Just as RIAs owe a duty to diligently protect their clients’ privacy and guard against identity theft, firms also play a vital role in customer identification. Although RIAs are not subject to an anti-money laundering (AML) rule, and nothing has been implemented by the SEC, securities regulators expect investment advisors to address these issues in their policies and procedures.
The SEC has issued no-action letters that impact RIAs and broker-dealers. No-action letters written by SEC staff members do not have the force of law, but they help explain the Commission’s interpretation of rules and regulations. RIAs are in a good position if they rely on no-action letters when challenged by examiners during an audit. On February 12, 2004, the SEC issued the first string of no-action letters, permitting broker-dealers to rely on RIAs to perform some of their Customer Identification Program (CIP) obligations.
The SEC extended its no-action position on January 11, 2011, but added new conditions that must be satisfied if a broker-dealer relies on an RIA for customer identification. These conditions, which took effect on May 12, 2011, were not imposed on broker-dealers in prior no-action letters addressing this issue. This no-action relief is available until January 11, 2013.
Why Broker-Dealers Need the Relief Granted by the Latest No-Action Letter
Intermediary and shared business relationships are quite common in the securities industry. In the relationship between a broker-dealer and an RIA, both parties may agree that the advisory firm will be responsible for performing customer identification of shared customers. After an agreement is reached, RIAs could be expected to perform this function.
Generally, reliance is allowed if the responsible financial institution is subject to an AML rule and is regulated by a federal functional regulator. Reliance must be reasonable under the circumstances. Under the Bank Secrecy Act, however, broker-dealers fall within the definition of “financial institution,” while RIAs do not. Broker-dealers are subject to an AML rule, while RIAs are not. Although an AML rule for RIAs was proposed, it was later withdrawn by the SEC. Therefore, without a no-action letter, a broker-dealer’s ability to rely on an RIA for customer identification is limited.
Impact of the Latest No-Action Letter
The latest no-action letter only affords relief to broker-dealers on three conditions.
- If reliance on an RIA for customer identification is reasonable under the circumstances
- The RIA is SEC-registered
- The parties have entered into a reliance contract. In the contract, the RIA must agree that:
- the firm has implemented its own AML program which meets the requirements applying to broker-dealers;
- the program will be updated as is necessary to comply with new laws and regulations;
- the firm or its agent will perform the necessary broker-dealer CIP duties in the manner stipulated by section 326 of the USA PATRIOT Act (Patriot Act);
- the firm will promptly notify the brokerage firm if suspicious or unusual activity occurs, so the broker-dealer can file a Suspicious Activity Report (SAR) if warranted;
- the RIA will annually certify statements made in the reliance contract to maintain compliance, continuity, and accuracy;
- the firm will promptly provide its CIP books and records to the SEC, a self-regulatory organization with jurisdiction over the broker-dealer, or authorized law enforcement agencies.
The books and records request may come directly or indirectly from the broker-dealer.
Although an RIA must provide prompt notice if suspicious activity occurs, nothing in this no-action letter relieves a broker-dealer of its duty to establish policies and procedures reasonably designed to detect and report suspicious activity. Reliance on an RIA is only reasonable if the broker-dealer undertakes appropriate due diligence on the RIA commensurate with the risk. The broker-dealer must assess the risk of money laundering posed by the RIA and the advisory firm’s customer base. An investigation must be conducted at the beginning of the broker-dealer’s relationship with an RIA and additional due diligence must be conducted at appropriate intervals. The no-action letter does not stipulate how frequently a broker-dealer should update its due diligence of an RIA.
The type of due diligence conducted by a broker-dealer depends upon the circumstances. It might encompass actions such as:
- obtaining a copy or summary of the relied-upon RIA’s CIP procedures;
- requesting responses from the RIA to a questionnaire relating to its CIP program; and/or
- documenting that the RIA attests to fully complying with its CIP program.
The no-action letter seemingly does not permit broker-dealers to rely on state-registered RIAs for customer identification. Many federally-registered RIAs will be shifting to state registration as the threshold for assets under management is raised from $25 million to $100 million. Therefore, a broker-dealer may not be able to rely on a particular RIA once the firm is no longer SEC-registered.
A broker-dealer may choose to rely on an RIA for customer identification, even though the relationship does not satisfy the conditions established by this new no-action letter. The no-action letter does not prohibit the broker-dealer from entering into a reliance agreement and contractually delegating its CIP responsibilities to an RIA. If that occurs, however, the broker-dealer will remain solely responsible for ensuring compliance with the CIP rule. As a result, it must actively monitor the RIA’s customer identification efforts and make certain they are effective.
AML Policies and Procedures
Although RIAs are not subject to an AML rule, they should still implement policies and procedures to detect and deter money laundering. If an RIA has entered into a reliance agreement with a broker-dealer, the firm’s policies and procedures should be tailored to the AML obligations owed pursuant to that contract.
Even if an advisory firm has not entered into a reliance agreement with a broker-dealer, it is a best practice for RIAs to implement AML policies and procedures addressing potential risks in the RIA’s client base and business model. Certainly, an RIA doing business with clients from across the globe would need extensive policies and procedures preventing those risks from occurring. Policies and procedures should always be customized to address specific risks facing the firm.
The Big Picture
RIAs play a significant role in the fight against money laundering, even though they are not subject to an AML rule. In most advisory relationships, IARs come to know their clients quite well. Whether they are engaged in financial planning or conducting a suitability analysis before recommending investments, IARs know intimate details about a client’s financial situation. Furthermore, IARs learn a great deal about their clients as they work together throughout the years. In contrast, a broker-dealer may only be providing custody and clearing services. Usually, the RIA has the primary relationship with the customer.
The SEC’s most recent no-action letter allows broker-dealers to continue relying on RIAs for customer identification. Nevertheless, they must update their reliance agreements, ensuring these new conditions are included. They must also revise their policies and procedures to satisfy the conditions set forth in the no-action letter.
In fulfilling their obligations under reliance agreements, RIAs must also implement policies and procedures to ensure that their AML program fully satisfies the requirements of Section 326 of the Patriot Act. Aside from the contractual and regulatory reasons for complying with these requirements, an RIA’s reputation may be damaged forever if the firm becomes entangled in a scheme to launder money, and it won’t matter if the advisory firm is an unwitting accomplice.