AGENCY:

Financial Crimes Enforcement Network (“FinCEN”), Department of the Treasury; Securities and Exchange Commission (“SEC” or “Commission”).

ACTION:

Joint notice of proposed rulemaking.

SUMMARY:

The Department of the Treasury and the SEC are jointly issuing a proposed rulemaking implementing the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 with regard to certain investment advisers. If, as proposed in a separate rulemaking, certain investment advisers are included in the definition of “financial institution” under the Bank Secrecy Act, the Secretary of the Treasury and the SEC will be required to jointly prescribe a regulation that, among other things, requires investment advisers to implement reasonable procedures to verify the identities of their customers.

DATES:

Written comments on this notice of joint proposed rulemaking (“NPRM”) must be submitted on or before July 22, 2024.

ADDRESSES:

Treasury: Comments may be submitted by any of the following methods:

• Federal E-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. Refer to Docket Number FINCEN-2024-0011.
• Mail: Policy Division, Financial Crimes Enforcement Network, P.O. Box 39, Vienna, VA 22183. Refer to Docket Number FINCEN-2024-0011.

Please submit comments by one method only.

SEC: Comments may be submitted to the SEC by any of the following methods:

Electronic Comments

• Use the SEC's internet comment forms (https://www.sec.gov/​rules/​2024/​05/​cip); or
• Send an email torule-comments@sec.gov. Please include File Number S7-2024-02 on the subject line.

Paper Comments

• Send paper comments to Secretary, U.S. Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.

All submissions should refer to File Number S7-2024-02. This file number should be included on the subject line if email is used. To help the SEC process and review your comments more efficiently, please use only one method of submission. The SEC will post all comments on the SEC's website ( https://www.sec.gov/​rules/​2024/​05/​cip). Comments also are available for website viewing and printing in the SEC's Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. Operating conditions may limit access to the SEC's Public Reference Room. Do not include personally identifiable information in submissions; you should submit only information that you wish to make available publicly. The SEC may redact in part or withhold entirely from publication submitted material that is obscene or subject to copyright protection.

Studies, memoranda, or other substantive items may be added by the SEC or staff to the comment file during this rulemaking. A notification of the inclusion in the comment file of any such materials will be made available on the SEC's website. To ensure direct electronic receipt of such notifications, sign up through the “Stay Connected” option at www.sec. gov to receive notifications by email.

A summary of the proposal of not more than 100 words is posted on the SEC's website ( https://www.sec.gov/​rules/​2024/​05/​cip).

FOR FURTHER INFORMATION CONTACT:

Treasury: The FinCEN Resource Center at (800) 767-2825 or email frc@fincen.gov.

Securities and Exchange Commission: Daniel Levine, Attorney-Adviser; Tom Strumpf, Branch Chief; Adele Murray, Private Funds Attorney Fellow; or Melissa Roverts Harke, Assistant Director, Investment Adviser Rulemaking Office, at (202) 551-6787 or IArules@sec.gov, Division of Investment Management, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-8549.

SUPPLEMENTARY INFORMATION:

I. Background

A. Statutory Provisions

Enacted in 1970, the Currency and Foreign Transactions Reporting Act, generally referred to as the Bank Secrecy Act (“BSA”), is designed to combat money laundering, the financing of terrorism, and other illicit finance activity, and to safeguard the national security of the United States.^[1] The Secretary of the Treasury (“the Secretary”) delegated the authority to implement, administer, and enforce the BSA and its implementing regulations to the Director of FinCEN.^[2]

Section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (“USA PATRIOT Act”) of 2001 added a subsection to the BSA, subsection ( l) to 31 U.S.C. 5318, in order to facilitate the prevention, detection, and prosecution of international money laundering and the financing of terrorism. Subsection 31 U.S.C. 5318( l ) requires the Secretary to “prescribe regulations setting forth the minimum standards for financial institutions and their customers regarding the identity of the customer that shall apply in connection with the opening of an account at a financial institution.” The regulations implementing section 326 must, at a minimum, “require financial institutions to implement, and customers (after being given adequate notice) to comply with, reasonable procedures for—(A) verifying the identity of any person seeking to open an account to the extent reasonable and practicable; (B) maintaining records of the information used to verify the person's identity, including name, address, and other identifying information; and (C) consulting lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency to determine whether a person seeking to open an account appears on any such list.” ^[3] These programs are referred to as Customer Identification Programs (“CIPs”) and are long-standing, foundational components of a financial institution's anti-money laundering program.

As enacted, section 326 applies to all “financial institutions.” This term is defined broadly in the BSA to encompass a variety of entities, including commercial banks; agencies, and branches of foreign banks in the United States; thrift institutions, credit unions, and private bankers; trust companies; securities brokers and dealers registered with the Commission; investment companies; futures commission merchants; insurance companies; travel agencies; pawnbrokers; dealers in precious metals, stones, and jewels; check-cashers; certain casinos; and telegraph companies, among others.^[4] The BSA also grants authority to the Secretary to define, by regulation, additional types of businesses as financial institutions where the Secretary determines that such businesses engage in any activity “similar to, related to, or a substitute for” those in which any of the businesses listed in the statutory definition are authorized to engage.^[5] As part of the implementation, administration, and enforcement of the BSA, this authority has been delegated to the Director of FinCEN.^[6]

On February 15, 2024, the Secretary, through FinCEN, proposed to designate certain investment advisers as “financial institutions” under the BSA and subject them to anti-money laundering/countering the financing of terrorism (“AML/CFT”) program requirements and Suspicious Activity Report (“SAR”) filing obligations, as well as other BSA requirements (“AML/CFT Program and SAR Proposed Rule”).^[7] Although the Investment Advisers Act of 1940 (“Advisers Act”) and the rules thereunder apply to a wide range of investment advisers,^[8] the AML/CFT Program and SAR Proposed Rule—and the rule proposed in this joint NPRM as well—would only apply to a narrower subset of persons meeting the Advisers Act definition of “investment adviser”: ^[9] advisers registered or required to be registered with the SEC (referred to as “registered investment advisers,” or “RIAs”), as well as those exempt from registration under sections 203(l) or 203(m) of the Advisers Act and applicable rules thereunder (referred to as “exempt reporting advisers,” or “ERAs”).

In prescribing regulations for financial institutions implementing section 326, 31 U.S.C. 5318(l)(3) directs the Secretary to “take into consideration the various types of accounts maintained by various types of financial institutions, the various methods of opening accounts, and the various types of identifying information available.” ^[10] Further, 31 U.S.C. 5318(l)(4) requires that implementing regulations for certain types of financial institutions—which would include the set of investment advisers proposed to be added to the definition of “financial institution” through the AML/CFT Program and SAR Proposed Rule—be prescribed jointly with the appropriate Federal functional regulator (as defined in section 509 of the Gramm-Leach-Bliley Act).^[11] The appropriate Federal functional regulator for investment Start Printed Page 44573 advisers is the SEC.^[12] Thus, FinCEN and the SEC are issuing this proposed rule jointly.

While investment advisers have not been previously subject to CIP requirements, in certain circumstances, some investment advisers already obtain and conduct verification of customer identity information.^[13] For example, some investment advisers may implement CIP requirements if the entity is also a registered broker-dealer ^[14] or a bank ( i.e., a dual registrant), or is an operating subsidiary of a bank; ^[15] other investment advisers are affiliates of banks or broker-dealers, which may implement an enterprise-wide AML/CFT program that includes a CIP. In addition, some investment advisers have already implemented voluntary AML/CFT programs that may include CIP measures.^[16]

This proposed rule is generally consistent with existing rules requiring other financial institutions, such as brokers or dealers in securities, open-end investment companies (such as mutual funds),^[17] credit unions, banks, and other financial institutions, to adopt and implement CIPs.^[18] The similarity between this proposed rule and those rules reflects the importance that FinCEN and the SEC (“the Commission”) assign to the harmonization of CIP requirements, including for the purposes of increasing effectiveness and efficiency for investment advisers that are affiliated with other financial institutions, such as banks, broker-dealers, or open-end investment companies (such as mutual funds) that are already subject to CIP requirements. CIP requirements also support the application of other AML/CFT measures by making it more difficult for persons to use false identities to establish customer relationships with investment advisers for the purposes of laundering money, financing terrorism, or engaging in other illicit finance activity.

B. Codification of the Joint Proposed Rule

Under the proposed rule, the substantive requirements of the joint proposed rule would be codified with other BSA regulations as part of Treasury's proposed regulations in 31 CFR part 1032.

II. Section-by-Section Analysis

A. Definitions ^[19]

Section 1032.100(a) Account. The proposed rule would define “account” for the purposes of investment advisers' CIP obligations as any contractual or other business relationship between a person and an investment adviser under which the investment adviser provides investment advisory services.^[20] The proposed definition excludes an account that an investment adviser acquires through an acquisition, merger, purchase of assets, or assumption of liabilities. Customers do not “open” such transferred accounts, and, therefore, these accounts do not fall within the scope of section 326.^[21] Such accounts, however, may still be subject to other AML/CFT requirements applicable to advisory activities, including activities within the scope of the AML/CFT Program and SAR Proposed Rule, to the extent it is adopted.^[22] Additionally, the definition of account would include accounts opened for the purpose of participating in an employee benefit plan established pursuant to the Employee Retirement Income Security Act of 1974 (“ERISA”). While ERISA accounts are excluded from the definition of “account” in the CIP rules applicable to mutual funds,^[23] they are not being excluded here to harmonize the applicability of this proposed rule with the AML/CFT Program and SAR Proposed Rule, which would require RIAs and ERAs to apply AML/CFT program and SAR reporting requirements to all of their accounts, including accounts opened for the purpose of participating in an employee benefit plan established pursuant to ERISA.

Section 1032.100(b) Commission. The proposed rule would define “Commission” to mean the United States Securities and Exchange Commission.

Section 1032.100(c) Customer. The proposed rule would define “customer” for the purposes of investment advisers' CIP obligations as a person—including a natural person or a legal entity—who opens a new account with an investment adviser. This means the Start Printed Page 44574 person identified as the accountholder, except in the case of an individual who lacks legal capacity, such as a minor, and non-legal entities, in which case the customer would be the individual who opens the new account for a minor or non-legal entity. Under this proposed rule, an investment adviser would not be required to look through a trust or similar account to its beneficiaries and would only be required to verify the identity of the named accountholder.^[24]

The proposed rule's definition of “customer” would not include individuals with authority or control over the accounts, if such persons are not the accountholders. In addition, the definition would not include persons who fill out the account opening paperwork or provide information necessary to set up an account but are not the accountholder. Instead, as described below, section 1032.220(a)(2)(ii)(C) of the proposed rule separately would require an investment adviser's CIP to address situations where, based on the investment adviser's risk assessment of a new account opened by a customer that is not an individual, the investment adviser will need to obtain information about individuals with authority or control over the account in order to verify the customer's identity.

The proposed definition of “customer” would also not include a financial institution regulated by a Federal functional regulator or a bank regulated by a State bank regulator; certain government entities; certain persons (other than banks) that are publicly listed on U.S. securities exchanges or certain subsidiaries of persons listed on U.S. securities exchanges; ^[25] or persons that have an existing account with the investment adviser, provided the investment adviser has a reasonable belief that it knows the true identity of the person. These exemptions are being included to be consistent with CIP requirements for other financial institutions.^[26]

Section 1032.100(d) Financial institution. The proposed rule includes a definition of “financial institution” that cross-references the BSA's definition of “financial institution” in 31 U.S.C. 5312(a)(2) and (c)(1), and its implementing regulations, which is currently codified at 31 CFR 1010.100(t).^[27] The proposed rule includes this definition to avoid any ambiguity about the meaning of “financial institution” in proposed § 1032.220(a)(6). Proposed § 1032.220(a)(6) would allow investment advisers to rely on certain other financial institutions' performance of their CIP procedures under specific circumstances, as described below. Accordingly, and as described below, an investment adviser would be able to rely on such performance by other “financial institutions” as defined in 31 U.S.C. 5312(a)(2) and (c)(1) and its implementing regulations to fulfill those aspects of its CIP obligations.

Section 1032.100(e) Investment adviser. The proposed rule includes a definition of “investment adviser” that is the same as the proposed definition of investment adviser in the AML/CFT Program and SAR Proposed Rule.^[28] In this way, both this proposed rule and the AML/CFT Program and SAR Proposed Rule would apply to the same group of persons. The proposed definition in the AML/CFT Program and SAR Proposed Rule—and thus the definition proposed in this NPRM—is “[a]ny person who is registered or required to register with the SEC under section 203 of the Advisers Act (15 U.S.C. 80b-3(a)), or any person that is exempt from SEC registration under section 203(l) or 203(m) of the Advisers Act (15 U.S.C. 80b-3(l), (m)).” ^[29] In other words, under this proposed definition, an investment adviser would be any RIA (those registered or required to register with the SEC) or ERA (those exempt from SEC registration under the listed provisions).^[30] We anticipate that any change to the scope of the AML/CFT Program and SAR Proposed Rule, as finalized, would also be reflected in this rule, to ensure that the scope of both rules remain consistent.

B. Customer Identification Program: Minimum Requirements

Section 1032.220(a)(1) In general. Section 326 requires the Secretary and, where relevant, the appropriate Federal functional regulator (here, the SEC) to prescribe regulations requiring financial institutions to implement, and customers (after being given adequate notice) to comply with, “reasonable procedures” for verifying the identity of any person seeking to open an account, “to the extent reasonable and practicable”; ^[31] for maintaining records associated with such verification; and for consulting lists of known terrorists and terrorist organizations.^[32] Proposed § 1032.220(a)(1) accordingly would require that each investment adviser establish, document, and maintain a written CIP as part of the AML/CFT program under 31 U.S.C. 5318(h).^[33] This proposed requirement is intended to make clear that the CIP is not a separate program, but rather would be incorporated into an investment adviser's overall AML/CFT program. The proposed rule would require that the CIP be appropriate for its size and business that, at a minimum, includes each of the requirements of paragraphs (a)(1) through (a)(5) of proposed section 1032.220.

The investment adviser may deem these requirements satisfied for any mutual fund it advises if the mutual fund has developed and implemented a CIP that is compliant with CIP requirements applicable to mutual funds under the relevant provision of this subpart. FinCEN and the SEC believe that this exemption is appropriate because of the regulatory and practical relationship between Start Printed Page 44575 mutual funds and their investment advisers. As a practical matter, we believe that any CIP requirement imposed on an RIA to a mutual fund is already addressed by the existing CIP requirements imposed on the mutual fund itself.^[34] Consequently, we are proposing not to require investment advisers to mutual funds to include those mutual funds within the investment advisers' own CIP programs, as doing so would be redundant. This exemption is permissive and not mandatory; an investment adviser could decide to include the mutual funds it advises in complying with the investment adviser's CIP requirements.

Section 1032.220(a)(2) Identity verification procedures. Proposed § 1032.220(a)(2) would require that an investment adviser's CIP include risk-based procedures for verifying the identity of customers, to the extent reasonable and practicable, and that such verification occur within a reasonable time before or after the customer's account is opened. The inclusion of “before or after” account opening is intended to offer flexibility to an adviser in complying with the requirements of the proposed rule during the process of creating an advisory relationship with a customer. The procedures must enable the investment adviser to form a reasonable belief that it knows the identity of each customer.

A person becomes a customer each time the person opens a new account with an investment adviser. Therefore, upon the opening of each account, the verification requirements of this proposed rule would apply. However, if a customer whose identification has been verified previously opens a new account, the investment adviser would generally not need to verify the customer's identity again, provided the investment adviser (1) previously verified the customer's identity, to the extent required, in accordance with procedures consistent with the proposed rule, and (2) continues to have a reasonable belief that it knows the true identity of the customer based on the previous verification.

Under this proposed rule, the procedures must be based on the investment adviser's assessment of the relevant risks, including those presented by the various types of accounts maintained by the investment adviser; the various methods of opening accounts provided by the investment adviser, the various types of identifying information available and the investment adviser's size, location, and customer base. Other relevant risk factors could include, for example, the types of money laundering and terrorist financing activities present in the respective jurisdiction; whether account opening occurs in-person or online; the types of services and transactions offered or performed by the investment adviser; and the reliance on third-party firms (including other investment advisers, broker-dealers, or funds) for identity verification procedures.

Thus, in developing and updating CIPs, investment advisers would be required to consider the type of identifying information available for customers and the methods available to verify that information. While paragraph (a)(2)(i) of this proposed rule would require certain minimum identifying information to be obtained, and paragraph (a)(2)(ii) discusses certain suitable verification methods, as described below, investment advisers should consider on an ongoing basis whether other identifying information or verification methods are appropriate, particularly as they become available in the future.

Section 1032.220(a)(2)(i) Customer information required. Pursuant to the proposed rule, an investment adviser's CIP must require the investment adviser to obtain, at a minimum, certain identifying information with respect to each customer before or after an account is opened for the customer. Specifically, the investment adviser must obtain with respect to each customer: (1) name; (2) date of birth for an individual or the date of formation for any person other than an individual; (3) address; ^[35] and (4) identification number.^[36] Under proposed § 1032.220(a)(2)(i), the term “name” would refer to a customer's full legal name, and the investment adviser should consider collecting any aliases or assumed names as well ( e.g., “doing business as” or “DBA” names). For persons other than an individual, the date of formation may be available on the certificate of formation or incorporation (or other document used to create a legal person), as well as any amendments to those documents.

Proposed § 1032.220(a)(2)(i)(A) would require only that this minimum identifying information be obtained. Investment advisers, in assessing the risk factors in paragraph (a)(2), however, would also be required to determine whether other identifying information is necessary to enable the investment adviser to form a reasonable belief that it knows the true identity of each customer. There also may be other circumstances that make it appropriate to obtain additional information.^[37] For example, under proposed section 1032.220(a)(2)(ii)(C), an investment adviser must set forth guidelines in its CIP for situations where, based upon a risk-based assessment of a customer that is not an individual, additional information should be obtained about the individuals with authority or control over the customer's account. The CIP generally should include guidelines for collecting additional information in other situations where the investment adviser determines in the course of examining the nature of its business and operations that additional information should be obtained, consistent with a risk-based CIP, in order to enable the investment adviser to form a reasonable belief that it knows the true identity of the customer. Such guidelines generally should indicate the types of additional information needed and the circumstances when it would be obtained.

Proposed § 1032.220(a)(2)(i)(B) includes an exception from the requirement to obtain a taxpayer identification number from a customer Start Printed Page 44576 opening a new account. As proposed, this exception would allow an investment adviser to open an account for a person that has applied for, but has not received, a TIN. In this case, the CIP would be required to include procedures to confirm that the application was filed before the person opened the account and to obtain the TIN within a reasonable period of time after the account is opened.

Moreover, under proposed § 1032.220(a)(2)(i), when opening an account for a non-U.S. person that is not an individual and that does not have an identification number, the investment adviser would be required to request alternative government-issued documentation certifying the existence of the customer. In contrast to the CIP requirements for mutual funds and broker dealers regarding a non-U.S. person that is not an individual, this specific requirement is being included here to account for changes in how financial institutions now routinely verify the identity of non-U.S. persons that are not individuals.

Section 1032.220(a)(2)(ii) Customer verification. Under proposed § 1032.220(a)(2)(ii), after obtaining identifying information with respect to a customer, the investment adviser would be required to follow risk-based procedures to verify the accuracy of that information in order to reach a point where it can form a reasonable belief that it knows the true identity of the customer. The proposed rule would require that verification procedures be undertaken within a reasonable time before or after a customer's account is opened. This flexibility would have to be exercised in a reasonable time, given that verifications too far in advance may become stale and verifications too long after the fact may provide opportunities to launder money or engage in other relevant illicit finance activity while verification is pending. The amount of time it will take an investment adviser to verify the identity of a customer may depend on the type of account opened, whether the customer opens the account in person, and the type of identifying information available. For example, an investment adviser may choose to place limits on the account, such as temporarily limiting advisory-related activities in an account until the customer's identity is verified in which case the adviser should inform the accountholder. Therefore, the proposed rule would provide investment advisers with the flexibility to use a risk-based approach to determine when the identity of a customer must be verified relative to the opening of an account.

Proposed § 1032.220(a)(2)(ii) would provide for two methods of verifying identifying information: verification through documents and verification through non-documentary means. This proposed provision would require that an investment adviser's CIP address both methods of verification. The CIP would have to set forth risk-based procedures describing when documents, non-documentary methods, or a combination of both will be used. These procedures should be based on the investment adviser's assessment of the factors described in paragraph (a)(2) of the proposed rule.

The risk that an investment adviser will not have a reasonable belief that it knows a customer's true identity will be heightened for certain types of accounts, such as accounts opened in the name of a corporation, partnership, or trust that is created, or conducts substantial business, in jurisdictions designated as primary money laundering concerns or designated as non-cooperative by an international body, or jurisdictions that are otherwise considered high-risk for money laundering or terrorist financing with respect to their compliance with relevant international standards.^[38] Obtaining sufficient information to verify a given customer's identity can reduce the risk an investment adviser will be used as a conduit for money laundering and terrorist financing. An investment adviser's identity verification procedures must be based on its assessments of the factors in paragraph (a)(2). Accordingly, when those assessments suggest a heightened risk, the investment adviser should modify its verification measures accordingly ( e.g., by utilizing additional measures).

Section 1032.220(a)(2)(ii)(A) Customer verification through documents. Proposed § 1032.220(a)(2)(ii)(A) would require an investment adviser's CIP to contain procedures that set forth the documents that the investment adviser will use for verification, based on a risk-based analysis of the types of documents that it believes will enable it to verify customer identities. The proposed rule includes a list of identification documents, though an investment adviser would be allowed to use other documents, provided they allow the investment adviser to establish a reasonable belief that it knows the true identity of the customer. For individuals, these documents may include unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard. For other persons, suitable documents would include documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement, or a trust instrument. The investment adviser's procedures must take into account circumstances in which there may be problems authenticating documents and the inherent limitations of certain documents as a means of identity verification.^[39] These limitations would affect the types of documents that would be necessary to establish a reasonable belief that the investment adviser knows the true identity of the customer and would require the use of non-documentary methods in addition to documents under some circumstances.

Under proposed § 1032.220(a)(2)(ii)(A), once an investment adviser obtains and verifies the identity of a customer through a suitable document, the investment adviser would not be required to take steps to determine whether a document has been validly issued. An investment adviser generally would be allowed to rely on an unexpired government-issued identification for verification purposes; ^[40] however, if a document has indicators of fraud, the investment adviser would have to consider that Start Printed Page 44577 factor in determining whether it could form a reasonable belief that it knows the customer's true identity.^[41]

Section 1032.220(a)(2)(ii)(B) Customer verification through non-documentary methods. Proposed § 1032.220(a)(2)(ii)(B) would require an investment adviser's CIP to describe non-documentary verification methods and when such methods will be employed in addition to, or instead of, verification through documents. The proposed rule would permit the exclusive use of non-documentary methods because some accounts may be opened by telephone, mail, or over the internet in ways that may make sole reliance on documentary verification difficult or burdensome.^[42] However, even if the customer presents identification documents, it may be appropriate to use non-documentary methods as well. Under this provision, the investment adviser would be ultimately responsible for employing verification methods that enable the adviser to form a reasonable belief that it knows the true identity of the customer.

Proposed § 1032.220(a)(2)(ii)(B) would set forth certain non-documentary methods that would be suitable for verifying identity. These methods may include contacting a customer; obtaining a financial statement; comparing the identifying information obtained with respect to the customer against relevant fraud, bad check databases to determine whether any of the information is associated with known incidents of fraudulent behavior; comparing the identifying information with information available from a trusted third-party source, such as a credit report from a consumer reporting agency or an account verification database; and checking references with other financial institutions. This list is not intended to exhaust all methods that may be suitable, however. For example, the investment adviser also may wish to analyze whether there is logical consistency between the identifying information provided, such as the customer's name, street address, ZIP code, telephone number (if provided), date of birth, and social security number.

Proposed § 1032.220(a)(2)(ii)(B) also would require an investment adviser's CIP to address situations in which (1) an individual is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard; (2) the investment adviser is not familiar with the types of documents presented; (3) the investment adviser does not obtain documents to verify the identity of the customer; (4) the investment adviser does not meet face-to-face with a customer who is a natural person; and (5) the investment adviser is otherwise presented with circumstances that increase the risk the investment adviser will be unable to form a reasonable belief that it knows the true identity of a customer through documents.

FinCEN and the SEC recognize that identification documents, including those issued by a government entity, may be obtained illegally and may be fraudulent. In light of the recent increase in identity theft, investment advisers would be encouraged to use non-documentary methods as well, even when an investment adviser has received identification documents from the customer. Additionally, investment advisers are encouraged to consider using both documentary and non-documentary verification methods and should consider on a regular basis whether their procedures for identity verification are appropriate.

Section 1032.220(a)(2)(ii)(C) Additional verification for certain customers. Proposed § 1032.220(a)(2)(ii)(C) would require that an investment adviser's CIP address circumstances in which, based on the investment adviser's risk assessment of a new account opened by a customer that is not an individual, the investment adviser will obtain information about individuals with authority or control over such accounts in order to verify the customer's identity. This requirement would apply only when the investment adviser cannot verify the true identity of a customer that is not an individual using the verification methods described in paragraphs (a)(2)(ii)(A) and (B) of the proposed rule.^[43]

While investment advisers may be able to verify the majority of customers adequately through the documentary or non-documentary verification methods described above, there may be circumstances when the investment adviser cannot form a reasonable belief that it knows the true identity of a customer using such methods. The risk that the investment adviser will not know the customer's true identity may be heightened for certain types of accounts, such as an account opened in the name of a corporation, partnership, or trust that is created or conducts substantial business in a jurisdiction that has been designated by the United States as a primary money laundering concern or by an international body as non-cooperative, or jurisdictions that are otherwise considered high-risk for money laundering or terrorist financing with respect to their compliance with relevant international standards. As a result of this, FinCEN and the SEC are proposing to require (1) that an investment adviser identify customers that are not individuals that pose a heightened risk of not being properly identified and (2) that an investment adviser's CIP prescribe additional measures that may be used to obtain information about individuals with authority or control over the account to verify the customer's identity when standard documentary or non-documentary methods prove to be insufficient.

Section 1032.220(a)(2)(iii) Lack of verification. Proposed § 1032.220(a)(2)(iii) would require that an investment adviser's CIP include procedures for responding to circumstances in which the investment adviser cannot form a reasonable belief that it knows the true identity of a customer. These procedures should describe (1) when the investment adviser should not open an account, (2) the terms under which the investment adviser may provide advisory services to the customer while the investment adviser attempts to verify the customer's identity, (3) when the investment adviser should close an account after attempts to verify a customer's identity fail, and (4) when the investment adviser should file a SAR in accordance with applicable law and regulation.^[44]

Section 1032.220(a)(3) Recordkeeping. Proposed § 1032.220(a)(3) would require that an investment adviser's CIP include procedures for making and maintaining a record of information obtained under procedures implementing proposed paragraph (a), as discussed in greater detail in the following paragraphs. This Start Printed Page 44578 proposal is consistent with the requirement of 31 U.S.C. 5318(l)(2)(B) that CIPs include procedures for maintaining records of the information used to verify a person's identity, including name, address, and other identifying information.

Section 1032.220(a)(3)(i) Required records. Proposed § 1032.220(a)(3)(i) would require that an investment adviser's CIP include procedures for making and maintaining records related to verifying customer identity, as well as procedures for how to do so. Records would have to include the identifying information about each customer under proposed (a)(2)(i) and a description of any document that the investment adviser relied on to verify the identity of the customer (noting the document type, any identification number contained therein, the place of issuance, and the date of issuance and expiration as applicable and relevant) under proposed (a)(3)(i)(B). Proposed § 1032.220(a)(3)(i)(C) would require records to include a description of the methods and results of any measures undertaken to verify the identity of the customer. This description would include any relevant non-documentary methods and additional verification for certain customers used to verify identity under proposed § 1032.220(a)(2)(ii)(B) and (C). Finally, proposed § 1032.220(a)(3)(i)(D) would require investment advisers to record a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained.

An investment adviser would be allowed to use electronic records to satisfy the requirements of this proposed rule.

Section 1032.220(a)(3)(ii) Record retention. Proposed § 1032.200(a)(3)(ii) would prescribe a bifurcated record retention schedule that is consistent with a general five-year retention requirement. Under this proposed provision, an investment adviser would be required to retain the information obtained about a customer pursuant to proposed paragraph (a)(3)(i)(A) ( i.e., identifying information about the customer) while the account remains open and for five years after the date the account is closed.^[45] The remaining records required under proposed paragraphs (a)(3)(i)(B), (C), and (D) ( i.e., information regarding the verification of a customer's identity), however, would only have to be retained for five years after the record is made.

Section 1032.220(a)(4) Comparison with Government Lists. Under 31 U.S.C. 5318(l)(2)(C), a CIP must include reasonable procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations provided by any government agency. Proposed § 1032.220(a)(4) accordingly would require that an investment adviser's CIP include reasonable procedures for determining whether a customer appears on any such list provided by any Federal Government agency that is designated as such by Treasury in consultation with the Federal functional regulators, and that an investment adviser make such a determination within a reasonable period of time after the account is opened, or earlier if required by another Federal law, regulation, or directive issued in connection with the applicable list. This requirement would apply only with respect to lists circulated, directly provided, or otherwise made available by the Federal government and designated as such by Treasury in consultation with the Federal functional regulators. In addition, proposed § 1032.220(a)(4) would state that the procedures must require investment advisers to follow all Federal directives issued in connection with such lists. Because Treasury and the Federal functional regulators have not yet designated any such lists for the purposes of CIP, the proposed rule cannot be more specific with respect to the lists that investment advisers must check. However, investment advisers would not have an affirmative duty under this rule to seek out all lists of known or suspected terrorists or terrorist organizations compiled by the Federal government. Instead, investment advisers would receive separate notification regarding the lists that they must consult for purposes of this provision.

Many investment advisers already have procedures for determining whether customers' names appear on some federal government lists, including lists that identify known terrorists and terrorist organizations. For example, under current law, there are substantive legal requirements associated with the lists circulated by Treasury's Office of Foreign Assets Control (“OFAC”). Failure to comply with these requirements may result in criminal or civil penalties.

Section 1032.220(a)(5) Customer Notice. Section 5318(l)(2) also provides that financial institutions must give their customers adequate notice of their identity verification procedures. Therefore, proposed § 1032.220(a)(5) would require that an investment adviser's CIP include procedures for providing customers with adequate notice that the firm is requesting information to verify their identities. The proposed rule would state that this notice is adequate if the investment adviser generally describes the identification requirements of the proposed rule and provides such notice in a manner reasonably designed to ensure that a prospective customer is able to view the notice, or is otherwise given notice, before opening an account. Under proposed § 1032.220(a)(5), depending on how an account is opened, an investment adviser could post a notice on its website, include the notice in its account applications, or use any other form of written or oral notice.^[46] The sample notice included in the proposed rule, if appropriate, would be deemed adequate notice to an investment adviser's customers when provided in accordance with the other requirements described in this section.

Section 1032.220(a)(6) Reliance on another financial institution. There may be circumstances in which an investment adviser could rely on the performance by another financial institution of some or all of the elements of the investment adviser's CIP. However, the investment adviser would remain responsible for ensuring compliance with the proposed rule 1032.220(a)(6), and therefore would be required to actively monitor the operation of its CIP and assess its effectiveness. Proposed § 1032.220(a)(6) would provide that an investment adviser's CIP may include procedures that specify when the investment adviser will rely on the performance by another financial institution (including an affiliate) of any procedures of the investment adviser's CIP, and thereby satisfy the investment adviser's obligations under the proposed rule. Under proposed § 1032.220(a)(6), reliance would be permitted if a customer of the investment adviser is opening an account or has opened or has established an account or similar business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions, provided that: (1) Start Printed Page 44579 such reliance is reasonable under the circumstances, (2) the other financial institution is subject to a rule implementing the AML/CFT compliance program requirements of 31 U.S.C. 5318(h) and is regulated by a Federal functional regulator, and (3) the other financial institution enters into a contract with the investment adviser requiring it to certify annually to the investment adviser that it has implemented an AML/CFT program and will perform (or its agent will perform) the specified requirements of the investment adviser's CIP. This last element could be satisfied by a reliance letter or other similar documentation. The investment adviser would not be held responsible for the failure of the other financial institution to fulfill adequately the adviser's CIP responsibilities, provided that the investment adviser can establish that its reliance was reasonable and that it has obtained the requisite contracts and certifications. The SEC and FinCEN emphasize that the investment adviser and the other financial institution upon which it relies would have to satisfy all of the conditions set forth in this proposed rule. If they do not, then the investment adviser would remain solely responsible for applying its own CIP to each customer in accordance with this rule.^[47]

Section 1032.220(b) Exemptions. Proposed § 1032.220(b) would provide that the SEC, with the concurrence of the Secretary, may by order or regulation exempt any investment adviser or any type of account from the requirements of this section. Proposed § 1032.220(b) would also provide that the Secretary, with the concurrence of the Commission, may exempt any investment adviser or any type of account from the requirements of this section. In issuing such exemptions, the SEC and the Secretary would have to consider whether the exemption is consistent with the purposes of the BSA and in the public interest, and they may consider other necessary and appropriate factors.

Section 1032.220(c) Effective Date. FinCEN and SEC anticipate that the effective date of the proposed rule will be 60 days after the date on which the final rule is published in the Federal Register . In order to provide time for investment advisers to come into compliance, section 1032.220(c) states the compliance date by which an investment adviser would be required to comply with this section. Specifically, under this proposed rule, an investment adviser would be required to develop and implement a CIP that complies with the requirements of this section on or before six months from the effective date of the regulation, but no sooner than the compliance date of the AML/CFT Program and SAR Proposed Rule, if adopted. We believe that six months strikes an appropriate balance between providing advisers with sufficient time to develop and implement a CIP while not overly delaying CIP implementation across the investment adviser industry.

Section 1032.220(d) Other requirements unaffected. The proposed rule would include a provision, proposed § 1032.220(d), parallel to that in CIP rules previously adopted for other financial institutions, stating that nothing in the rule shall be construed to relieve an investment adviser of its obligations to comply with any other provision of this chapter, including provisions concerning information that must be obtained, verified, or maintained in connection with any account or transaction.^[48]

III. Request for Comments

FinCEN and the SEC invite comment on all aspects of the proposed regulation, and specifically seek comment on the following issues:

1. Whether the proposed definition of “account” is appropriate and unambiguous, and whether other examples of accounts should be added to the rule text.

a. Should an account opened for the purpose of participating in an employee benefit plan established under ERISA be excluded from the CIP account definition?

b. Are there types of accounts that should be exempted from CIP obligations?

2. The proposed definition of “account” would exclude an account that an investment adviser acquires through an acquisition, merger, purchase of assets, or assumption of liabilities, given that customers do not “open” transferred accounts, and, therefore, the accounts do not fall within the scope of section 326. As discussed above, advisers may be required to apply other sanctions and export compliance and AML/CFT requirements to those accounts. Are there circumstances in which advisers should be required to fulfill identity verification requirements for some transfers?

a. Should the rule require advisers to re-verify a customer's identity after a certain period of time ( e.g., every year, every other year, or every five years)?

3. Should the definition of “account” refer to the activities enumerated in 15 U.S.C. 80b-2(a)(11) for the definition of investment adviser? Or is the reference to “investment advisory services” sufficient?

4. Is the proposed definition of “customer” appropriate? Should other examples of customers be added to the rule text?

5. Should the definition of investment adviser apply to non-U.S. advisers registered or required to register with the SEC (for RIAs) or that report to the SEC on Form ADV (for ERAs), as proposed? What would be the logistical challenges of this approach?

6. Should terms defined elsewhere within 31 CFR chapter X, such as “U.S. Person”, “Non-U.S. Person”, and “Taxpayer Identification Number” be defined in the proposed rule as well or are those terms well-understood for CIP purposes?

7. To what extent do RIAs and ERAs already require customer identification and verification or otherwise have procedures in the manner proposed in the course of regular business or under other, existing regulatory obligations?

a. To what extent do the customer identification and verification procedures currently implemented by RIAs and ERAs resemble or differ from those required by the proposed rule?

8. Are there other categories of entities that, like mutual funds, should be exempted from an investment adviser's CIP program. Why or why not?

9. Should the exemption for mutual funds be dependent on the nature of the relationship between the investment adviser and its mutual fund customer and the ability of the investment adviser to meet CIP obligations? Start Printed Page 44580

10. Should closed-end registered funds, wrap fee programs, or other types of accounts advised by investment advisers be, on a risk-basis, exempted from an investment adviser's CIP program?

11. FinCEN also requests comment on the money laundering, terrorist financing, and other illicit finance risks faced by closed-end funds, and how entities with existing CIP requirements, such as banks and broker-dealers, apply those requirements to activity involving closed-end funds.

12. How would an investment adviser apply the identification and verification requirements at proposed § 1032.220(a)(2) to a private fund customer? What type of information would the adviser use to ask identification questions? We expect that advisers would likely already have this information in respect of private funds that they manage. Do commenters agree?

13. Proposed § 1032.220(a)(2) would require that an investment adviser verify customer identity within a reasonable time before or after the customer's account is opened. To what extent would an investment adviser provide advisory services prior to verifying customer identity? How much time would an investment adviser reasonably need to verify customer identity ( e.g., 30 days)?

14. How do investment advisers currently collect identity information for non-U.S. customers that are not individuals, such as foreign legal entities or other legal persons and legal arrangements?

15. Are the provisions in section 1032.220(a)(6) sufficient to permit an adviser to rely on another financial institution to perform its CIP requirements? Would there be any challenges for advisers with the proposed approach? Do commenters agree that an investment adviser should be required to actively monitor the operation of its CIP and assess its effectiveness in order to rely on another financial institution, or should the adviser not be held responsible by showing it reasonably relied on another financial institution that satisfied all of the conditions set forth in this proposed rule?

16. Is the proposed requirement for the other financial institution to enter into a contract with the investment adviser feasible? Does it depend on the size of the investment adviser and its negotiating power? Should we modify this requirement? For example, should we remove or modify the requirement for the other financial institution to certify that it will perform specified requirements of the investment adviser's CIP?

17. Does the proposed compliance date (six months after the final rule is issued) give advisers sufficient time to comply with the requirements of the proposed rule? Should the compliance date be staggered based on adviser size?

18. If an investment adviser cannot form a reasonable belief that it knows the true identity of a customer, should the investment adviser be able to engage in advisory activities on behalf of the customer prior to verifying the customer's identity?

IV. Analysis of the Costs and Benefits Associated With the Proposed Rule

A. Introduction

FinCEN ^[49] and the SEC are sensitive to the economic effects that could result from the proposed rule and have accordingly considered certain likely effects and reasonable alternatives. Section 326 of the USA PATRIOT Act requires Treasury to prescribe regulations setting forth minimum standards for financial institutions regarding the identities of customers when they open an account. It also provides that the regulations issued by Treasury and the SEC must, at a minimum, require financial institutions to implement reasonable procedures for: (1) verification of the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintenance of the information used to verify the person's identity, including name, address, and other identifying information; and (3) consulting lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency to determine whether a person seeking to open an account appears on any such list.^[50]

Under the BSA, FinCEN recently published the AML/CFT Program and SAR Proposed Rule, which would include certain investment advisers in the definition of financial institutions.^[51] If that rule is adopted and “investment adviser” is thereby added to FinCEN's definition of “financial institution” at 31 CFR 1010.100(t), covered investment advisers would be financial institutions for purposes of section 326. As a consequence, FinCEN and the SEC would be required to jointly prescribe rules that establish minimum standards for covered investment advisers regarding the identities of customers when they open an account, which are proposed in this release.^[52] This proposed rule is designed to align the requirements for investment advisers with existing rules for other financial institutions, such as broker-dealers, mutual funds, credit unions, banks, and others, to adopt and implement CIPs.

B. Broad Economic Considerations

Evaluating the effectiveness of AML/CFT regimes is difficult because there is no precise method to determine either the actual number or magnitude of money laundering and terrorism financing crimes that occur, since some of these crimes go undetected. In addition, it is impossible to infer either the number or magnitude of such crimes that would have occurred absent the regime or under some alternative enforcement regime. To our knowledge, there are no academic studies that specifically assess the efficacy of CIP provisions as a part of AML/CFT regimes. However, there is some empirical evidence that points toward the effectiveness of the U.S. AML/CFT regime more broadly.^[53]

The scale of money laundering in the United States is large. Specifically, in fiscal year 2022, offenders in 1,001 money laundering cases were sentenced Start Printed Page 44581 in the Federal system according to the United States Sentencing Commission (“USSC”).^[54] These cases involved a median loss of approximately $300,000 and approximately 17.3 percent of these cases involved a loss of greater than $1.5 million.^[55] USSC does not provide data that would allow us to determine what percentage of these offenses involved investment advisers. However, a Treasury-led review of SARs filed between 2013 and 2021 found that approximately 15.4 percent of RIAs and ERAs were associated with or referenced in at least one SAR ( i.e., they were identified either as a subject or in the narrative section of the SAR) during this time.^[56] Further, the number of SAR filings where an RIA or ERA was referenced increased by approximately 400 percent between 2013 and 2021—a disproportionately higher increase than the overall increase in SAR filings during that time, which was approximately 140 percent.^[57]

According to Treasury, in its 2024 National Money Laundering Risk Assessment (“NMLRA”), “[m]oney laundering enables criminal activity and is necessary to disguise ill-gotten gains. It facilitates crime, distorts markets, and has a devastating economic and social impact on citizens. It also threatens U.S. national security as money laundering allows drug traffickers, fraudsters, human trafficking organizations, and corrupt officials, to operate and expand their criminal enterprises.” ^[58] Money laundering distorts markets because the incentives for criminals' use of the financial system differ from those of the broader market. Illicit funds also have a probability of seizure that could negatively impact the broader market, as it could increase the rate of return investors demand as compensation for risk and thus firms' cost of capital.^[59]

Money laundering also provides the appearance of legitimacy to proceeds of international corruption. By requiring that investment advisers verify the identity of their customers, the proposed rule would make it more difficult for money launderers to use investment advisers as an entry point into the U.S. financial system, reducing money launderers' ability to launder the proceeds of these criminal enterprises and thereby decreasing incentives to engage in these crimes. It would also help address the illicit finance risks identified in NMLRA.^[60] As a result, the proposed rule would reduce both monetary as well as nonmonetary costs associated with money laundering involving investment advisers.^[61]

Given the overall scale of money laundering in the United States, preventing cases involving investment advisers could have substantial benefits. The NMLRA, has identified several vulnerabilities facing investment advisers and highlights some cases involving investment advisers.^[62] The NMLRA cites ERAs, RIAs that are not dually registered as or affiliated with a bank or broker-dealer, and investment advisers managing private funds as the highest-risk types of investment advisers.^[63]

AML/CFT regimes can lower the amount of money laundering that occurs by creating barriers to these transactions. Economic theory would suggest that as more entities and transactions are subject to an AML/CFT regime, the deterrent effect of any particular regulation will increase: Illicit dollars attempting to access U.S. financial markets will seek entry via methods that are outside of, or at the weakest point of, an AML/CFT regime. As the number of possible entryways shrinks, these illicit dollars would be funneled into fewer and fewer channels. As the difficulty of laundering illicit dollars thus increases, the marginal cost of using these channels increases at an accelerated rate, further deterring their use. In targeting money laundering involving customers of investment advisers, the proposed rule thus seeks to fill a current gap in the U.S. AML/CFT regime, as recognized by the Financial Action Task Force (“FATF”).^[64]

C. Economic Baseline

The baseline against which the costs, benefits, and the effects on efficiency, competition, and capital formation of the proposed rule are measured consists of the current U.S. AML/CFT statutory framework, its regulatory implementation, and current AML/CFT practices of investment advisers and their related parties.

1. Regulatory Baseline

The AML statutory framework in the United States is commonly known as the BSA.^[65] Under this framework, many types of financial institutions currently are required to enact AML programs that include a CIP. The SEC has jointly enacted rules with FinCEN that specifically impose CIP requirements on broker-dealers and mutual funds.^[66]

While investment advisers are not currently defined as financial institutions under the BSA and are not subject to CIP requirements, certain investment advisers already perform AML/CFT functions, including those associated with a CIP, as a result of existing requirements.^[67] Specifically, Start Printed Page 44582 some RIAs and ERAs may perform certain AML/CFT functions, including those associated with a CIP, if the entity is also a registered broker-dealer or a bank ( i.e., a dual registrant), or is an operating subsidiary of a bank; other investment advisers are affiliates of banks or broker-dealers, which may implement an enterprise-wide CIP-compliant AML/CFT program that would include investment advisers. Some investment advisers perform these functions via contract with a broker-dealer ( e.g., if the investment adviser performs CIP functions for joint customers) or other financial institutions.

In addition, certain investment advisers already obtain identifying information with respect to some accounts or customers. For example, U.S. investment advisers, like all U.S. persons, must comply with OFAC sanctions and U.S. export controls, so they are prohibited from engaging in transactions that violate foreign economic and trade sanctions and export controls imposed by the U.S. government and may engage in due diligence to ensure that they remain compliant with such sanctions and export controls.^[68] As another example, advisers may be subject to non-U.S. AML and CIP laws, such as those applicable to private funds organized in the Cayman Islands.^[69]

Since the USA PATRIOT Act was passed, multiple rules have been proposed that would have required some investment advisers to apply AML/CFT requirements. While the substantive requirements contained in these proposals are not part of the baseline for the present rulemaking, some investment advisers have developed AML/CFT measures consistent with these prior proposals, as discussed in the next section. Specifically, on September 26, 2002, FinCEN published an NPRM proposing to require that unregistered investment companies, to include private funds, establish AML programs.^[70] This was followed by the May 5, 2003, NPRM proposing to require certain investment advisers to establish AML programs.^[71] On September 1, 2015, FinCEN published an NPRM “to prescribe minimum standards for . . . [AML] programs to be established by certain investment advisers and to require such investment advisers to report suspicious activity to FinCEN pursuant to the . . . BSA” (“Second Proposed Investment Adviser Rule”).^[72] This proposed rule would have included RIAs within the definition of “financial institution” under the BSA and required them to maintain AML programs, report suspicious activity, and comply with other travel and recordkeeping requirements, but would not have included ERAs in the scope of the rule nor would it have established minimum CIP requirements.

Some financial institutions are required to establish a CIP that would include procedures for determining whether a customer appears on lists of known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury in consultation with the Federal functional regulators.^[73] While no such lists have been designated by Treasury for any financial institution, our understanding is that some financial institutions, including some investment advisers, already check their customers against OFAC's Specially Designated Nationals and Blocked Persons List (“SDN List”).^[74]

2. Market Practice

While not legally required, some investment advisers currently have voluntary AML/CFT programs, which may be CIP-compliant.^[75] Investment advisers also collect identifying information to perform operational tasks such as distinguishing between customer accounts, or contacting their customers for the purposes of sending administrative, regulatory, or other notices.

The 2016 Investment Management Compliance Testing Survey (“2016 IMCTS Survey”) collected information from approximately 700 RIAs on their existing implementation of AML/CFT measures.^[76] According to this survey, as of 2016, approximately 40 percent of RIAs had already adopted AML/CFT policies consistent with the Second Proposed Investment Adviser Rule. An additional 36 percent of RIAs adopted some AML/CFT policies and procedures, but those were generally not in line with the Second Proposed Investment Adviser Rule. Therefore, according to the 2016 IMCTS Survey, approximately 76 percent of RIAs have at least some AML/CFT measures in place. In particular, 49 percent had annual employee AML/CFT training, 24 percent had a designated AML/CFT compliance officer, and 40 percent performed independent testing of their AML/CFT program annually. Similar information was not available for ERAs. While this survey did not ask a question about CIPs specifically, it is possible that some advisers did have a CIP as part of their AML/CFT policies and procedures.

Some investment advisers currently outsource some or all of the work needed for investment advisers or other parties to comply with regulatory requirements.^[77] A variety of third-party firms ( e.g., fund administrators) exist that assist investment advisers in complying with their regulatory responsibilities and contractual obligations.

3. Affected Parties

As of October 5, 2023, there were 14,914 RIAs, with roughly $114 trillion assets under management and 931,000 employees.^[78] There were also 5,546 ERAs with additional gross assets of $5.2 trillion (ERAs do not report the number of employees).^[79] RIAs had Start Printed Page 44583 approximately 51.5 million natural person customers and 2.9 million legal entity customers.^[80]

D. Benefits and Costs

1. Benefits

The provisions added to the BSA from section 326 of the USA PATRIOT Act facilitate the prevention, detection, and prosecution of money laundering and the financing of terrorism. Section 326 requires financial institutions to establish CIP programs. If the AML/CFT Program and SAR Proposed Rule is adopted, investment advisers will be financial institutions under the BSA and in such event the BSA would require specifying how an investment adviser is to establish and execute a CIP program.

Obtaining and verifying the identity of account holders or responding to circumstances in which the investment adviser cannot form a reasonable belief that it knows the true identity of a customer would reduce the risk of terrorists and other criminals accessing U.S. financial markets to launder money, finance terrorism, or move funds for other illicit purposes. Comparing customer identities to those on government lists of known or suspected terrorists or terrorist organizations would assist investment advisers in identifying and preventing criminal activity.^[81] Maintaining records would enhance investment advisers' internal compliance efforts and aid investment advisers in detecting and taking measures to prevent potential illegal activity and in identifying customers who have newly been added to such government lists. For example, in the event that an investment adviser's customer is flagged by screening software, maintaining records as required by the proposed rule would assist investment advisers in determining whether this flag was a false positive or whether the customer was truly added to a relevant government list. Establishing a CIP would help investment advisers systematize, and in some cases automate, practices that would facilitate detection of attempted financial crimes and would help ensure that investment advisers have practices that are as effective as possible at deterring financial crimes.

In circumstances where investment advisers are or could be performing CIP activities for certain entities that already have CIP obligations, the obliged entities (such as banks and broker-dealers) may not necessarily have a direct relationship with the customer. In such cases, investment advisers may be able to more efficiently perform CIP obligations such as collecting the required information from these customers because they have a more direct relationship with these customers. The proposed rule would aim to harmonize investment adviser CIP obligations with those of other obliged entities, which could enhance the benefits to the public and reduce the total costs imposed on the industry of these CIP obligations since investment advisers and other obliged financial institutions can decide by contract which party is most efficiently able to execute the CIP and the current disparity in CIP requirements may be distorting these negotiations. To the extent that investment advisers already have practices consistent with the requirements of the proposed rule either because of these extant obligations or for operational efficiency,^[82] the benefits of the proposed rule described above would be mitigated.

The proposed rule would only require investment advisers to collect and verify the identity of customers that directly open and hold accounts (as defined in the proposed rule) with the adviser. The proposed rule's benefits would thus only apply in cases of money laundering activity involving those customers and not other individuals or entities. For example, an investment adviser may have a private fund as a customer. In this case, the proposed rule would require that the investment adviser collect the identifying information of the private fund and, in some cases, individuals with authority or control over such private fund,^[83] but not that of those invested in such fund. In certain contexts, an investment adviser may itself be the individual with authority or control over the private fund.

Similarly, the benefits of the proposed rule would also be lessened to the extent that an investment adviser's customer holds accounts for purposes other than accessing financial markets (for example, if the customer holds an account only to receive investment research services).^[84] In such cases, the benefits associated with protecting financial markets would not directly apply, although the other benefits discussed above would apply.^[85]

It is difficult to estimate how much economic loss the requirements would prevent. Neither the SEC nor FinCEN has data that would allow the quantification of how much money laundering would be reduced as a result of the proposed rule, or how much other illegal activity would be curbed by this reduction in money laundering.^[86] Money laundering and other illicit financing is related to human trafficking, drug trafficking, terrorism, public corruption, the proliferation of weapons of mass destruction, fraud, and other crimes and illicit activities that cause substantial monetary and nonmonetary damages.^[87] By reducing money laundering, and by extension its associated crimes, the proposed rule would reduce those harms to the extent that investment advisers are being used to facilitate such unlawful activity.

2. Costs

While certain provisions of the proposed rule specify minimum requirements, such as the pieces of information required to be obtained and verified, many aspects of the proposed rule require an investment adviser to establish and implement its CIP according to its specific circumstances. For example, under the proposed rule, the CIP must be based on factors specific to each investment adviser, such as size, customer base, and location. Thus, the analysis and detail necessary for a CIP would depend on the complexity of the investment adviser and its operations. Highly complex firms have more risk factors to consider, given, for example, their number of offices, variety of services and products offered, and range of customers. However, many of these firms already have some AML/CFT Start Printed Page 44584 procedures in place and investment advisers already collect some identifying information that they would be required to collect under the proposed rule.^[88]

Generally, these requirements are similar to those for other financial institutions with which investment advisers engage. Many advisers may already bear the cost of these similar CIP requirements for other financial institutions in certain lines of business in ways that would reduce the costs of complying with the proposed rules, and in such cases the proposed rules would create minimal additional costs. Some RIAs and ERAs may have reduced costs because they may already perform certain AML/CFT functions, including those associated with a CIP, because they are dual registrants or affiliated with a bank or broker-dealer.

Under the proposed rule, RIAs that are dual registrants or affiliated advisers would not be legally required to establish a separate CIP for their advisory activities, provided that an existing comprehensive CIP-compliant AML/CFT program covers all the entity's legal and regulatory obligations under the proposed rule. RIAs would also be exempt from having to apply most of the proposed requirements with respect to the mutual funds they advise, as mutual funds have their own CIP requirements and are otherwise required to comply with the other reporting and recordkeeping requirements included in the proposed rule. Certain RIAs and ERAs may also already collect and verify certain information provided by customers via contract for a joint customer with another financial institution or through a voluntary AML/CFT program.^[89]

Some investment advisers may have similarly reduced costs even if they do not currently directly perform CIP-related AML functions. In particular, investment advisers that use broker-dealers on behalf of their customers but that do not perform the procedures required by the broker-dealer's CIP may currently already bear some or all of the proposed rule's costs indirectly. Specifically, these investment advisers could bear such costs in the form of higher charges for the broker-dealer's services, since these broker-dealers are already required to comply with similar CIP requirements related to their joint customers. In such cases, investment advisers would face new costs associated with the proposed rule, but these may be offset at least in part by reduced costs for broker-dealer services.

The proposed rule would only require investment advisers to collect and verify the identity of customers that directly open and hold accounts (as defined in the proposed rule) with the adviser. This scope of the rule would mitigate the proposed rule's costs just as it would mitigate the proposed rule's benefits as described above.^[90]

In addition, investment advisers may deem the requirements of the proposed rule for any mutual fund to be satisfied if the customer ( i.e., the mutual fund it advises) has developed and implemented a CIP that is compliant with the investment company's CIP requirements. This provision further lowers the aggregate cost of the proposed rule by negating or minimizing the cost associated with customers that are mutual funds.

(a) Establishing a CIP

RIAs and ERAs would have to establish or in some instances modify a CIP to comply with the requirements of the proposed rule unless they currently have in place a CIP consistent with the proposed rule's requirements. Creating or modifying the policies and procedures detailed in the CIP would entail costs for these advisers. However, investment advisers may already have procedures in place for obtaining identifying information of customers and some investment advisers may have already implemented voluntary AML/CFT programs that are CIP-compliant or that could serve as a framework for a CIP that is consistent with the minimum requirements of the proposed rule.^[91] Some investment advisers may have already implemented voluntary AML/CFT programs that are CIP-compliant. In particular, certain investment advisers that use broker-dealers or other financial institutions on behalf of their customers may have these programs in place, as these programs assist those financial institutions to comply with their CIP obligations.^[92] Accordingly, such investment advisers may already have written policies and procedures for conducting these or similar activities. The existing infrastructure related to extant practices would reduce the cost of complying with the proposed rule.

Establishing a written CIP would result in additional costs for some investment advisers to the extent they do not have policies and procedures that meet the minimum requirements in the rule. This includes investment advisers that would need to augment their policies and procedures to make them compliant, and costs associated with programming and testing automated systems. FinCEN and the SEC estimate that the average internal time cost for an investment adviser to establish, document and maintain a written CIP as described above would be $1,169.30, with most investment advisers incurring additional ongoing external costs of $584.^[93] These estimates imply $23,923,878 in aggregate industry internal costs and $8,961,480 in aggregate industry annual external costs.^[94]

(b) Obtaining and Verifying Identifying Information

The proposed rule would require an investment adviser's CIP to contain procedures that specify the identifying information that will be obtained with respect to each customer. This information must include, at a minimum, the name, date of birth (or date of formation), address, and identification number of customers opening new accounts. Investment advisers already obtain from customers identifying information, such as their names and addresses, since most investment advisers need to distinguish their customers operationally and these particular forms of personally identifiable information are common ways of doing so.

Despite this, we estimate that there would be some new costs for investment advisers because some may not be obtaining all the information required by the proposed rule or doing so consistently. These investment advisers would face additional costs in collecting this information and updating their account opening applications or account opening websites to insert line items requesting that customers provide the required information.

The proposed rule would further require an investment adviser's CIP to include procedures to verify the identity of each customer and would provide investment advisers with multiple possible methods to do so. For example, depending on the procedures implemented based on the investment adviser's assessment of the relevant risks, customers that open accounts with an investment adviser can simply provide an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver's license or passport, or if the Start Printed Page 44585 customer is not an individual, provide a copy of any documents showing its existence as a legal entity ( e.g., certified articles of incorporation, government-issued business licenses, partnership agreements, or trust instruments and any amendments to such documents). Alternatively, investment advisers may, for example, obtain a financial statement from the customer or compare the information provided by the customer with information obtained from a consumer reporting agency or public database.

The documentary and non-documentary verification methods set forth in the rule to verify the identities of customers are not meant to be an exclusive list of the appropriate means of verification. Other reasonable methods may be available now or in the future. The purpose of making the rule flexible in this regard would be to allow investment advisers to select verification methods that are, as section 326 would require, reasonable and practicable. Methods that are appropriate for an investment adviser with a localized customer base may not be sufficient for a different firm with customers from many different countries. The proposed rule recognizes this fact and, therefore, would allow investment advisers to employ such verification methods as would be suitable to form a reasonable belief that it knows the true identities of its customers.

The SEC and FinCEN recognize that obtaining and verifying the identity of each customer would result in incremental costs for many investment advisers if these firms currently do not use verification methods or do not verify identities in a way that is consistent with the proposed rule's requirements. According to the PRA analysis in section V, the average cost of an ERA with two customers (the median number of ERA customers) to obtain and verify the identifying information as described above would be $212.60 in internal cost burdens with most ERAs facing an additional $46.72 in annual ongoing external costs.^[95] Similarly, the average internal cost burden for an RIA with 100 customers (the median number of RIA customers) would be $10,630, with most RIAs facing ongoing external annual costs of $2,336.^[96] These estimates are based on averages and do not reflect the fact that costs will vary between investment advisers for myriad reasons. In particular, ERA customers are limited to venture capital funds and other private funds. These customers would likely have a smaller per-customer cost than natural person customers.

The proposed rule would also require an investment adviser's CIP to include procedures for responding to circumstances in which the investment adviser cannot form a reasonable belief that it knows the true identity of a customer. While the direct costs of this requirement are included in the estimate above, this requirement may create an additional unquantifiable indirect cost. Specifically, to the extent that any customers who are not intended to be targeted by the proposed rule may be unable to have their identities verified, and thus be subjected to the consequences of this failure to identify (for example, being unable to receive services from the investment adviser), there would be costs associated with temporarily (or possibly in unusual unforeseen circumstances, permanently) losing or having diminished access to financial markets.

(c) Determining Whether Customers Appear on a Federal Government List

The proposed rule would require an investment adviser's CIP to include reasonable procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury in consultation with the Federal functional regulators. Treasury and the Federal functional regulators have not yet designated any such lists. However, for purposes of this economic analysis, we nonetheless estimate the costs of complying with this provision if such lists were to be designated. Our understanding is that some investment advisers and other financial institutions already check their customers against the SDN List. Since the SDN List is often checked in practice and since the creation of such lists that could be provided to investment advisers is a reasonable consideration given this provision in the proposed rule, we are estimating the costs of complying from the current screening practices using the SDN List. We assume, based on staff experience with firms that already check against government lists, that for most accounts this process would be automated and conducted on a batch-file basis, though with significant manual intervention to address false positives. We estimate that the average cost to an ERA with two customers to check such lists would consist of $170.08 in internal time costs with no additional ongoing external costs.^[97] Similarly, for the average cost of an RIA with 100 customers would be $8,504 in internal costs with no additional ongoing annual external costs.^[98] These estimates are based on averages and do not reflect the fact that costs will vary between investment advisers for myriad reasons. In particular, ERA customers are limited to venture capital funds and other private funds. These customers are exceedingly unlikely to be placed on government lists, and so the costs of compliance with this provision will be lower for ERAs or other types of advisers that solely have funds as customers.

(d) Providing Notice to Customers

The proposed rule would require an investment adviser's CIP to include procedures for providing their customers adequate notice that the investment adviser is requesting information to verify their identities. Notice would be considered adequate under the proposed rule if the investment adviser generally describes the identification requirements in the proposed rule and provides such notice in a manner reasonably designed to ensure that a customer is able to view the notice, or is otherwise given notice, before opening an account. For example, if an account is opened electronically, such as through an internet website, the investment adviser may provide notice electronically. We estimate the average internal cost burden of an ERA with two customers to provide notice to customers to be $17, with most ERAs facing annual ongoing external costs of $23.36.^[99] Similarly, the average internal Start Printed Page 44586 cost burden of an RIA with 100 customers would be $850, with most RIAs facing additional ongoing annual external costs of $1,168.^[100] These estimates are based on averages and do not reflect the fact that costs will vary between investment advisers for myriad reasons.

(e) Recordkeeping

The proposed rule would require an investment adviser's CIP to include procedures to make and retain records of customers' identifying information for five years after the date of closing of the account and records regarding the verification of a customer's identity for five years after the record is made. We estimate that many of the records required by the rule are already made and maintained by investment advisers. As discussed above, investment advisers already obtain some of the minimum identifying information specified in the proposed rule, and this information is retained for use in firms' operations.^[101] We estimate that the recordkeeping requirement could result in additional costs for some investment advisers that currently do not maintain certain of the records for the prescribed time period. We estimate that the average cost to an ERA with two customers to make and maintain the required records would be an internal cost burden of $106.30 with no additional ongoing external costs.^[102] Similarly, the average internal cost burden to an RIA with 100 customers would be $5,315, with no additional annual external costs.^[103] These estimates are based on averages and do not reflect the fact that costs will vary between investment advisers for myriad reasons.

(f) Reliance on Another Financial Institution

The proposed rule allows an investment adviser to, under certain circumstances, rely on another financial institution to perform any of the procedures associated with the adviser's CIP. This provision would generally lessen the direct compliance cost of the rule since it would allow these procedures to be done by the party most efficiently positioned to do so and would decrease the likelihood that multiple parties will perform duplicative tasks to comply with regulations affecting different entities. While there may be costs associated with entering or modifying a contract with another financial institution to ensure that the contract's terms have language required by this provision, and there may be monitoring costs to ensure compliance, investment advisers can generally choose to not rely on another financial institution instead if those costs are greater than the cost mitigation that comes from relying on said financial institution.

(g) Summary and Overall Costs

We recognize that the actual costs associated with establishing a CIP will vary from the estimates above depending on the size of the investment adviser, its lines of businesses, the relevant risks to be addressed by the investment adviser's CIP, and the extent to which the investment adviser's current practices would need to be modified to comply with the requirements. We estimate that the average total cost to an ERA with two customers to comply with the proposed rules would be an internal cost burden of $1,675, with most ERAs facing total annual ongoing external costs of $654.^[104] Similarly, the average total internal cost for an RIA with 100 customers would be $26,468, with most RIAs facing total ongoing annual external cost burdens of $4,088.^[105] We further estimate total aggregate industry costs of: $404,045,339 in internal time costs and $ 48,446,970 in annual external time costs.^[106]

We also recognize that these costs would not necessarily be borne solely by investment advisers. Some of these costs could be passed on to the funds and other customers managed by investment advisers. The extent to which these costs would be passed on to customers depends on the interplay of relevant market forces and thus is impossible to predict with accuracy.

The proposed rule provides that the SEC, with the concurrence of the Secretary, may by order or regulation exempt any investment adviser or any type of account from the requirements of this section, or that the Secretary, with the concurrence of the SEC, may exempt any investment adviser or type of account. In issuing such exemptions, the SEC and the Secretary will consider whether the exemption is consistent with the purposes of the BSA, and in the public interest, and may consider other necessary and appropriate factors. This could provide another way to mitigate costs in unforeseen circumstances. For example, if the SEC and the Secretary determine that it is not in the public interest for certain types of accounts to be subject to the requirements of the proposed rule, they may exempt these accounts.

Investment advisers would be required to develop and implement a CIP that complies with the requirements of the proposed rule on or before six months from the effective date of the regulation. Because the overall development burdens are relatively low,^[107] we do not believe that this timeline would impose additional costs beyond the direct costs of compliance as quantified in the PRA.

E. Effects on Efficiency, Competition, and Capital Formation

We expect that the requirements would have minimal impact on efficiency, competition, and capital formation. Relative to the size of investment markets, the magnitude of assets that are intended to be targeted are relatively small. Nasdaq estimates that $3.1 trillion in illicit funds entered the global financial system in 2023.^[108] State Street Global Advisors, by contrast, has estimated the global market portfolio (the value of all investable capital assets) to be $179 trillion as of December 31, 2021.^[109] These estimates suggest that the proposed rule could, at a maximum, impact 1.7 percent of global market funds using an average investment holding period for illicit funds of one year and making the extreme assumption that all illicit funds that enter the global financial system do so through investment advisers.^[110] The Start Printed Page 44587 actual impact is likely to be much lower because investment advisers do not facilitate all funds in the global financial system, and the average time of investment for funds used in money laundering is likely to be shorter than one year.^[111] Further, the costs associated with compliance are small enough relative to assets managed by investment advisers so as not to have a significant impact on competition in the investment adviser market.^[112]

To the extent that the rule would be effective at preventing illicit assets from entering financial markets—for example, if it deters money launderers from attempting to do so or assists investment advisers and law enforcement in discovering these activities—there may be impacts on market efficiency. Specifically, those that engage in money laundering or finance terrorism are likely to have incentives for investment unrelated to the expected return or risk of the asset that differ from the broader market. As a result, their investments change the equilibrium of expected asset risks and returns from what would exist in a market without these illicit funds. For example, money launderers could have very different time horizons for investment and thus could have different liquidity preferences, and so their investments could drive up the premium for liquidity. They likely also have a greater desire to keep their identity hidden and so may choose assets based on this feature. To the extent that money launderers invest based on preferences different from those of the broader market, asset values could, as a result, be distorted relative to what would be efficient for the broader market. Accordingly, it is possible that removing those funds from financial markets would increase market efficiency. The extent to which market efficiency would increase depends on how different money launderers' investment preferences are from those of other investors and how much capital would be effectively prohibited from entering financial markets. We would generally expect these effects to be small, however, given that the magnitude of assets that are intended to be targeted are relatively small compared to the size of investment markets, as discussed above.

Competition may decrease because of the additional compliance costs associated with the proposed rule. However, the relatively small magnitude of estimated costs of the proposed rule, as compared to total assets under management of advisers, suggests that this effect is unlikely to be significant.

The proposed rule is unlikely to have a significant effect on capital formation. To the extent that investors choose to invest more in financial markets because they believe that the proposed rule would reduce the risk of investing by removing illicit funds from the market, capital formation could increase.

F. Request for Comment

FinCEN and the SEC seek comment on all aspects of the economic analysis of the proposed rule, including whether the analysis accurately characterizes the costs and benefits of the minimum requirements set forth by the proposed rule, and whether the specific form of the requirements creates costs or benefits that are not attributable to the statute. To the extent possible, we request that commenters provide supporting data and analysis. In particular, we ask commenters to consider the following questions:

(1) In section IV.B, we state that we do not know what percentage of money laundering crimes sentenced involve investment advisers. Are there sources of data that estimate this percentage? In what ways would this figure be useful for assessing the benefits associated with the proposed rule that is not achieved by the available Treasury analysis of SAR reports?

(2) In section IV.C.1, we state that some investment advisers may already check their customers' accounts against the SDN List. To what extent do investment advisers currently check the SDN List and what factors lead an investment adviser to do so?

(3) In sections IV.C.2 and IV.D.2., we state that investment advisers already collect identifying information required under the proposed rule, either because of contractual obligations or out of operational considerations. Under what circumstances do investment advisers not already collect or retain records of some or all of this information?

(4) In section IV.D.1, we state that we do not have data that would allow us to assess how much money laundering would be reduced as a result of the proposed rule, or how much other illegal activity would be curbed by this reduction in money laundering. What, if any, data exists regarding this activity

(5) In section IV.D.2, we state that some investment advisers may already bear some of the costs of this rule as a result of similar extant requirements on other financial institutions. Is this assumption correct, and if so, how prevalent is this practice?

(6) In Section IV.D.2, we state that allowing an investment adviser to, under certain circumstances, rely on another financial institution to perform any of the procedures associated with the adviser's CIP would generally lessen the direct compliance cost of the rule. To what extent is any anticipated reduction of costs likely to occur, considering the costs of relying on such institutions?

(7) To what extent do investment advisers currently rely on third-party service providers to perform functions related to AML/CFT responsibilities, particularly those associated with a CIP? Would the proposed rule increase or decrease investment advisers' reliance on third-party service providers to perform these functions? If the proposed rule increased investment advisers' reliance on third-party service providers to perform these functions, what additional costs would result?

(8) In places where the costs of the proposed rule are estimated, are these estimates reasonable? Are there any data that could inform the cost estimates of complying with any provisions of the proposed rule? To what extent are there important determinants of costs that could vary between investment advisers that we have not considered in this analysis?

(9) In section IV.G, we discuss the possibility of requiring the Legal Entity Identifier (“LEI”) as the identifier for non-natural person customers. Should the final rule require advisers to use the LEI as the identifier for such customers?

(10) If the adviser knows or has reason to know a customer's assets are maintained at a financial institution that performs CIP requirements because the financial institution is subject to BSA obligations, what would be the benefits and costs of an adviser being required to comply with the proposed rule? Start Printed Page 44588

G. Reasonable Alternatives

1. Requiring the Use of Legal Entity Identifier (“LEI”) as the Identifier for Legal Entities Other Than Natural Persons

The proposed rule allows various forms of identification for non-natural person customers. We considered whether investment advisers should be required to use the LEI or some other uniform standard as the identifier for such customers.

The LEI is an identification number based on the International Organization for Standardization (“ISO”) 17442-1 standard that uniquely identifies a legal entity.^[113] It can facilitate the automatic processing of financial transactions and is used in financial regulatory reporting. For example, the SEC requires an adviser to provide an LEI, if it has one, on Item 1.P on Form ADV.^[114]

Using the LEI would assist investment advisers and enforcement agencies in detecting money laundering more effectively than using a broad array of identifiers because of its uniformity and relative ease of analysis ( e.g., minimizing any need to map disparate jurisdictional identifiers), though this may be mitigated by the proposed rule's scope which is limited to the direct customers of an adviser and not its beneficial owners. However, this is balanced against the flexibility provided to investment advisers to comply with the rule's requirements. Further, since natural persons could not use this identifier, rule compliance would already necessitate collecting different types of identifiers for these individuals. Moreover, omitting an LEI requirement from the proposed rule would be consistent with the existing rules for broker-dealers and mutual funds, and notwithstanding the absence of an LEI requirement, customers could still provide their LEIs to help advisers satisfy their obligations under the proposed rule. Finally, because legal names and associated LEIs are publicly available, bad actors could use such information to impersonate legitimate entities in their submissions to an investment adviser's CIP and reduce the reliability of the LEI as an identification tool.

2. Exceptions for Customers That Do Not Use Investment Advisers To Access Financial Markets

The proposed rule would require an investment adviser's CIP to apply to all types of accounts,^[115] though the adviser may consider the type of account in determining what procedures are appropriate. We considered whether accounts of customers that do not use the investment adviser to access financial markets, such as those that only receive investment research services, should be excluded from the definition of account.

The benefits of the rule related to such accounts are lower than for other accounts because the benefits relating to protecting financial markets do not directly apply. However, other benefits discussed above, including those relating to identifying criminal activity and preventing illicit proceeds from being legitimized still apply. Further, criminal networks could still use investment adviser products to inform their investment decisions or use investment advisers as ways of appearing legitimate to broker-dealers or other financial institutions. For example, criminals could potentially gain information on how to place or layer illicit funds, even if the investment adviser is not actually doing the placing or layering. An investment adviser's CIP must assess the relevant risks and enact procedures that take account of these risks.

Excluding or otherwise excepting these accounts would eliminate the benefits of the rule for these accounts, but could also reduce the costs of compliance with the rule, if the costs of differentiating these accounts are not higher than the costs of complying with the rule for these accounts. However, we do not believe that these cost savings would be large because: (1) the cost per account of the rule is relatively low; (2) to the extent that these accounts create less risk than do other types of accounts, the compliance cost of these accounts under the proposed rule could be even lower than for other accounts if investment advisers enact procedures with lower costs than those they would establish for riskier types of accounts; and (3) differentiating these accounts may be relatively costly, as investment advisers would need to create new systems to identify which customers only have accounts that would fit the exclusion.

V. Paperwork Reduction Act

A. Introduction

Certain provisions of the proposed rule contain “collection of information” requirements within the meaning of the Paperwork Reduction Act of 1995 (“PRA”).^[116] The proposed rule would include new information collection burdens. The title of new collection of information we are proposing is “Amendment to 31 CFR part 1032 under the USA PATRIOT Act.” OMB has not yet assigned a control number for this title. We are submitting the proposed collections of information to the Office of Management and Budget (“OMB”) for review in accordance with the PRA.^[117] An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. We discuss below the collection of information burdens associated with the proposal.

B. Proposed Rule

If FinCEN's proposed AML/CFT Program and SAR Proposed Rule ^[118] is adopted, section 326 of the USA PATRIOT ACT would require Treasury and the Commission to prescribe regulations setting forth minimum standards for investment advisers regarding the identities of customers when they open an account. Section 326 also provides that the regulations issued by Treasury and the Commission must, at a minimum, require investment advisers to implement reasonable procedures for: (1) verification of the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintenance of the information used to verify the person's identity, including name, address, and other identifying information; and (3) determination of whether the person appears on any lists of known or suspected terrorists or terrorist organizations issued by any government agency.^[119] These requirements are referred to as Customer Identification Program (“CIP”) regulations and are long-standing, foundational components of the United States' AML/CFT regime. Under this proposed rule, the CIP must be based on the investment adviser's assessment of the relevant risks, including, at a minimum, those presented by the various types of Start Printed Page 44589 accounts maintained by the investment adviser, the various methods of opening accounts provided by the investment adviser, the various types of identifying information available and the investment adviser's size, location, and customer base.^[120]

Under this proposed rule, an investment adviser would be required to retain (1) the identifying information obtained from a customer while the customer's account remains open and for five years after the date the account is closed and (2) the records pertaining to the verification of a customer's identity for five years after the record is made.^[121] Each requirement to disclose information, offer to provide information, or adopt policies and procedures constitutes a “collection of information” requirement under the PRA.^[122] The respondents to these collection of information requirements would be RIAs and ERAs. As of October 5, 2023, there were approximately 14,914 RIAs and approximately 5,546 ERAs.^[123] This collection of information is found at 31 CFR 1032.220 and is mandatory. All RIAs and ERAs would be subject to the requirements of the proposed rule. Responses provided to the Commission in the context of its examination and oversight program concerning the proposed rule would be kept confidential subject to the provisions of applicable law.

Investment adviser implementation of CIPs and reasonable procedures related thereto under this proposed rule would make it easier to prevent, detect, and prosecute money laundering and the financing of terrorism by (i) specifying the information investment advisers must obtain from or about customers that can be used to verify the identity of the customers, (ii) requiring investment advisers to maintain and retain records of the information used to verify the customer's identity, and (iii) requiring investment advisers to determine whether the customer appears on any lists of known or suspected terrorists or terrorist organizations provided by any Federal government agency and designated as such by Treasury in consultation with the Federal functional regulators. This would make it more difficult for persons to use false identities to establish customer relationships with investment advisers for the purposes of laundering money or moving funds to effectuate illegal activities, such as financing terrorism.

We have made certain estimates of the burdens associated with the proposed rule solely for the purpose of this PRA analysis. The table below summarizes the initial and ongoing annual burden and cost estimates associated with the proposed rule.

C. Request for Comment

We request comment on whether these estimates are reasonable. Pursuant to 44 U.S.C. 3506(c)(2)(B), FinCEN and the Commission solicit comments in order to: (1) evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) evaluate the accuracy of FinCEN and the Commission's estimate of the burden of the proposed collection of information, including whether the estimates are too high or too low; whether the median number of clients is an appropriate figure to use; whether certain costs, such as verification costs, should be Start Printed Page 44592 lower for certain customers (such as private funds if the adviser forms the private fund) and higher for other types of customers (such as in separately managed account relationships); (3) determine whether there are ways to enhance the quality, utility, and clarity of the information to be collected; and (4) determine whether there are ways to minimize the burden of the collection of information on those who are to respond, including through the use of automated collection techniques or other forms of information technology.

Persons wishing to submit comments on the collection of information requirements of the proposed rule should direct them to the OMB Desk Officer for the Securities and Exchange Commission, MBX.OMB.OIRA.SEC_desk_officer@omb.eop.gov, and should send a copy to Vanessa A. Countryman, Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090, with reference to File No. S7-2024-02. OMB is required to make a decision concerning the collections of information between 30 and 60 days after publication of this release; therefore, a comment to OMB is best assured of having its full effect if OMB receives it within 30 days after publication of this release. Requests for materials submitted to OMB by the Commission with regard to these collections of information should be in writing, refer to File No. S7-2024-02, and be submitted to the Securities and Exchange Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 20549-2736.

VI. Regulatory Flexibility Act

The SEC and FinCEN have prepared the following Initial Regulatory Flexibility Analysis (“IRFA”) in accordance with section 3(a) of the Regulatory Flexibility Act (“RFA”).^[124] It relates to the proposed rule that would amend 31 CFR part 1032 and be issued pursuant to section 326 of the USA PATRIOT Act as amended and codified at 31 U.S.C. 5318( l).^[125]

A. Reason for and Objectives of the Proposed Rule

The reasons for, and objectives of, the proposed rule are discussed in more detail in sections I and II, above. The burdens of these requirements on small advisers are discussed below as well as above in sections IV and V, which discuss the burdens on all advisers subject to the proposed rule. Sections II through V also discuss the professional skills that compliance with the proposed rule would require.

If FinCEN's proposed AML/CFT Program and SAR Proposed Rule ^[126] is adopted, section 326 of the USA PATRIOT Act requires Treasury and the Commission to prescribe regulations setting forth minimum standards for investment advisers regarding the identities of customers when they open an account. The statute also would provide that the regulations issued by Treasury and the Commission must, at a minimum, require investment advisers to implement reasonable procedures for: (1) verification of the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintenance of the information used to verify the person's identity, including name, address, and other identifying information; and (3) determination of whether the person appears on any lists of known or suspected terrorists or terrorist organizations issued by any government agency.^[127] The objective of the proposed rule is to make it easier to prevent, detect and prosecute money laundering and the financing of terrorism. The proposed rule seeks to achieve this goal by requiring investment advisers to establish a CIP with procedures that include obtaining identifying information from customers that can be used to verify the identity of the customers. This will make it more difficult for persons to use false identities to establish customer relationships with investment advisers for the purposes of laundering money or moving funds to effectuate illegal activities, such as financing terrorism. The proposed rule is designed to align the requirements for investment advisers with existing rules for other financial institutions, such as broker-dealers, mutual funds, credit unions, banks, and others, to adopt and implement CIPs.

We are also proposing to revise 31 CFR 1032.100 to provide numerous definitions for purposes of proposed 31 CFR 1032.220. This aspect of the proposed rule has no independent substantive requirements or economic impacts.

B. Legal Basis

The proposed rule is being promulgated pursuant to the BSA, which mandates that FinCEN and the Commission issue a regulation setting forth minimum standards for financial institutions and their customers regarding the identity of the customer that shall apply in connection with opening of an account at the financial institution.^[128]

C. Small Entities Subject to the Proposed Rule

The proposed rule would affect investment advisers that are small entities. Under Commission rules, for the purposes of the RFA, an investment adviser generally is a small entity if it: (1) has, and reports on Form ADV, assets under management having a total value of less than $25 million; (2) did not have total assets of $5 million or more on the last day of the most recent fiscal year; and (3) does not control, is not controlled by, and is not under common control with another investment adviser that has assets under management of $25 million or more, or any person (other than a natural person) that had total assets of $5 million or more on the last day of its most recent fiscal year (“small adviser”).^[129] The proposed rule would not affect most small advisers, because generally small advisers are registered with one or more state securities authorities and not with the Commission pursuant to section 203A of the Advisers Act. As a result of section 203A, most small advisers are prohibited from registering with the Commission because an investment adviser generally must have more than $25 million of assets under management or be an adviser to a registered investment company.^[130] Based on data from the Investment Adviser Registration Depository system (“IARD”), we estimate that as of October 5, 2023, approximately 276 RIAs and 113 ERAs are small entities under the RFA.^[131] As discussed above in section Start Printed Page 44593 IV, FinCEN and the Commission estimate that based on IARD data as of October 5, 2023, approximately 14,914 RIAs and approximately 5,546 ERAs, including all of the approximately 276 RIAs and 113 ERAs that are small entities under the RFA, would be subject to the proposed rule.

D. Projected Reporting, Recordkeeping, and Other Compliance Requirements

The proposed rule would impose certain notification and compliance requirements on investment advisers, including those that are small entities. All RIAs and ERAs, including small entity advisers, would be required to comply with the proposed rule's CIP requirements, which are summarized in this IRFA. All of these requirements are also discussed in detail, above, in sections I and II, and these requirements and the burdens on respondents, including those that are small entities, are discussed above in sections IV and V and below. The professional skills required to meet these specific burdens are also discussed in sections II through V.

There are different factors that would affect whether a smaller adviser incurs costs relating to these requirements that are higher or lower than the estimates discussed in section V. For example, we would expect that smaller advisers may not already have CIP programs, or they may not already have CIP programs that meet certain of the elements that would be required under the proposed rule. Also, while we would expect larger advisers to incur higher costs related to this proposed rule in absolute terms relative to a smaller adviser, we would expect a smaller adviser to find it more costly, per dollar managed, to comply with the requirements because it would not be able to benefit from a larger adviser's economies of scale.

As discussed above, there are approximately 276 RIAs and 113 ERAs that are small entities, and we estimate that 100 percent of these are subject to the proposed rule. As discussed above in section V, the proposed rule, which would require advisers to, among other things, adopt and implement procedures to verify the identity of any customer, would create a new annual burden of approximately 249 hours per RIA and 15.76 hours per ERA, or 70,504.88 hours in aggregate for small advisers (1,780.88 hours for ERAs and 68,724 hours for RIAs). We therefore would expect the annual monetized aggregate cost to small advisers associated with the proposed rule to be approximately $7,494,668.74 ($7,305,361.20 for RIAs and $189,307.54 for ERAs).^[132]

E. Duplicative, Overlapping, or Conflicting Federal Rules

Investment advisers generally do not have obligations under the BSA specifically for customer identification programs.^[133] As a result, we have not identified any federal rules that would duplicate, overlap, or conflict with the proposed rule. If FinCEN's proposed AML/CFT Program and SAR Proposed Rule ^[134] is adopted, section 326 of the USA PATRIOT Act requires Treasury and the Commission to prescribe regulations setting forth minimum standards for investment advisers regarding the identities of customers when they open an account. This congressional directive cannot be followed absent the issuance of a new rule.

F. Significant Alternatives

The RFA directs FinCEN and the Commission to consider significant alternatives that would accomplish our stated objective, while minimizing any significant economic effect on small entities. We considered the following alternatives for small entities in relation to the proposed rule: (1) exempting advisers that are small entities from all or part of the proposed rule; (2) establishing different requirements, to account for resources available to small entities; (3) clarifying, consolidating, or simplifying the compliance requirements under the proposed rule for small entities; and (4) using design rather than performance standards.

Regarding the first and second alternatives, FinCEN and the SEC currently believe that establishing different requirements for small advisers, or exempting small advisers from the proposed rule, or any part thereof, would likely be inappropriate under these circumstances. Moreover, FinCEN and the Commission do not believe that those alternatives are appropriate given the flexibility built into the rule to account for, among other things, the differing sizes and resources of advisers, as well as the importance of the statutory goals and mandate of section 326. As discussed above, implementation of CIPs and reasonable procedures related thereto under this proposed rule is intended to assist in preventing, detecting, and prosecuting money laundering and the financing of terrorism by specifying the information investment advisers must obtain from or about customers that can be used to verify the identity of the customers. We assess that this proposed rule would make it more difficult for persons to use false identities to establish customer relationships with investment advisers for the purposes of laundering money or moving funds to effectuate illegal activities, such as financing terrorism. Establishing different conditions for large and small advisers even though advisers of every type and size must open accounts for customers would negate these benefits.

Regarding the third alternative, we believe the rule as proposed is clear and that further clarification, consolidation, or simplification of the compliance requirements is not necessary. As discussed above, the proposed rule would require advisers to, among other things, adopt and implement procedures to verify the identity of any customer, to the extent reasonable and practicable; maintain and retain records of the information used to verify the customer's identity; and determine whether the customer appears on any lists of known or suspected terrorists or terrorist organizations provided by any Federal government agency.^[135] The proposed rule would serve as an explicit requirement for firms to adopt and implement a comprehensive CIP.

Regarding the fourth alternative, we determined to use performance standards rather than design standards. Performance standards allow for increased flexibility in the methods firms can use to achieve the objectives of the requirements. Design standards Start Printed Page 44594 specify the behavior or manner of compliance that regulated entities must adopt. Although the proposed rule would require policies and procedures that are reasonably designed to address a certain number of elements, we do not place certain conditions or restrictions on how to adopt and implement such policies and procedures. The general elements are designed to enumerate core areas that advisers must address when adopting and implementing a CIP. As discussed above, given the number and varying characteristics of advisers, firms would need the ability to design their CIPs in a manner appropriate for their size and business. The proposed rule therefore would allow advisers to address the general elements based on the types of accounts they maintain, the various methods of opening accounts, and the types of identifying information that are available. The proposed rule would also provide flexibility for advisers to determine the personnel who would implement and oversee the effectiveness of their CIPs.

G. Solicitation of Comments

FinCEN and the Commission encourage written comments on the matters discussed in this IRFA. We solicit comment on the number of small entities subject to the proposed rule. We also solicit comment on the potential effects discussed in this analysis; and whether this proposal could have an effect on small entities that has not been considered. We request that commenters describe the nature of any effect on small entities and provide empirical data to support the extent of such effect.

VII. Considerations of the Impact on the Economy

For purposes of the Small Business Regulatory Enforcement Fairness Act of 1996, or “SBREFA,” ^[136] we must advise OMB whether a proposed regulation constitutes a “major” rule. Under SBREFA, a rule is considered “major” where, if adopted, it results in or is likely to result in (1) an annual effect on the economy of $100 million or more; (2) a major increase in costs or prices for consumers or individual industries; or (3) significant adverse effects on competition, investment, or innovation. We request comment on whether this proposal would be a “major rule” for purposes of the SBREFA. We also request comment on the potential effect of the proposed rule on the U.S. economy on an annual basis; any potential increase in costs or prices for consumers or individual industries; and any potential effect on competition, investment, or innovation. Commenters are requested to provide empirical data and other factual support for their views to the extent possible.

VIII. FinCEN's Regulatory Impact Analysis

Executive Orders 12866, 13563, and 14094 (that is, E.O. 12866 and its amendments) direct agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, and public health and safety effects; distributive impacts; and equity).^[137] E.O. 13563 emphasizes the importance of quantifying both costs and benefits, reducing costs, harmonizing rules, and promoting flexibility. E.O. 13563 also recognizes that some benefits are difficult to quantify and provides that, where appropriate and permitted by law, agencies may consider and discuss qualitatively values that are difficult or impossible to quantify.^[138]

FinCEN has designated this proposed rule a “significant regulatory action;” accordingly, it has been reviewed by the Office of Management and Budget (“OMB”).

FinCEN believes that the primary costs of complying with the proposed rule are considered in the Analysis of the Costs and Benefits Associated with the Proposed Rule described in detail in section IV and the Paperwork Reduction Act (44 U.S.C. 3507(d)) burden estimates described in detail in section V, which amount to a new annual aggregate burden (RIAs and ERAs) of 3,800,990 hours with $404,045,339.05 in internal time costs, and $48,446,969.76 in estimated total new annual external cost burden.

As discussed above in sections IV and V, benefits of this proposed rule are expected to include reduced money laundering and terrorist financing occurring through the U.S. financial system. Overall, the proposed rule would benefit law enforcement by improving their ability to investigate, prosecute and disrupt the financing of international terrorism and other priority transnational security threats, as well as other types of transnational financial crime. Obtaining and verifying the identity of account holders or responding to circumstances in which the investment adviser cannot form a reasonable belief that it knows the true identity of a customer would reduce the risk of terrorists and other criminals accessing U.S. financial markets to launder money, finance terrorism, or move funds for other illicit purposes. The proposed rule would also help investment advisers to identify and prevent criminal activity including by allowing investment advisers to identify high risk customers. While it is difficult to estimate the economic losses that would be prevented by reducing money laundering and other financial crimes through this rule, the prevention of such crimes would reduce the monetary and nonmonetary harms they cause.

As an alternative to the proposed rule, as discussed in section IV, FinCEN considered requiring investment advisers use the LEI or some other uniform standard as the identifier for such customers. While using the LEI would assist investment advisers and law enforcement agencies to detect money laundering than using a number of identifiers, the proposed rule's application to direct customers rather than beneficial owners limits the benefit of using LEIs. Further, natural persons could not use this identifier, meaning compliance with the proposed rule would require the collection of different types of identifiers.

Regarding costs, as noted above in sections IV and V, in accordance with section 326 of the USA PATRIOT ACT, the proposed rule would require an investment adviser to establish and implement its CIP according to its specific circumstances and do not set inflexible requirements for all advisers. Further, the proposed requirements are similar to those for other financial institutions with which investment advisers engage; complying with the proposed rule may therefore create minimal additional costs in certain lines of business. Some RIAs and ERAs may have reduced costs because they may already perform certain AML/CFT functions because they are dual registrants or affiliated with a bank or broker-dealer. Finally, per the analysis above in sections IV and V, investment advisers may deem the requirements of the proposed rule with respect to its business relationship with a mutual fund to be satisfied if the customer ( i.e., the mutual fund that it advises) has developed and implemented a CIP that is compliant with the investment company's CIP requirements. Start Printed Page 44595

The costs incurred by the proposed rule would arise through the following requirements: establishing a CIP; obtaining and verifying identifying information; determining whether customers appear on a federal government list; providing notice to customers; recordkeeping; and reliance on another financial institution. Overall, FinCEN estimates that the average total cost to an ERA with two customers to comply with the proposed rules would be an internal cost burden of $1,675, with most ERAs facing total annual ongoing external costs of $654, while the average total internal cost for an RIA with 100 customers would be $26,468, with most RIAs facing total ongoing annual external cost burdens of $4,088.

Given the analysis included in the preceding sections, FinCEN believes that the benefits of this rule would exceed the costs.

IX. FinCEN's Unfunded Mandates Reform Act Determination

FinCEN has analyzed the rule under the factors set forth in the Unfunded Mandates Reform Act (“UMRA”) (section 202(a)). Under this analysis, FinCEN considered whether the proposed rule includes any Federal mandate that may result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100,000,000 or more (adjusted annually for inflation) in any 1 year.” ^[139] The current threshold after adjustment for inflation is $176 million, using the 2022 GDP price deflator. The proposed rule would result in an expenditure in at least one year that meets or exceeds this amount.

FinCEN further estimates total aggregate industry costs of: $404,045,339.05 in internal time costs and $48,446,969.76 in annual external time costs.^[140] The proposed rule does not foreseeably impose costs or other compliance burden that would impact any State, local, or Tribal government. FinCEN believes that the cost benefit analysis in section IV. Analysis of the Costs and Benefits Associated with the Proposed Rule, provides the analysis required by UMRA.

Authority and Issuance

For the reasons set forth in the preamble, FinCEN and the SEC propose to add part 1032 to chapter X in title 31 of the Code of Federal Regulations to read as follows:

PART 1032—RULES FOR INVESTMENT ADVISERS

Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 and 5316-5336; title III, sec. 314, Pub. L. 107-56, 115 Stat. 307.

Subpart A—General

Subpart B—Programs

Footnotes