The Financial Crimes Enforcement Network (FinCEN), a bureau of the Treasury Department, has issued a notice whereby it intends to require certain investment advisors to establish anti-money laundering programs (“AML”) and reporting of suspicious activity pursuant to the Bank Secrecy Act (“BSA”). FinCEN has also proposed that investment advisors be considered “financial institutions,” which would impose additional filing requirements and record maintenance relating to fund transactions.
Why Is This Being Done, and Hasn’t This Been Proposed Before?
The rationale behind the push to subject investment advisors to AML requirements is that they present a risk for terrorists, criminal enterprises and others committing crimes to hide illegally gained funds in the legitimate financial system of the U.S. Similar proposals were raised in the 2000s but were eventually withdrawn. Whether you agree with this assessment or not, the political climate is such that many observers feel the new application of AML to advisors will most likely move forward. While FinCEN is driving the development of the proposed regulation, the SEC will be responsible for enforcement.
Who Will Be Subject?
The 11,000-plus large, registered investment advisors in the U.S. will be subject to AML requirements. “Large” is interpreted using existing guidance as those advisors with assets under management of $100 million or more.
Key Components of the Requirement
I. Advisors will need to formally establish an AML program, which means:
- Creation of a formal program with development of internal policies, procedures and internal controls. The program will need to be approved by the board if a public company or the owner(s) if private.
- Designation of a compliance officer to oversee and be accountable for the program.
- Providing ongoing training to employees.
- Use of an independent audit function to test ongoing compliance with the regulation.
II. Transaction reporting
There are two types of transactions that need to be reported:
- Currency Transaction Reporting (“CTR”) – transactions involving cash or negotiable instruments need to be reported if they meet either the objective standard of $10,000 in a given day or the subjective standard of transactions that appear to be structured to get around the hard $10,000 requirement. This is not a significant change, as advisors had a similar requirement to file using Form 8300 and because few advisors handle cash.
- Suspicious Activity Report (“SAR”) – obviously this is much more subjective, but any time an investment advisor receives a transaction request of $5,000 or greater (regardless of currency), the transaction needs to be considered or screened for suspicious activity. Suspicious activity is discussed in more detail below.
Suspicious Activity
Throughout the guidance, FinCEN notes that the overall AML program needs to be risk based and based on the facts and circumstances of the investment advisor. We can look to the guidance promulgated for financial institutions, which has been subject to the AML regulations for some time:
- Customer Base – the larger and faster growing, the higher the risk
- Extent of electronic transactions – the more transactions performed electronically, the greater the risk of funds moving in and out of illicit activities
- Extent of large currency transactions
- Higher-risk clients – to the extent an advisor has not worked with them
- Geography – in addition to areas that are generally problematic, the government has specific designations for some clearly risky areas with: High-Intensity Drug Trafficking Areas, or HIDTAs, or High-Intensity Financial Crime Areas, or HIFCAs
Typical High-Level Steps for Implementing an AML Program
The first step is to draft and implement a BSA/AML policy. This does not need to be a lengthy, complicated narrative. However, at a minimum the document should address the following:
- performance standards outlined in the regulation;
- roles and responsibilities of employees, principals & directors;
- personnel training;
- internal and external communication (reporting requirements);
- continuous monitoring; and
- risk assessment.
While a strong policy statement is a foundation for compliance, both the regulation and sound business practice dictate that the principles of this policy be put into action, the most straightforward of which is to name a BSA compliance officer for the investment advisor. In today’s business world of running lean and doing more with less, selecting and appointing an officer may seem as simple as assigning this role to a current officer/principal due to resource constraints. However, appointing the correct person with the right skills and experience is a key decision; this person must be properly trained in complying with BSA, as the cost of failure is significant. If no one internally has the requisite skills, management should expedite training for the appointee and consider leveraging the use of a specialist to establish baseline performance expectations. Consultants familiar with BSA/AML compliance can efficiently assess the risk and not only establish AML compliance strategy, but guide you through the ever-changing regulatory landscape.
The next step, prior to implementing any processes, tools or systems, is to perform a risk assessment. The BSA/AML risk assessment drives the compliance program. At a minimum, the risk assessment should be updated/reaffirmed annually along with the policy, in conjunction with any other event that would increase the risk of money laundering at your fund(s). A general guideline to consider when preparing the BSA/AML risk assessment is to follow the flow of cash and answer these basic questions:
- Where does my cash come from?
- Where do we invest our cash?
- What do our investments do with their cash?
- How do we get our cash back?
- How do we distribute cash?
Considering the above, some key inputs to the risk assessment are as follows:
- Investors:
- Volume of transactions
- Investment amount
- Investments:
- Portfolio companies
- Investment types
- Geography:
- Source of funds
- Cash distribution
- Portfolio companies
- Investment domicile/operations
The next step would be to analyze the investors and investments for specific attributes to assess the risk related to each investor and investment/portfolio company, then implement internal controls and business processes to ensure compliance. There are applications and tools in the marketplace to aid financial institutions in compliance. As the requirements are generally similar, one can assume that these tools will be adapted to aid investment advisors in complying also.
Regardless of whether a tool is implemented or transaction volume is low enough that the fund opts to monitor compliance offline, business processes to support compliance would include:
- Getting to know your investors:
- where are they from,
- how have they sourced their funds, and
- are they on any watch lists (OFAC, PEP, etc.)?
- Performing due diligence on portfolio companies:
- Getting to know management at the portfolio company:
- where are they from,
- what is their business experience,
- have you performed background checks, and
- are they on any watch lists (OFAC, PEP, etc.)?
- Getting to know management at the portfolio company:
Once the program is established, regulations mandate annual independent testing of BSA/AML compliance. This independent review should include an evaluation of the risk assessment, policy, compliance program, relevant internal controls, required filings, staff training and an evaluation of any tools used to monitor transactions and performance. Be sure that the service provider in this area has the requisite skills, experience and credentials to perform this work. The industry leading certification for AML compliance is the Certified Anti- Money Laundering Specialist (“CAMS”).
Part of an effective compliance program is to ensure fund personnel are trained appropriately. This is most important for the designated BSA compliance officer, however it is important for all employees (including principals) as well as directors. All employees should be trained and cognizant of the expectations, regardless of whether they deal directly with cash receipts or disbursements. Officers, directors, principals and executives need to be trained to set the tone in the organization and for their role in monitoring fund AML compliance.
As it relates to ongoing monitoring, the BSA compliance officer and those charged with governance must ensure ongoing performance of the compliance program. In addition to establishing the framework and monitoring daily activity, there are some items that should be monitored:
- events that would trigger an update to the risk assessment, such as a significant change in the geopolitical climate impacting the home nation of an international investor, or list database updates such as OFAC, PEP;
- monthly reporting: at a minimum, the BSA officer should be receiving copies of the Cash Transaction Reports (“CTR”), new investors and new investments. Other relevant information would include bank reconciliations, wire transfer lists and any relevant information from portfolio companies;
- required reporting CTRs, Suspicious Activity Reports (“SARs”); and
- training compliance status reports.
What Are the Challenges with Implementing BSA/AML Programs?
- Investor onboarding is now complicated by the need to perform appropriate background checks. It is obviously difficult asking for private information such as Social Security numbers – especially from an investor ready to dedicate significant cash in a fund.
- While investment managers don’t have the transaction volume that other regulated entities have, clearly filters and procedures need to be implemented to catch the transactions required by the regulation. This will certainly require system changes, manual processes and management oversight.
- Ongoing maintenance – the need for ongoing training, regular auditing and perpetual vigilance clearly adds a significant “tail” that requires planning at the beginning of the program.
Tips for Success:
Training your investors – when rolling out a BSA compliance program, you can’t communicate enough. Educating impacted parties on what the regulation means, how it impacts the fund, how it impacts them and the roles and responsibilities of all parties will help facilitate a smooth transition.
The Federal Financial Institutions Examination Council (“FFIEC”) publishes an examination manual, which is the guidebook for conducting an exam at a financial institution. This is a valuable tool for understanding how to structure a compliance program to meet regulatory needs.
Published September 18, 2015.