Developments in Anti-Money Laundering Regulation for ...

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals

May 2016

John L. Sullivan Washington, D.C. jlsullivan@

Michael Chiswick-Patterson Washington, D.C.

mchiswickpatterson@

Investment advisers and funding portals are currently not subject to the anti-money laundering (AML) and related regulations with which broker-dealers and mutual funds are required to comply. However, that disparate treatment may soon change, and investment advisers and funding portals should be prepared to address the new rules, if adopted, in their compliance architecture.

The Financial Crimes Enforcement Network (FinCEN) proposed new rules requiring certain investment advisers to establish AML programs and to report certain suspicious transactions to FinCEN, among other requirements (the "IA Proposing Release").1 FinCEN also proposed new rules amending the definition of "broker-dealer" under the regulations, implementing the Bank Secrecy Act (BSA) to include funding portals (the "Funding Portal Proposing Release").2 Among other things, the proposed rules of the Funding Portal Proposing Release would require funding portals that are involved in the offering or selling of crowdfunded securities pursuant to Section 4(a)(6) of the Securities Act of 1933 (Securities Act) to establish AML programs, to report certain suspicious transactions to FinCEN, and to implement written customer identification programs.

The first section of this article focuses primarily on how the rules of the IA Proposing Release would affect investment advisers to funds that are excluded from the definition of an investment company under either Section 3(c)(1) or 3(c)(7) of the Investment Company Act of 1940 (1940 Act). The second section of the article focuses on the rules set forth in the Funding Portal Proposing Release.

1 80 FR 52680 (September 1, 2015). FinCEN had previously proposed similar rules for unregistered investment companies and investment advisers in 2002 and 2003, respectively, but withdrew those proposals in 2008. 2 81 FR 19086 (April 4, 2016). As noted in the IA Proposing Release, FinCEN exercises regulatory functions under the Currency and Financial Transactions Reporting Act of 1970, amended by the USA Patriot Act and other legislation. This legislative framework is commonly referred to as the BSA. The Secretary of the Treasury has delegated to FinCEN the authority to implement, administer, and enforce compliance with the BSA and associated regulations, which includes the authority to impose AML program and suspicious activity requirements on financial institutions.

-1-

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals | May 2016

IA Proposing Release

Which investment advisers would be subject to the proposed rules of the IA Proposing Release?

These proposed rules would apply to investment advisers registered (or required to be registered) with the Securities and Exchange Commission (SEC-Registered IAs) under the Investment Advisers Act of 1940 (Advisers Act). Application of the proposed rules would not depend on the types of clients an investment adviser has (e.g., managed accounts or private funds) or, in the case of an adviser to a private fund, upon which exemption from the Securities Act the private fund relies to offer its shares (e.g., Rule 506(b) or 506(c) of Regulation D) or upon which exemption from the 1940 Act the private fund relies (e.g., 3(c)(1), 3(c)(5), or 3(c)(7)). The sole focus is whether the adviser is registered (or required to be registered) under the Advisers Act. Notably, an "exempt reporting adviser" or an adviser registered under state law would not be subject to these proposed rules.

What do the proposed rules require SEC-Registered IAs to do?

If the proposed rules are adopted, as explained in more detail below, SEC-Registered IAs must develop and implement an AML program, report suspicious transactions to FinCEN, and comply with certain existing reporting (i.e., Currency Transaction Reports), recordkeeping (i.e., the Recordkeeping and Travel Rules), and informationsharing requirements.

What are key requirements of an AML program that an SEC-Registered IA must have under the proposed rules?

The proposed rules would require an SEC-Registered IA to develop and implement a written AML program reasonably designed:

to prevent the SEC-Registered IA from being used to facilitate money laundering or the financing of terrorist activities, and

to achieve and monitor compliance with applicable provisions of the BSA and FinCEN's implementing regulations.

Specifically, the AML program must be approved in writing, contain practices developed as a result of an assessment of the adviser's business, and be subject to independent testing. The SEC-Registered IA must also designate person(s) responsible for implementing and monitoring the program, oversee the training of relevant individuals, and provide FinCEN and the SEC with access to its program.

Written Approval

The SEC-Registered IA's board of directors must approve in writing the adviser's AML program.3 If the IA has no board, the IA's sole proprietor, general partner, trustee, or other persons that have functions similar to a board of directors (e.g., a managing member in the event that the adviser is organized as a limited liability company) must approve in writing the adviser's AML program.

3 FinCEN, through the IA Proposing Release, is not proposing that SEC-Registered IAs implement a customer identification program as part of its AML program, nor is it proposing that its proposed rules regarding, among other things, the identification of beneficial owners apply to SEC-Registered IAs. However, FinCEN did raise the possibility that SEC-Registered IAs may be subject to these requirements through future FinCEN regulatory initiatives.

-2-

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals | May 2016

Assessment and Design

As discussed in more detail below, the AML program must establish and implement policies, procedures, and internal controls based on the SEC-Registered IA's assessment of the money laundering and terrorist financing risks associated with its business. In conducting this assessment when designing its AML program, an SECRegistered IA must consider all of its advisory activities under the Advisers Act (e.g., advising private funds, mutual funds, closed-end funds, and/or managed accounts). Different types of advisory clients may require different types of policies, procedures, and internal controls.

Independent Testing

The AML program must provide for independent testing of the program on a periodic basis to ensure, among other things, that the program functions as designed. Employees of the adviser, of its affiliates, or of an unaffiliated third party may conduct this independent review, so long as those conducting the review are not involved in the program's oversight or day-to-day operations. Recommendations from this independent testing should be promptly implemented or escalated to the SEC-Registered IA's senior management for consideration.

Implementation and Monitoring

As part of an AML program, an SEC-Registered IA must designate a person or persons to be responsible for implementing and monitoring the program's operations and internal controls. The person(s) designated should have the full responsibility and authority to develop and enforce appropriate policies to address the risks presented by the IA's advisory business. This person could--but does not have to--be the SEC-Registered IA's chief compliance officer, although the IA Proposing Release does note that the person designated "should be an officer of the investment adviser."

Training

As part of an AML program, an SEC-Registered IA must oversee the training of adviser employees (and those of third parties) regarding the BSA requirements relevant to their responsibilities, including recognizing possible signs of money laundering. The SEC-Registered IA should provide periodic updates to this training as needed.

Access

The SEC-Registered IA must make its AML program available for inspection to FinCEN or the SEC upon request.4 In light of this requirement, it would be prudent for a SEC-Registered IA to maintain documentation evidencing the assessment discussed above, the independent testing, and the training required by the proposed rules.

What special considerations does an AML assessment present for an SEC-Registered IA that has private funds as advisory clients?

An SEC-Registered IA with private funds as advisory clients must focus this assessment of its private fund clients on the private funds themselves and the investors in those funds. FinCEN recognizes that there may be a lack of transparency, however, if an investor in the private fund is itself a pooled investment vehicle (an "investing pool").

4 The proposed rules contemplate that the SEC would have examination authority over SEC-Registered IAs with regard to their compliance with the proposed rules.

-3-

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals | May 2016

FinCEN also recognizes that there may be a similar relative lack of transparency if the private fund advisory client or the investing pool is an offshore one. These arrangements could present heightened risks, which the SECRegistered IA must consider in the assessment and design of its AML program. To this end, an SEC-Registered IA should examine the type of regulations to which the private fund advisory client, an investing pool, or the investing pool operator is subject; whether any of these entities has an AML program; and the terms of the AML program(s).

What tools can an SEC-Registered IA use to conduct the AML assessment of its private fund clients?

The SEC-Registered IA could review any publicly available lists or notices identifying entities, countries and/or individuals that present heightened AML concerns to gauge the risks presented by its private fund advisory clients and their investors. Examples include the Office of Foreign Asset Control's Specially Designated Nationals List and list of sanctioned countries; FinCEN's advisories, bulletins and fact sheets; and the Financial Action Task Force's publications regarding jurisdictions subject to a Task Force call for counter measures or jurisdictions identified by the Task Force as having strategic AML and combatting the fighting of terrorism deficiencies.

In addition, if a private fund relies on Rule 506 under Regulation D of the Securities Act to offer its interests to investors, the fund should already have established procedures by which its sponsor can screen investors to help determine if the purchasers are accredited investors. In light of the proposed rules, the SEC-Registered IA should supplement those procedures to assess any AML risks posed by investors.

For example, an SEC-Registered IA could supplement its subscription documents to require information from an investing pool or its sponsor about its own AML program. Further, if practical, an SEC-Registered IA could conduct periodic due diligence of the investing pools and their sponsors to assess the adequacy of their AML programs. These practices should help an SEC-Registered IA conduct its assessment and design (and refine) its AML program.

Can an SEC-Registered IA delegate to a third party its responsibilities with respect to developing and implementing an AML program under the proposed rules?

Yes. An SEC-Registered IA may delegate its responsibilities with respect to developing and implementing an AML program. FinCEN recognizes that an SEC-Registered IA may conduct some of its operations through agents or third-party service providers, and that elements of its AML compliance program may best be performed by the personnel of these entities. FinCEN specifically states that an SEC-Registered IA may "delegate contractually the implementation and operation of those aspects of its AML program to such an entity," but warns that the IA "will remain fully responsible for the effectiveness of the program, as well as for ensuring that FinCEN and the SEC are able to obtain information and records relating to the AML program."

Further, FinCEN emphasized that, notwithstanding the fact that AML program responsibilities may be delegated to a third party, there must be adequate oversight of that third party. FinCEN noted that it would be insufficient "simply to obtain a certification from its delegate that the company `has a satisfactory anti-money laundering program.'"

In the event that an SEC-Registered IA were to delegate its AML program responsibilities to a third party, the IA should address in its policies, procedures, and controls how it would oversee that third party, including how the AML program would be tested and how the third party's employees would be trained.

-4-

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals | May 2016

What types of suspicious transactions must an SEC-Registered IA report to FinCEN?

Under the proposed rules, SEC-Registered IAs must report a transaction to FinCEN that is conducted or attempted by, at, or through an investment adviser; involves or aggregates at least $5,000 in funds or other assets; and consists of a "triggering event."

A triggering event occurs when the SEC-Registered IA knows, suspects, or has reason to suspect that a transaction:

involves funds derived from illegal activity, or is intended or conducted to hide or disguise funds or assets derived from illegal activity;

is designed to evade the requirements of the BSA; has no business or apparent lawful purposes, and the SEC-Registered IA knows of no reasonable

explanation after examining the available facts; or involves the use of the investment adviser to effect criminal activity.

In the context of a private fund, a triggering event could include, among other things:

the use of money order or travelers' checks to purchase interests in structured amounts to evade currency reporting requirements;

the use of a check drawn on the account of a third party to purchase interests; the use of multiple wire transfers from different accounts maintained at different financial institutions to

purchase interests; the inability of an investor to explain reasons for frequent transfers to unfamiliar bank accounts or

countries other than the investor's home country; frequent purchases followed by redemptions with proceeds directed to unrelated third parties or bank

accounts in foreign countries; a large purchase followed by redemptions without concern for the payment of withdrawal penalties; transfers to accounts in high-risk countries (e.g., known for drug trafficking or the funding of terrorism); or the transfer of an investment interest from a foreign government to a private person.

Once an SEC-Registered IA detects suspicious transactions that it must report, what are the notification and recordkeeping requirements?

An SEC-Registered IA must notify FinCEN of a suspicious transaction or transactions by filing a suspicious activity report (SAR) with FinCEN no later than 30 days after it becomes aware of the suspicious transaction(s). An SECRegistered IA may delay the filing to no more than 60 days after it becomes aware of the suspicious transaction(s) if it cannot identify a suspect on the initial date of detection of the suspicious transaction(s). For certain exigent circumstances, such as suspected terrorist financing or ongoing money laundering schemes, the SEC-Registered IA must also immediately notify by telephone an appropriate law enforcement authority.

If more than one financial institution subject to a SAR-filing requirement has an obligation to file a SAR with respect to the same transaction (e.g., an investment adviser to a fund-of-funds and the investment adviser to the underlying fund), the financial institutions may file one joint filing. An SEC-Registered IA must maintain a copy of a filed SAR (along with underlying related documentation) for five years from the date of the SAR's filing. Subject to limited exceptions, an SEC-Registered IA and its directors, officers, employees, and agents may not disclose a SAR or any information that would reveal the existence of a SAR.

-5-

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals | May 2016

Can an SEC-Registered IA delegate to a third party its responsibilities to detect and file SARs under the proposed rules?

It does not appear that the proposed rules permit an SEC-Registered IA to delegate its responsibilities with respect to detecting suspicious activity and filing SARs. As noted, the proposed rules do not permit an SEC-Registered IA or its officers, directors, employees, or agents to disclose a SAR or any information that would reveal the existence of a SAR, except under limited circumstances (e.g., to a law enforcement agency; regulatory body; or, for purposes of the joint filing of a SAR, another financial institution). Without an appropriate exemption from this restriction, it is unclear how a third-party service provider could assist an SEC-Registered IA in detecting suspicious activity that could form the basis of a SAR.

What other requirements would an SEC-Registered IA be subject to as a result of the proposed rules?

In the IA Proposing Release, FinCEN proposed that SEC-Registered IAs be included in the general definition of "financial institution" in the regulations implementing the BSA. As a financial institution, SEC-Registered IAs would have to comply, as noted earlier, with certain existing reporting (i.e., Currency Transaction Reports (CTRs),5 recordkeeping (i.e., the Recordkeeping and Travel Rules),6 and information-sharing requirements under Section 314(a) of the USA PATRIOT Act). Among other things, Section 314(a) permits FinCEN to require financial institutions to search their records to determine whether they have maintained an account or conducted a transaction with a person suspected of terrorist or money-laundering activity.

This set of requirements would be new obligations for SEC-Registered IAs, although the requirement to file CTRs would replace an SEC-Registered IA's existing general requirement to file reports on Form 8300 for the receipt of more than $10,000 in cash and negotiable instruments. Further, SEC-Registered IAs may be able to avail themselves of certain exceptions to the Recordkeeping and Travel Rules.

When must SEC-Registered IAs comply with the proposed rules?

If the proposed rules are adopted, SEC-Registered IAs would have to comply with the regulations no later than six months from the effective date of adoption. The comment period for the proposed rules ended on November 2, 2015, and FinCEN could adopt the proposed rules at any time.

Funding Portal Proposing Release

Which entities would be subject to the proposed rules of the Funding Portal Proposing Release?

These proposed rules would apply to a funding portal that is involved in the offer and/or sale of securities pursuant to Section 4(a)(6) of the Securities Act. The Jumpstart Our Business Startups Act (JOBS Act)--signed into law on April 5, 2012--established a regulatory regime for smaller businesses, such as start-up companies, to issue securities through crowdfunding (i.e., use of the Internet to seek small contributions from a large number of individuals) without having to register those securities with the SEC or a state securities regulator.

5 SEC-Registered IAs would file a CTR for a transaction involving a transfer of more than $10,000 in currency by, through, or to the SEC-Registered IA. 6 Under the Recordkeeping and Travel Rules, SEC-Registered IAs, subject to certain exceptions, must make and keep records for transmittal of funds and ensure that certain information relating to the transmittal of funds accompany those funds to the next financial institution in the transmittal chain.

-6-

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals | May 2016

The JOBS Act added Section 4(a)(6) to the Securities Act, which generally exempts from the registration requirements of the Securities Act the sale of up to $1 million in securities, provided that: (1) an individual's purchase of those securities is not greater than certain limits based on that individual's annual income or net worth; and (2) the sale of the securities is conducted through a broker-dealer or a funding portal registered under the Securities Exchange Act of 1934 (Exchange Act).7

What do the proposed rules require funding portals to do?

If adopted, the proposed rules would incorporate a funding portal's activities within the existing definition of brokerdealer, and require funding portals to comply with the same requirements applicable to broker-dealers. As a result, and like an SEC-Registered IA, a funding portal would need to establish an AML program, file SARs with FinCEN, file CTRs, and comply with the Recordkeeping and Travel Rules and with the information-sharing requirements under, among others, Section 314(a) of the USA PATRIOT Act. These requirements are discussed in greater detail--with respect to investment advisers--in the first section of this article under "IA Proposing Release."

Further, and unlike an SEC-Registered IA, a funding portal would need to implement a written customer identification program; need to establish risk-based due diligence procedures reasonably designed to detect and report money laundering through correspondent and private banking accounts maintained for non-U.S. persons; be specifically prohibited from providing correspondent accounts to foreign shell banks; and be subject to special measures imposed by FinCEN (e.g., additional recordkeeping and reporting requirements). A customer identification program must include procedures for, among other things, obtaining customer identification prior to opening an account; verifying the customer's identity within a reasonable amount of time before or after the account opening; and determining, within a reasonable amount of time after account opening or earlier, whether the customer appears on any lists of terrorist organizations.8

Why is FinCEN proposing these rules?

Broker-dealers registered under the Exchange Act are subject to BSA requirements, such as establishing AML and customer identification programs and filing SARs with FinCEN.9 The regulations subjecting broker-dealers to these requirements define a broker-dealer as a "person required to be registered as a broker with the [SEC] under the [Exchange Act]."10 A funding portal, although it functions in certain respects like a broker-dealer, does not meet this definition (as it does not have to register as a broker-dealer with the SEC), and therefore does not currently have to comply with any requirements of the BSA.11

As explained in the Funding Portal Proposing Release, however, a funding portal's business is subject to moneylaundering risks that the requirements of the BSA are designed to counteract. FinCEN also reasons that a funding

7 Section 3(a)(80) of the Exchange Act defines a "funding portal" as a person acting as an intermediary in the offer or sale of securities, solely pursuant to Section 4(a)(6) of the Securities Act, that does not, among other things, (1) solicit purchases, sales, or offers to buy securities offered or displayed on its website or portal; and (2) hold, manage, possess, or otherwise handle investor funds or securities. 8 31 C.F.R. 1023.220. See Exchange Act Release No. 47752 (April 29, 2002) (adopting joint rule between the SEC and FinCEN and discussing requirements that brokerdealers implement written customer identification programs as part of their AML programs). 9 See generally 31 C.F.R. 1023.210, 31 C.F.R. 1023.220 and 31 C.F.R. 1023.320, respectively. 10 31 C.F.R. 1023.100(b). 11 The JOBS Act required the SEC to exempt by rule a funding portal registered under the Exchange Act from also registering as a broker under the Exchange Act. A funding portal, however, would otherwise meet the definition of a broker and be required to register as one under the Exchange Act.

-7-

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals | May 2016 portal is often in the best position to know its customers and identify and monitor any suspicious activity. Further, a funding portal's business is similar to the business of an introducing broker, which is subject to BSA requirements. For these reasons, among others, FinCEN argues in the Funding Portal Proposing Release that "funding portals raise at least the same degree of AML and counter financing of terrorism risk as some other broker-dealers registered with the SEC, and should be regulated commensurately under the BSA." When must funding portals comply with the proposed rules? The comment period for the proposed rules ends on June 3, 2016. Unlike the IA Proposing Release, the Funding Portal Proposing Release did not provide an estimated date (e.g., six months from the effective date of the adopted rules) by which funding portals must comply with the proposed rules if they were to be adopted.

This communication is provided as a service to our clients and friends and is for informational purposes only. It is not intended to create an attorney-client relationship or constitute an advertisement, a solicitation, or professional advice as to any particular situation. ? 2016 Wilson Sonsini Goodrich & Rosati, Professional Corporation All rights reserved

-8-

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download