On 22 August 2024, K2 Integrity hosted a webinar discussing considerations related to the pending anti-money laundering rule (AML) for investment advisers (IAs) from the Financial Crimes Enforcement Network (FinCEN). The conversation included Sarah Runge, executive managing director, financial crimes compliance at K2 Integrity; Alex Levitov, managing director, financial crimes compliance at K2 Integrity; and Sarah Green, principal and global head of financial crime at Vanguard. To watch a recording of the full webinar, click here.
Overview
FinCEN has recently proposed a new rule for IAs that could significantly impact the financial industry. The proposed rule introduces AML program and suspicious activity reporting (SAR) requirements for IAs, which have traditionally not been as heavily regulated as other financial entities.
FinCEN’s Notice of Proposed Rulemaking (NPRM) for IAs is a critical step in extending AML obligations to a broader range of financial entities. Historically, IAs have not been subjected to the same level of scrutiny as banks and broker-dealers, primarily because their role in the financial system was perceived as less risky. However, with the dramatic growth of the IA sector and the increasing sophistication of criminal networks seeking to move illicit proceeds into U.S. capital markets, FinCEN has recognized the need to bring IAs under the AML regulatory framework.
The rule proposes that IAs establish and implement a risk-based AML program that includes ongoing customer due diligence (CDD) in addition to policies, procedures, controls, and training tailored to prevent and detect illicit financial activity. A separate NPRM—issued jointly by FinCEN and the Securities and Exchange Commission (SEC)—introduces specific requirements to implement a customer identification program (CIP) to understand and verify the identity of each IA customer. These components are designed to help prevent money laundering and other financial crimes by ensuring that IAs have a thorough understanding of their clients and their financial activities.
Challenges in Implementation
Implementing the proposed FinCEN rule presents several challenges. One significant concern is the broad scope of the rule, which applies to a wide variety of IA entities, including those with no direct client contact or those operating outside the United States. The breadth of the rule means that IAs will need to assess and possibly overhaul their existing compliance frameworks to meet the new requirements.
There are also challenges in implementing the rule across diverse business lines. Many large financial institutions operate multiple entities, including broker-dealers and investment companies, both in the United States and internationally. For entities that have not previously been subject to AML requirements, the rule imposes new obligations that may require significant adjustments to internal processes and systems.
Another challenge is the potential conflict with data privacy laws, particularly for those IAs that operate internationally and that may face difficulties in complying with both the FinCEN rule and local data protection regulations. For example, European Union data privacy laws may restrict the transfer of certain customer information required under the new AML and CIP rules, creating a legal and operational dilemma for global IAs.
Regarding data privacy, there is also concern about identity theft and fraud. It may be challenging going forward as financial institutions work to verify their customers’ identity and continue to conduct due diligence.
Industry Perspectives
While there is general agreement on the importance of preventing financial crime, some industry experts have expressed concerns about the rule’s scope and the practicalities of implementation. For example, the rule includes certain requirements that are not harmonized with existing AML regulations for other financial entities. For instance, the CIP requirements under the proposed rule demand the collection of specific information not required under other CIP rules, which could complicate compliance efforts. Additionally, some sitting SEC commissioners have made unfavorable comments about the rule.
Moreover, the industry has noted the relatively short implementation period proposed in the NPRM, which many believe is insufficient given the scale of the changes required. Implementing new technology, training staff, and updating compliance programs will likely require a more extended period, at least an entire budget cycle, particularly for large organizations with complex structures.
Despite these challenges, the industry broadly acknowledges the necessity of such regulations. Industry alliances will be helpful in implementing the standards, given the benefit to the financial industry and law enforcement of working together to fight financial crime. Members of these industries can benefit from collaborating; this will enable them to learn what risk others are seeing, how they are handling risk, and what effective practices are in this space.
Conclusion
The pending FinCEN IA rule represents a significant shift in the regulatory landscape for investment advisors. While the rule aims to close gaps in the current AML framework, its implementation will be challenging, particularly for global financial institutions with diverse and complex operations. Industry stakeholders will need to navigate these challenges carefully, balancing compliance against other legal and operational considerations. As FinCEN moves forward with finalizing the rule, the financial industry will need to prepare for a new era of heightened scrutiny and regulatory responsibility. Those without an AML program should quickly begin putting a program in place in preparation for the rule’s implementation. Affected organizations should think through how customer information will be collected and stored, the types of customers and activity present, the potential areas of risk, and the policies and procedures that need to be put into effect.