On May 13, 2024, the Financial Crimes Enforcement Network (FinCEN) and the US Securities and Exchange Commission (the SEC) took another step toward establishing a comprehensive anti-money laundering (AML) and countering the financing of terrorism (CFT) framework for investment advisers in the United States. Specifically, the agencies jointly issued a proposed Customer Identification Program (CIP) rule (the Proposed CIP Rule) that would require investment advisers to establish procedures for identifying and verifying the identity of their customers – to the same extent already required of banks, broker-dealers, and other types of financial institutions.
The Proposed CIP Rule follows, and builds upon, the proposed AML/CFT program rule (the Proposed Program Rule) for investment advisers released last February, which we discussed in an earlier blog post. A brief summary of and key takeaways from the Proposed CIP Rule are below.
Who Would be Covered?
The Proposed CIP Rule would apply to the same entities covered by the Proposed Program Rule: (i) SEC-registered investment advisers (RIAs); and (ii) exempt reporting advisers (ERAs) that are not registered with the SEC, but nonetheless are subject to periodic reporting requirements. Virtually all investment advisers of size in the United States fall within one of these two categories, and thus would be subject to CIP requirements for the first time if the Proposed CIP Rule is finalized.
What Would the Proposed CIP Rule Require?
If adopted, the Proposed CIP Rule would require RIAs and ERAs (together, covered advisers) to establish, document, and maintain written CIPs as part of their broader AML/CFT programs, with such CIPs largely mirroring the substantive scope and elements required under CIP rules that currently apply to other financial institutions (broker-dealers, for example). That is, a covered adviser’s CIP would be required to include risk-based procedures for collecting identifying information from customers and verifying such information through specified methods within a reasonable time thereafter. The covered adviser also would be required to provide notice to its customers, explaining that the information requested is required to assist the institution meet its AML/CFT compliance requirements.
Under the proposal, CIP obligations would be triggered when a customer opens an account with a covered adviser. For these purposes, an “account” means any formal, contractual, or other business relationship between a person and an investment adviser under which the adviser provides investment advisory services. Certain types of accounts are excluded from the definition of an “account”, however. Most notably, accounts acquired from third parties, including in the context of a merger or acquisition, are excluded.
A “customer” under the Proposed CIP Rule is any natural person or legal entity that opens a new account with a covered adviser, but certain exclusions apply. For example, the term “customer” does not include a person with control over an account who is not the ultimate owner of that account. Financial institutions, issuers of publicly-listed securities, governmental entities, and certain other types of entities also are not “customers” for these purposes.
For each customer of a covered adviser, the Proposed CIP Rule would require the institution to collect now-familiar identifying information: name, date of birth or formation; address; and taxpayer identification number (or foreign equivalent for non-US persons or entities). The adviser also would be required to deploy risk-based verification procedures for the information provided, and would be expected to consider on an ongoing basis whether any additional identifying information and/or verification methods would be appropriate to adopt going forward.
Verification of the collected identifying information could be completed via documentary and/or non-documentary methods. Suitable verifying documents could include, for individual customers, unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard. For legal entity customers, documents evidencing the existence of the entity, such as certified articles of incorporation, government-issued business licenses, partnership agreements, or trust instruments, may be suitable. Non-documentary verification methods may be appropriate if accounts are opened via telephone, mail, or over the internet. In these cases, the adviser may, for example, obtain financial statements to compare the identifying information obtained against relevant fraud, bad check databases, or other trusted third-party sources, such as credit reports from consumer reporting agencies or account verification databases.
Under the proposal, covered advisers would be required to maintain and store records evidencing their verification of customer identifying information over a general five-year post-account-closing retention period. Furthermore, advisers would be required to establish certain procedures so that covered advisers may determine whether their customers appears on any government list of terrorists or terrorist organizations. The Proposed CIP Rule also includes provisions on reliance on other financial institutions’ previous verification.
What are the next steps?
FinCEN and the SEC will accept comments on the Proposed CIP Rule, including in response to 18 specific questions the agencies have posed, until July 22, 2024. If adopted, the final rule would become effective 60 days after publication in the Federal Register, although covered advisers will likely be given six months from that date to develop and adopt compliance procedures. In all events, however, the agencies note that the Proposed CIP Rule will not take effect before the Proposed Program Rule comes into effect.
We will continue monitoring developments and provide additional updates as warranted.
