Investment Advisers Subject to AML and SARs Requirements
In Short
The Situation: The Financial Crimes Enforcement Network ("FinCEN") has adopted a rule that subjects certain investment advisers to anti-money laundering/countering the financing of terrorism program ("AML") requirements applicable to other financial institutions.
The Result: Those investment advisers will need to establish working AML programs and be prepared to file suspicious activity reports ("SARs") by January 1, 2026.
Looking Ahead: Investment advisers should be on the lookout for related rules covering customer identification programs and beneficial ownership of entities. The Securities and Exchange Commission ("SEC") and FinCEN proposed a customer identification program rule. While this proposed rule is still in the comment stage, investment advisers should continue to monitor its progress.
The AML Rule
On August 28, 2024, FinCEN issued a final rule ("AML Rule") subjecting certain investment advisers as described in more detail below ("Covered IAs") to AML requirements, including the adoption of AML procedures and the filing of SARs. Other requirements include designation of an AML officer, an independent audit of the AML program, and other Bank Secrecy Act ("BSA") reporting and recordkeeping requirements. Notably, the AML Rule expands the definition of "financial institution" under the BSA to include Covered IAs. Compliance with the AML Rule is required by January 1, 2026.
Examinations of Covered IAs under the AML Rule will be conducted by the SEC.
Covered IAs
The AML Rule is applicable to SEC-registered investments advisers ("RIAs") and investment advisers that are exempt reporting advisers (i.e., advisers claiming a private fund adviser or venture capital fund adviser exemption). The requirements do not apply to RIAs that are: (i) mid-sized advisers, (ii) multistate advisers, (iii) pension consultants, or (iv) RIAs that do not report any assets under management. For Covered IAs with a principal place of business outside the United States ("U.S."), the AML Rule applies only with respect to their activities that: (i) take place in the U.S. or (ii) provide services to a U.S. person or a foreign-located private fund with an investor that is a U.S. person.
AML Program Requirements
The AML Rule requires each Covered IA to establish a written AML program that is "risk-based" and "reasonably designed to prevent the investment adviser from being used for money laundering, terrorist financing, or other illicit finance activities." The minimum requirements include:
- The development of internal policies, procedures, and controls. Covered IAs must review services and products offered and the nature of their customers in order to identify potential susceptibility to money laundering and other illicit activity.
- The designation of a compliance officer. Covered IAs must designate a qualified person responsible for implementing and monitoring AML requirements.
- An ongoing employee training program. Covered IAs must ensure that employees are trained in AML requirements and trained to recognize signs of potential money laundering and other illicit activity.
- An independent audit function to test the programs. The AML program must be subject to independent testing either by the Covered IA's employees or a qualified outside party.
To comply with the AML Rule, AML programs must be approved, in writing, by the adviser's board of directors or similar body, and the program must be made available for inspection by FinCEN or the SEC.
Suspicious Activity Reporting
The AML Rule requires Covered IAs to file SARs with FinCEN concerning transactions: (i) that are "conducted or attempted by, at or through" the Covered IA; (ii) that involve or aggregate at least $5,000 in funds or other assets; and (iii) which the adviser knows, suspects, or has reason to suspect:
- Involve funds derived from illegal activity or are intended or conducted to hide or disguise funds or assets derived from illegal activity;
- Are designed, whether through structuring or other means, to evade the requirements of the BSA;
- Have no business or apparent lawful purpose, and the adviser knows of no reasonable explanation for the transaction after examining the available facts; or
- Involve the use of the adviser to facilitate criminal activity.
As noted above, the regulation relates to transactions that are conducted "by, at, or through" a Covered IA. This would include, for example, when a Covered IA directs a custodian to execute a transaction or when a customer provides instructions for a Covered ID to pass on to a custodian.
Portfolio Company Implications
While FinCEN excluded non-advisory services from the scope of the AML Rule, which include managerial or operational decisions at portfolio companies, an adviser's AML program cannot entirely exclude consideration of portfolio companies as FinCEN does anticipate that advisers will file SARs to report certain information the adviser receives through portfolio company due diligence. Other examples highlighted by FinCEN which may create an obligation to file a SAR related to a portfolio company include when the adviser: (i) is approached by a limited partner about unusual access to technology developed by a portfolio company; (ii) becomes aware a limited partner has reached out to a portfolio company for such information; or (iii) is asked to obscure participation by an investor in a particular transaction to avoid notification to government authorities.
Three Key Takeaways
- The AML Rule requires Covered IAs to adopt and maintain an "anti-money laundering and countering the financing of terrorism" program.
- While many Covered IAs have AML policies in place, those policies may need to be modified to comply with the AML Rule's requirements and to implement SAR filing policies and procedures.
- Covered IAs, including ERAs, have not previously been required to report suspicious activities to FinCEN, which is an area where other financial institutions have faced regulatory liability (i.e., for failing to file SARs).
