On May 13, 2024, the Financial Crimes Enforcement Network (FinCEN), a bureau within the U.S. Treasury Department, and the Securities and Exchange Commission (SEC) proposed a joint rule (the Proposed Rule) with respect to a customer identification program (CIP) for investment advisers that is a companion to the anti-money-laundering/countering the financing of terrorism (AML/CFT) program rule proposed by FinCEN on February 15, 2024.1
Key Highlights
- Similar to the AML/CFT program rule, the Proposed Rule would cover both SEC-registered investment advisers and exempt reporting advisers and apply equally to both U.S. and non-U.S. advisers with respect to both U.S. and non-U.S. clients.
- The CIP would not require a look-through of a private fund or other pooled investment vehicle, so it would not apply to the investors in such fund or vehicle (but rather the identity of the fund or vehicle itself). Therefore, in a standard structure in which the private fund investment adviser is organizing the private fund entity itself, there may be no material requirements with respect to the CIP. This limitation will also minimize the impact of the Proposed Rule on exempt reporting advisers, who are largely limited to providing investment advice to private funds. However, private-fund advisers are still subject to potential liability under applicable anti-money-laundering laws, so it remains a best practice to implement AML policies and procedures that include a component of verifying the identity of investors.
- The Proposed Rule requires the CIP be a risk-based program and include minimum requirements for the procedures that must be included in the CIP and the information that will be required to be collected from customers. When collecting this information, investment advisers should consider their separate obligations under applicable privacy laws and their cybersecurity risks.
- An investment adviser may rely on other financial institutions that (i) already have a relationship with the customer, (ii) are subject to CIP requirements and (iii) provide annual certifications as to compliance, provided that the adviser determines that such reliance is reasonable, which could include monitoring the other financial institution’s effectiveness.
CIP Scope
The Proposed Rule would apply to investment advisers who are either (i) SEC-registered investment advisers or (ii) exempt reporting advisers relying on either Section 203(l) or 203(m) of the Investment Advisers Act of 1940. The Proposed Rule also similarly applies equally to U.S. and non-U.S. investment advisers with respect to both U.S. and non-U.S. clients.
The Proposed Rule defines “account” as “any contractual or other business relationship between a person and an investment adviser under which the investment adviser provides investment advisory services” (excluding accounts acquired through an acquisition, merger, purchase of assets, or assumption of liabilities) and “customer” to be any person (including a natural person or legal entity) who opens a new account with an investment adviser. Therefore, the “customer” in an advisory relationship with a private fund (or other pooled investment vehicle) would be the private fund (or the pooled investment vehicle) and not the investors or other beneficial owners of such fund or vehicle.
An investment adviser is not required to look through a legal entity to its beneficiaries and would be required only to verify the identity of the named accountholder; however, the adviser may be required to seek information about individuals with authority or control over the account if the investment adviser’s risk assessment determines it necessary to verify the customer’s identity. Therefore, for a private fund or other pooled investment vehicle, the investment adviser is required to collect identifying information of the fund or vehicle (or, in certain circumstances, individuals with authority or control over such fund or vehicle) but would not be required to cover persons who have invested in such fund or vehicle.
There is an exception for a financial institution that is regulated by a federal functional regulator or a bank regulated by a state bank regulator, certain government entities, and certain persons (other than banks) that are publicly listed on U.S. securities exchanges (and certain of their subsidiaries). There is also an exception for a person who has an existing account with the investment adviser, provided that the adviser has a reasonable belief that it knows the true identity of the person.
CIP Minimum Requirements
The Proposed Rule will require the covered investment advisers to establish, document and maintain a written CIP as part of the investment adviser’s overall AML/CFT program (not as a separate program) that is appropriate for the size and business of the investment adviser. The CIP does not need to cover any mutual fund if the mutual fund has developed and implemented a compliant CIP.
The CIP would be required to include risk-based procedures for verifying the identity of customers within a reasonable time before or after the customer’s account is opened. The risk assessment would include consideration of the following factors: (i) the type of account, (ii) the method of opening the account (e.g., in-person or online), (iii) the types of identifying information available, (iv) the adviser’s size, location, and customer base, (v) the types of money laundering and terrorist financing activities present in the representative jurisdiction, (vi) the types of services and transactions offered or performed by the investment adviser, and (vii) reliance on third-party firms for identity verification procedures. Such procedures are not necessary for an existing customer opening a new account if (i) the customer’s identity has been previously verified and (ii) the adviser continues to have a reasonable belief that it knows the true identity of the customer based on this prior verification.
The investment adviser would be required to obtain, at a minimum, the following information with respect to the customer: (i) full legal name (and, if applicable, aliases or assumed names), (ii) date of birth (or date of formation), (iii) address, and (iv) identification number (e.g., Social Security number or other taxpayer identification number, or passport number). Other information may be requested based on the adviser’s risk assessment.
The CIP must require the investment adviser to follow risk-based procedures to verify the accuracy of the information received from customers in order to form a reasonable belief that the adviser knows the true identity of the customer. The verification may occur (i) through documents (e.g., government-issued identification, certified articles of incorporation, government-issued business license, or legal governing documents), (ii) through non-documentary means (e.g., contacting the customer; obtaining a financial statement; search of fraud, bad check databases, credit reports, or account verification databases; or checking references with other financial institutions), or (iii) through both.
The CIP must include procedures for how to address when the investment adviser cannot form a reasonable belief that it knows the true identity of a customer, including (i) when the adviser should not open an account, (ii) the terms under which the adviser may provide services before verifying the identity, (iii) when to close an account, and (iv) when to file a suspicious activity report (SAR). The CIP must also include procedures for comparing a customer to any list of known or suspected terrorists or terrorist organizations provided by any government agency, including lists issued by the Treasury’s Office of Foreign Assets Control (OFAC).
The investment adviser must provide notice to customers of the adviser’s identity verification procedures, including a description of the identification requirements before opening an account. The investment adviser must also maintain certain records for a five-year period.
The investment adviser may rely on the performance by another financial institution (which is subject to an AML/CFT compliance program requirement and regulated by a federal functional regulator) of some or all of the elements of the adviser’s CIP if the customer already has an account or similar relationship with the other financial institution, the investment adviser determines such reliance on the other financial institution is reasonable and the adviser has entered into a contract with the other financial institution that provides for, among other things, annual certifications from the other financial institution. The investment adviser would not be held responsible for a failure by the other financial institution if it can establish that its reliance was reasonable and that it had entered into a contract that satisfied the requirements.
[1] See our Client Alert: FinCEN Proposes AML Program Rule for Investment Advisers (Feb. 16, 2024).
This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee a similar outcome.
Contacts
- /en/people/l/larkin-gregory
Gregory Larkin
Partner - /en/people/s/stern-william
William E. Stern
Partner - /en/people/w/wells-cynthia
Cynthia Wells
Counsel