Twenty-three years after the USA PATRIOT Act authorized the Secretary of the Treasury to prescribe regulations that require financial institutions to maintain a Customer Identification Program (CIP), the U.S. Securities and Exchange Commission (SEC) and the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) have issued a joint notice of proposed rulemaking seeking to require SEC-registered investment advisers and exempt reporting advisers (collectively, investment advisers) to institute CIPs (the CIP Proposed Rule). The CIP Proposed Rule follows FinCEN’s recent notice of rulemaking to establish anti-money-laundering (AML) and counter-terrorist financing (CTF) compliance requirements for investment advisers. It appears that the regulators believe the time has come for investment advisers to bear the burden of more prescriptive rulemaking to assist the federal government in its AML and CTF efforts.
If enacted as proposed, the CIP Proposed Rule would require investment advisers to dedicate considerable resources to establish and execute a CIP complaint program. Specifically, while many advisers maintain AML policies with elements of CIPs as a best practice, the CIP Proposed Rule would require a prescriptive mechanism for advisers to confirm the identity of every client, record such verifications, and inform clients about these verification activities. Despite the fact that many of the activities that would be required of investment advisers under the CIP Proposed Rule duplicate reviews and activities of the account custodians that hold the funds and securities of the investment advisers’ clients, advisers would still be required to develop their own policies and procedures and retain separate records under the CIP Proposed Rule if the activities are undertaken by others, a significant departure from many advisers’ current practices. Notably, while the CIP Proposed Rule would cover private funds as customers of the investment adviser, the proposal would not require investment advisers to collect the information of those invested in such funds.
Customer Accounts — CIP Requirement
For the most part, the CIP Proposed Rule mirrors the CIP regulation that applies to other financial institutions. Specifically, investment advisers will need to obtain the (1) name, (2) date of birth for an individual or the date of formation for any person other than an individual, (3) address, and (4) identification number of customers that open an account. As is the case with the CIP regulation that applies to mutual funds, the CIP Proposed Rule for investment advisers will not require collection of such information directly from the customer.
The definitions of “customer” and “account” are much broader than investment advisers contemplate currently. Indeed, in the CIP Proposed Rule, the regulators have asked for comment on the definitions of “account” and “customer.” Given the wide range of relationships investment advisers have that are contemplated to be potentially covered for CIP, providing comment on the threshold question of who a customer is and what an account is in the context of an investment adviser may be critical.
Who Is the Customer?
Under the CIP Proposed Rule, a customer is a person — including a natural person or a legal entity — who opens a new account with an investment adviser. This means the person identified as the accountholder.1
The proposed definition of customer does not include (1) individuals with authority or control over the accounts, if such persons are not the accountholders; (2) persons who fill out the account opening paperwork or provide information necessary to set up an account but are not the accountholder; and (3) a financial institution regulated by a federal functional regulator or a bank regulated by a state bank regulator; certain government entities; certain persons (other than banks) that are publicly listed on U.S. securities exchanges or certain subsidiaries of persons listed on U.S. securities exchanges; or persons that have an existing account with the investment adviser, provided the investment adviser has a reasonable belief that it knows the true identity of the person.
Investment advisers should be careful not to miss the fact that the CIP Proposed Rule expects the investment adviser’s CIP to address situations where, based on the investment adviser’s risk assessment, it may need to take additional steps to verify the identity of the customer that is not an individual by seeking information about individuals with authority or control over the account or may need to look through the account in connection with the customer due diligence procedures described in the proposed AML/CTF Program and SAR Proposed Rule.
What Is an Account?
An account is defined in the CIP Proposed Rule as “… any contractual or other business relationship between a person and an investment adviser under which the investment adviser provides investment advisory services.” This is a very broad definition, and investment advisers must think beyond traditional definitions of “account” and look across their business to assess whether the CIP Proposed Rule would apply to other nontraditional investment advisory relationships. Notably, the CIP Proposed Rule does not exclude employee benefit plans established pursuant to the Employee Retirement Income Security Act plans.
Despite the breadth of the proposed definition of “account,” it excludes accounts acquired through an acquisition, merger, purchase of assets, or assumption of liabilities. However, in the “supplementary information” portion of the CIP Proposed Rule, the SEC and FinCEN note that investment advisers may need to implement reasonable procedures to detect money laundering in any account, however acquired, if they are already subject to an AML/CTF program requirement, such as in the case of a dual broker-dealer / investment adviser registrant. In those situations, an investment adviser would need to consider whether additional steps to verify customer accounts would be appropriate, based on its assessment of the relevant risks to comply with its AML/CTF program requirements.
Verification
The CIP Proposed Rule contemplates that investment advisers will verify the information they receive either through documentary or nondocumentary methods. Essentially, an investments adviser will need to establish risk-based procedures to verify the accuracy of the information to reach a point where it can form a reasonable belief that it knows the identity of the customer. The timing for identity verification may vary with the type of customer, how the account is opened, or the type of identifying information that is available; however, the CIP Proposed Rule requires it to be within “a reasonable time before or after the customer’s account is opened.”
Investment advisers will have to address both documentary and nondocumentary verification methods in their CIP. Specifically, investment advisers’ CIP will need to describe when it will use nondocumentary, documentary, or both methods. Indeed, when the investment adviser’s risk assessment demonstrates a heightened risk, the investment adviser should ensure that its verification procedures are in line with that heightened risk.
FinCEN and the SEC are proposing to require (1) that an investment adviser identify customers that are not individuals that pose a heightened risk of not being properly identified and (2) that an investment adviser’s CIP prescribe additional measures that may be used to obtain information about individuals with authority or control over the account to verify the customer’s identity when standard documentary or nondocumentary methods prove insufficient. Furthermore, an investment adviser need not undertake any additional verification methods with respect to a potential customer in this circumstance if it chooses not to permit the potential customer to open an account.
Under the CIP Proposed Rule, investment advisers will need to also have procedures that describe when the investment adviser should not open an account; the terms under which the investment adviser may provide advisory services to the customer while the investment adviser attempts to verify the customer’s identity; when the investment adviser should close an account after attempts to verify a customer’s identity fail; and when the investment adviser should file a SAR in accordance with applicable law and regulation.
Reliance Agreements
The CIP Proposed Rule does recognize that investment advisers may rely on certain other financial institutions to perform CIP. However, any reliance will need to be documented in a written agreement and provide several key components. First, the reliance must be reasonable under the circumstances. Second, the other financial institution is required to maintain an AML/CTF program under the Bank Secrecy Act and must be regulated by a federal functional regulator. Third, the other financial institution must enter into a contract with the investment adviser requiring it to certify annually to the investment adviser that it has implemented an AML/CTF program and will perform (or its agent will perform) the specified requirements of the investment adviser’s CIP.
Importantly, the CIP Proposed Rule provides that the investment adviser would not be held responsible for the failure of the other financial institution to fulfill adequately the adviser’s CIP responsibilities, provided that the investment adviser can establish that its reliance was reasonable and that it has obtained the requisite contracts and certifications.
Recordkeeping and Notice
Not surprisingly, the CIP Proposed Rule sets forth recordkeeping obligations and related record retention periods designed to demonstrate compliance. Investment advisers will also have to check customer information against U.S. government lists (e.g., the lists circulated by Treasury’s Office of Foreign Assets Control) as part of their CIP obligations. Finally, investment advisers will be required to provide customers a notice that the investment adviser is requesting identifying information to comply with the CIP regulation, and a form of notice is provided in the CIP Proposed Rule.
While the information that an investment adviser would be required to obtain under the CIP Proposed Rule should not be difficult to obtain, the CIP Proposed Rule casts a wide net of potential customers. The definitions of both “customer” and “account” present a potential for a large set of relationships that investment advisers may need to consider for CIP purposes. Providing comments under the CIP Proposed Rule offers a way to encourage the SEC and FinCEN to narrow these terms, which may help investment advisers avoid pitfalls around who is a customer and what is an account if the CIP Proposed Rule is adopted as it has been proposed.
1 Except in the case of an individual who lacks legal capacity, such as a minor, and nonlegal entities, in which case the customer would be the individual who opens the new account for a minor or nonlegal entity. In addition, there would be no requirement to look through a trust or similar account to its beneficiaries. Instead, the registered investment adviser/exempt reporting adviser would be required only to verify the identity of the named accountholder.
Attorney Advertising—Sidley Austin LLP is a global law firm. Our addresses and contact information can be found at www.sidley.com/en/locations/offices.
Sidley provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship. Readers should not act upon this information without seeking advice from professional advisers. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships as explained at www.sidley.com/disclaimer.
© Sidley Austin LLP