Tools
Fintech Law Assistant
Services
Private FundsRegistered FundsSEC ComplianceStartupsRIAsDigital Assets & DEFIIntellectual Property RightsData & Privacy ComplianceRegTechBlockchain AdvisoryM&A AdvisoryAML ComplianceCFTC Compliance
Resources
BlogNewsletter
About
Meet The TeamOur Partnerships
Contact

Understanding the Proposed Rule on Customer Identification Programs for RIAs

˿All Blog Posts
Understanding the Proposed Rule on Customer Identification Programs for RIAs
June 2nd, 2024

The Securities and Exchange Commission (SEC), in collaboration with the Financial Crimes Enforcement Network (FinCEN), has proposed a new rule to enhance the regulatory framework for registered investment advisers (RIAs) and Exempt Reporting Advisers (ERAs). This rule aims to implement Customer Identification Programs (CIPs) in accordance with the Bank Secrecy Act (BSA) and the USA PATRIOT Act of 2001. This blog post will comprehensively overview this proposed rule and its anticipated impact on RIAs.

Background

The proposed rule is part of a broader initiative to combat money laundering and terrorist financing. The Bank Secrecy Act (BSA), enacted in 1970, requires financial institutions to assist U.S. government agencies in detecting and preventing money laundering. The USA PATRIOT Act of 2001 further strengthened these requirements, mandating financial institutions to implement Customer Identification Programs (CIPs).

Historically, RIAs have not been explicitly included under the BSA's definition of “financial institution.” However, this proposed rule seeks to change that by designating certain investment advisers as financial institutions under the BSA, thereby subjecting them to AML/CFT program requirements and other BSA obligations.

Key Provisions of the Proposed Rule

1. Definition of Account and Customer

  • Account: Any contractual or business relationship between a person and an investment adviser under which the adviser provides investment advisory services. This includes accounts opened for participating in an employee benefit plan under ERISA.
  • Customer: A person who opens a new account with an investment adviser, excluding financial institutions regulated by federal functional regulators, state banks, and certain government entities and publicly listed companies.

2. CIP Requirements

The proposed rule mandates that each RIA establish, document, and maintain a written CIP as part of its broader AML/CFT program. The CIP must be appropriate for the size and business of the RIA and include:

  • Identity Verification Procedures: Risk-based procedures to verify the identity of customers within a reasonable time before or after account opening. This includes obtaining minimum identifying information such as name, date of birth, address, and identification number.
  • Verification Methods: Use of documentary methods (e.g., government-issued IDs) and non-documentary methods (e.g., credit reports, financial statements) to form a reasonable belief of the customer's true identity.
  • Handling Lack of Verification: Procedures for responding when the RIA cannot form a reasonable belief that it knows the true identity of a customer, including possibly not opening the account, restricting account activities, or closing the account.
  • Recordkeeping: Maintenance of records related to the identity verification process for five years after closing the account.
  • Comparison with Government Lists: Procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations provided by a federal government agency.

3. Reliance on Other Financial Institutions

The rule allows RIAs to rely on other financial institutions' performance of CIP obligations, provided certain conditions are met, including reasonable reliance, regulation under an AML/CFT program, and annual certification of compliance.

Impact on RIAs

Increased Compliance Obligations

The proposed rule will significantly increase the compliance burden on RIAs by requiring them to develop and implement comprehensive CIPs. This includes the need for enhanced recordkeeping, ongoing monitoring, and regular updates to ensure compliance with evolving regulatory requirements.

Operational Changes

RIAs will need to integrate new identity verification procedures into their existing workflows. This may require investment in new technology and training for staff to handle the additional compliance responsibilities effectively.

Risk Management

By mandating risk-based procedures for identity verification, the rule encourages RIAs to adopt a more proactive approach to risk management. This can help RIAs better understand and mitigate the risks associated with money laundering and terrorist financing.

Reputation and Trust

Implementing robust CIPs can enhance the reputation and trustworthiness of RIAs. Clients and stakeholders are likely to view RIAs with stringent compliance measures as more reliable and secure, which can be a competitive advantage.

Challenges and Considerations

Cost of Compliance

RIAs, particularly smaller firms, may face significant costs associated with implementing and maintaining CIPs. These include costs related to technology, training, and possibly hiring additional compliance personnel.

Complexity of Implementation

The rule's requirements are comprehensive and may be complex to implement, especially for firms that lack prior experience with AML/CFT regulations. RIAs will need to ensure that their procedures are not only compliant but also practical and effective in preventing illicit activities.

Ongoing Monitoring and Updates

The dynamic nature of AML/CFT threats means that RIAs must continually update their CIPs to address new risks and regulatory changes. This requires a commitment to ongoing monitoring and continuous improvement of compliance programs.

Conclusion

The SEC and FinCEN's proposed rule on Customer Identification Programs marks a significant step toward strengthening the regulatory framework for RIAs. While it presents certain challenges, particularly in compliance costs and complexity, it also offers substantial benefits in enhanced risk management, reputation, and trust.

RIAs should begin preparing for these changes by assessing their current compliance programs, identifying gaps, and developing strategies to meet the new requirements. By doing so, they can ensure compliance and position themselves as leaders in the fight against money laundering and terrorist financing.

For more detailed information, you can refer to the press release or full text of the proposed rule.

About the Author

Bo Howell is a corporate and securities lawyer based in Cincinnati, Ohio, specializing in financial services companies, including SEC-registered investment advisers and investment companies. As the founder of FinTech Law, Bo is a thought leader in fintech and legal tech, regularly speaking on behalf of smaller companies in Washington, DC. With a strong background in designing AI and machine learning applications, Bo aims to be the premier thought leader in these fields. In addition to his legal expertise, Bo is an entrepreneur and martial artist, holding a black belt in taekwondo. For more insights, visit www.fintechlegal.io.

Share This Blog Post