On May 13, 2024, the Securities and Exchange Commission (the “SEC”) and the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) jointly proposed a new rule (the “Proposed Rule”) that would apply customer identification program (“CIP”) requirements to registered investment advisers and exempt reporting advisers (collectively, “advisers”).[1] The Proposed Rule is generally consistent with existing rules requiring other financial institutions, such as brokers or dealers, open-end investment companies, banks, and other financial institutions, to adopt and implement CIPs. The Proposed Rule complements FinCEN’s proposal in February 2024 to designate advisers as “financial institutions” under the Bank Secrecy Act and subject advisers to anti-money laundering/counter-terrorism financing program requirements and suspicious activity report filing obligations.[2]

Customer Identification Program: Minimum Requirements

The Proposed Rule would require advisers to establish, document, and maintain a written CIP appropriate for its size and business that, at a minimum, includes the following aspects.

Identification Verification

The CIP must include risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable.[3] The verification procedures must enable the adviser to form a reasonable belief that it knows the true identity of each customer and be based on the adviser’s assessment of the relevant risks.

Recordkeeping

The CIP must include procedures for making and maintaining a record of all information obtained under the CIP’s procedures.

Comparison with Government Lists

The CIP must include reasonable procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury in consultation with the Federal functional regulators.

Customer Notice

The CIP must include procedures for providing customers with adequate notice that the adviser is requesting information to verify their identities.

Reliance on Another Financial Institution

Subject to certain conditions, the CIP may include procedures specifying when the adviser will rely on the performance by another financial institution of any procedures of the CIP with respect to any customer of the adviser that is opening, or has opened, an account or similar business relationship with the other financial institution, provided that such reliance is reasonable under the circumstances.

Dorsey Observations

If adopted, the Proposed Rule would place significant burdens on advisers to verify the identity of their customers. Advisers may wish to review their anti-money laundering and CIP procedures to determine whether they would need to update or develop procedures to comply. The Proposed Rule Release noted that there are a variety of third-party firms (e.g., fund administrators) that assist advisers in complying with their customer identification responsibilities. Advisers may wish to consult with these firms regarding the requirements of the Proposed Rule. Dorsey’s compliance services are available to assist advisers with their CIP obligations and best practices.



[1] Customer Identification Program for Registered Investment Advisers and Exempt Reporting Advisers, Release No. BSA-1 (May 13, 2024) available at https://www.sec.gov/files/rules/proposed/2024/bsa-1.pdf (the “Proposed Rule Release”).

[2] Fact Sheet: Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers (February 13, 2024) available at https://www.fincen.gov/news/news-releases/fact-sheet-anti-money-laundering-program-and-suspicious-activity-report-filing.

[3] The Proposed Rule would define a “customer” as a person, including a natural person or a legal entity, who opens a new account with an adviser.  According to the Proposed Rule Release, the customer would generally be the person identified as the account holder.  An adviser would not be required to look through a trust or similar account to its beneficiaries and would only be required to verify the identity of the named account holder.