Highly regulated financial firms operating in the United States are witnessing significant anti-money laundering (AML) legislative and regulatory changes with the passing of the National Defense Authorization Act of 2021 (NDAA) and rule changes proposed by the Financial Crimes Enforcement Network (FinCEN). One sector that has generally been absent of AML requirements are SEC registered investment advisors (IAs), hedge funds and private equity firms.
Historically, these types of firms have not been required to comply with the Bank Secrecy Act (BSA), as IAs are not covered in the definition of ‘financial institution’ in the BSA. While the NDAA does include some changes that impact IAs, namely surrounding the disclosure and registration of Ultimate Beneficial Owners (UBOs), the act remains silent regarding more specific AML requirements for these types of firms.
The History of Changing AML Requirements for IAs
FinCEN began to propose regulatory changes related to IAs beginning in 2002, shortly after the implementation of the US Patriot Act. Fast forward to August 2015, and the agency proposed specific rule changes that would require all IAs to register with FinCEN and be subject to the AML requirements of BSA. Since then, these proposed rules have remained categorized as “pending rulemakings” by FinCEN, but not withdrawn. The 2015 proposed rule changes also coincide with recommendations cited in a Mutual Evaluation Report (MER) of the US conducted by the Financial Action Task Force (FATF) in 2016 which states, “the regulatory framework has some significant gaps, including minimal coverage of certain institutions and businesses (investment advisers [IAs]…)”. The MER also assumes that the rule changes proposed in 2015 will become effective and notes, “Investment advisers will be directly subject to BSA AML/CFT obligations when legislation, in the process of being enacted at the time of the on-site, comes into force.” Furthermore, FATF’s follow-up to the MER in March 2020 acknowledges that the lack of AML regulations around investment advisors are still a concern, “a few minor technical gaps remain… IAs are still not directly covered by BSA obligations.”
As expected, the industry response to FinCEN’s proposed ruled changes is to increase AML regulatory requirements is generally disputed. Many argue that AML programs are already in place in most IA organizations in order to satisfy affiliated relationships with financial institutions such as banks, lenders, and brokers. In fact, FAFT also mentions this point in the 2020 follow up report, “While additional measures should continue to be taken for IAs, the IA sector is assessed to be relatively lower risks in light that there are few (if any) ML-related typologies, and in practice, a large percentage (over 54%) of IAs currently undertake AML/CFT obligations via affiliations with FIs that are subject to AML/CFT requirements, and with over 75% of IAs having some form of AML/CFT policies. Hence, from technical compliance perspective, this deficiency is given less weight in the US’ context.”
The FBI’s Recent Findings of IA AML Risk
Perhaps more support for the implementation of FinCEN’s rule changes is contained within a recently leaked FBI report in which four money laundering cases from 2017 through 2020 involving IAs are discussed, along with overall AML risk exposure within IAs. The report states,
“The FBI assumes AML programs are not adequately designed to monitor and detect threat actors’ use of private investment funds to launder money. Additionally, the FBI assumes threat actors exploit this vulnerability to integrate illicit proceeds into the licit global financial system. The FBI assesses, in the long term, criminally complicit investment fund managers likely will expand their money laundering operations as private placement opportunities increase, resulting in continued infiltration of the licit global financial system. If greater regulatory scrutiny compelled private investment funds to identify and disclose to financial institutions the underlying beneficial owners of investments, this would reduce the appeal of these investment firms to threat actors, at which time the FBI will re-visit this assessment.”
The FBI report revisits the issue for regulators and reinforces the idea that AML risk is present within the IA sector, despite some of the mitigating processes in place within many organizations.
What’s Next for IAs?
With continued money laundering scandals making headlines, it is safe to say that that AML is an ongoing focus for U.S. regulators. While the NDAA has addressed many of the main concerns for the overall financial industry, it may have not been enough to reduce risk related to IAs. The likelihood that some changes will occur for IAs is high, although not immediately since President Joe Biden issued a 60-day regulatory freeze to “ensure that the President’s appointees or designees have the opportunity to review any new or pending rules.” In the longer term, it should be expected that this issue arises with the current administration, especially considering new Treasury Secretary, Janet Yellen’s communicated priorities to tackle illicit finance.
Stay Ahead of the Regulations
AML risk has been clearly identified within the IA sector by both regulators and law enforcement. Although many proposed changes may simply formalize existing practices for many firms, it is important for organizations to plan early for the potential of increased regulatory scrutiny. Firms should consider bolstering AML programs to ensure that comprehensive know your customer (KYC) practices have been established, including improved customer identification programs, robust customer due diligence processes, and ongoing customer monitoring that includes adequate background searches and adverse media monitoring, where appropriate. Firms may consider focusing on a singular customer view to confirm that customer risk monitoring is proactive and complete.
While many IAs are experienced in leveraging alternative data sources to make business decisions, the use of technology to gather data can also aid in AML compliance programs. Technology such as artificial intelligence and machine learning make it possible for firms to automate compliance processes and proactively find risks across a variety of data sources, such as customer data, transactional data, and open-source data. In short, making an initial investment in RegTech at the start can lead to big returns in the future.