The U.S. Department of the Treasury, Financial Crimes Enforcement Network ("FinCEN") proposed rules  on August 25, 2015 that would broaden the application of the Bank Secrecy Act's ("BSA") suspicious activity reporting and anti-money laundering ("AML") requirements to include investment advisers registered or required to be registered with the U.S. Securities and Exchange Commission ("SEC") (such advisers, "Covered Advisers").
Broadly speaking, the proposed rules would require Covered Advisers to:
- Establish AML programs designed to prevent the Covered Adviser from being used to facilitate money laundering or terrorist financing;
- File Suspicious Activity Reports ("SARs");
- Implement recordkeeping rules applicable to the transmittal of funds; and
- File Currency Transaction Reports ("CTRs") for certain transactions.
Under the proposed rules, responsibility for determining compliance with the rules would be delegated to the SEC. The deadline for commenting on the proposed rules is November 2, 2015. Once the final rules are adopted, Covered Advisers will have six months to implement an AML program.
ESTABLISHMENT OF AN AML PROGRAM
Covered Advisers Must Implement an AML Program
FinCEN's proposed rules would require each Covered Adviser to develop an AML program reasonably designed to prevent the investment adviser from being used to facilitate money laundering or terrorist financing.
The AML Program Must Follow a Risk-Based Approach
Specifically, each Covered Adviser must:
- establish policies, procedures and internal controls reasonably designed to prevent the investment adviser from being used for money laundering or the financing of terrorist activities and to achieve and monitor compliance with the applicable provisions of the BSA and the implementing regulations;
- provide for "independent" compliance testing to be conducted by the investment adviser's personnel or by a qualified outside party. This independence requirement means that those conducting the testing are not involved in the operation or oversight of the AML program;
- Designate a person or committee to be responsible for implementing and monitoring the operations and internal controls of the AML program. The person designated as the AML compliance officer should be an officer of the investment adviser; and
- Provide ongoing AML program training to appropriate personnel, such as those employees of the investment adviser whose job functions bring them in contact with BSA requirements or possible money laundering activity.
The nature and scope of each Covered Adviser's AML program will vary depending on the type of each firm's business, its size and general vulnerability to money laundering activity. In assessing the risk posed by particular clients, FinCEN provided guidance on factors to consider, such as the source of a client's funds and the jurisdiction in which the clients are located.
The need for a nuanced analysis is particularly highlighted in the private funds context, where a wide variety of fund structures and operations render a "one size fits all" approach inappropriate. A Covered Adviser may lack full transparency regarding the individuals or institutional investors that constitute its ultimate client base, with such concerns heightened in situations where a fund maintains offshore operations. Compliance risks also increase when a Covered Adviser is several levels removed from the ultimate investor; for example, where an investor in a Covered Adviser's investment vehicle is another pooled entity, the Covered Adviser may need to assess or examine the policies of such entity. Different investment vehicles will have different risk profiles and Covered Advisers must tailor their risk-management approach accordingly.
Administration of the Program May be Delegated
FinCEN acknowledged that it may be appropriate for a Covered Adviser to delegate management of an AML program to a third-party service provider or agent; however, the Covered Adviser would remain responsible for the effectiveness of the program and ensuring that FinCEN and the SEC can obtain any required records.
REPORTING OF SUSPICIOUS ACTIVITY
Certain Transactions Greater Than $5,000 Must be Reported
FinCEN's proposed rules will require Covered Advisers to report suspicious activity by filing SARs. A Covered Adviser would be required to report suspicious transactions conducted or attempted by, at, or through such investment adviser, if the transaction involves or aggregates funds or other assets of at least $5,000 and the investment adviser knows, suspects or has reason to suspect that the transaction or pattern of transactions:
- involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity;
- is designed, whether through structuring or other means, to evade any requirements or regulations promulgated under the BSA;
- has no business or apparent lawful purpose, and the investment adviser knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or
- involves use of the investment adviser to facilitate criminal activity.
SARs Are to be Filed Within 30 Days of a Transaction, or Immediately in Certain Circumstances
Generally, a SAR must be filed with FinCEN within 30 days of the Covered Adviser becoming aware of a suspicious transaction. Supporting documentation is to be kept for five years and is to be made available to law enforcement agencies on request. In situations where immediate attention is required, such as suspected terrorist financing or an ongoing money laundering scheme, a Covered Adviser would need to immediately notify an appropriate law enforcement authority by telephone, in addition to filing a timely SAR.
Covered Advisers Should Monitor Suspicious "Red Flags"
Although FinCEN notes that money laundering techniques continue to evolve and it is therefore impossible to provide a complete list of all possible "red flags" of potentially suspicious client behavior, it acknowledges several indicia of potentially suspicious activity, including: display of an unusual concern regarding government reporting requirements; refusal to provide information about an entity or individual on behalf of whom a client is acting as an agent; or a total lack of concern by a client regarding performance returns.
Covered Advisers are Protected from Civil Liability
The proposed rules provide for a safe harbor protecting Covered Advisers from civil liability, to the full extent provided by U.S. federal law, arising from a decision to make a required or voluntary report of suspicious transaction activity.
SARs Are Afforded Confidential Treatment
Generally, SARs, and any information that would reveal the existence of a SAR, are afforded confidential treatment under the proposed rules. If a Covered Adviser is requested to disclose a SAR or any information that would reveal its existence, the proposed rules mandate that the Covered Adviser must refuse, citing the proposed rules. No persons involved in any reported suspicious transaction can be notified that the transaction has been reported. The proposed rules, however, do not prohibit disclosure of a SAR to law enforcement agencies, the SEC and FinCEN, nor do they prohibit disclosure of the underlying facts, transactions, and documents upon which a SAR is based (including to another financial institution for the purposes of preparing a joint SAR). As drafted, the proposed rules prevent the existence and contents of SARs from being shared within a Covered Adviser's organizational structure without further guidance; in the FinCEN Release, however, FinCEN has explicitly sought additional comments on this point.
RECORDKEEPING AND REPORTING REQUIREMENTS
Covered Advisers Would be Included in Definition of "Financial Institution"
The final regulatory change contemplated by FinCEN's proposed rules would impose certain recordkeeping and reporting requirements on Covered Advisers, as a result of including investment advisers registered with the SEC under Section 203 of the Investment Advisers Act of 1940 within the definition of "financial institution" in the regulations implementing the BSA.
Identifying Information Required for Transmittals Greater Than $3,000
First, for transmittals of funds that equal or exceed $3,000, the transmitter's financial institution would need to obtain identifying information about the transmitter and transaction (such as name, address, account number and in certain circumstances, taxpayer identification numbers), while the recipient institution must obtain identifying information about the recipient, with such information "travelling" through to the next financial institution in the payment chain. Under the proposed rules, Covered Advisers would be able to avail themselves of an enumerated exception where, if both the transmitter and recipient fall within certain categories of financial institutions (in their capacity as a party to a transaction, rather than an intermediary), the aforementioned recordkeeping requirements would not need to be met.
Records Needed for Credit Extensions and Cross-Border Transfers Greater Than $10,000
Second, Covered Advisers would be required to retain records for transactions exceeding $10,000 that are either extensions of credit, or cross-border transfers of currency, monetary instruments, checks, investment securities or credit, with information regarding the nature of the transaction and participants recorded.
CTRs Required for Transactions Involving Currency Greater than $10,000
Third, the current requirement for Covered Advisers to file Form 8300 upon receipt of more than $10,000 in cash and negotiable instruments (which includes checks and money orders) in one transaction or a series of related transactions would be replaced. With Covered Advisers being treated as financial institutions for certain purposes of the regulations, Covered Advisers would instead complete a CTR for any deposit, withdrawal, payment or transfer through the investment adviser that involves currency greater than $10,000 in one business day with a requirement to adhere to certain identity verification measures. A copy of such report would need to be filed by the Covered Adviser within 15 days of the day on which the reportable transaction occurred, and would need to be retained for a period of 5 years. This particular change would likely have a minimal impact on investment advisers, as FinCEN acknowledges that "investment advisers rarely receive from or disburse to clients significant amounts of currency."
No Requirements to Establish CIP Program
The designation of Covered Advisers as financial institutions under the proposed rules would also mean Covered Advisers would be required to search their records at FinCEN's request for information related to persons suspected by law enforcement of engaging in terrorist activity or money laundering. It is noteworthy that the proposed rules do not require Covered Advisers to establish a customer identification program ("CIP"), as is required for banks, broker-dealers and other financial institutions; however, FinCEN indicated that it anticipates addressing CIP requirements and applicability of other sections of the PATRIOT Act through additional rulemaking.
FinCEN's proposed rules are currently open for comment until November 2, 2015. The impact of the proposed rules and appropriate responses will vary depending on the nature and scope of each Covered Adviser's business. In adapting internal policies to the rules as ultimately implemented, it would be prudent for Covered Advisers to:
- Engage in a holistic and robust analysis of their business and client base, identifying any unique vulnerabilities from a money laundering or terrorist financing perspective.
- Evaluate existing AML programs that are in place, identify gaps between existing programs and the proposed regulatory requirements, and consider policies and procedures to be adjusted or revised to fill those gaps.
- Build the necessary infrastructure to separate the management of AML programs from the independent testing functions.
Although for most firms such steps will not require building compliance programs from scratch, Covered Advisers will need to be flexible and adjust their programs to address the rules once they are adopted in their final forms.