SEC and FinCEN extend customer identification program obligations to IAs

The new rule will require investment advisers to implement procedures to verify the identity of customers and maintain records supporting verification.

The proposed rule strengthens the anti-money-laundering/combating the financing of terrorism (AML/CFT) framework and seeks to prevent illicit finance activity in the investment adviser sector.

The rulemaking follows on from FinCEN’s earlier proposals to designate investment advisers as financial institutions under the Bank Secrecy Act (BSA). The new rule brings investment advisers in line with the requirements already applying to other financial institutions such as banks, broker-dealers and mutual funds.

According to FinCEN Director Andrea Gacki, the investment adviser sector has been exploited by criminal actors to access the US financial system and launder money and this new rule “would help investment advisers better identify and prevent illicit actors from misusing their services.”

SEC Chair Gary Gensler also believes that the new rule will “make it more difficult to use false identities to establish customer relationships with investment advisers” and help safeguard the US financial system by reducing the risk of its exploitation for illicit activity.

The new rule applies to:

  • SEC-registered investment advisers (RIAs); and
  • exempt reporting advisers (ERAs).

In brief, the new rule will require an investment adviser to incorporate a customer identification program (CIP), tailored appropriately to its size and business model, into its existing AML/CFT program.

“[This new rule] would help investment advisers better identify and prevent illicit actors from misusing their services.”

FinCEN Director Andrea Gacki

The CIP must include risk-based procedures to verify the identity of customers to an extent that is reasonable and practicable. This verification will need to occur “within a reasonable time before or after the customer’s account is opened,” which is intended to offer investment advisers a degree of flexibility “during the process of creating an advisory relationship with a customer.”

The following information, at a minimum, must be obtained by the investment adviser with respect to each customer:

  1. Name;
  2. Date of birth (individual) / date of formation (person other than individual);
  3. Address;
  4. Identification number
    1. TIN; or
    2. Passport number/country of issue; or
    3. Alien identification card number; or
    4. Other government-issued document evidencing nationality or residence.

Once the information has been obtained, the investment adviser will be required to verify its accuracy utilising either documentary or non-documentary methods with additional verification required for certain customers. The customer must be given notice of these identity verification procedures.

Recordkeeping procedures

The CIP will need to include recordkeeping procedures for making and maintaining records related to the verification of a customer’s identity including:

  • Identifying information about each customer; and
  • A description of the methods and results of the measures undertaken to verify the customer’s identity.

Any identifying information obtained about each customer will need to be retained while the customer’s account remains open and for five years after the date that the account is closed.

Information connected to the verification of a customer’s identity will need to be retained for five years after the record is made.

The CIP will also need to include procedures to check whether the customer appears on any federal government lists (eg OFAC) identifying known terrorists or terrorist organizations.  

An exemption is available for investment advisers to mutual funds where the mutual funds have already developed and implemented a CIP, making an investment adviser CIP redundant.

The public comment period will remain open for 60 days following the publication of the proposal in the Federal Register.

GRIP Comment

This new rule is part of a wider harmonization effort connected with AML/CFT and is intended to close any gaps in the US financial system regulatory perimeter.

The goal of CIP programs – as one component of a broader Know-Your Customer regime – is to ensure customers are who they say they are. Such programs are an important means of identifying and deterring instances of money laundering, terrorist financing, identity theft, and other financial crimes.

Many investment advisers will likely already have systems and processes in place to capture and retain the requisite information.

But for those that do not, or suspect their protocols will not withstand regulatory scrutiny, the time to act is now. Additional tools and people will almost certainly be required in order to comply with future regulatory obligations in this area.