In a year when the Department of Labor’s Fiduciary Rule has stolen the headlines and captured the attention of virtually everyone in the financial industry, it is easy to lose sight of another game-changing rule on the horizon for advisers: AML obligations proposed by FinCEN under the Final Rule of the Bank Secrecy Act.
AML at Home and Abroad
Anti-money laundering cases around the world have gained attention in recent years. Rules worldwide have matured, enforcement and surveillance techniques have improved, and jurisdictions have demonstrated their willingness to collaborate toward mutually beneficial outcomes.
In the U.S., many industries fall under the purview of AML regulation. Most advisers have not been required to adopt a formal AML program and could rely in large part on their custodians’ AML policies. But the respite advisers have enjoyed will end on the final rule’s effective date, which is expected to be imminent.
FinCEN’s Final and Proposed Rules
Although the contents of the final rule have yet to be revealed at the time of this writing, the proposed rule provides a useful guideline for initial examination. While sharing many similarities with the requirements to which broker-dealers have become accustomed, the proposed rule for advisers has a few important distinctions.
The most notable difference is the absence of customer identification program (CIP) and enhanced due diligence requirements. While these requirements are not included in the proposed rule, they are expected to be included in future rule extensions. The proposed rule would require the following:
- Advisers adopt an AML program that includes policies and procedures;
- The appointment of an AML Compliance Officer;
- Ongoing employee training;
- Independent AML program audits.
Policies and procedures will require the most significant shift in each firm’s day-to-day activities.
Developing AML Compliance Policies and Procedures
When developing adequate AML policies and procedures, advisers should begin with an AML risk assessment to examine where the firm’s risks lie and prioritize them based on the likelihood of occurrence, potential severity, mitigation and other relevant factors. Each firm’s risks will be different, but an AML risk assessment should always consider the firm’s mix of business and types of clients, as well as the clients’ geographic locations, ownership status, politically exposed person (PEP) status, source of funds, and financial institution references.
Until CIP requirements are added, much of the focus will be on the requirement for advisers to create procedures to monitor for suspicious activities. Some activities may be judged against the client’s past behavior or expected behavior, while other activities may be flagged as suspicious based on predetermined red flags that warrant further review—many firms will likely utilize technology to assist in this endeavor. Examples of red flags could include the following:
- Refusal to provide requested information, i.e. information to verify identity, business activities, source of funds, etc.;
- Providing false or suspicious legal documents;
- A deposit followed by a quicker than expected withdrawal;
- A pattern of deposits and immediate withdrawals not contemplated at the time of account inception;
- A client’s sudden and/or unexpected change in wiring instructions and/or wiring patterns;
- A client’s lack of concern with risk, returns or fees;
- A client’s unusual concern in or request to process transactions in such a way as to avoid reporting requirements.
Certain suspicious activities will require the Adviser to file a Suspicious Activities Report (SAR) with FinCEN, such as when the activity:
- Has no apparent lawful purpose;
- Uses the adviser in facilitating criminal activity;
- Involves funds from or is intended to hide assets from illegal activities;
- Is designed to avoid the requirements of the Bank Secrecy Act.
SAR filings are subject to strict controls and confidentiality requirements, and the determination whether to file or not to file can be subject to scrutiny at a later date. If, upon review, the adviser determines that no further action or SAR filing is required in response to a flagged suspicious activity, the firm should ensure that it maintains documentation of the rationale underlying its determination.
Coordinating AML Training Programs and Testing
Advisers are expected to develop training programs for new hires and manage ongoing annual training for employees whose job functions require knowledge of the applicable rules and procedures. This training is most effective when customized for employees’ respective job functions, and all materials and attendance information should be retained as documentation.
The proposed rule also contains a requirement that firms arrange for independent testing of their AML programs. Testing should be conducted by independent parties who are not involved in the operations or oversight of the AML program, but have the requisite knowledge of the rule.
While in larger firms an internal audit division may have appropriate knowledge of rules, they may not possess the day-to-day operational and supervisory involvement that enables the firm to conduct its AML testing internally. For many advisers, third-party testing will be necessary due to the firm’s small size, because cross-functioning of their operations precludes the existence of such independent employees, or because any sufficiently independent people in the firm lack the necessary skill set and/or experience to conduct the testing.
While the industry has spent much of the last year laser focused on the DOL Fiduciary Rule, FinCEN’s expansion of the AML Rule has largely taken a back seat. Now that the midpoint between the release of the DOL Fiduciary Rule and its first implementation date has arrived, it may be tempting to enjoy a brief moment of calm during the eye of the storm.
Advisers will underestimate and overlook the impending AML proposed rule at their peril. It would be wise to use this time to prepare for the stricter AML regulations on the horizon.
Anti-money laundering cases around the world have gained attention in recent years. Rules worldwide have matured, enforcement and surveillance techniques have improved, and jurisdictions have demonstrated their willingness to collaborate toward mutually beneficial outcomes.
FinCEN’s Final and Proposed Rules
The most notable difference is the absence of customer identification program (CIP) and enhanced due diligence requirements. While these requirements are not included in the proposed rule, they are expected to be included in future rule extensions. The proposed rule would require the following:
- Advisers adopt an AML program that includes policies and procedures;
- The appointment of an AML Compliance Officer;
- Ongoing employee training;
- Independent AML program audits.
Developing AML Compliance Policies and Procedures
Until CIP requirements are added, much of the focus will be on the requirement for advisers to create procedures to monitor for suspicious activities. Some activities may be judged against the client’s past behavior or expected behavior, while other activities may be flagged as suspicious based on predetermined red flags that warrant further review—many firms will likely utilize technology to assist in this endeavor. Examples of red flags could include the following:
- Refusal to provide requested information, i.e. information to verify identity, business activities, source of funds, etc.;
- Providing false or suspicious legal documents;
- A deposit followed by a quicker than expected withdrawal;
- A pattern of deposits and immediate withdrawals not contemplated at the time of account inception;
- A client’s sudden and/or unexpected change in wiring instructions and/or wiring patterns;
- A client’s lack of concern with risk, returns or fees;
- A client’s unusual concern in or request to process transactions in such a way as to avoid reporting requirements.
SAR filings are subject to strict controls and confidentiality requirements, and the determination whether to file or not to file can be subject to scrutiny at a later date. If, upon review, the adviser determines that no further action or SAR filing is required in response to a flagged suspicious activity, the firm should ensure that it maintains documentation of the rationale underlying its determination.
Advisers are expected to develop training programs for new hires and manage ongoing annual training for employees whose job functions require knowledge of the applicable rules and procedures. This training is most effective when customized for employees’ respective job functions, and all materials and attendance information should be retained as documentation.
While in larger firms an internal audit division may have appropriate knowledge of rules, they may not possess the day-to-day operational and supervisory involvement that enables the firm to conduct its AML testing internally. For many advisers, third-party testing will be necessary due to the firm’s small size, because cross-functioning of their operations precludes the existence of such independent employees, or because any sufficiently independent people in the firm lack the necessary skill set and/or experience to conduct the testing.
Advisers will underestimate and overlook the impending AML proposed rule at their peril. It would be wise to use this time to prepare for the stricter AML regulations on the horizon.