Client Alert: FinCEN Anti-Money Laundering Rule for Investment Advisers

November 12, 2024

Key Action Items Triggered by This Rule:

(Each of these is covered in more detail below)

  • Prepare, review, and revise your anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) policies and procedures, as applicable.
  • Review and, if necessary, revise documentation related to your investor onboarding process.
  • Determine who will act as your AML/CFT compliance officer.
  • Make a wise choice in hiring an outside party to conduct required annual independent testing.
  • Prepare for substantial enforcement activity in the AML/CFT space.

Background

On August 28, 2024, the Financial Crimes Enforcement Network (“FinCEN”) issued a final rule entitled Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filings Requirements for Registered Investment Advisers and Exempt Reporting Advisers (the “Final Rule”).[1] The Final Rule requires investment advisers registered with the Securities and Exchange Commission (the “SEC”) (such advisers, “RIAs”) and investment advisers that report to the SEC as exempt reporting advisers (“ERAs”) to comply with certain anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) obligations. The Final Rule does not apply to investment advisers that (1) register with the SEC solely because they are (a) mid-sized advisers, (b) multi-state advisers, or (c) pension consultants; or (2) are not required to report any assets under management to the SEC on Form ADV.

The Final Rule has a compliance date of January 1, 2026, and requires both RIAs and ERAs to (1) adopt an AML/CFT compliance program; (2) report possible violations of law or regulation and file certain other reports; (3) adhere to the requirements of the Recordkeeping and Travel Rule; (4) comply with measures imposed by the Department of Treasury under the USA Patriot Act; and (5) conduct special due diligence for certain accounts, each as further explained below.

Consistent with FinCEN’s existing delegation to the SEC of the authority to examine broker-dealers and mutual funds for compliance with AML/CFT requirements, FinCEN is delegating its examination authority in respect of RIAs and ERAs under the Final Rule to the SEC.

Final Rule Requirements

  • AML/CFT Compliance Program. The Final Rule requires that RIAs and ERAs establish and operationalize a written AML/CFT compliance program by January 1, 2026. The AML/CFT program must include the following minimum elements:
    • establishment of risk-based procedures for conducting ongoing customer due diligence to (1) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile and (2) identify and report suspicious transactions and, on a risk basis, to maintain and update customer information;
    • designation of one or more AML/CFT compliance officers;
    • creation of internal policies, procedures, and controls reasonably designed to prevent the RIA or ERA from being used for money laundering, terrorist financing, or other illicit finance activities;
    • provision of ongoing AML/CFT training for appropriate personnel; and
    • performance of independent testing of the program’s effectiveness.
  • Suspicious Activity Reporting. The Final Rule introduces a requirement for RIAs and ERAs to file suspicious activity reports (“SARs”) in respect of transactions “conducted or attempted by, at, or through”[2] the RIA or ERA if:
    • the transaction involves or aggregates funds or other assets of at least $5,000; and
    • the RIA or ERA knows, suspects, or has reason to suspect that the transaction (or a related pattern of transactions):
      • involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity;
      • is designed to evade Bank Secrecy Act reporting requirements;
      • has no business or apparent lawful purpose or is not the sort in which the customer would normally be expected to engage, and the investment adviser knows of no reasonable explanation for the transaction after examining the available facts; or
      • involves use of the RIA or ERA to facilitate criminal activity.
  • Currency Transaction Reports. RIAs and ERAs will be required to file a currency transaction report (a “CTR”) with FinCEN for transactions in currency of more than $10,000. This requirement will replace the existing requirement that covered advisers report currency-related transactions on Form 8300.
  • Recordkeeping and Travel Rule. The Final Rule will require RIAs and ERAs to create and retain records involving the transmittal of funds in amounts of $3,000 or more and ensure that certain information “travels” with the transmittals to the next financial institution in the payment chain.
  • USA PATRIOT Act-Related Obligations. RIAs and ERAs will be required under the Final Rule to respond to law enforcement requests, pursuant to Section 314(a) of the USA PATRIOT Act, to locate accounts and identify the transactions of persons who may be involved in terrorism-related or money laundering activities. In addition, the Treasury Secretary may impose special measures under section 311 of the USA PATRIOT Act if they determine that reasonable grounds exist to conclude that a foreign jurisdiction, institution, class of transaction or type of account is of primary money laundering concern, with which advisers will need to comply.
  • Compliance with Special Due Diligence Standards. The Final Rule imposes additional special due diligence requirements related to “correspondent” accounts that have been defined to include advisory relationships for foreign financial institutions and private banking accounts.

A Deeper Dive into the AML/CFT Program Requirements

  • Independent Testing. The Final Rule requires RIAs and ERAs to provide for independent testing of their AML/CFT program by a qualified outside party or the adviser’s personnel. For advisers that seek to perform such testing internally rather than through an outside provider, such internal personnel must be independent from the AML/CFT program (i.e., such personnel would neither be involved in, nor reporting to a person involved in, implementing the AML/CFT program).[3]
  • Know-Your-Customer (“KYC”) Requirements. The Final Rule requires RIAs and ERAs to implement risk-based procedures for conducting ongoing customer due diligence, including “to develop [a] baseline against which customer activity [can be] assessed for suspicious activity reporting.”
  • Qualified AML/CFT Officer.  FinCEN has advised that an adviser’s appointed AML/CFT officer must be sufficiently qualified, which will depend, in part, on the adviser’s risk profile. FinCEN also noted that an adviser must provide its AML/CFT officer with decision-making authority regarding the AML/CFT compliance program and sufficient stature within the firm to ensure applicable requirements are met, among other things.
  • Ongoing Training. Ongoing employee training is required to be included in each AML/CFT program. There is some flexibility in the Final Rule, such that a training program can be customized to account for the responsibilities of the employees and the extent to which their functions bring them into contact with AML/CFT requirements or possible money laundering, terrorist financing or other illicit activity.
  • Delegation to Third Parties. An RIA or ERA that delegates any aspect of its AML/CFT program to a third party must undertake reasonable steps to provide oversight to ensure that the third-party conducts such procedures effectively. The Final Rule does not include minimum requirements for conducting such oversight; however, FinCEN clarified that obtaining a certification from the third-party delegate, without more, is insufficient. Examples of appropriate oversight measures may include (i) a written agreement that includes representations and covenants (including requirements to adhere to reasonably designed policies and update the RIA or ERA if there are deficiencies identified in the third-party delegate’s audit), (ii) due diligence prior to engagement (iii), and/or periodically monitoring the third-party delegate’s compliance.

Practical Considerations

  • Advisers should now begin preparing, reviewing, and revising AML/CFT policies and procedures, as applicable, to comply with the Final Rule. As part of this process, advisers should consider whether they have put in place appropriate staffing, technology, and other resources to effectively implement their AML/CFT program. The Final Rule imposes more stringent requirements than those typically found in voluntary AML/CFT programs (e.g., the requirement for independent testing, a designated AML/CFT officer, ongoing training, etc.), so all advisers, even those that currently maintain an AML/CFT program, should review their policies and procedures and address any gaps that may exist.
  • Advisers should also consider whether changes should be made to the documentation that is required as part of the investor onboarding process.
  • Advisers should determine who will act as their AML/CFT compliance officer. In making this decision, advisers will want to avoid assigning this role a person without the capacity (either technical or in terms of time allocation) to perform it well.
  • Many RIAs and very like most ERAs will, as a practical matter, be obligated to hire an outside party to conduct the annual independent testing. Making a good choice of outside assistance is imperative for RIAs and ERAs.
  • The money laundering risk for most private fund sponsors will likely be less than for separate account RIAs and wealth managers. Having a compliance program that is likely to detect suspicious activities will therefore be especially important for the latter type of advisers. It is important to note that all RIAs and ERAs are subject to the same compliance requirements.
  • This is likely to be an area of significant focus in future SEC examinations, consistent with the high level of scrutiny that the SEC has brought to bear in its examinations of broker-dealers and registered investment companies that are already subject to such AML/CFT requirements. We expect to see substantial enforcement activity in this area going forward.

CFDB attorneys have deep experience with guiding financial institutions, including investment advisers, through AML/CFT regulations. Please contact any of the authors of this alert or your usual CFDB contact for assistance preparing for the Final Rule.

Please contact a member of the CFDB team for any inquiries relating to this matter.

Contact information:

David Skelding, Partner: dskelding@crokefairchild.com

Jennifer Kalmanides, Partner: jkalmanides@crokefairchild.com

Kyla Vick, Associate: kvick@crokefairchild.com

[1] See: Federal Register :: Financial Crimes Enforcement Network: Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers

[2] FinCEN interprets the phrase “conducted or attempted by, at, or through” to encompass advisory services that RIAs and ERAs provide on behalf of clients, such as when (1) a customer provides instructions for the investment adviser to pass on to the custodian (e.g., instructions to withdraw assets, liquidate particular securities, or a suggestion to purchase particular securities for the customer’s account); or (2) an investment adviser instructs a custodian to execute transactions on behalf of a customer.

[3] For many investment advisers, the requirement for independent testing may necessitate the use of outside parties. FinCEN acknowledges this “potential burden” in the Final Rule by stating that “[i]nvestment advisers with less complex operations, and lower money laundering … risk profiles may consider utilizing a shared resource as part of a collaborative arrangement with similarly less complex and lower risk profile advisers to conduct testing.”