August 25, 2015 seems like centuries ago. That was the day the Financial Crimes Enforcement Network (FinCEN) proposed a rule requiring certain investment advisers to establish anti-money laundering (AML) programs and report suspicious activity to FinCEN pursuant to the U.S. Bank Secrecy Act (BSA).

The rule has yet to be adopted, but many registered investment advisers have wisely taken it upon themselves to design and implement BSA compliance programs, in order to prepare. I say “wisely” because those who have done so will be ahead of the curve when a rule is adopted. In the meantime, they are also mitigating reputational risk that might otherwise cause damage, should they be identified as facilitating money laundering or terrorist financing.

For others, the passage of time may have instilled inertia. Why worry, some may ask, when nothing has really happened for over two years? Well first off, we know that the government doesn’t always move fast. And second, there have actually been a few events that may prompt a decision to move ahead with the rule’s adoption. Investment advisers should take note of the following:

  • A report on the U.S regulatory regime has been issued by the Financial Action Task Force (FATF), an inter-governmental body whose objectives are to set standards and promote effective implementation of legal, regulatory, and operational measures for combating money laundering, terrorist financing, and other related threats to the integrity of the international financial system. The FATF works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas. It accomplishes this, in part, through reviews of country regulatory regimes. The FATF’s December 2016 Mutual Evaluation of the United States’ regulatory regime stated, in part, that investment advisers (a part of the securities industry which manages over USD 67 trillion in assets) are not directly covered by BSA obligations. Some investment advisers, however, are indirectly covered through affiliations with banks, bank holding companies, and broker-dealers, when they implement group-wide AML rules or in cases of outsourcing arrangements. Nonetheless, there is a gap, given the size and importance of this sector, which is not in line with the National Money Laundering Risk Assessment which recognizes the risks of money laundering through the securities sector. FinCEN has proposed regulations which would extend AML/counter terrorist financing (CTF) requirements explicitly to all investment advisers.
  • Congress has recently stepped up its interest in AML and CTF. A full range of issues ranging from simplifying to modernizing AML and CTF rules are under active consideration in the Senate Banking Committee and the House Financial Services Committee’s Financial Institutions and Consumer Credit Subcommittee and its Terrorism and Illicit Finance Subcommittee.
  • On February 6, 2018, the Chairs of the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) testified at a Senate Banking Committee hearing on virtual currencies. Among other issues, regulators are concerned with virtual currency money laundering and terrorist financing, and they are calling for regulation to mitigate that risk.
  • Regulators from the SEC to the Office of the Comptroller of Currency (OCC) have consistently, and once again for 2018, included AML compliance as a top oversight priority.

What do investment advisers need to ensure that their BSA compliance programs are appropriate for their risk profile?

  • A Qualified BSA Officer—Designate a board-appointed BSA officer who has the requisite experience in designing, implementing, and maintaining an effective compliance program. A common mistake made by institutions is hiring officers with BSA backgrounds, but who cannot implement or maintain programs.
  • A Risk Assessment—Maintain a current and comprehensive risk assessment, which is the foundation of any BSA compliance program. Ensure you have a robust risk assessment methodology with supporting weights and measures.
  • A Right-sized Program—Leveraging the risk assessment, design and effectively implement a program that is commensurate to the firm’s risk profile. Short-sighted or over-blown programs put the institution at significant risk. Experienced and appropriate staffing levels are critical to every program.
  • Training—Have a training program tailored to risk.
  • Testing and Assurance—Have in place a qualified independent audit function (internal or external) to provide a robust assessment of the quality and state of the BSA compliance program. The BSA officer and BSA audit director should be in sync and work closely together to ensure that the audit staff is qualified and the audit program is effective in assessing the BSA compliance program.

The AML/CTF regulatory environment continues to evolve in the U.S. and throughout the world. Financial institutions of all types and sizes should ensure that they have the appropriate controls in place to mitigate AML/CTF risk. And the risk is not just regulatory, but also reputational, which can be more damaging that any regulatory action or order.