FinCEN and SEC Propose Affirmative KYC Requirements for Registered Investment Advisers and Exempt Reporting Advisers

May 15, 2024
7 minutes

On May 13, the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) and the Securities and Exchange Commission (“SEC”) jointly released a notice of proposed rulemaking (the “CIP Proposed Rule”) that would require SEC-registered investment advisers (“RIAs”) and exempt reporting advisers (“ERAs”) to establish, document, and maintain written customer identification programs (“CIPs”). 

FinCEN previewed the CIP Proposed Rule in a separate, February 2024 notice of proposed rulemaking that would require RIAs and ERAs to (1) develop and implement anti-money laundering compliance programs (within 12 months after the effective date of a final rule) and (2) monitor for and report suspicious activity to FinCEN (the “AML/CFT Program and SAR Proposed Rule”). Our alert on the February 2024 AML/CFT Program and SAR Proposed Rule is available here.

CIP Proposed Rule

The CIP Proposed Rule would require RIAs and ERAs to establish CIPs that closely track the customer identification requirements that currently apply to banks, broker-dealers, and mutual funds (among other financial institutions). Specifically, RIAs and ERAs would be required to establish:

  • A written CIP;
  • Risk-based procedures for performing identification and verification of customers that open accounts, which include:
    • collection of certain minimum identifying information of customers (e.g., name, date of birth or formation, address, and identification number), prior to opening an account; and
    • verification of the identity of each customer, using the foregoing information, through documentary or non-documentary means, within a reasonable time before or after the customer’s account is opened;
  • Procedures for making and maintaining a record of information collected under the CIP, as well as verification performed, for at least five years;
  • Procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by the Treasury Department in consultation with federal functional regulators; and
  • Procedures for providing customers with adequate notice of the RIA’s or ERA’s CIP requirements.

The CIP Proposed Rule would take effect six months from the publication of a final rule but, in any event, no sooner than the compliance date of the AML/CFT Program and SAR Proposed Rule, if adopted.

Initial Reactions

Customers and Accounts

Under the CIP Proposed Rule, CIP obligations would be triggered by a customer’s opening of an account, defined as follows:

  • Account means any contractual or other business relationship between a person and an investment adviser under which the investment adviser provides investment advisory services.
  • Customer means a person (individual or entity) that opens a new account.
    • The definition of customer would not include (1) a financial institution regulated by a federal functional regulator or bank regulated by a state bank regulator; (2) certain domestic government entities; (3) certain entities that are publicly listed on U.S. securities exchanges; or (4) persons that have an existing account with the RIA or ERA, provided that the RIA or ERA has a reasonable belief that it knows the true identity of the person.

While the above definitions resemble the equivalent definitions in the broker-dealer CIP rule, it is not entirely clear how they would be interpreted to apply to private fund structures.

For example, in its “Paperwork Reduction Act” discussion, the CIP Proposed Rule includes the following language in a footnote, which appears to imply that the customers of RIAs and ERAs are the funds that they advise (as opposed to investors in those funds):

Estimates herein assume that (i) the median number of customers per exempt reporting adviser is two and (ii) the median number of customers per registered investment adviser is 100. For purposes of the number of “customers” with respect to exempt reporting advisers, we used the number of private funds reported by exempt reporting advisers on Schedule D, Section 7.B.1 of Form ADV, as of October 5, 2023. For purposes of the number of “customers” with respect to registered advisers, we used the number of “clients” reported by advisers on Item 5.D of Form ADV, as of October 5, 2023. This estimate is based on the median number of clients per registered investment adviser with at least one client. “Customers” does not include the investors in a private fund.

However, this interpretation would appear inconsistent with concerns that have been expressed by FinCEN leadership, such as gaps in anti-money laundering regulation of RIAs and ERAs permitting entry into the U.S. financial system to bad actors. In addition, such an interpretation appears at odds with the CIP Proposed Rule’s contemplated CIP requirements for natural person investors and screening against lists of known or suspected terrorists or terrorist organizations.


Under the CIP Proposed Rule, RIAs and ERAs would be permitted to rely on another financial institution to perform any of the procedures associated with the adviser’s CIP, provided:

  • Such reliance is reasonable under the circumstances;
  • The other financial institution is subject to a rule implementing 31 U.S.C. 5318(h) and regulated by a federal functional regulator; and
  • The other financial institution enters into a contract with the investment adviser requiring it to certify annually to the investment adviser that it has implemented its anti-money laundering/countering the financing of terrorism program, and that it will perform (or its agent will perform) specified requirements of the investment adviser’s CIP.

RIAs and ERAs would remain responsible for ensuring compliance with the CIP Proposed Rule and would be expected to actively monitor the implementation of their CIPs. In practice, many RIAs and ERAs effectively outsource elements of their current, voluntary know-your-customer procedures to third parties that are unlikely to meet the above criteria, including non-U.S.-based administrators and external counsel. Therefore, adoption of the CIP Proposed Rule in its current form—assuming CIP requirements are interpreted to apply to investors in private funds—may necessitate wide-scale retooling of existing know-your-customer procedures across a broad swath of the U.S. private funds market.

Existing Investors

As noted above, the CIP Proposed Rule would exclude from the definition of “customer” persons that have an existing account with the RIA or ERA, provided that the RIA or ERA “has a reasonable belief that it knows the true identity of the person.” Assuming that FinCEN and the SEC interpret “customer” to include investors in private funds, depending on the facts, there may be an argument that investment advisers’ prior due diligence of such investors would satisfy the adviser’s obligations under the CIP Proposed Rule. In this regard, the preamble to the CIP Proposed Rule states that a covered adviser generally would not need to re-verify a customer’s identity if the customer’s identity previously was verified “in accordance with procedures consistent with the proposed rule.” A final rule, if adopted, may clarify whether existing procedures adopted prior to publication of the final rule—e.g., pursuant to non-U.S. know-your-customer requirements—would satisfy this standard.

Harmonization with Existing Know-Your-Customer Procedures

Many RIAs and ERAs voluntarily have adopted certain know-your-customer procedures, including to comply with the anti-money laundering requirements of non-U.S. jurisdictions. While non-U.S. know-your-customer requirements historically have been more stringent than U.S. requirements applicable to investment advisers, RIAs and ERAs should not assume—without review—that their existing know-your-customer procedures will satisfy the minimum requirements that would be imposed under the CIP Proposed Rule. For example, the CIP Proposed Rule would require collection of a taxpayer identification number (i.e., Social Security Number) for natural person customers, whereas collection of passport information may suffice under the know-your-customer requirements of non-U.S. jurisdictions.

The AML/CFT Program and SAR Proposed Rule requires RIAs and ERAs to implement risk-based procedures for conducting ongoing customer due diligence that includes (1) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (2) conducting ongoing monitoring to identify and report suspicious transactions and update customer information. RIAs and ERAs will need to ensure that their anti-money laundering programs include both procedures for identifying and verifying new customers, pursuant to the CIP Proposed Rule, and ongoing monitoring, pursuant to the AML/CFT Program and SAR Proposed Rule (assuming both rules ultimately are adopted).

Along similar lines, pursuant to the Corporate Transparency Act, FinCEN will undertake a forthcoming rulemaking process to revise FinCEN’s Customer Due Diligence (“CDD”) Rule, which currently requires certain financial institutions (including banks and broker dealers), inter alia, to establish written policies and procedures for identifying and verifying the beneficial owners of legal entity customers opening accounts. It is possible that the forthcoming CDD Rule updates could extend similar requirements to RIAs and ERAs, which covered advisers would need to account for in updating their anti-money laundering compliance programs.