The article on investment funds and their exposure to anti-money laundering/counter-terrorist financing (AML/CTF) risks, published in ACAMS Today  in 2021,¹ discusses venture capital firms and private equity funds and how these face AML risks throughout a fund’s lifecycle—from fundraising and investing, to their exit. Financial crime could be linked to the fund’s investors, their source of wealth, and/or their portfolio companies and other third parties, including co-investors.² In addition, it also mentions how investors’ funds are often pooled into one account, so it is important to be familiar with the co-investors to avoid being implicated in commingling funds. Non-institutional investors (e.g., family offices), who are also significant players in this sector alongside institutional investors, are likely to pose a greater money laundering risk due to complicated ownership structures and trust arrangements, which makes it difficult to identify the ultimate beneficial owner(s), particularly the beneficiaries of trust arrangements. Risks linked to venture capital and private equity investments themselves, such as in portfolio companies, also exist depending on the nature of their business. Examples of these risks include companies that have historically underpaid taxes, operated without a license (a criminal offence), paid bribes to win contracts, or come under regulatory scrutiny (e.g., a financial technology company that is an obliged entity under the money laundering act).

Since the implementation of the European Union’s (EU) Fifth AML Directive in 2020, investment funds and investment advisers have been defined as obliged entities under the EU AML/CTF regime³ and subject to increased regulatory scrutiny across the EU since then. To date, investment funds and investment advisers registered in the US remain out of the scope of the US Money Laundering Act of 2020 and the Corporate Transparency Act in terms of ownership disclosure.⁴

Since the USA PATRIOT Act was passed, multiple rules have been proposed that would have required some investment advisers to apply AML/CTF requirements. In 2002, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published a proposal to require unregistered investment companies, including private funds, to establish AML/CTF programs. This was followed by consultations in 2003 and 2015. The proposed rule, however, would only have included Securities and Exchange Commission (SEC)-registered investment advisers (RIAs) within the definition of “financial institution” (FI) under the Bank Secrecy Act (BSA) and thus requiring them to implement an AML/CTF program but would not have included SEC-exempt reporting advisers (ERAs) in the scope of the rule nor would it have established minimum customer identification program (CIP) requirements. Given that smaller private equity firms with under 150 million dollars in assets under management and most venture capital firms are typically ERAs, this would have resulted in them being out of scope.⁵

In early 2024, however, the Treasury Department’s risk assessment identified significant national security risks, including cases where sanctioned individuals and foreign adversaries had utilized investment advisers, including ERAs, to invest in US assets and access sensitive information. It noted that, despite some advisers voluntarily applying AML/CTF measures, the lack of comprehensive regulations left the sector vulnerable.⁶

As a result, in February 2024, the Treasury Department announced a new proposed rule requiring RIAs and ERAs to comply with AML/CTF measures under the BSA in an attempt to reduce the sector’s exposure to money laundering/terrorist financing risks by making it more resilient to attempts to exploit the investment advisory industry for illicit activities including sanctions circumvention.⁷

In order to further strengthen the proposed rule mandating the implementation of risk-based AML/CTF programs, FinCEN and the US SEC jointly issued a notice of proposed rulemaking in May 2024 that would require investment advisers to establish, document and maintain a written CIP.⁸

Both RIAs and ERAs would be subject to the rule, while state-registered advisers, state-exempt reporting advisers and non-US advisers who are not RIAs or ERAs would not be subject to the rule.

Obliged Entities

According to FinCEN’s rule proposal, RIAs and ERAs would be included among those businesses classified as an “FI” under the BSA⁹ and thus subject to the same AML/CTF requirements based on a risk-based AML/CTF program and including a CIP in line with the nature, size and risk exposure of the business. At a minimum, this would require investment advisers to implement reasonable procedures for:

• The verification of the identity of any person seeking to open an account to the extent that is reasonable and practicable.
• The maintenance of the information used to verify the person’s identity, including name, address and other identifying information.
• The determination of whether the person appears on any lists of known or suspected terrorists or terrorist organisations issued by any government agency.

Under this provision, the investment adviser would be ultimately responsible for employing verification methods that enable the adviser to form a reasonable belief that it knows the true identity of the customer.

FinCEN and the SEC recognize that identification documents, including those issued by a government entity, may be obtained illegally and may be fraudulent. In light of the recent increase in identity theft, investment advisers would be encouraged to use nondocumentary methods as well, even when an investment adviser has received identification documents from the customer. In addition, investment advisers are encouraged to consider using both documentary and nondocumentary verification methods and should consider on a regular basis whether their procedures for identity verification are appropriate. As in the EU, the proposed rule, therefore, requires customer identification and verification as well as know your customer (KYC) screening (termed via nondocumentary means). Both documentary and nondocumentary verification methods and when such methods will be employed in addition to, or instead of, verification through documents should be outlined in the CIP.

The investment adviser’s procedures must take into account circumstances where there may be problems authenticating documents and the inherent limitations of certain documents as a means of identity verification. These limitations would affect the types of documents that would be necessary to establish a reasonable belief that the investment adviser knows the true identity of the customer and would require the use of nondocumentary methods in addition to documents under some circumstances. Nondocumentary methods can also be used to ensure that there is logical consistency in the information provided by the customer and that other documentary evidence research is independently done.

Table 1 below sets out the official documents that must be requested and also outlines nondocumentary methods that can be adopted, whereby this list is not exclusive.

Table 1: Official Documents and Nondocumentary Methods for Obliged Entities

Figures and Current State of Implementation

As of October 2023, there were 14,914 RIAs and 5,546 ERAs with roughly 114 trillion dollars in assets under management and additional gross assets of 5.2 trillion dollars, respectively, registered in the US. The SEC identified 276 RIAs and 113 ERAs that would be defined as small entities¹⁰ under the Regulatory Flexibility Act but would also be subject to the proposed rule.

The most recent Investment Management Compliance Testing Survey (2016 IMCTS Survey) that collected information from approximately 700 RIAs on their existing implementation of AML/CTF measures found that as of 2016, approximately 40% of RIAs had already adopted AML/CTF policies. An additional 36% of RIAs adopted some AML/CTF policies and procedures, but those were generally not in line with the Second Proposed Investment Adviser Rule.¹¹ Therefore, some 76% of RIAs have at least some AML/CTF measures in place. While this survey did not ask a question about CIPs specifically, it is possible that some advisers did have a CIP as part of their AML/CTF policies and procedures. Similar information was not available for ERAs.

As in Europe, some US investment advisers currently outsource some or all of the work needed for investment advisers or third-party firms that assist investment advisers in complying with their regulatory responsibilities and contractual obligations (e.g., fund administrators or external money laundering reporting offices). The 2023 IMCTS Survey found that 38% of RIAs use a third party to perform compliance functions.¹²

Timelines

FinCEN and SEC anticipate that the effective date of the proposed rule will be 60 days after the date on which the final rule is published in the Federal Register. In order to provide time for investment advisers to come into compliance, the compliance date by which an investment adviser would be required to comply is six months. Written comments on the notice of joint proposed rulemaking (NPRM) must be submitted on or before 22 July 2024.

Outlook

This rule is indeed an important step in ensuring the security and resilience of the financial sector, which plays a fundamental role in our economies by financing innovative startups, improving operational efficiency, facilitating growth and enabling business succession. Implementing a risk-based CIP or KYC program can support organisations not only in meeting the AML/CTF requirements but also in gaining a strategic advantage and protecting their reputation.

Alignment of CIP and KYC requirements between the EU and the US would be a great advantage and facilitate a smoother onboarding of investors across both continents if common standards exist. Given that the new EU supervisory authority is currently drafting guidance for the implementation of the newly passed EU AML/CTF Regulation, this would be an opportune moment to align on the fundamental documentary and screening requirements via international public-private partnerships.¹³

Given that EU investment funds have implemented AML/CTF programs due to regulatory scrutiny, and in particular CIP/KYC programs, to meet the specific requirements of the industry, these are indeed quite different to those of traditional FIs. Moreover, an exchange on accepted best practices, could support US funds in their endeavour to put in place effective and efficient AML/CTF programs.

Jennifer Hanley-Giersch, CAMS-Audit, managing partner, Berlin Risk Advisors GmbH,

1. Jennifer Hanley-Giersch, “Investment Funds and AML,” ACAMS Today Europe May-June 2021, 20 May 2021, https://www.acamstoday.org/investment-funds-and-aml/
2. Ibid.
3. Ibid.
4. Jennifer Hanley-Giersch, “Investment Funds and the U.S. Corporate Transparency Act,” ACAMS Today, 23 September 2021, https://www.acamstoday.org/investment-funds-and-the-u-s-corporate-transparency-act/
5. Stacy Byrd Thomas, Amanda Barbour Fantauzzo and Bradley Van Buren, “Exempt Reporting Advisers and SEC Scrutiny,” Holland & Knight, 11 October 2022, https://www.hklaw.com/en/insights/publications/2022/10/exempt-reporting-advisers-and-sec-scrutiny
6. “Fact Sheet: Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers Notice of Proposed Rulemaking (NPRM),” Financial Crimes Enforcement Network, 13 February 2024, https://www.fincen.gov/news/news-releases/fact-sheet-anti-money-laundering-program-and-suspicious-activity-report-filing
7. Ibid.; “Financial Crimes Enforcement Network: Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers,” Federal Register, 15 February 2024, https://www.federalregister.gov/documents/2024/02/15/2024-02854/financial-crimes-enforcement-network-anti-money-launderingcountering-the-financing-of-terrorism
8. “Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers,” Financial Crimes Enforcement Network and the Securities and Exchange Commission, https://www.sec.gov/files/rules/proposed/2024/bsa-1.pdf
9. “The Bank Secrecy Act,” Financial Crimes Enforcement Network, https://www.fincen.gov/resources/statutes-and-regulations/bank-secrecy-act
10. Small entities are those (1) with assets under management having a total value of less than 25 million dollars; (2) did not have total assets of 5 million dollars or more on the last day of the most recent fiscal year; and (3) do not control, are not controlled by, and are not under common control with another investment adviser that has assets under management of 25 million dollars or more, or any person (other than a natural person) that had total assets of 5 million dollars or more on the last day of its most recent fiscal year (“small adviser”). Please see: “Customer Identification Programs for Registered Investment Advisers and Exempt,” Financial Crimes Enforcement Network and the Securities and Exchange Commission, p.73, https://www.sec.gov/files/rules/proposed/2024/bsa-1.pdf
11. Replaced with the current “Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers,” FINCEN, 13 February 2024, https://www.fincen.gov/resources/statutes-regulations/federal-register-notices/anti-money-launderingcountering-financing
12. “Results: 2023 Investment Management Compliance Testing Survey,” Investment Adviser Association, https://www.investmentadviser.org/wp-content/uploads/2023/07/IMCT-Final-Report.pdf
13. “Anti-money laundering: Council adopts package of rules,” European Council and Council of the European Union, 30 May 2024, https://www.consilium.europa.eu/en/press/press-releases/2024/05/30/anti-money-laundering-council-adopts-package-of-rules/