Private Fund Managers: A Practical Approach to Anti-Money Laundering Policy
November 02, 2016
By Louis Bruno
The compliance burden is increasing again for many private fund managers. The Financial Crimes Enforcement Network ("FinCEN") has proposed a rule requiring registered investment advisers to implement anti-money laundering ("AML") programs, and detect and report suspicious activity. Additionally, the rule would expand the definition of "financial institution" under the Bank Secrecy Act ("BSA") to include investment advisers, subjecting them to additional regulations, such as recordkeeping and filing currency transaction reports ("CTRs"). Lastly, the proposed rule would provide the SEC with examination authority over private fund managers in AML matters.
The challenge for private fund managers is that their AML risk profile differs from larger institutions, such as banks managing hundreds of daily transactions. To meet this challenge, practical risk-based considerations would serve private fund managers well in effectively and efficiently fulfilling their AML obligations.
A practical approach means AML programs will vary; a large hedge fund's program will likely differ from that of a smaller private equity fund. Smaller funds have fewer compliance resources, are less likely to employ a full-time Chief Compliance Officer and may outsource the function entirely. Moreover, these organizations may lack the expertise to identify AML issues, particularly when onboarding new investors.
KEY ELEMENTS OF AN AML PROGRAM
Regardless of the FinCEN proposed rule, a private fund manager should implement a risk-based AML program meeting industry best practices with the following elements:
- Management oversight – Management is responsible for the AML compliance program and should clearly define and document the investor review and approval process.
- Written policies – AML policies should be reasonably designed to achieve compliance with the proposed rules; delineate responsibilities for identifying and reporting suspicious activities and conducting investor due diligence requirements; address management approval and define risk appetite for onboarding new investors.
- Written procedures – Separate from the policy, an AML program requires written procedures reasonably designed to prevent the firm from being used for money laundering or terrorist financing activities. These controls must be designed to address applicable AML risks to the adviser.
- Periodic independent testing of the AML program – Such periodic testing (i.e., annually) must be conducted by an entity independent of the investment adviser.
- Designation of an AML Compliance Officer – AML Compliance Officers must be "knowledgeable and competent" on applicable regulatory requirements to effectively fulfill the responsibilities attached to the role.
- Training – Employees of the adviser, depending on their roles, would require periodic training on the requirements of the BSA and related AML regulations.
To properly implement key AML components, fund managers should address the following questions:
- Is there established governance allowing management to review and approve new investors?
- Has a risk assessment outlining the adviser's AML risks and corresponding controls been implemented?
- Has management defined the firm's risk appetite for onboarding potentially high-risk investors?
- Is the firm staffed to support investor due diligence, monitoring and reporting or is outsourcing necessary?
KNOWING YOUR INVESTOR
Unlike other financial institutions, investment advisers are not required to enact a Customer Identification Program ("CIP") under the proposed rule. Nevertheless, an effective AML program requires monitoring and detecting suspicious activity, and possibly filing suspicious activity reports ("SARs"). In addition, FinCEN anticipates addressing a CIP requirement in future joint rulemaking with the SEC. Therefore, a fund manager's AML program requires adequate due diligence before accepting investor money to meet SARs and CTR responsibilities.
DEVELOPING AML POLICY
Compliance policies can vary across organizations. However, in the simplest form, a policy should describe the business activities, along with the associated risks and controls to mitigate the risks. AML risk assessments can be incorporated into an investment adviser's annual review under Rule 206(4)-7 of the Investment Advisers Act of 1940, but higher risks may need more frequent review.
Elements of a risk-based AML policy should include:
- clear "money laundering" definition;
- examples of "red flags" indicating suspicious activities;
- identifying the person(s) responsible for administering and enforcing the AML program;
- criteria and tolerance for onboarding high risk investors (e.g., politically exposed persons ("PEPs"), particularly where sources of funds are unclear; and
- consequences for policy violations.
Importantly, AML policies are frequently distinct documents from an investment adviser's compliance manual. To promote a consistent compliance program, fund managers should align the AML policy to the compliance manual.
OUTSOURCING AML PROCEDURES
Many fund managers outsource some or all of their AML procedures to third parties, such as fund administrators. Regardless of any outsourcing, FinCEN emphasizes that fund managers remain fully responsible for the adequacy and effectiveness of their AML program, including elements performed by third-party service providers. Regulators will not accept blame by advisers for a third-party's investor due diligence failure.
If fund managers elect to outsource, several best practices apply for fulfilling AML responsibilities. A fund manager's AML policy should specify the level of investor due diligence performed by a third party, and the amount of oversight by the manager. Examples may include periodic onsite visits to the third party, testing of processes and meeting with key personnel to gain comfort with procedures.
Additionally, when completing service level agreements ("SLAs"), fund managers should consider the following:
- Level of due diligence: SLAs must address the level and scope of fund manager due diligence on the outsourced third party. SLAs should provide a fund manager the right to inspect an administrator's due diligence reviews on new investors. For high-risk investors, such as PEPs, SLAs should articulate any enhanced due diligence procedures performed by the third party that would allow the fund manager to gain comfort with the investors' source of funds. Enhanced due diligence procedures may require additional documents or information from the investor. These concerns are illustrated by the recent publication of the Panama Papers.
- Record retention: If the fund administrator holds AML records on behalf of the fund manager, SLAs should clearly define regulatory expectations on document production. Typically, regulators require document production within 24-48 hours for an examination request, and SLAs should contain appropriate language to protect fund managers.
- On-site inspections: An adviser's periodic on-site due diligence of third parties should include reviews of AML files the third party maintains for the fund manager and testing of AML activities. SLAs should allow advisers the right to review such files and conduct testing of the third party's procedures.
- Escalation procedures: If a fund administrator identifies any red flags during AML reviews, SLAs should contain escalation procedures to immediately notify the AML compliance officer. Red flags may include the presence of PEPs or negative investor information, but fund managers must be prepared to take prompt and appropriate action in such circumstances.
Private fund managers can ease their anxiety concerning the new FinCEN rule by following AML fundamentals. Risk-based AML policies start with knowing your investors and their source of funds through proper diligence. A practical approach may include outsourcing AML tasks to third parties, but fund managers must provide proper oversight and draft agreements taking AML responsibilities into consideration to reduce their compliance risk.
Asset Management Intelligence - Q4 2016