National security risks headline new AML requirements for investment advisers – and more to come?
Last week, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a widely anticipated final rule to police the estimated $125 trillion-plus investment adviser market.
The new rule extends anti-money laundering and countering the financing of terrorism (AML/CFT) compliance obligations, which already apply to other financial institutions – such as broker-dealers, mutual funds, credit unions, and banks – to certain SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs). ERAs generally include advisers that: (1) solely advise venture capital funds; or (2) solely advise private funds and have less than $150 million in assets; or in the case of advisers with a principal place of business outside of the US, have less than $150 million in private fund assets managed from a US place of business.
The new rule reflects the US government’s identification – based on law enforcement cases, Bank Secrecy Act (BSA) reporting, and Treasury’s February 2024 risk assessment – of illicit finance threats involving advisers, as well as a long sought-after expansion of the BSA to cover financial “gatekeepers,” an area where the US AML regime has fallen short according to the Financial Action Task Force, the international AML/CFT standard setting body.
Notwithstanding Treasury’s acknowledgement that laundering illicit proceeds through investment vehicles may not be the most efficient way to engage in money laundering (because of long lock-up periods), the new rule also is designed to combat illicit finance and related threats from foreign states, particularly China and Russia, which are reportedly using advisers to access sensitive technologies and services with national security consequences.
When is compliance required?
Effective January 1, 2026, advisers subject to the new rule must implement AML/CFT programs and begin complying with the new rule’s reporting and recordkeeping requirements. Advisers subject to the new rule also will be required to file Suspicious Activity Reports (SARs).
Which advisers will be subject to the new rule (and which ones will be excluded)?
The new rule adds certain RIAs and ERAs to the definition of "financial institution" under the BSA and subjects them to AML/CFT requirements.
Offshore RIAs and ERAs (ie, those that have a principal office and place of business outside the US) must also comply with the new rule with respect to their advisory activities that take place within the US – including through the involvement of US personnel of the adviser – or provide advisory services to a US person or a foreign-located private fund with an investor that is a US person, ie, at least one US person investor.
The new rule adopted a narrower definition of “investment adviser” than initially proposed and excludes the following.
- Advisers that register with the SEC solely because they are:
- Mid-sized advisers (ie, an adviser with regulatory assets under management between $25 and $100 million that are not subject to a state’s registration and examination regime)
- Multistate advisers, or
- Pension consultants, as well as
- Advisers that are not required to report any assets under management to the SEC on Form ADV.
As proposed, the new rule does not apply to state-registered advisers, foreign private advisers, or certain family offices.
What is (and is not) required under the new rule?
Requirements for covered RIAs and ERAs generally include:
- Implementing a risk-based AML/CFT program
- Filing SARs with FinCEN
- Keeping records related to fund transmittals and complying with the Recordkeeping and Travel Rules (See 31 CFR Part 1010.410(e) and (f))
- Fulfilling other BSA obligations, including special information sharing procedures
An investment adviser that is dually registered as a broker-dealer or is an affiliate of a bank (or bank subsidiary) would not be required to establish multiple or separate AML/CFT programs so long as a comprehensive AML/CFT program covers all of the entity’s relevant business and activities that are subject to BSA requirements.
Similarly, an adviser affiliated with, or a subsidiary of, another entity required to establish an AML/CFT program in another capacity would not be required to implement multiple or separate programs so long as it is subject to a single program that is designed to identify and mitigate the different AML/CFT risks posed by the different aspects of the entity’s business.
The new rule permits an adviser to exclude certain types of regulated entities from its AML/CFT obligations. For example, an adviser may exclude any mutual funds that it advises, bank- and trust company-sponsored collective investment funds, and any other investment adviser subject to the new rule that is advised by the investment adviser.
Are advisers required to adopt a customer identification program (CIP)?
The new rule does not expressly include a CIP requirement for advisers, nor did it propose to require investment advisers to collect beneficial ownership information for legal entity customers. However, FinCEN has issued a proposed rule indicating that CIP requirements are on the horizon.
As we wrote about in May 2024, FinCEN and the SEC jointly proposed a new rule that would impose additional requirements on RIAs and ERAs to establish, record, and maintain CIPs under the BSA and related regulations.
There is also a requirement under the Corporate Transparency Act (CTA) for entities to gather certain beneficial ownership information and report it to FinCEN, which we highlighted in December 2023.
Notably, FinCEN indicated that it intends to address the requirement to collect beneficial ownership information for legal entity customers in a subsequent rulemaking.
This requirement likely will be addressed in the third CTA rulemaking to revise FinCEN’s customer due diligence rule as required by the CTA, which has the potential to significantly increase compliance burdens if Treasury updates the Customer Due Diligence rule consistent with the CTA’s definition of beneficial ownership to also capture individuals that exercise substantial control over the legal entity customer.
Enforcement considerations
The FinCEN director has overall authority for enforcement and compliance with the BSA. In the case of RIAs and ERAs, FinCEN has delegated examination authority for compliance with the new rule’s requirements to the SEC.
Recent SEC enforcement actions against broker-dealers for failing to comply with AML/CFT obligations are instructive. As it has done in the several years with respect to broker dealers, the SEC likely will pursue failure to file SAR cases, eg, In re Wedbush Securities Inc. (August 2023), In re Alpine Corporation (August 2021) (cert. denied) (affirming the SEC’s authority to bring AML-based enforcement actions under the recordkeeping provisions of Section 17(a) of the Securities Exchange Act of 1934 and Rule 17a-8 thereunder) and/or AML “program failure” cases (ie, deficiencies in the design and implementation of AML policies and procedures) against investment advisers and in certain instances may require an adviser to retain an independent compliance consultant to improve the AML program and report to the SEC on its progress, where appropriate. The SEC is expected to similarly apply its enforcement tools to investment advisers required to comply with the new rule’s AML/CFT requirements.
The BSA also includes general civil penalty provisions for willful violations of a BSA requirement, to include a maximum monetary penalty of $69,733 to $278,937 if assessed on or after January 25, 2024. (See 31 USC Section5321(a)(1); 31 C.F.R. Part 1010.821). Penalties may also include forfeiture, and cases may be referred to the US Department of Justice for criminal prosecution.
Key takeaways and recommendations
The intersection of AML/CFT and economic sanctions
While economic sanctions requirements are distinct from AML/CFT requirements, certain investment advisers must also comply with economic sanctions regulations administered and enforced by Treasury’s Office of Foreign Assets Control (OFAC). Investment advisers may consider implementing comprehensive, risk-based policies and procedures that focus on compliance with both sanctions regulations and AML/CFT requirements.
Where are the greatest AML/CFT risks?
Treasury recently found that the highest illicit finance risk in the investment adviser sector is among ERAs (who advise private funds exempt from SEC registration), followed by “RIAs who advise private funds, and then RIAs who are not dually registered as, or affiliated with, a broker-dealer (or is, or affiliated with, a bank).”
- While many RIAs have implemented some form of AML/CFT programs, the new rule specifically seeks to prevent bad actors from seeking “arbitrage opportunities” to access the US financial system “through investment advisers with weaker or non-existent client due diligence.” Accordingly, prudent RIAs will assess their current programs, policies, and procedures to determine whether they are adequate to ensure compliance with the new rule.
- ERAs may consider assessing their business and operational structures to determine whether they may need to devote additional resources to building and implementing written, management-vetted, risk-based AML programs.
Assess third party vendors and administrators
Advisers will remain liable for any outsourced portions of their AML/CFT programs. Advisers are encouraged to consider reviewing their contracts with vendors and fund administrators to determine whether they have the ability to access and review the third parties’ AML/CFT programs for compliance with the new rule.
National security risk
In addition to the AML/CFT risks, the sustained efforts of sophisticated state actors to leverage investment vehicles to access sensitive technology and obtain a military-technological advantage over the US has been recently documented and reported by US national security and intelligence agencies. This threat and the attention it has garnered from the US government appreciably raises risk to advisers who do not comply with the new rule’s requirements.
AML/CFT compliance will become a competitive advantage
One of Treasury’s goals was to make it more costly for investment advisers without adequate AML/CFT controls or those which cater to or turn a blind eye towards money laundering and national security risks to operate. With the combination of an eager SEC seeking to police AML/CFT violations by advisers and the heightened risk of enforcement by OFAC because of the national security implications, industry may find that implementing a risk-based, thoughtfully designed compliance program to prevent the adviser from being used for money laundering, terrorist financing, or theft of sensitive US technology is both required and provides a meaningful competitive advantage, particularly in cases where the SEC would otherwise seek to impose burdensome remedial measures, including an independent compliance consultant for AML programs that require significant improvement.
For more information
If you have any questions about the new rule or developing a risk-based AML program, please contact the authors, your DLA Piper relationship attorney, or any member of the DLA Piper’s White Collar, National Security and Global Trade, or Investment Funds practices.
Rommy Hage contributed to this article.