers Would Be Subject to the Proposed Rule?

As noted above, RIAs (those registered or required to register with the SEC) and ERAs (i.e., certain venture capital fund and private fund advisers exempt from SEC registration) would be subject to the Proposed Rule. This scope parallels the AML/CFT Program and SAR Proposed Rule and includes non-U.S. RIAs and ERAs.

What Would the Proposed Rule Require of Covered Advisers?

The Proposed Rule would require that Covered Advisers establish, document and maintain written CIPs, incorporated as part of each Covered Adviser’s overall AML/CFT program. The CIP would need to be risk based and appropriate for the adviser’s size and business.

The proposed CIP elements largely mirror the requirements already established for other financial institutions, such as banks and securities broker-dealers, that are currently subject to CIP obligations. As proposed, Covered Adviser CIPs would need to include risk-based procedures for (a) identifying and (b) verifying the identity of each Covered Adviser “customer” upon the opening of an “account”—two key terms, which we discuss below.

Minimum Customer Information.
A Covered Adviser would be required to collect certain minimum identifying information with respect to each customer prior to opening an account:

  • Customer’s full legal name;
  • Date of birth for an individual or date of formation for an entity;
  • Physical address; and
  • Identification number (e.g., for a U.S. person, a taxpayer identification number).

Identity Verification.
After obtaining identifying customer information, a Covered Adviser would need to use this information to form a reasonable belief that it knows the true identity of each customer.

The Proposed Rule provides two methods for verifying identity: verification through documents and verification through non-documentary means. The CIP would need to set forth risk-based procedures describing when each method will be used and specify the types of documents (e.g., driver’s license, for an individual, or documents of formation, for a legal entity) or non-documentary means (e.g., reference checks or use of account verification databases) that may be used for identity verification.

The Proposed Rule would require that a Covered Adviser’s CIP include procedures for responding to circumstances in which the investment adviser cannot form a reasonable belief that it knows the true identity of a customer.

To Which “Accounts” Would the Proposed CIP Requirements Apply?

Under the Proposed Rule, an “account” would be defined as any contractual or other business relationship between a person and a Covered Adviser under which the Covered Adviser provides investment advisory services.

The proposed “account” definition has certain exclusions. For example, accounts that a Covered Adviser acquires through an acquisition, merger, purchase of assets or assumption of liabilities are excluded, as customers do not “open” such transferred accounts. Such accounts, however, may still be subject to other AML requirements within the scope of the AML/CFT Program and SAR Proposed Rule.

The proposed “account” definition does not exclude accounts opened to participate in an employee benefit plan established pursuant to the Employee Retirement Income Security Act of 1974, even though such accounts are excluded under the CIP rules applicable to other financial institutions. The “account” definition for Covered Advisers also would include relationships established with a Covered Adviser only to receive investment research services.

To Which “Customers” Would the Proposed Rule Apply?

The Proposed Rule would define a “customer” to which CIP obligations run as a person—including a natural person or legal entity—that opens a new account with a Covered Adviser. Generally, this would be the person identified as the accountholder. The definition would not include:

  • Those with authority or control over an account, if such persons are not the accountholder;
  • Persons who fill out the account opening paperwork or provide information necessary to set up an account but are not the accountholder;
  • Certain excluded entities, such as financial institutions regulated by a federal functional regulator or banks regulated by a state bank regulator, certain government entities and certain companies with publicly listed securities on U.S. securities exchanges; or
  • Persons with existing accounts with the Covered Adviser, provided the Covered Adviser has a reasonable belief that it knows the true identity of the customer.

Importantly, the Proposed Rule’s customer definition encompasses only those persons that directly open and hold accounts (as defined above) with a Covered Adviser. Thus, in the case of a private fund, the Covered Adviser would treat the fund as its customer but not those who invest in the fund. (That said, the AML/CFT Program and SAR Proposed Rule suggests that, in certain circumstances, a Covered Adviser may need to request information regarding underlying investors in its private fund clients.)

FinCEN and the SEC specifically ask for comment on whether this proposed definition is appropriate, and presumably commenters will address this key definition element. If this definition is adopted as proposed, the burdens of maintaining a CIP will be less significant for Covered Advisers that advise private funds than if each investor in a private fund were considered to be a customer of the fund’s adviser.

What Other CIP Requirements Are Proposed?

Under the Proposed Rule, a Covered Adviser’s CIP would be required to include other elements. Among them, the most noteworthy are as follows:

  • Recordkeeping Procedures?. Covered Advisers would need to maintain CIP records. Specifically, identifying information about each customer would need to be maintained for the life of the account plus five years; information regarding verification of customer identity would need to be kept for five years.
  • Customer Notice. Covered Advisers would need to provide notice to customers of the Covered Advisers’ identity verification procedures. The notice generally should describe the identification requirements in a manner reasonably designed to ensure that a prospective customer is able to view the notice before opening an account.

Will Covered Advisers Be Able to Rely on Other Financial Institutions’ Performance of Their CIP Procedures?

Under specified circumstances, a Covered Adviser will be allowed to rely on certain other financial institutions to perform some or all of the elements of the Covered Adviser’s CIP procedures. Under the Proposed Rule, reliance would be permitted if a customer of the Covered Adviser is opening an account or has opened or established an account with the other financial institution to engage in services or transactions, provided that:

  • Such reliance is reasonable under the circumstances;
  • The other financial institution is subject to AML compliance program requirements and is regulated by a federal functional regulator; and
  • The other financial institution enters into a contract with the Covered Adviser requiring it to certify annually that it has implemented an AML program and will perform (or its agent will perform) the specified requirements of the Covered Adviser’s CIP.

Under the CIP rules applicable to other financial institutions, a relying institution in the circumstances outlined above would not be held responsible for the failure of the other financial institution to adequately fulfill the relying institution’s CIP responsibilities. In the Proposed Rule, FinCEN and the SEC seek comment on whether a Covered Adviser should be required to “actively monitor” the effectiveness of its CIP in order to rely on another institution or whether reasonable reliance in accordance with the conditions set forth in the Proposed Rule should suffice.

Of course, in other situations outside of formal reliance under the regulation, a Covered Adviser would be permitted to use the services of another entity to meet some or all of the CIP elements. In these latter cases, however, and as is the case for other types of financial institutions with CIP obligations, the Covered Adviser would remain responsible for ensuring compliance with the Proposed Rule and would therefore be required to monitor the operation of its CIP and assess its effectiveness.

When Would the Proposed Rule Take Effect?

The adoption of the Proposed Rule would not occur unless Covered Advisers are first designated as “financial institutions” for purposes of the Bank Secrecy Act (as proposed under the AML/CFT Program and SAR Proposed Rule). FinCEN and the SEC anticipate that the effective date of the Proposed Rule will be 60 days after the date on which the final rule is published in the Federal Register.

To provide time for Covered Advisers to come into compliance, the proposed compliance deadline would be the later of (1) the date that is six months after the adoption a final CIP rule or (2) the compliance date of the AML/CFT Program and SAR Proposed Rule.

Next Steps

FinCEN and the SEC invite comment on all aspects of the Proposed Rule and include 18 questions covering primary components of the proposal. We expect many industry groups may find it useful to comment.

We are closely monitoring developments and expect to provide updates, as appropriate.

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.