Only You (Investment Advisers)! Can Prevent Money Laundering

If you are an investment manager and you significantly and repeatedly outperform the market, your investors will lavish you with righteous praise and your firm will shower you with well-deserved riches.

If you are a legal and compliance advisor to an investment manager and you doggedly and effectively work on a daily basis for years to meet regulatory requirements and minimize the organization’s risk, will the same be true?

If it were up to me, you would get all of those things and a ticker tape parade. But, in the real world, I wouldn’t hold your breath.

Few areas of regulatory compliance are as tricky and thankless as the web of anti-money laundering (AML), know your customer (KYC), and related financial crimes laws and rules.

This is true for a few reasons:

• The government thinks (and most would agree) that it is very bad when very bad actors are permitted to do very bad things by using your financial tools, products, or platforms.
• It is very expensive to maintain a robust compliance program (in recent years, total annual compliance spend in this area has exceeded $200 billion worldwide).
• Even if you have a robust and expensive compliance program, it is very hard to report and/or prevent all potentially illicit activity on your platforms.
• While the law recognizes that it is very hard to report and/or prevent all potentially illicit activity, individual regulators may nevertheless be very happy to second-guess the adequacy of your compliance efforts.

There are many flavors of financial crimes compliance missteps. At the top of the list, banks that knowingly do lots of business with organized crime or sanctioned state actors are subject to billions of dollars in fines and criminal sanctions.

Lower on the severity scale, the SEC and FINRA have brought a series of recent civil actions against broker-dealers (including those dually-registered with investment advisers) for failing to file suspicious activity reports (SARs) or failing to establish a reasonable AML program.

Investment advisers are neither banks nor brokers, and they have historically not been directly subject to the same financial crimes compliance requirements (although, if they are affiliated with regulated entities, they may have had significant contact with AML compliance activities). (On that note, and in a portent of things to come, the SEC sued an investment adviser late last year for “causing” mutual funds managed by the adviser to fail to have a reasonable AML program.)

In February 2024, in a long-awaited move, the Treasury Department's Financial Crimes Enforcement Network (FinCEN) proposed to subject investment advisers to the Bank Secrecy Act’s (BSA) AML and SAR filing requirements.

If adopted, the proposal would impose significant and potentially costly new compliance requirements on investment advisers, including managers of venture capital, private equity, and hedge funds.

Some investment advisers already operate voluntary AML/KYC programs; others do not. Regardless, a voluntary program often does not look identical to a mandatory program sufficient to stand up to scrutiny from government examiners and enforcement lawyers.

Let’s look at the proposed rules and what they may mean for investment advisers.

Understanding the Proposed FinCEN Rules

This is not the first time FinCEN has proposed to bring investment advisers under the BSA tent. FinCEN proposed rules for private funds in the early 2000s and then made a similar proposal in 2015 regarding registered investment advisers (RIAs), but neither proposal reached the finish line.

Why the renewed focus in 2024?

In its proposal, FinCEN implied that the timing is right for two main reasons. First, the private funds industry has become more prominent and systematically important over the past decade. As FinCEN noted in the proposal:

Private funds play an increasingly important role in the financial system and continue to grow in size, complexity, and number. For example, hedge funds engage in trillions of dollars in listed equity and futures transactions each month. Private equity and other private funds are involved in mergers and acquisitions, non-bank lending, and corporate restructurings through leveraged buyouts and bankruptcies. Venture capital funds provide funding to start-ups and early-stage companies. There are approximately 5,500 RIAs who advise more than $20 trillion in private fund AUM.

Does this justification for increased regulation of private fund advisers sound familiar? It should. The SEC made very similar points in support of its final private fund adviser rules (currently under attack in the federal courts).

Second, FinCEN highlighted various ways in which private funds have been exploited by criminals and sanctioned state actors. According to the proposal:

...the investment adviser industry has served as an entry point into the U.S. market for illicit proceeds associated with foreign corruption, fraud, and tax evasion. Second, certain advisers manage billions of dollars ultimately controlled by Russian oligarchs and their associates who help facilitate Russia's illegal and unprovoked war of aggression against Ukraine. Third, certain RIAs and ERAs and the private funds they advise are also being used by foreign states, most notably the People's Republic of China (PRC) and Russia, to access certain technology and services with long-term national security implications through investments in early-stage companies.

FinCEN’s proposal would apply the BSA’s SAR and AML program requirements to both RIAs and exempt reporting advisers (ERAs). However, the government specifically requested public comment on whether the proposed definition of investment advisers is overbroad. So there is at least some possibility for definitional carve-outs if industry participants can make a compelling case for revisions. But move fast – comments are due by April 15, 2024.

If the rules are adopted as proposed, what would they require? Here are some of the key features:

• Program adoption and design: Under the rules, investment advisers would be required to implement an AML program including policies and procedures reasonably designed to prevent financial crimes, training, and customer due diligence. The rules recognize that programs can be tailored to the unique risks faced by each investment adviser. Still, if past activity is any guide, these requirements would create numerous openings for the government to take issue with the adequacy of your program.
• SAR filings: Investment advisers would be required to file SARs for transactions that, among other things, have no business or apparent lawful purpose. Depending on the nature and scope of your business and the universe of transactions subject to monitoring, this requirement may be significant.
• Delegation: In the proposal, FinCEN acknowledged that it may be appropriate for investment advisers to delegate AML program administration to third parties, such as fund administrators. However, the government was clear that this will not insulate advisers from ultimate legal responsibility for the program. Choose third-party service providers carefully and, among other things, make sure that they have robust recordkeeping procedures.

Significantly, FinCEN’s proposal did not address customer identification or verification, which are hefty components of a typical AML compliance program. However, this requirement is on the regulatory roadmap, with more rulemaking promised in the future.

Risk Management Considerations

For investment advisers with numerous clients and little preexisting AML compliance infrastructure, the burden of developing and maintaining an adequate program may be significant.

FinCEN plans to delegate exam oversight under the new rule to the SEC. Given this, the SEC’s recent AML risk alert for broker-dealers may be instructive for investment advisers looking to build a compliant program and avoid a deficiency letter or enforcement referral in a future exam.

Drawing on observations from its broker-dealer exams, the SEC highlighted certain common deficiencies:

• Brokers did not appear to devote sufficient resources, including staffing, to AML compliance given the volume and risks of their business.
• Brokers did not consistently implement written policies, procedures, and controls.
• Brokers did not conduct independent testing, did not conduct independent testing tailored to their environment, and/or failed to adequately follow up on the results of the independent testing.
• Training materials were not updated based on changes in the law and/or not all personnel attended training.
• Brokers did not adequately verify the beneficial ownership of legal entities (while this requirement would not apply to investment advisers under the proposed rule, FinCEN has telegraphed that it will be addressed in future rulemaking).

To my eye, the risk alert basically says: “Follow the rules as interpreted by the SEC staff.” Easier said than done. For investment advisers, it will be critical to find experienced and technically proficient AML compliance personnel—whether by bringing them on board internally or by using highly competent external service providers. In-house legal expertise in the financial crimes function would also be nice to have. This is hard stuff to get right and you want to have a strong team on the job.

Can insurance help to mitigate future AML compliance risks for investment advisers? It won’t help with any future SEC exams or enforcement penalties; both are routinely excluded from coverage.

If you are facing an enforcement investigation, however, your defense costs may be covered under a general partnership liability and/or errors and omissions policy.

Policy language varies; make sure that you have best-in-class coverage so that you can at least dampen the blow from an expensive investigation.