On May 13, the Securities and Exchange Commission (SEC) and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) released a joint notice of a proposed rulemaking (NPRM) that would require federally registered investment advisers (RIAs) and exempt reporting advisers (ERAs; collectively with RIAs, Investment Advisers) to establish, document, and maintain written customer identification programs (CIPs).1, 2 This latest NPRM is separate from but related to FinCEN’s February 13 proposed rule (the February NPRM), which aimed to subject Investment Advisers to the AML/CFT requirements of the Bank Secrecy Act (BSA).

Under the NPRM, Investment Advisers would be required to implement reasonable procedures to identify and verify the identity of their customers.3 The NPRM would define “account” as “any contractual or other business relationship between a person and an investment adviser under which the investment adviser provides advisory services.”4 “Customer” is defined as “a person—including a natural person or a legal entity—who opens a new account with an investment adviser.”5 Where the customer is a legal entity, the NPRM would obligate the Investment Adviser “to obtain information about individuals with authority or control over the account in order to verify the customer’s identity.”6 Notably, for a private fund manager, the fund adviser’s “client” to which it provides investment advice is typically the fund itself, not the investors in the fund. Accordingly, based on the plain language of the NPRM’s definitions of “account” and “customer,” the proposed CIP requirements arguably only would apply to the Investment Adviser’s advisory clients, e.g., in the case of a fund manager, the fund, and not to the investors in any advised funds. However, such a result would seem to be at odds with FinCEN’s stated concerns that pooled investment vehicles such as hedge funds and private equity funds are being used to launder criminal proceeds and to finance terrorism. We expect that public comments in response to the NPRM will seek clarity from FinCEN as to what the terms “account” and “customer” mean with respect to pooled investment vehicles like private funds, the Investment Adviser’s advised funds, or the underlying investors in those advised funds.

The NPRM would require that Investment Advisers implement a risk-based CIP appropriate for the Investment Advisers’ size and business. The NPRM would require Investment Advisers to collect the customer’s name, date of birth or date of formation, address, and identification number, all of which are standard CIP requirements of financial institutions (e.g., registered broker-dealers and banks).7 In certain instances, Investment Advisers may be required to collect additional information where necessary to verify the true identity of a customer.8 The purpose is to ensure that Investment Advisers hold a reasonable belief that they know their customers. Investment Advisers would be required to verify their customers “within a reasonable time before or after the customer’s account is opened.”9 In addition, the NPRM would require that Investment Advisers confirm that customers do not appear on any lists of known or suspected terrorists maintained by the Department of the Treasury.10 Lastly, the NPRM’s record retention requirements would obligate Investment Advisers to retain documents and information related to a customer’s identifying information “while the account remains open and for five years after the date the account is closed.”11

Helpfully, the NPRM provides that Investment Advisers will be able to rely on another financial institution’s CIP for its customers if the customer is opening or has established a relationship with that financial institution. The Investment Adviser can rely on that financial institution’s CIP when (1) reliance is reasonable under the circumstances, (2) the other financial institution is subject to the Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) program requirements under 31 U.S.C. 5318(h), and (3) the other financial institution, pursuant to a contractual obligation, annually certifies that it has implemented an AML/CFT program through a reliance letter or other similar documentation.12 The NPRM states that an Investment Adviser would not be held responsible for the failures of the other financial institution CIP as long as the forgoing factors are satisfied.13 Accordingly, where the Investment Advisers customers are coming through a private bank or broker-dealer channel, the Investment Adviser may be able to accept representations from that financial institution in lieu of conducting customer identification verification on each customer coming across such a sales channel. Investment Advisers may also choose to leverage existing custodian and/or administrator relationships to fulfill their CIP obligations. Those choosing to do so should note that while most custodians are subject to the BSA and are capable of managing CIPs, some administrators are not subject to the BSA and therefore could not be relied on for CIP purposes. 

As discussed in our prior Client Alert,14 in the February NPRM, FinCEN seeks to broaden the definition of “financial institution” under the BSA by classifying Investment Advisers as “financial institutions” and thereby subjecting Investment Advisers to the BSA’s requirements to implement AML compliance programs and to monitor and report suspicious activity.15 As stated by FinCEN, a “CIP is not a separate program, but rather would be incorporated into an investment adviser’s overall AML/CFT program16 Thus, the February NPRM and this NPRM share the same aim: Prevent illicit actors from using Investment Advisers (or the funds and investment vehicles managed by Investment Advisers) to launder illicit or criminal proceeds through the U.S. financial systems.

*     *     *

The SEC and FinCEN are accepting comments on the NPRM until July 12. We encourage Investment Advisers to become familiar with the proposal now in order to be adequately prepared. Our prior Client Alert17 discusses AML best practices for private fund managers. Lowenstein will be monitoring further developments to the NPRM and subsequent rule. For any questions about this Client Alert or the NPRM, please contact the authors at LSAMLTeam@lowenstein.com.

1 See “SEC, FinCEN Propose Customer Identification Program Requirements for Registered Investment Advisers and Exempt Reporting Advisers,” May 13, 2024, available at https://www.fincen.gov/news/news-releases/sec-fincen-propose-customer-identification-program-requirements-registered.
2 Id.
3 See “Fact Sheet: Customer Identification Programs,” May 13, 2024, available at https://www.sec.gov/files/bsa-1-fact-sheet.pdf.
4 NPRM at page 9.
5 Id. at 10.
6 Id. at 11.
7 Id. at 15-16.
8 Id. at 16.
9 Id. at 15.
10 Id. at 26.
11 Id. at 25.
12 Id. at 28.
13 Id. at 29.
14 See “Investment Advisers Beware: The BSA is Coming (Maybe),” February 15, 2024, available at https://www.lowenstein.com/news-insights/publications/client-alerts/investment-advisers-beware-the-bsa-is-coming-maybe-aml.
15 The BSA is codified at 31 U.S.C. 5311-14, 5316-36.
16 NPRM at page 13.
17 See “AML Best Practices for Private Fund Managers: The Prudence of Establishing an AML Compliance Program,” February 17, 2023, available at https://www.lowenstein.com/news-insights/publications/client-alerts/aml-best-practices-for-private-fund-managers-the-prudence-of-establishing-an-aml-compliance-program-investment-management.