FinCEN and SEC propose Customer Identification Program requirements for investment advisers
In a joint rulemaking, FinCEN and the SEC issued a proposed rule that would require certain investment advisers to establish risk-based customer identification programs.
The Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury Department and the Securities and Exchange Commission (SEC) recently issued a proposed rulemaking that would require investment advisers registered with the SEC (RIAs) and investment advisers that report to the SEC as exempt reporting advisers (ERAs) to establish, document and maintain written customer identification programs (CIPs) (the Proposed CIP Rule) as part of their anti-money laundering and countering the financing of terrorism (AML/CFT) compliance programs.
The Proposed CIP Rule complements the Proposed AML/CFT Program and Suspicious Activity Reporting (SAR) Rule,[1] which is a separate FinCEN rulemaking that would designate RIAs and ERAs as “financial institutions” under the Bank Secrecy Act (BSA) and its implementing regulations. As a result, under the Proposed AML/CFT Program and SAR Rule, RIAs and ERAs will be required to, among other things, (1) develop, implement and maintain risk-based AML/CFT programs (within 12 months after the effective date of the final rule) and (2) monitor for and report suspicious activity to FinCEN. FinCEN intends to extend the beneficial ownership requirements of the Customer Due Diligence (CDD) Rule[2] to RIAs and ERAs but will do so when the agency revises the CDD Rule to reflect the requirements under the Corporate Transparency Act.
FinCEN and the SEC anticipate the effective date of the Proposed CIP Rule will be 60 days after the date on which the final rule is published. Notably, covered investment advisers will be required to develop and implement their CIP within six months of the effective date of the final rule, but no sooner than the compliance date of the Proposed AML/CFT Program and SAR Rule. FinCEN and the SEC both view a six-month compliance timeline as a sufficient amount of time for covered investment advisers to implement their CIPs without delaying CIP compliance across the industry.
While FinCEN and the SEC have not signaled an anticipated effective date for the Proposed AML/CFT Program and SAR Rule and Proposed CIP Rule, we understand that the agencies view both rules as priorities and thus would expect final rules to be issued by the end of 2024. However, given FinCEN’s resource constraints and long history of proposed rules for investment advisers,[3] it is entirely possible that final AML/CFT Program and SAR and CIP Rules will not be issued until much later.
FinCEN and the SEC have solicited comments on the Proposed CIP Rule through July 22, 2024.
What would the Proposed Rule require?
Overview of the Proposed Rule
CIP requirements
The Proposed CIP Rule would require RIAs and ERAs to establish and maintain CIPs that generally track the customer identification requirements that apply to covered financial institutions, such as banks, broker-dealers and mutual funds.[4] Accordingly, RIAs and ERAs will be required to, among other things, implement a written CIP that includes risk-based procedures to:
- Collect customer-identifying information, which, at a minimum, should include a customer’s name, address, date of birth or formation, and identification number;
- Using documentary or non-documentary means, verify the identity of each customer to the extent reasonable and practicable in a reasonable time before or after account opening;[5] and
- Maintain records of the customer-identifying information used to verify a customer’s identity.[6]
According to the Proposed CIP Rule, the written CIP should not be a separate program, but rather should be incorporated into a covered investment adviser’s broader AML/CFT compliance program. Further, the CIP should be risk-based and appropriate for the size and business of each investment adviser.
Notably, the Proposed CIP Rule’s requirements may be deemed satisfied for any mutual fund that a covered investment adviser advises if the mutual fund has developed and implemented its own CIP that is compliant with the CIP requirements applicable to mutual funds. According to the Proposed CIP Rule, FinCEN and the SEC believe the exemption is appropriate because of the regulatory and practical relationship between mutual funds and their investment advisers—i.e., CIP requirements imposed on an RIA to a mutual fund would be redundant.
Key definitions
The requirements under the Proposed CIP Rule would apply when a “customer” seeks to open an “account” with a covered investment adviser.
Customer
The term “customer” would be defined as a natural person or legal entity who opens a new account with an investment adviser. Exceptions to the definition of “customer” would include: financial institutions regulated by a federal functional regulator; banks regulated by a state bank regulator; certain government entities; companies listed on a U.S. exchange (and certain of their subsidiaries); and a person that has an existing account with the investment adviser (provided the investment adviser has a reasonable belief that it knows the true identity of the person). The Proposed CIP Rule’s definition of “customer” would also not include individuals who have authority or control over an account if those persons are not identified as accountholders. However, a covered investment adviser will be required to address situations where, based on a risk assessment of a new account opened by an entity customer, the investment adviser will need to obtain identifying information about individuals with authority or control over the account in order to verify the customer’s identity.
Account
The term “account” would be defined broadly as any contractual or other business relationship between an individual or entity and an investment adviser under which the investment adviser provides investment advisory services. Similar to the existing CIP Rules for other “financial institutions,” a covered investment adviser would not have to apply its CIP to accounts acquired through an acquisition, merger, purchase of assets or assumption of liabilities because customers do not “open” such transferred accounts. The definition of “account” would include, though, accounts opened for the purpose of participating in an employee benefit plan established under the Employee Retirement Income Security Act of 1974 (ERISA). ERISA accounts are excluded from the definition of “account” in the CIP requirements applicable to mutual funds, but would not be excluded for covered investment advisers because the Proposed AML/CFT Program and SAR Rule requires covered investment advisers to apply their AML/CFT compliance programs to all of their accounts, including ERISA-related accounts.
Reliance
The Proposed CIP Rule acknowledges that there may be certain instances in which a covered investment adviser would want to rely on another financial institution to conduct some or all of the investment adviser’s CIP. To address this need, the Proposed CIP Rule would allow a covered investment adviser to rely on another financial institution to discharge its obligations under the Rule if:
- A customer of the investment adviser is opening an account or has opened an account or similar business relationship with the other financial institution;
- The reliance is reasonable under the circumstances;
- The other financial institution is regulated by a federal functional regulator and is subject to the AML/CFT program requirements of the BSA and its implementing regulations; and
- The other financial institution enters into a contract with the investment adviser requiring it to certify annually that it has implemented an AML/CFT compliance program and will perform (or its agents will perform) the specified requirements of the investment adviser’s CIP.[7]
If a covered investment adviser meets the reliance requirements under the Proposed CIP Rule, the investment adviser would not be held responsible for the failure of the other financial institution to fulfill the adviser’s CIP requirements.
Requests for comment
Throughout the Proposed CIP Rule, FinCEN and the SEC seek comment to determine whether the Rule is appropriate. Comments on the Proposed Rule are due to FinCEN no later than July 22, 2024. Key questions posed for comment include:
- Whether the proposed definition of “account” is appropriate and unambiguous, and whether other examples of accounts should be added to the rule text.
- Is the proposed definition of “customer” appropriate? Should other examples of customers be added to the rule text?
- Should the definition of “investment adviser” apply to non-U.S. advisers registered or required to register with the SEC (for RIAs) or that report to the SEC on Form ADV (for ERAs), as proposed? What would be the logistical challenges of this approach?
- Are there other categories of entities that, like mutual funds, should be exempted from an investment adviser’s CIP program? Why or why not?
Investment advisers that will be covered by the Proposed CIP Rule are encouraged to engage with FinCEN and the SEC during the comment period.
[2] 31 CFR 1010.230.
[3] FinCEN issued proposed rules in 2002, 2003, and 2015 without ever issuing a final rule.
[4] Covered financial institutions, defined in 31 CFR 1010.605(e), include banks, broker-dealers, futures commission merchants, introducing brokers and mutual funds.
[5] The Proposed CIP Rule confirms that the inclusion of “before or after” account opening is intended to provide investment advisers flexibility in complying with the requirements of the Proposed CIP Rule while establishing an advisory relationship with their customers.
[6] Covered investment advisers would be required to maintain records for five years.
[7] This requirement can be satisfied by a reliance letter or other similar documentation.