FinCEN Tries Again . . . to Impose AML Requirements on Investment Advisers

February 22, 2024

On February 15, 2024, the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) released a notice of proposed rulemaking (the “Proposed Rule”)[1] that would impose anti-money laundering/countering the financing of terrorism (“AML/CFT”) compliance obligations on SEC-registered investment advisers (“RIAs”) and exempt reporting advisers (“ERAs”) pursuant to the Bank Secrecy Act (the “BSA”), taking steps to close a perceived gap in the AML/CFT defenses of the U.S. financial system. 

FinCEN estimates more than 15,000 RIAs and almost 6,000 ERAs may be covered by the Proposed Rule, including many advisers that are located outside the United States but have registered (or file reports) with the SEC because they have U.S. clients. 

If adopted as proposed, RIAs and ERAs (together, “Covered Advisers”) would be subject to AML/CFT obligations similar to those applicable to banks and broker-dealers under the BSA.  These include obligations to maintain a risk-based AML/CFT program, report suspicious activity, and satisfy a number of other specific reporting, recordkeeping, diligence and information sharing requirements.  FinCEN deferred, however, proposing requirements for Covered Advisers to maintain customer identification programs (“CIP”) and identify the beneficial owners of their legal entity clients until a later date.

Many Covered Advisers already have some form of AML/CFT compliance program, but under the Proposed Rule expectations for their AML/CFT programs would likely increase, their programs would be directly subject to examination by the SEC and FinCEN for the first time, and they could be subject to civil and criminal penalties for program violations.

Comments must be submitted on or before April 15, 2024.

Background

FinCEN has long contemplated imposing AML/CFT obligations on investment advisers pursuant to the BSA.  FinCEN views investment advisers as capable of playing an important role in safeguarding the U.S. financial system against money laundering, given the volume of assets that they manage—a reported $125 trillion in assets under management just for RIAs, including approximately $20 trillion in private funds—and their unique understanding of the movement of funds through the financial system by virtue of the broad range of advisory services they furnish to a diverse set of clients. 

On several occasions, FinCEN has previously proposed to subject private funds (in 2002)[2] and investment advisers (in 2003 and 2015)[3] to AML/CFT program requirements.  In each case those efforts were ultimately withdrawn, in part due to arguments that imposing separate AML/CFT program requirements on investment advisers is unnecessary and redundant, given that their clients’ transactions in cash and securities must be processed through a financial institution already subject to AML/CFT program requirements (i.e., a bank or broker-dealer), and that advisory businesses that do not directly hold cash or securities for clients do not present a high risk of money laundering.  

The current Proposed Rule goes substantially further than these prior efforts in marshalling support for the expansion of AML/CFT program requirements to Covered Advisers, in an apparent effort to rebut the familiar arguments against expanding AML/CFT requirements to investment advisers.  The Proposed Rule release was coordinated with the release of a Treasury Department risk assessment on the investment adviser industry (the “2024 Risk Assessment”),[4] described in the text box below, and AML/CFT risks posed by investment advisory activities have been highlighted in recent reports and speeches by top administration officials.[5]  This increased effort and focus may signal a stronger commitment to see the rulemaking through on the third attempt.

2024 Risk Assessment

Released in coordination with the release of the Proposed Rule, the 2024 Risk Assessment  highlights illicit finance threats and vulnerabilities the Treasury Department has identified in the private sector.  Its findings include that:

  • Private funds are an appealing point of entry into the U.S. financial system for illicit proceeds, given the potential for high returns and the relative anonymity of limited partners in a fund;
  • Private funds and investment advisers have been an important avenue for Russian political and economic elites seeking to obscure their ownership of U.S. assets;
  • Foreign state actors may use private funds to access critical infrastructure and sensitive technology;
  • The lack of uniform and comprehensive AML/CFT standards for investment advisers creates vulnerabilities that can be exploited by illicit actors seeking access to the U.S. financial system;
  • The segmentation of advisory activities across multiple intermediaries and jurisdictions, such as offshore feeder funds and fund administrators, leads to further  inconsistency in application of AML/CFT standards and to fragmentation of information about underlying clients and investors; and
  • Fragmentation of information, business practices focused on confidentiality, and foreign data privacy laws can all reduce transparency for ultimate beneficial owners.

The Risk Assessment ranks the top sources of illicit finance risk in the investment adviser sector as (1) ERAs that advise private funds exempt from SEC registration, (2) RIAs who advise private funds, and (3) RIAs who are not dually registered as, or affiliated with, a broker-dealer or bank (which would be more likely to adopt significant AML/CFT policies).

We expect commenters resisting the expansion of AML/CFT obligations to investment advisers will seek to demonstrate how these risks are overstated or mitigated by compliance measures and business practices already in place at investment advisers and other market participants with which they interact.

Scope of the Proposed Rule

The Proposed Rule would define “investment advisers” as an additional class of “financial institution” subject to the BSA and FinCEN’s implementing regulations. 

“Investment advisers” would include RIAs and ERAs, defined as:

  • Any person who is registered or required to register with the SEC under section 203 of the Investment Advisers Act of 1940 (the “Advisers Act”), and
  • Any person who is exempt from SEC registration under section 203(l) or 203(m) of the Advisers Act.

The first prong of this definition covers RIAs and entities that are required to register as an RIA, but have not; the second prong covers ERAs, which consist of venture capital fund advisers and private fund advisers.  Notably, other categories of investment advisers that are not required to register are excluded from the Proposed Rule.  These include, among others, foreign private advisers, small state-registered investment advisers, and insurance company advisers.  It also excludes entities which fall outside the definition of “investment adviser” such as family offices.

The inclusion of ERAs in the Proposed Rule is a significant expansion of scope beyond the 2015 Proposal, which would only have applied to RIAs.  Both the Risk Assessment and Proposed Rule discuss at length specific concerns regarding the AML/CFT risk presented by ERAs, which FinCEN views as high given the limited regulatory and reporting requirements applicable to ERAs and their private fund clients.

Application to Non-U.S. Advisers

The Proposed Rule would apply to non-U.S. RIAs and ERAs, even if they do not maintain any offices or personnel in the United States. This would be a departure from the territorial approach FinCEN typically takes under the BSA, where AML/CFT program requirements generally apply only to agents, branches, agencies and offices located in the United States.  

FinCEN has taken a registration-based approach to broker-dealers, such that if a foreign entity registers with the SEC as a broker-dealer, it is subject to U.S. AML/CFT program requirements, but it is relatively rare for a foreign entity without U.S. operations to register with the SEC as a broker-dealer given the prevalence of so-called “15a-6” chaperoning arrangements.  It is much more common for a foreign adviser without U.S. operations to become an RIA or ERA due to a relatively small number of U.S. clients. 

FinCEN requests comments on the challenges foreign advisers may experience complying with the Proposed Rule, including potential conflicts with foreign laws, such as whether suspicious activity report (“SAR”) filing requirements may raise concerns under local privacy laws.  FinCEN addressed this issue for broker-dealers in part by limiting SAR filing requirements to broker-dealers in the United States, but the Proposed Rule does not include a similar limitation for investment advisers.

FinCEN also requests comment on how foreign advisers would comply with another requirement of the Proposed Rule, that the “duty to establish, maintain, and enforce an [AML/CFT program] must remain the responsibility of, and be performed by, persons in the United States who are accessible to, and subject to oversight and supervision by, FinCEN and the appropriate Federal functional regulator.” This requirement was added to the BSA as part of the Anti-Money Laundering Act of 2020 (“AMLA 2020”),[6] and applies broadly to all financial institutions subject to AML/CFT program requirements under the BSA, but the Proposed Rule is the first instance where FinCEN has taken steps to implement its requirements in regulation. 

We expect the proposed extraterritorial application of AML/CFT obligations to foreign advisers will be a key focus of comments.  Currently, foreign RIAs and ERAs are not required to have—and often do not have—any U.S. personnel.  They also are only required to comply with the substantive provisions of the Advisers Act with respect to their U.S. clients, meaning non-U.S. RIAs and ERAs without U.S. clients are currently subject to few compliance or reporting obligations under U.S. securities laws. 

The requirement that persons in the U.S. establish, maintain, and enforce Covered Advisers’ AML/CFT programs could force foreign Covered Advisers to establish U.S. offices and hire U.S. personnel, which could have adverse tax and other consequences.  The Proposed Rule acknowledges that aspects of a Covered Adviser’s AML/CFT program could be outsourced or contractually delegated to third parties, but it is not clear whether a foreign Covered Adviser could delegate the ”duty to establish, maintain, and enforce” their  AML/CFT program to a consultant or other third party in the United States, or how the requirement to designate an AML/CFT compliance officer would interact with the mandate to have U.S. personnel overseeing the program. 

Risk-Based AML/CFT Program

Covered Advisers would be required to develop and implement a written, risk-based AML program.  The program would need to be approved in writing by the Covered Adviser’s board of directors or trustees, as applicable.  If no such body exists, the sole proprietor, general partner or other persons that have functions similar to those of a board of directors would be required to approve the program.  

If a Covered Adviser is dually registered as a bank or broker-dealer, or affiliated with an entity that is already subject to AML/CFT program requirements under the BSA, a single comprehensive or enterprise-wide program could be adopted to satisfy this requirement, rather than several standalone policies, so long as all relevant businesses and activities subject to BSA requirements are covered, and their particular risks are addressed.

The program should include, at a minimum, the following features the BSA requires of all financial institutions subject to AML/CFT program obligations:

  • Policies, procedures, and internal controls reasonably designed to prevent the Covered Adviser from being used for money laundering or the financing of terrorist activities and to achieve and monitor compliance with applicable provisions of the BSA and FinCEN’s implementing regulations;
  • Periodic independent testing of the program by independent internal personnel (e.g., an audit function) or a qualified unaffiliated service provider;
  • Designation of an AML compliance officer or committee (which could be the Covered Adviser’s Chief Compliance Officer or another person or committee);
  • An ongoing employee training program; and
  • Implementation of appropriate risk-based procedures for conducting ongoing customer due diligence, including:
    • Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
    • Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

The Proposed Rule does not include the specific requirements to maintain a CIP or identify beneficial owners of legal entity customers that many other BSA-regulated financial institutions, such as banks and broker-dealers, must satisfy today.  Instead, FinCEN indicated that it would separately propose CIP requirements in a joint rulemaking with the SEC and would delay beneficial ownership identification requirements pending FinCEN’s planned revisions to the CDD Rule[7] that are required as part of its implementation of the Corporate Transparency Act.[8]

Focus on Private Funds

Although the Proposed Rule does not include specific customer identification or beneficial ownership identification requirements, it highlights particular risks from private fund investors that FinCEN expects would be addressed in a risk-based program, suggesting that the RIA or ERA to a private fund should consider the AML/CFT risks presented by investors in the fund, even though the investors are not clients of the RIA or ERA for purposes of the Advisers Act.  For example, the Covered Adviser could consider the structure and ownership of the fund, and whether the Covered Adviser would have access to information regarding the investors in the fund.  The discussions about private funds in the Proposed Rule and in the 2024 Risk Assessment express particular concern about non-transparent ownership structures, such as layered investment vehicles, nominee relationships and funds‑of‑funds.  These judgments appear to conflict with the treatment of private funds under the recently implemented Corporate Transparency Act, which exempts a private fund from  reporting its beneficial owners to FinCEN if the private fund is listed on the Form ADV of an RIA or venture capital fund adviser.[9]

SAR Filling Requirements

Covered Advisers would be required to file a SAR for any transaction meeting all of the following criteria:

  • The transaction is “conducted or attempted by, at, or through” the Covered Adviser;
  • The transaction involves or aggregates funds or other assets of at least $5,000; and
  • The Covered Adviser knows, suspects or has reason to suspect that the transaction:
    • Involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity;
    • Is designed, whether through structuring or other means, to evade BSA requirements;
    • Has no business or apparent lawful purpose and no reasonable explanation for the transaction is available after examining the available facts; or
    • Uses the Covered Adviser to facilitate criminal activity.

For financial institutions currently subject to SAR filing requirements, the bulk of SAR compliance efforts and expenditures revolve around establishing processes and systems to address the third criteria—alerting, generally through manual or automated processes, transactions that might be suspicious, and investigating the alerted transactions to determine whether a SAR filing is required or advisable. 

The Proposed Rule’s SAR provisions generally track those applicable to other financial institutions under the BSA.  In most circumstances, a SAR must be filed within 30 days after the initial detection of facts that may constitute the basis for filing a SAR, and supporting documentation relating to each SAR must be collected, maintained and made available upon request to FinCEN and other law enforcement agencies.  Other relevant features include:

  • A requirement to immediately notify law enforcement where a situation involves a violation of law that requires immediate attention, such as suspected terrorist financing or ongoing money laundering schemes.
  • Provisions for voluntary SAR notifications, which are both permitted and encouraged with respect transactions that do not meet the mandatory filing criteria if the Covered Adviser believes the transaction to be relevant to a possible violation of any law or regulation.
  • Provisions for coordinating a “joint” SAR filing when more than one financial institution subject to a SAR rule is involved in a transaction.
  • A safe harbor from civil liability for financial institutions that file SARs, which protects SAR filers and their employees, officers, directors and agents, from civil liability that might otherwise arise from the filing of a SAR or from any failure to provide notice of such disclosure to the person who is the subject of or identified in the SAR under any U.S. or state law or regulation or contract or other legally enforceable agreement.
  • Strict prohibitions on disclosure of a SAR, or of information that would reveal the existence of a SAR, by a Covered Adviser or any employee, officer, director or agent thereof, subject to limited exceptions for disclosing information:
    • To FinCEN or other law enforcement agencies or to the federal regulatory agency responsible for examination of the adviser,
    • To other financial institutions, but only for the purposes of preparing a joint SAR (see above), and
    • Within an investment adviser’s corporate organizational structure for purposes consistent with the BSA.
  • FinCEN requested comment on whether a Covered Adviser should be permitted to share SAR information with its U.S. affiliates that are also subject to SAR confidentiality rules, consistent with guidance FinCEN released in 2010 permitting certain other BSA-regulated institutions to share SAR information with certain affiliates.[10]

Other BSA Compliance Obligations

Covered Advisers would become subject to a number of other regulatory requirements generally applicable to financial institutions under the BSA including:

  • The requirement to file a Currency Transaction Report, or CTR, for a transaction involving a transfer of more than $10,000 in currency (which would replace the Covered Adviser’s current Form 8300 filing requirement for cash receipts in excess of $10,000);
  • The requirements to obtain and retain certain information with respect to “transmittals of funds” that equal or exceed $3,000 and to ensure that certain information “travels” to other financial institutions along with such transmittals (the so-called “Recordkeeping Rule” and “Travel Rule”);
  • The requirement, with respect to amounts exceeding $10,000, to create and retain records for extensions of credit and cross-border transfers of currency, monetary instruments, checks, investment securities and credit;
  • The special information sharing procedures established under Sections 314(a) and (b) of the USA PATRIOT Act that require financial institutions to search their records to determine whether they have maintained an account or conducted a transaction with a person that law enforcement has certified is suspected of engaging in terrorist activity or money laundering and that provide protection from civil liability for financial institutions that share otherwise confidential information with each other for purposes of facilitating BSA compliance;
  • The special due diligence requirements for correspondent accounts maintained for foreign financial institutions and private banking accounts for non-U.S. persons; and
  • Special measures to combat money laundering issued by FinCEN pursuant to Section 311 of the USA PATRIOT Act or Section 9714(a) of the Combatting Russian Money Laundering Act.

Special Rules for Mutual Fund Clients

Because mutual funds are already subject to AML/CFT program obligations under the BSA, the Proposed Rule would not require a Covered Adviser to apply its AML/CFT program, or comply with SAR or other BSA reporting and recordkeeping obligations, with respect to the mutual funds it advises, if those mutual funds maintain BSA-complaint AML/CFT programs.  For purposes of the BSA and FinCEN’s regulations, mutual funds are defined as open-end registered investment companies, which should include exchange-traded funds that are registered as open-end companies.

Compliance Date

Covered Advisers would be required to develop and implement an AML/CFT program that satisfies the requirements of the rule within 12 months from the final rule’s effective date. 

Examination and Enforcement Authority

Under the Proposed Rule, FinCEN would delegate its examination authority to the SEC, and we expect most AML/CFT examination activities would be conducted by the SEC’s Division of Examinations, either as part of an Advisers Act exam or as a stand-alone AML/CFT exam, but Covered Advisers’ AML/CFT programs would also remain subject to inspection directly by FinCEN.  FinCEN would retain overall authority for enforcement and compliance, including coordination and direction of procedures and activities of the SEC and other agencies exercising delegated authority.  FinCEN would have the authority to impose civil penalties on Covered Advisers for willful violations of the BSA and its regulations, and in exceptional cases, could refer willful violations to the Department of Justice for potential criminal penalties. The SEC could also bring civil enforcement actions for violations that separately constitute a violation of Advisers Act requirements, such as the anti-fraud rules, fiduciary duties or recordkeeping rules.

[1] Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 12108 (Feb. 15, 2024).

[2] See Anti-Money Laundering Programs for Unregistered Investment Companies, 67 Fed. Reg. 60,617 (Sept. 26, 2002) (proposed rule).

[3] See Anti-Money Laundering Programs for Investment Advisers, 68 Fed. Reg. 23,646 (May 5, 2003) (proposed rule); Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for

Registered Investment Advisers, 80 Fed. Reg. 52,680 (Sept. 1, 2015) (proposed rule) (the “2015 Proposal”).

[4] U.S. Dep’t of Treasury, 2024 Investment Adviser Risk Assessment (Feb. 2024), available here.

[5] Remarks by Secretary of the Treasury Janet L. Yellen at the Financial Crimes Network (Jan. 8, 2024), available here; Remarks by Under Secretary for Terrorism and Financial Intelligence Brian Nelson at SIFMA’s Anti-Money Laundering and Financial Crimes Conference (May 25, 2022), available here; U.S. Dep’t of Treasury, 2022 National Strategy for Combating Terrorist and Other Illicit Financing (May 2022), available here; White House, U.S. Strategy on Countering Corruption (Dec. 2021), available here.

[6] The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116-283, 134 Stat. 3388 §§ 6001-6511 (2020).

[7] Customer Due Diligence Requirements for Financial Institutions, 81 Fed. Reg. 29,397 (May 11, 2016), codified at 31 C.F.R. § 1010.230.

[8] AMLA 2020 §§ 6401-6403 (codified at 31 U.S.C. §§ 5336).

[9] See 31 C.F.R. §§ 1010.380(c)(2)(xviii) and 1010.380(f)(7).

[10] See FinCEN, Sharing Suspicious Activity Reports by Securities Broker-Dealers, Mutual Funds, Futures Commission Merchants, and Introducing Brokers in Commodities with Certain U.S. Affiliates, FIN–2010–G005 (Nov. 23, 2010); FinCEN, Sharing Suspicious Activity Reports by Depository Institutions with Certain U.S. Affiliates, FIN–2010–G006 (Nov. 23, 2010).