The USA is in some ways a contradiction in terms of Anti-Money Laundering (“AML”) rules. While in many ways the USA has traditionally been the driving force behind international sanctions and countering the financing of terrorism, it has trailed behind other jurisdictions in the imposition of strict rules on non-banking financial institutions to perform the type of Know Your Client (“KYC”) checks on customers that are the accepted practice in Europe. Many European fund managers will no doubt relate to the often fraught experience of introducing an American client to the rigours of EU AML requirements.
Is there really such a gulf between EU and US AML requirements for Private Equity?
Part of the problem with answering this question is the labyrinthine nature of US legislation in this area and the difference in regulatory treatment of traditional financial institutions such as banks with other non-banking financial institutions such as Private Equity funds.
The core US AML legislation is the Bank Secrecy Act (“BSA”) which applies to financial institutions as defined in section 31 USC 5312(a)(2) such as banks, insurance companies and credit institutions. This definition does not include SEC registered investment advisers (>$100 million assets under management) or state registered investment advisors (<$100 million assets under management). The BSA, however, has been amended by various other acts such as the Patriot Act (2001), the Money Laundering Suppression Act (1994) and more recently the CDD Rule (detailed below) and not all the amendments apply to all financial institutions as defined in the BSA.
The Customer Identification Program (“CIP”) Rule
In 2003, Section 326 of the Patriot Act as implemented in section 31 C.F.R. § 103.121 (BSA) placed a mandatory requirement on banks to identify and verify their customers. It did not, however, overtly require banks to verify customer beneficial ownership nor require other financial institutions to follow suit.
The Customer Due Diligence (“CDD”) Rule: bridging the gap
In 2016 the Financial Crimes Enforcement Network (“FinCEN”) introduced a further amendment to the BSA and (in addition to banks) included certain non-banking financial institutions in its remit: broker-dealers in securities, mutual funds, futures commission merchants and introducing brokers in commodities. The CDD Rule took effect on May 11th 2018 and FinCEN estimates that implementation will cost affected financial institutions and their customers up to $1.5 billion over a decade.
Core obligations – covered financial institutions must:
- Identify and verify all customers including the beneficial owners and controllers of legal entities and arrangements such as trusts. The threshold is to reach the natural persons holding a 25% interest directly or indirectly in an entity
- Understand the nature and purpose of the customer relationship and assess risk accordingly
- Conduct ongoing monitoring for suspicious activity and changes in the ownership/control of legal entity customers
Methods of identification and verification:
- The CDD Rule specifies that a financial institution can rely on information given to it by the customer in order to identify beneficial ownership unless it has reason to believe this is untrue
- The CDD Rule is less prescriptive about how to go about verifying this information but requires financial institutions to take a risk based approach
- This allows for both documentary methods, for example, an unexpired photographic ID such as a drivers license, and non-documentary methods such as obtaining references from another financial institution
From a European perspective, this very much looks like a first step towards a rational and cohesive AML regime in line with the principles of the EU Fourth Anti Money Laundering Directive. It also echoes the European experience whereby legislation and guidance were initially less prescriptive and later became increasingly detailed in subsequent iterations.
So where does that leave Private Equity?
Many large US fund managers already hold a broker/dealer licence for at least part of their operations and as such, are caught by the FinCEN CDD Rule. Indeed, The Financial Action Task Force estimated in 2016 that 54% of all US investment advisers were indirectly subject to BSA requirements through broker/dealer or banking affiliations[1].
SEC Registered Investment Advisers (RIAs), however, are so far excluded from the direct remit of the new CDD Rule although change is on the horizon. In August 2015, FinCEN proposed extending the definition of ‘Financial Institution’ under the BSA to include SEC RIAs. This would result in a requirement to have an AML Program in place and also to report suspicious activity. FinCEN specifically stated in this proposal that it anticipates it will separately address a Customer Identification Program requirement for RIAs through joint rule making with the SEC.
The comment period on the proposed rule has passed and FinCEN indicated in March 2017 that the agency still plans to move forward with the proposal. The SEC also listed AML Programs as one of its five inspection priorities for 2017, 2018 and 2019 and this is a good indication of the increasing focus in this area.
So why have US private equity RIAs already adopted AML and CDD programs?
While strictly speaking not a legal requirement, the writing is on the wall. FinCen have made a proposal, the Financial Industry Regulatory Authority (“FINRA”) has also expressed interest in regulating RIAs, and one gets the sense that we are just one media scandal away from rushed legislation in this area. For a sector reportedly managing in excess of $60 trillion, it is almost beyond belief that this has not already occurred.
A greater incentive than this, however, is the modern practicality of doing business at an international level. It is now globally accepted practice that investment managers will have an AML program and verify both customers and their beneficial owners – institutional investors such as funds of funds are likely to ask for confirmation of this up front to mitigate any reputational risk they could face.
Likewise, if a US domiciled fund wishes to invest outside the US, they are likely to be asked to disclose their investors and beneficial owners or provide a letter in lieu confirming they have implemented an AML Program to identify and verify their investors ownership and to attest that no politically exposed persons or sanctions subjects have been discovered. This also extends to practical matters such as overseas bank account opening where the same questions are likely.
Similarly, many US based fund managers control foreign registered funds subject to strict AML laws, for example, in Luxembourg and the Cayman Islands, and as such it would be impossible to comply with local law without a dedicated AML program.
[1] http://www.fatf-gafi.org/media/fatf/documents/reports/mer4/MER-United-States-2016.pdf
The ID Register
The ID Register assists fund managers in all jurisdictions to manage risk and staff overhead with a secure and intuitive platform driven by a managed service for the efficient review and approval of subscription documentation, investor KYC and FATCA/CRS reporting. So whether you have a Cayman feeder, a Lux fund or simply want to know more about how we can help you save time and reduce costs, please don’t hesitate to contact us at help@theidregister.com.