True Identity
SEC CIP Rule Proposal:
Customer Identification Programs for RIAs and ERA
Do you know the true identity of your clients? You soon will if the SEC and FinCEN have anything to do with it!
The Nutshell
On May 13th, 2024, the Securities and Exchange Commission (“SEC”) and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a joint notice of proposed rulemaking (“NPRM”) to apply customer identification program (“CIP”) obligations to certain investment advisers.
The proposed rule would require SEC-registered investment advisers and exempt reporting advisers (“ERAs”) to, among other things, implement a CIP that includes procedures for:
verifying the identity of each customer to the extent reasonable and practicable; and
maintaining records of the information used to verify a customer’s identity, including name, address, and other identifying information.
This proposal relates to an earlier proposed rule by FinCEN which we previously discussed in our Lodestar. If investment advisers are included in the definition of “financial institution” under the Bank Secrecy Act, section 326 of the USA PATRIOT Act will require the Secretary of the Treasury and the SEC to jointly propose a regulation that requires RIAs to implement reasonable procedures to verify the identities of their customers.
By requiring registered investment advisers to verify the identity of their customers, the proposed rule would make it more difficult for money launderers to use investment advisers as an entry point into the U.S. financial system by reducing money launderers’ ability to launder the proceeds of these criminal enterprises and thereby decreasing incentives to engage in these crimes. The proposed rule seeks to prevent illicit finance activity involving the customers of investment advisers by strengthening the anti-money laundering/countering the financing of terrorism (“AML/CFT”) framework for the investment adviser sector. Alas, obtaining sufficient information to verify a given customer’s identity can reduce the risk an investment adviser will be used as a conduit for money laundering and terrorist financing.
The AML/CFT Program and SAR Proposed Rule, and this proposal would only apply to advisers registered or required to be registered with the SEC (referred to as “registered investment advisers” or “RIAs”), as well as those exempt from registration under sections 203(l) or 203(m) of the Advisers Act and applicable rules thereunder, referred to as “exempt reporting advisers,” or “ERAs”.
The proposal would require RIAs and ERAs to, among other things, establish, document, and maintain written CIPs appropriate for their respective sizes and businesses. With respect to verification of a clients’ identity, the proposal would require that an investment adviser’s CIP include risk-based procedures for verifying the identity of customers, to the extent reasonable and practicable, and that such verification occur within a reasonable time before or after the customer’s account is opened. The inclusion of “before or after” account opening is intended to offer flexibility to an adviser in complying with the requirements of the proposed rule during the process of creating an advisory relationship with a customer. Some of the factors in determining risk that were cited in the proposal include the types of accounts maintained by the RIA, methods for opening accounts, and RIA’s size, location and customer base. Other relevant factors noted include the reliance on third-party firms, including other investment advisers, broker dealers or funds) for identity verification. We touch on this further below!
Requirements of a CIP:
What would a Customer Identification Program require? It “requires financial institutions to implement, and customers (after being given adequate notice) to comply with, reasonable procedures for:
(A) verifying the identity of any person seeking to open an account to the extent reasonable and practicable;
(B) maintaining records of the information used to verify the person’s identity, including name, address, and other identifying information; and
(C) consulting lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency to determine whether a person seeking to open an account appears on any such list.”
Books and Records:
Of course this all impacts an RIA’s record keeping obligations. The proposal requires that an investment adviser’s CIP include procedures for making and maintaining records related to verifying customer identity, as well as procedures for how to do so. Records would have to include the identifying information about each customer and a description of any document that the investment adviser relied on to verify the identity of the customer.
Next Steps:
So, what’s next? We have 60 days for the industry to provide comments related to the rule proposal!
As a reminder, we have seen similar AML proposals in the past. For example, in May 2003, NPRM proposed to require certain investment advisers to establish an AML program. Again, in September 2015, FinCEN published an NPRM requiring investment advisers to report suspicious activity. None of these previous proposals were enacted.
Helpful Definitions:
“Account” – any contractual or other business relationship between a person and an investment adviser under which the investment adviser provides investment advisory services. It would also include accounts opened for the purpose of participating in an employee benefit plan established pursuant to the Employee Retirement Income Security Act of 1974 (ERISA).
“Customer” – as a person—including a natural person or a legal entity—who opens a new account with an investment adviser. Under this proposed rule, an investment adviser would not be required to look through a trust or similar account to its beneficiaries and would only be required to verify the identity of the named accountholder.
“Investment Adviser” – any RIA (those registered or required to register with the SEC) or ERA (those exempt from SEC registration under the listed provisions). Interesting enough, a footnote within the proposal; states, “The proposed definition of “investment adviser” would include both primary advisers and sub-advisers.”
“Customer information required” – investment adviser must obtain with respect to each customer: (1) full legal name; (2) date of birth for an individual or the date of formation for any person other than an individual; (3) address; and (4) identification number. Identification number would include a social security number, tax identification or for non-US persons, TIN, passport number, alien identification number; or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.
“Customer verification” – the investment adviser would be required to follow risk-based procedures to verify the accuracy of that information in order to reach a point where it can form a reasonable belief that it knows the true identity of the customer. The proposal provides for two methods of verifying identifying information: verification through documents and verification through non-documentary means. Luckily, once an investment adviser obtains and verifies the identity of a customer through a suitable document, the investment adviser would not be required to take steps to determine whether a document has been validly issued.
“Comparison with Government Lists” – a CIP must include reasonable procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations provided by any government agency (for example, the Treasury’s Office of Foreign Assets Control (“OFAC” SDN list). (We note that many investment advisers already have procedures for determining whether customers’ names appear on some federal government lists, including lists that identify known terrorists and terrorist organizations.)
“Customer Notice” – require that an investment adviser’s CIP include procedures for providing customers with adequate notice that the firm is requesting information to verify their identities. The proposed rule would state that this notice is adequate if the investment adviser generally describes the identification requirements of the proposed rule and provides such notice in a manner reasonably designed to ensure that a prospective customer is able to view the notice, or is otherwise given notice, before opening an account. (For example, consider posting on an Adviser’s website or including language within the IMA or in new account documents.)
“Reliance on another financial institution” – As noted above, the proposal would allow investment advisers to rely on certain other financial institutions’ performance of their CIP procedures under specific circumstances. Accordingly, there may be circumstances in which an investment adviser could rely on the performance by another financial institution of some or all of the elements of the investment adviser’s CIP. For example, reliance would be permitted if a customer of the investment adviser is opening an account or has opened or has established an account or similar business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions, provided that:
(1) such reliance is reasonable under the circumstances,
(2) the other financial institution is subject to a rule implementing the AML/CFT compliance program requirements of 31 U.S.C. 5318(h) and is regulated by a Federal functional regulator, and
(3) the other financial institution enters into a contract with the investment adviser requiring it to certify annually to the investment adviser that it has implemented an AML/CFT program and will perform (or its agent will perform) the specified requirements of the investment adviser’s CIP.
The SEC noted within the proposal that the investment adviser would not be held responsible for the failure of the other financial institution to fulfill adequately the adviser’s CIP responsibilities, provided that the investment adviser can establish that its reliance was reasonable and that it has obtained the requisite contracts and certifications.
About altPILOT
At altPILOT Lodestar, our goal is to make the seemingly opaque and obscure world of risk management more transparent and more easily accessible: in other words, to be your Lodestar through the choppy waters and dark nights of the investment advisory industry. To that end, we will continually monitor SEC Risk Alerts and Exam Priorities to bring you via our Lodestar Alerts timely and accessible explanations of some of the most significant shifts in the regulatory landscape.
