Skip to main content

Nixon Peabody LLP

Alert / Securities

Proposed SEC and FinCEN rule requiring Customer Identification Programs for Registered and Exempt Reporting Advisers

May 15, 2024

By Matthew Bobrow and John Partigan

The proposed rules for RIAs and ERAs would largely mirror the customer identification programs currently required for other regulated financial institutions in the United States.

What’s the impact?

  • The proposed rules aim to limit bad actors’ ability to use the investment adviser industry as an entry point into the US market.
  • RIAs and ERAs would be required to notify clients about the verification process—SEC and FinCEN included a sample customer notice in the proposed rule.
  • A public comment period will remain open for 60 days after publication in the Federal Register.

DOWNLOAD

Proposed SEC and FinCEN rule requiring Customer Identification Programs for Registered and Exempt Reporting Advisers (PDF)

On May 13, 2024, the Securities and Exchange Commission (the SEC) and the US Department of the Treasury’s (the DOT’s) Financial Crimes Enforcement Network (FinCEN) issued a joint notice of proposed rulemaking (NPRM) to apply CIP obligations to certain Registered Investment Advisers (RIAs) or Exempt Reporting Advisers (ERAs) (implementing section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (the USA PATRIOT Act)).[1] The proposed rule would require RIAs and ERAs to, among other things, establish, document, and maintain a written customer identification program similar to the CIPs required by other financial institutions already covered by the Bank Secrecy Act (the BSA) such as registered broker-dealers and banks.

What is the goal of the new proposed rule?

The proposed rule seeks to prevent money laundering and other illicit finance activity involving the customers of RIA or ERAs by strengthening the AML/CFT framework for the investment adviser sector. The US Treasury Department conducted a risk assessment that identified that the investment adviser industry has served as an entry point into the US market for illicit proceeds associated with foreign corruption, fraud, tax evasion, and other criminal activities.

This rulemaking, if finalized, would make it more difficult for criminal, corrupt, and illicit actors to (i) use RIA or ERAs as an entry point into the US financial system, or (ii) use false identities to establish customer relationships with RIA or ERAs for the purposes of laundering money, financing terrorism, or engaging in other illicit finance activity.

Is this connected to the other proposed rule that impacts RIAs and ERAs?

Yes. On February 15, 2024, there was a separate proposed rule (the AML/CFT Program and SAR Proposed Rule) to designate certain RIAs and ERAs as “financial institutions” under the BSA and subject them to anti-money laundering/countering the financing of terrorism (AML/CFT) program requirements and Suspicious Activity Report (SAR) filing obligations, as well as other BSA requirements.[2] Assuming the AML/CFT Program and SAR Proposed Rule is finalized, the CIP requirements discussed below can become effective. We discuss the other proposed rule in our March 2024 alert that outlined the proposed FinCEN AML/CFT rules.

Who does the new proposed rule apply to?

The AML/CFT Program and SAR Proposed Rule, and the new rule proposed, would only apply to RIAs and ERAs.

What would the new proposed rule require?

The new proposed regulation will, among other things, require RIAs and ERAs to:

  • Obtain certain identifying information with respect to each customer, such as the customer’s name, date of birth or date of formation, address, and identification number, other than an existing customer account where the investment adviser has a reasonable belief that it knows the true identity of such existing customer;
  • Implement reasonable procedures to identify and verify the identities of their customers to the extent reasonable and practicable within a reasonable time before or after the customer’s account is opened and form a reasonable belief that it knows the true identity of each person when they open an account and become a customer;
  • Maintain records of the information used to verify their identity for five years;
  • Consult lists of suspected terrorists and terrorist organizations to be designated by the US Treasury in consultation with other federal government regulators; and
  • Notify customers that the adviser is requesting information to verify their identities.

Together, these actions will be considered the RIA or ERA customer identification program or CIP. The CIP and its risk-based procedures would be based on the RIA’s or ERA’s assessments of the relevant risks including those presented by:

  • The types of accounts;
  • The methods of opening accounts;
  • The types of identifying information available;
  • The RIA or ERA size, location, customer base, and services and transactions offered or performed;
  • The types of money laundering and terrorist financing activities present in the respective jurisdiction;
  • Whether account opening occurs in-person or online; and
  • Reliance on third-party firms (including other investment advisers, broker-dealers, or funds) for identity verification procedures.

What needs to be done after collecting identifying information from the client?

The RIA or ERA would be required to follow risk-based procedures to verify the accuracy of that information in order to reach a point where it can form a reasonable belief that it knows the true identity of the customer.

The proposed rule would require that verification procedures be undertaken within a reasonable time before or after a customer’s account is opened. The amount of time it will take an RIA or ERA to verify the identity of a customer may depend on the type of account opened, whether the customer opens the account in person, and the type of identifying information available.

The CIP would have to address:

  • Risk-based procedures describing when documents, non-documentary methods, or a combination of both will be used;
  • A requirement to utilize additional verification measures for heightened risk situations;
  • When reliance upon another financial institution with a CIP is acceptable;
  • When reliance upon prior due diligence of an existing customer is acceptable;
  • Procedures that set forth the documents that the RIA or ERA will use for verification, based on a risk-based analysis of the types of documents that it believes will enable it to verify customer identities;
  • Non-documentary verification methods and when such methods will be employed in addition to, or instead of, verification through documents; and
  • A process to address situations in which:
    • An individual is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard (or such presented documents cannot be authenticated);
    • The RIA or ERA is not familiar with the types of documents presented;
    • The account is opened without obtaining any documents to verify the identity of the customer;
    • The RIA or ERA does not meet face-to-face with a customer who is a natural person before opening the account; or
    • There are circumstances that increase the risk the RIA or ERA will be unable to form a reasonable belief that it knows the true identity of a customer through documents or non-documentary methods.

Do RIAs and ERAs have to notify clients about the verification process?

Yes. Notice should generally describe the identification requirements and provide such notice in a manner reasonably designed to ensure that a prospective customer is able to view the notice, or is otherwise given notice, before opening an account. A sample form of customer notice is included in the proposed rule.

Are look throughs required of account holders?

No, unless the investment adviser cannot verify the true identity of a customer that is not an individual using the documentary and non-documentary methods specified in the proposed rule.

An RIA or ERA would not be required to look through a trust or similar account to its beneficiaries and would only be required to verify the identity of the named accountholder.

However, for certain customers, if the investment adviser cannot verify the true identity of a customer that is not an individual (such as a partnership, corporation, or trust) using the documentary and non-documentary verification methods specified in the proposed rule, additional steps may be needed to verify the identity of the customer. These may include:

  • Seeking information about individuals with authority or control over the account in order to identify the customer (e.g., if the other verification methods do not suffice for the RIA or ERA forming a reasonable belief that it knows the true identity of the customer), or
  • Looking through the account in connection with the customer due diligence procedures described in the proposed AML/CFT Program and SAR Proposed Rule.

Can we rely on other financial institutions performance of their CIP?

Yes. This is permissive and not mandatory. However, the RIA or ERA would remain responsible for ensuring compliance in most instances.

The RIA or ERA would not be held responsible for the failure of the other financial institution to fulfill adequately the adviser’s CIP responsibilities, provided that reliance would only be permitted if a customer of the RIA or ERA is opening an account or has opened or has established an account or similar business relationship with another financial institution to provide or engage in services, dealings, or other financial transactions, and:

  • Reliance is reasonable under the circumstances,
  • The other financial institution is subject to a rule implementing the AML/CFT compliance program requirements of 31 U.S.C. 5318(h) and is regulated by a federal functional regulator, and
  • The other financial institution enters into a contract with the RIA or ERA requiring it to certify annually to the RIA or ERA that it has implemented an AML/CFT program and will perform (or its agent will perform) the specified requirements of the RIA’s or ERA’s CIP (e.g., a reliance letter or other similar documentation).

How long is the comment period for the proposed rule open for?

The public comment period will remain open for 60 days after publication of the proposing release in the Federal Register, which has not occurred as of May 15, 2024.

  1. Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers (to be codified at 31 C.F.R. 1032 and 17 C.F.R. 275).
    [back to reference ]
  2. FinCEN Notice of Proposed Rulemaking, February 13, 2024; 89 Fed. Reg. 12108 (February 15, 2024).
    [back to reference ]

Insights And Happenings

The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe