EU and US Regulatory Update

EU AML/CFT Regulation approved – Implementation by 2027

On 30th May the Council adopted a package of new rule package including the EU’s first anti-money laundering and counter terrorist financing (AML/CFT) Regulation which will come into force in 2027.

On 30th May the Council adopted a package of new rule package[1] including the EU’s first anti-money laundering and counter terrorist financing (AML/CFT) Regulation which will come into force in 2027.

The Regulation harmonises AML/CFT rules for the first time across the EU. It will expand the list of obliged entities, including crypto-asset service providers (CASP) and football clubs. In addition enhanced due diligence measures must generally be applied for “very wealthy (high net-worth) individuals”.

The AML package also includes the 6th AML/CFT directive (6AMLD)that will impact the public sector in particular the organization of national competent authorities responsible for combatting AML/CFT and supervising compliance with the other elements of the package.

The EU AML/CFT supervisor (AMLA) which will start operating in Frankfurt in 2025 will directly supervise up to 40 financial institutions which are thought to pose the highest ML/TF risk and will include at least one institution from each EU member state. Besides including crypto-asset service providers, institutions that are active in at least six EU member states will come under AMLA’s direct supervision. Once AMLA is live, it will likely start supervising “high-risk” institutions in 2026/2027. Besides its supervisory activities, AMLA will support and coordinate the national financial intelligence units (FIUs).

Proposed AML/CFT for US investment fund sector – harmonization with EU standards

Since the implementation of the 5th EU AMLD in 2020, investment funds and investment advisors have been defined as obliged entities under the EU AML/CFT regime[2] and subject to increased regulatory scrutiny across the EU since then. To date investment funds and investment advisors registered in the U.S. remain out of scope of the US Money Laundering Act and the Corporate Transparency Act in terms of ownership disclosure.[3]

Since the USA Patriot Act was passed, multiple rules have been proposed that would have required some investment advisers to apply AML/CFT requirements. In 2002, FinCEN published an proposal to require that unregistered investment companies including private funds to establish AML/CFT programs. This was followed by consultations in 2003 and 2015. The proposed rule however would only have included SEC-registered investment advisers (‘RIAs’) within the definition of “financial institution” under the BSA and thus requiring them to implement an AML/CFT program, but would not have included SEC-exempt reporting advisers (ERAs) in the scope of the rule nor would it have established minimum CIP requirements. Given that smaller private equity firms with under USD 150 million assets under management and most venture capital firms are typically ERAs would have resulted in them being out of scope.[4]

In early 2024 however, the Treasury Department’s risk assessment identified significant national security risks, including cases where sanctioned individuals and foreign adversaries had utilized investment advisers including ERAs to invest in US assets and access sensitive information. It noted that, despite some advisers voluntarily applying AML/CFT measures, the lack of comprehensive regulations left the sector vulnerable.[5]

As a result, in February 2024, the US Department of the Treasury announced a new proposed rule requiring investment advisers (RIAs) and exempt reporting advisers (ERAs) to comply with AML/CFT measures under the Bank Secrecy Act (BSA) in attempt to reduce the sector’s exposure to ML/TF risks by making it more resilient to the attempts exploit the investment advisory industry for illicit activities including sanctions circumvention.[6]

In order to further strengthen the proposed rule mandating the implementation of risk-based AML/CFT programs, the US Securities and Exchange Commission (SEC) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) jointly issued a notice of proposed rulemaking in May 2024 that would require investment advisers to establish, document and maintain a written customer identification program (CIP) similar to the EU KYC requirements.[7] The rule is currently still under consultation.

 Both SEC-registered investment advisers (RIAs) and SEC-exempt reporting advisers (ERAs) would be subject to the rule.

[1] Anti-money laundering: Council adopts package of rules

[2] Investment Funds and AML

[3] Investment Funds and the U.S. Corporate Transparency Act

[4] Exempt Reporting Requirements Advisers and SEC Scrutiny

[5] Fact Sheet: Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers Notice of Proposed Rulemaking (NPRM)

[6] Financial Crimes Enforcement Network: Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers and Fact Sheet: Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers Notice of Proposed Rulemaking (NPRM)

[7] Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers