U.S. Proposes to Subject Non-U.S. SEC Registered Investment Advisers to Anti-Money Laundering Rules

by Dechert LLP
Contact

The United States is proposing rules that, for the first time, would subject investment advisers registered or required to be registered (RIAs) with the U.S. Securities and Exchange Commission (SEC) under the Investment Advisers Act of 1940, as amended, including non-U.S. RIAs, to anti-money laundering (AML) regulation.1

The proposed rules would require RIAs to “develop and implement a written [AML] program reasonably designed to prevent the investment adviser from being used for money laundering or the financing of terrorist activities and to achieve and monitor compliance with the applicable provisions of the Bank Secrecy Act . . . and the implementing regulations thereunder.” The proposed rules also would require RIAs to report suspicious activity to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN).

In a departure from existing practice, the proposal would extend these rules to RIAs wholly outside the United States and is not limited to an RIA’s U.S. clients. As discussed below, this may pose significant challenges for non-U.S. RIAs, as U.S. AML rules may not be consistent with local requirements. Moreover, some non-U.S. RIAs may be subject to local rules restricting their ability to file suspicious activity reports (SARs) with FinCEN.

This Dechert OnPoint provides a brief discussion of some of the key components of the proposed rules and how they could affect non-U.S. RIA's. For a detailed description of the substantive requirements included in the proposed rules, please see Dechert OnPoint FinCEN Proposes Anti-Money Laundering Regulation for Investment Advisers.

All Advisers Registered or Required to Register with the SEC would be subject to U.S. AML Regulation

Definition of “Investment Adviser”

The proposed rules would apply to each “investment adviser,” which is defined as “[a]ny person who is registered or required to register with the SEC under section 203 of the Investment Advisers Act of 1940.” FinCEN acknowledges that the proposed rules would cover non-U.S. RIAs and requests industry comment on whether “foreign advisers that are registered or required to register with the SEC, but that have no place of business in the United States, [should] be included in the definition of investment adviser.” Notably, exempt reporting advisers (ERAs) would not be covered by the proposed rules, as ERAs are neither registered nor required to register with the SEC.

Departure from Practice

The proposed extension of U.S. AML rules to financial institutions outside the United States represents a significant departure from prior proposals and guidance. When the United States Congress passed the Bank Secrecy Act (BSA) in 1970, it intended to apply BSA requirements only to those financial institutions located in the United States. The United States House of Representatives’ report accompanying the BSA stated that “[i]t is not feasible and it is not the purpose of this bill to attempt to apply American law in foreign countries.”2 The U.S. Department of the Treasury historically has embraced this view. For example, in a 1987 report, Treasury noted that the BSA’s requirements “do not apply to foreign branches of United States financial institutions or to any other type of financial institution physically located outside of the United States.”3 FinCEN has affirmed the jurisdictional limits of the BSA in other contexts. Indeed, when FinCEN previously proposed requiring certain investment advisers to establish AML programs,4 only those advisers “whose principal office and place of business is located in the United States” were proposed to be subject to AML regulation. Such jurisdictional limitation also is consistent with FinCEN’s industry guidance regarding SARs, which states that “foreign-located operations of U.S. organizations are not required to file SARs,”5 and with other FinCEN guidance on related regulations.6

Challenges for Non-U.S. RIAs

The proposed rules represent potentially significant challenges for non-U.S. RIAs, as these rules may not be consistent with local requirements.7 At best, non-U.S. RIAs face the prospect of having to comply with multiple AML regulatory regimes. In some cases, local requirements may prevent non-U.S. RIAs from complying with the proposed rules entirely.

For example, RIAs principally located in European Union member states that have adopted data privacy regulations consistent with the European Union’s Data Protection Directive may be unable to comply with FinCEN's proposed SAR requirements without violating local law.8 Similarly, compliance with the proposed SAR requirements may be challenging or impossible for RIAs based in China or Hong Kong. Chinese banking laws generally require that bank entities (certain of which may be registered with the SEC) maintain customer data physically within China;9 in Hong Kong, banks and other financial institutions generally must receive specific customer consent before transmitting personal data outside of the jurisdiction, and only limited exceptions apply with respect to data transmission to law enforcement agencies and financial regulators.10

Non-U.S. RIAs should carefully consider the potential impact of this proposal on their business and operations and may wish to consider submitting comments addressing the concerns outlined above. Written comments on the proposal are due by 2 November 2015.

Footnotes

1) Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers.

2) H.R. Rep. No. 91-975 (1970), reprinted in 1970 U.S.C.C.A.N. 4402.

3) Secretary of the Treasury, Money Laundering and the Bank Secrecy Act: The Question of Foreign Branches of Domestic Financial Institutions (1987).

4) Anti-Money Laundering Programs for Investment Advisers (2003).

5) FinCEN, Answers to Frequently Asked Bank Secrecy Act (BSA) Questions, available here.

6) See, e.g., FinCEN, Guidance on Customer Identification Regulations (Jan. 2004), available here (“The [Customer Identification Program] rule does not apply to any part of [a] bank located outside of the United States.”). FinCEN has expanded BSA requirements to non-U.S. money services businesses that engage in business activities within the United States. See 31 C.F.R. § 1010.100 (ff). However, for reasons noted herein, this is a significant departure from the longstanding jurisdictional limitations of the BSA.

7) In other contexts, FinCEN has accommodated differences between its regulations and the local law of non-U.S. jurisdictions. See id. (“Nevertheless, as a matter of safety and soundness, banks are encouraged to implement an effective [Customer Identification Program] throughout their operations, including in their foreign offices, except to the extent that the requirements of the rule would conflict with local law.”) (emphasis added).

8) See Directive 95/46/EC of the European Parliament and of the Council of 24 Oct. 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, art. 25-26, 1995 O.J. (L 281) (Directive) (requiring, among other things, member states to prevent transfers of personal data to third countries found to have an inadequate level of protection of personal data).

9) See, e.g., Notice of the People’s Bank of China on Urging Banking Financial Institutions to Do a Good Job in Protecting Personal Financial Information, No. 17 (2011).

10) See, e.g., Office of the Privacy Commissioner for Personal Data, Guidance on the Proper Handling of Customers’ Personal Data for the Banking Industry (Oct. 2014).

 

Written by:

Dechert LLP
Contact
more
less

Dechert LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.