The Treasury Department has proposed new anti-money laundering regulations for investment advisers. If accepted, these rules become effective in 2016. The following information is being provided as a direct and straightforward guide to assist RIAs in complying with these new regulations.
You are considered “covered” and required to follow the new AML rules if your RIA is:
1) Designate a person with overall responsibility for your firm’s AML compliance program (often referred to as the “AML Compliance Officer”).
2) Adopt a written AML policies and procedures manual (see below).
3) Establish internal processes and controls in order to ensure adherence to your AML manual and industry regulations.
4) Schedule an independent audit (see below).
Firms can develop their own AML manual; however, due to the time and expertise required, most RIAs elect to purchase one developed by a qualified third party.
Regardless of whether your manual is developed internally or created with outside assistance, ensure the manual addresses the four critical areas for each requirement:
1)Who is responsible
2)What policies and procedures must be followed
3)When each procedure should be performed (e.g., monthly, annually, within 10 days, as requested by law enforcement)
4)How the firm will document that its procedures were followed (e.g., signing and dating a particular report, maintaining a log)
A “one-size-fits-all” solution. RIAs differ based on many characteristics, including size, investment products, strategies, employees, locations, custody, brokerage arrangements, customer types and locations, regulatory history, affiliates, technology, and other factors. Although many firms may seem similar, no two are exactly alike and, therefore, no two manuals should be the same.
Wishy-washy language (e.g., “the firm may review XYZ report periodically” versus what regulators want to see: “the firm will conduct a monthly review of the XYZ report.”).
Manuals for other types of institutions. Do not purchase a manual designed for a broker-dealer or bank. There are differences in the requirements, regulators, and manner in which these firms are examined. If you adopt the wrong type of manual, there is a good chance you will be subjecting your firm to additional rules that do not apply or are not relevant.
Frequency: We recommend the first audit is completed within 12 months of the Rule’s effective date. While the rules do not specifically require so, if testing is postponed and material deficiencies are discovered, firms are risking not identifying weaknesses early on and having their AML program being cited as deficient. Depending on the firm’s AML risk and results of the first AML audit, a determination may be made that the frequency of testing can be less frequent than annual.
Auditor Selection: Testing may be conducted by internal personnel only if the auditor is qualified and independent. Qualified means someone knowledgeable in AML regulations and the Bank Secrecy Act. In addition to knowledge, a qualified person should understand industry best practices for conducting audits—which includes sampling methodologies, interview strategies, and evaluating automated solutions and technology platforms in order to identify gaps. Practically speaking, most RIAs who do not have an experienced internal auditor, or other qualified person who is completely isolated from the day-to-day business responsibilities, find that they are not able to satisfy these requirements. Independent means the person does not have any AML responsibilities and does not report to the AML Officer, or have other material conflicts of interest.
When evaluating a third party, other than the consideration of price (pricing can vary as indicated below), be sure to evaluate:
Costs will depend on various factors such as the number of the firm’s employees, clients, and changes necessary to the firm’s technology infrastructure. The immediate costs will include the following:
AML manual: The cost of purchasing an AML policies and procedures manual will vary, and depend partly on whether you are hiring the third party to assist with customization of the manual. If the manual is written in a straightforward manner with guidance, firms can easily customize it themselves. It is expected that the cost will begin at $500 for smaller firm templates and increase depending on the level of customization.
AML audit: Most AML auditors begin pricing at approximately $1500 for smaller firms. Factors such as the number and types of clients, transaction volume, and number of employees will increase audit time and cost.
AML training: Firms can develop their own training content and may find several public sources helpful, including FinCEN, SEC, and law enforcement actions and case studies. Training should be customized to each firm’s business and some may find it useful to create position-specific training depending on an employee’s role. Third party training program costs are usually based on the number of participants and generally cost at least $200-$300.
Other internal costs: It is difficult to anticipate and estimate all other costs, as different firms utilize different types of technology, client forms, and internal processes. However, it is recommended that firms begin by investing time in evaluating two processes which are likely to be affected more than others: customer onboarding and activity monitoring. These processes are critical to each firm’s AML program. By spending the appropriate time on customizing your AML program up front, you will increase the chances of avoiding additional costs and regulatory issues later.
ITA COMPLIANCE, LLC, provides consulting and independent testing services to registered investment advisers, broker-dealers, and transfer agents. We are offering a complimentary 15-minute phone consultation to discuss these regulatory changes and answer your firm-specific questions. To schedule a call, or inquire about our services, complete the form (above) or contact us at 617-854-7500 or www.itacompliance.com.