FinCEN & the SEC: Will the Real RIA and ERA Customers Please Stand Up?
FinCEN & the SEC: Will the Real RIA and ERA Customers Please Stand Up?
On May 13, 2024, the U.S. Department of the Treasury’s (“Treasury”) Financial Crimes Enforcement Network (FinCEN) and the Securities and Exchange Commission (SEC) issued a joint Notice of Proposed Rulemaking (NPRM) that would require SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to implement and maintain a customer identification programs (CIP) to verify the identities of their customers.
The NPRM complements an earlier NPRM that FinCEN released in February 2024 (covered in a separate Client Alert), which would designate RIAs and ERAs as “financial institutions” under the Bank Secrecy Act (BSA), thereby requiring them to maintain anti-money laundering and countering the financing of terrorism (AML/CFT) programs. RIAs and ERAs would be well advised to begin contemplating how a CIP would function within their organizations.
Treasury has long focused on the vulnerabilities to the U.S. market posed by investment advisers. The lack of cohesive regulations across the industry has allowed bad actors to exploit weaknesses and use investment advisers as an entry point to the U.S. financial system. The NPRM aims to prevent criminals from becoming customers of investment advisers—including through the use of false identities—and leveraging that relationship for criminal activity.
Treasury also reaffirms its desire to harmonize these requirements with those that already exist for financial institutions such as banks or broker-dealers, as well as other recently proposed rules. In doing so, it seeks to better protect the public from fraudulent actors and, ultimately, reduce total costs to the industry by allowing investment advisers and other service providers who might be subject to the same requirements, to delegate such practices amongst themselves.
The NPRM would require RIAs and ERAs to implement a written, risk-based CIP, tailored to each company’s specific size and business. A CIP should ensure, to the extent reasonable and practicable, that the RIA or ERA verifies each customer’s identity in order to form a reasonable belief that the customer’s true identity is known. Advisers would also need to maintain records of information used to verify a customer’s identity. Customers should also be notified that the adviser is requesting information in order to verify their identity. Verification can be through documentary (e.g., a driver’s license) or non-documentary (e.g., a video call) methods.
Within a reasonable time before or after opening a new account, RIAs and ERAs would need to collect and verify a name, address, date of birth (or, for an entity, date of formation), and an identification number from each customer, whether a natural person or legal entity. The NPRM would not require verifying the beneficial owners of a legal entity customer.
As proposed, the verification requirements would apply each time a customer opens a new account. However, if the customer has already been verified, the company does not need to do so again, if: (1) the company has previously verified the customer’s identity in accordance with procedures required by the rule; and (2) the company continues to have a reasonable belief it knows the customer’s true identity, based on the previous verification.
The NPRM defines “account” as any “contractual or business relationship between a person and an investment adviser under which the investment adviser provides investment advisory services.” The definition includes accounts opened to participate in an employee benefit plan established pursuant to the Employe Retirement Income Security Act of 1974.
Each CIP should be tailored to the specific ERA or RIA, depending on different factors, such as the size and sophistication of the ERA and RIA customers, the methods and frequency with which an account is opened, and the number of products and services provided by the investment adviser.
The NPRM aligns with Treasury’s recent focus on protecting investment advisers from criminal abuse, including through money laundering, fraud, and tax evasion. These protections likely mean increased regulation and obligations for investment advisors. In light of these potential new requirements, RIAs and ERAs are well advised to submit any comments on the NPRM before the July 12th deadline. Among other items, FinCEN and the SEC requested input on the clarity of definitions in the rule and whether certain customer types, such as mutual funds, should be exempt from the CIP.