SEC and FinCEN Propose Rules to Impose Customer Identification Program Obligations on Certain Investment Advisers

On May 13, 2024, the Securities and Exchange Commission (SEC) and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed rules (CIP Rules)^[1]that would impose customer identification program obligations on SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs). The CIP Rules are intended to complement the rules FinCEN proposed earlier this year to require RIAs and ERAs to apply measures to prevent money laundering and to counter the financing of terrorism (AML/CFT Rules).^[2]

Under the CIP Rules, each RIA and ERA would be required to “establish, document and maintain a written customer identification program (CIP) appropriate for its size and business,” as a component of its compliance program under the proposed AML/CFT Rules.

The dictates of the CIP Rules are highly detailed and prescriptive. Highlights of the procedures that must be included in an adviser’s CIP are summarized below.

• Identity Verification Procedures: Risk-based procedures to verify the “identity of each customer to the extent reasonable and practical” and sufficient to “enable the adviser to form a reasonable belief that it knows the true identity of each customer.” The CIP Rules would require an adviser to obtain specific customer information in connection with opening an account, such as name, date of birth or formation, address and identification number.
• Recordkeeping Procedures: Procedures to make and maintain records of all information obtained under the Identity Verification Procedures.
• Procedures for Comparison with Government Lists: Reasonable procedures to determine if a customer is on any list of known or suspected terrorists issued by certain governmental entities.
• Procedures for Customer Notification: Procedures to notify customers that the RIA or ERA is requesting information for identity verification. The CIP Rules include sample language for the customer notice.

SEC Commissioner Mark Uyeda did not vote in favor of the CIP Rules. In his view, some aspects of the CIP Rules are overbroad, and they are so intertwined with the proposed AML/CFT Rules that SEC action on the subject should await finalization of the AML/CFT Rules.^[3] The Investment Advisers Association (IAA) has filed an extensive comment letter with respect to the AML/CFT Rules,^[4]arguing that they would be overly-prescriptive and overly-broad.  Much of the IAA’s reasoning would be equally applicable to the CIP Rules.

Under the CIP Rules, RIAs and ERAs would be required to develop and implement a CIP in compliance with the final rules on or before six months from their effective date.

Written comments on the CIP Rules must be submitted on or before 60 days after publication in the Federal Register. We encourage clients interested in commenting to consult with the BCLP attorneys listed below or their BCLP contact.

[1] Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers (proposed May 13, 2024) (to be codified at 31 CFR 1032 and 17 CFR 275).

[2] For further information on this FinCEN proposal, see FinCEN proposes AML/CFT rules for investment advisers

[3] Commissioner Mark T. Uyeda, Statement on Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers (May 13, 2024).

[4] IAA Recommends Changes to FinCEN’s AML Rule for Investment Advisers - Investment Adviser Association (April 15, 2024).