SEC and FinCEN Propose Rule Requiring Investment Advisers to Enact Customer Identification Programs

On May 13, 2024, the Securities and Exchange Commission (SEC) and the Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury Department announced a joint notice of proposed rulemaking that would require investment advisers to take steps to verify their customers’ identities. The proposed rule is intended to strengthen federal anti-money laundering defenses, counter the financing of terrorism (AML/CFT), and prevent illicit actors and funds from entering the U.S. financial system through investment advisers.^[1]

The rule would apply to registered investment advisers (RIAs), meaning those registered or required to be registered with the SEC under the Investment Advisers Act of 1940, and exempt reporting advisers (ERAs), which are advisers exempt from registration under that Act but that have filed a Form ADV with the SEC as an exempt reporting adviser. Each RIA or ERA would have to establish reasonable verification procedures such that it could “form a reasonable belief that it knows the identity of each customer.” These procedures, called customer identification programs (CIPs), would be tailored to the sizes and businesses of each investment adviser.^[2]The proposed rule is largely aligned with CIP requirements for other financial institutions, such as securities brokers and mutual funds.^[3]

Historically, RIAs and ERAs have not been subject to AML/CFT regulations in the same ways that banks, security brokers and other financial institutions are. However, when combined with state-registered investment advisers, the assets they manage “vastly exceed the holdings of U.S. banks.” Further, the U.S. Treasury Department has identified four ways investment advisers can be involved in illicit financial activity: 1) as entry points for illicit funds associated with foreign corruption, fraud and tax evasion; 2) as means for sanctioned individuals to access U.S. assets; 3) as avenues for foreign states, such as China and Russia, to invest in early-stage companies and access emerging technologies that have long-term national security implications; and 4) as vehicles to defraud clients.^[4]

To counter these threats, FinCEN and the SEC proposed a rule in February 2024 that would treat RIAs and ERAs as “financial institutions” under the Bank Secrecy Act.^[5]As such, these entities would be subject to broader AML/CFT program requirements, including the obligation to file suspicious activity reports when money laundering or fraud is suspected. The rule proposed on May 13 is intended to complement the February proposed rule and better insulate the U.S. financial system from unlawful activity.^[6]FinCEN proposed similar rules in 2015 and 2003; however, they were not enacted.^[7]

Under the May 13 proposed rule, each investment adviser’s CIP would have to meet certain minimum requirements. The CIP would have to be written and incorporated into the investment adviser’s overall AML/CFT program. It would require the collection of 1) customer names, 2) individual customers’ dates of birth and entity customers’ dates of formation, 3) customer addresses, and 4) customer identification numbers or alternative government-issued documentation. Investment advisers would need to verify this information, maintain records of how they did so and notify their customers about their verification procedures. Investment advisers would also have to compare customer names to government lists of known or suspected terrorists. Lastly, customer verification would have to occur “within a reasonable time before or after the customer’s account is opened.”^[8]

Notably, under the proposed rule, CIPs would only cover accounts that customers open. Therefore, accounts that are transferred, such as when an investment adviser obtains them through an acquisition, merger, purchase of assets or assumption of liabilities, would not be covered by this proposed rule. These accounts, however, could be covered by other AML/CFT regulations.^[9]

The proposed rule will be published on the SEC’s website and in the Federal Register. The public comment period will be open for 60 days after the rule is published in the Federal Register.^[10]

^[1]_{SEC, FinCEN Propose Customer Identification Program Requirements for Registered Investment Advisers and Exempt Reporting Advisers (May 13, 2024) (Press Release); Fact Sheet: Customer Identification Programs, FinCEN and SEC (May 13, 2024).}

^[2]_{Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers, to be codified at 31 CFR 1032 (May 13, 2024) at 6, 13, 14 (Proposed Rule).}

^[3]_{Press Release.}

^[4]_{2024 Investment Adviser Risk Assessment (Feb. 2024) at 1, 16.}

^[5]_{FinCEN Proposes Rule to Combat Illicit Finance and National Security Threats in Investment Adviser Sector (Feb. 13, 2024).}

^[6]_{Press Release.}

^[7]_{Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers, 80 Fed. Reg. 52680 (Sept. 1, 2015); Anti-Money Laundering Programs for Investment Advisers, 68 Fed. Reg. 23646 (May 5, 2003).}

^[8]_{Proposed Rule at 13 – 18, 25 – 27.}

^[9]_{Id. at 9.}

^[10]_{Press Release.}