WHITE PAPERS FOR FUND MANAGERS
DEVELOPING AN AML (ANTI-MONEY LAUNDERING) PROGRAM:
Although the Department of the Treasury has not issued specific rules for hedge fund and hedge fund managers, hedge fund managers should adopt and implement AML programs consistent with the U.S. Patriot Act as a matter of sound business practices. The AML program should be tailored to the business and operations of the fund manager including the nature and location of investors, relationships with third parties and the applicability of AML rules in non-U.S. jurisdictions. Hedge fund managers should also be prepared to attest to counterparties such as prime brokers, banks and other financial institutions that they have established AML policies.
A hedge fund manager should adopt a written AML program, which should be approved by the senior management of the hedge fund. A hedge fund manager should adopt written policies and procedures that are designed to prevent and detect money laundering and any activity that facilitates money laundering, the funding of terrorist activities or violations of OFAC regulations.
The basic elements of a hedge fund’s AML program should include:
- The designation of a compliance officer
- The development of internal policies, procedures and controls
- An ongoing employee training program
- An independent audit function to test programs and recordkeeping
In addition to approving the AML program, senior management should also designate an Anti-Money Laundering Compliance Officer and provide the officer with adequate authority and resources to effectively implement the manager’s AML program. The AML Compliance Officer’s responsibilities should include:
- Coordination and monitoring of the fund manager’s day-to-day compliance with AML laws and regulations and its own AML program
- Arranging for employee training programs for appropriate personnel related to the fund manager’s AML program
- In consultation with senior management, deciding whether to accept or reject an investor based on the money laundering risks that have been identified
- In consultation with senior management, deciding whether to delegate the performance of investor identification procedures to a third party
- Reviewing any reports of suspicious activity from personnel of the hedge fund
- Arranging for the performance of an independent audit to evaluate the manager’s AML policies and procedures
However, the AML Compliance Officer should not be responsible for functional responsibilities within the organization where money laundering activity could occur.
INVESTOR IDENTIFICATION POLICIES & PROCEDURES:
A hedge fund manager should establish and maintain investor identification procedures that are reasonably designed to identify investors in its hedge funds, to the extent that is reasonable and practical. The investor identification procedures should take into account the specific risks presented by the investor base of the fund it manages. The hedge fund manager should accept an investment from a new investor only after its performance of one of the following due diligence steps:
- The hedge fund manager has undertaken reasonable due diligence efforts with respect to the identity of a direct investor that is acting on its own behalf and not for the benefit of any third party
- If the investor is investing on behalf of other underlying investors, the hedge fund manager has undertaken reasonable due diligence efforts with respect to the identities of the investor and the underlying investors
- The hedge fund manager has determined that it is acceptable to rely on the investor due diligence performed by a third party, such as a fund administrator or an investor intermediary, with regard to the investor
A hedge fund manager should complete appropriate investor identification procedures with regard to an investor prior to accepting an investment from the investor in order to make an assessment regarding the investor’s identity and whether additional due diligence should be conducted with respect to the investor. The fund manager may wish to develop a due diligence checklist to facilitate investor identification procedures. Additionally the fund’s subscription documents should require an investor to:
- Represent and covenant that all evidence of identity provided is genuine and all related information furnished is accurate
- Agree to provide any information deemed necessary by the hedge fund manager to comply with its AML responsibilities and policies
- In case of a direct investor, represent that it is investing solely as principal and not for the benefit of any third parties
A subscription agreement should contain a general set of representations from the investor, stating that they are in compliance with various federal, state and international laws and regulations, as well as a set of other disclosures relevant to AML and OFAC compliance. The representations should also include a statement regarding the legitimacy of the source of funds being invested, the status of the investor as a prohibited investor or Senior Foreign Political Figure or Politically Exposed Person and if the investor is a fund of funds or an entity that is acting as an agent or nominee.
A hedge fund manager should take steps to ascertain the investor’s name and address and, if applicable, social security number or tax identification number when confirming the identity of an investor. When an investor’s bank is not located in a FATF jurisdiction, a hedge fund manager should obtain additional forms of identification from the investor that may be used to confirm the investor’s identity, for example, a passport or utility bill containing the investor’s name and address. When the investor is a legal entity rather than an individual not located in a FATF jurisdiction, the fund manager should obtain additional forms of identification such as certified articles of incorporation, a government issued business license or a partnership agreement.
When the legal entity is neither a publicly-traded company listed on a major, regulated exchange nor a regulated institution organized in a FATF jurisdiction, the fund manager may want to gain additional comfort regarding the investor’s identity by obtaining the following:
- Evidence that the investor has been duly organized in its jurisdiction or organization
- A list of directors, senior officers and principal equity holders or, if the fund manager believes it can reasonably rely on an AML certification from the investor, it can obtain a certificate from the investor that has implemented and complies with AML policies, procedures and controls that seek to ensure that none of its directors, officers or equity holders are prohibited investors
- If the investor is a trust, evidence of the trustee’s authority to make the investment and either an AML certification from the trust or the identities of beneficiaries, the provider of funds, those who have control over funds and any persons who have the power to remove trustees, as well as the trust and the persons authorized to act on behalf of the trust
- Description of the investor’s primary lines of business
- Publicly available information from law enforcement agencies or regulatory authorities
- Investor’s financial statements and/or bank references if appropriate
If there is inadequate information or investor identification procedures that cannot be performed, the fund manager may refuse to accept the investment and file a Suspicious Activity Report (SAR), if appropriate. If the investor’s subscription is approved, the AML compliance officer should consider ongoing monitoring.
HIGH RISK INVESTORS:
A hedge fund manager should conduct enhanced due diligence in addition to standard investor identification procedures when the fund manager believes an investor presents high risk factors for money laundering or terrorist financing. The due diligence procedures undertaken with respect to a high risk investor should be well documented and any questions or concerns in regards to the high risk investor should be directed to the AML Compliance Officer. The decision to accept or reject an investment by a high risk investor should directly involve a more senior level of management than is typically involved. The following are examples of investors that may be deemed to present high risk factors:
- Investors not located in a FATF jurisdiction
- Private investment companies domiciled, or with a principal place of business, in a non-FATF jurisdiction
- A Senior Foreign Political Figure (SFPF)/Politically Exposed Person (PEP) or an immediate family member or close associate of a SFPF/PEP
- Any investor resident in, or organized or chartered under the laws of, a country or territory designated by FATF as a non-cooperative jurisdiction
- Any investor whose subscription funds originate from, or are routed through, an account maintained at a Prohibited Foreign Shell Bank, or an “offshore bank”, or a bank organized or chartered under the laws of a non-cooperative jurisdiction, or a bank or financial institution subject to special measures under Section 311 of the USA Patriot Act
- Any investor that is a Foreign Bank subject to enhanced due diligence under Section 312 of the USA Patriot Act
- Any investor who causes the fund manager to believe that the source of its subscription funds may not be legitimate
Certain potential investors pose an unacceptable risk of money laundering or terrorist financing and the fund manager should not accept any investment from or on behalf of such persons. The following should be identified as Prohibited investors:
- An individual or entity whose name appears on any lists of prohibited persons and entities including The List of Specifically Designated Nationals and Blocked Persons administered by OFAC
- An individual or entity who is from a country or territory prohibited by the OFAC sanctions programs
- An individual or entity who is a resident in, or organized or chartered under the laws of a jurisdiction that has been designated by the US Patriot Act as warranting special measures
- A prohibited Foreign Shell Bank
The fund manager should ensure the information is up to date to avoid permitting a prohibited investor to invest in the fund. If an investor is a Foreign Bank, the fund manager may want to consider obtaining a representation that the bank has a physical presence or does not have a physical presence, but is affiliated with a regulated financial group and does not provide services to Prohibited Foreign Shell Banks.
RISK BASED MONITORING OF INVESTORS:
A hedge fund manager’s policies, procedures and controls should provide for detection of suspicious activity and should include examples of the types and patterns of activities that may require further review to determine whether the activity is suspicious. Although hedge funds and hedge fund managers are not required to monitor and report suspicious activity under the US Patriot Act, FinCEN encourages funds and managers to file SAR’s voluntarily. Some examples that may be indicative of suspicious activity are; if an investor exhibits an unusual concern regarding the hedge fund’s compliance with government reporting requirements, an investor attempts to make frequent subscriptions or redemptions outside of the normal periods, an investor has a questionable background or is the subject of news reports indicating possible criminal activity, an investor appears to be acting as the agent for another entity, but declines or is reluctant to provide any information in response to questions about that entity, or an investor has difficulty describing the nature of his or her business or lacks general knowledge of the industry in which he or she is engaged in.
A hedge fund manager should periodically review its existing investor base in order to ensure that no investor is a prohibited investor. Additionally, the fund manager may want to review public databases on at least an annual basis. Fund managers should consider adopting procedures whereby they only accept wire transfers from a financial institution that is incorporated or has its principal place of business in a FATF jurisdiction. Funds received into the hedge fund from an investor or prospective investor’s bank account, upon redemption should be credited to the same bank or brokerage account, unless there is a legitimate reason for doing otherwise. Any early requests for redemption should be evaluated by the AML Compliance Officer in conjunction with senior management.
SUSPICIOUS ACTIVITY REPORTING:
A hedge fund manager’s AML program should require any employee who detects suspicious activity or has reason to believe that suspicious activity is taking place to immediately inform his or her supervisor, as well as the AML Compliance Officer, who shall determine whether to report that activity to law enforcement. The fund manager should establish effective lines of communication for addressing suspicious activity detected by the fund’s administrator or another third party on which the manager relies for investor due diligence. The AML program should remind all employees of the fact that reports of suspicious activity are confidential and may not be disclosed to any person involved and that it is a violation for a fund manager or its directors, officers, employees or agents to notify any person involved or any third party that a SAR has been filed except where requested by FinCEN or other regulatory agency. The AML program should address procedures the fund manager must follow in order to maintain the confidentiality of a SAR in the event the fund received a subpoena or is requested to disclose a SAR or the information contained in a SAR.
Transactions involving terrorist financing or ongoing money laundering schemes should be immediately reported to FinCEN via the Financial Institutions Hotliine (1-866-556-3974), in addition to filing a SAR.
A hedge fund manager should establish and maintain risk-based policies and procedures which are designed to comply with OFAC regulations. OFAC regulations apply to all U.S. hedge funds and U.S. hedge fund managers. A fund’s OFAC policies should establish criteria for the manager to conduct risk-based diligence on parties with which the manager or its funds transact, which may include investors, intermediaries, counterparties and entities in which a fund invests. If a fund manager wishes to engage in transactions with parties which reside in, is a citizen of, or has a principal place of business in a country or territory named on the OFAC List, or that party’s name appears on the OFAC List, personnel of the fund manager should report the information to the AML Compliance Officer to make a determination whether the transactions must be rejected or blocked and whether it must be reported to OFAC.
Hedge fund managers should note one important distinction between AML rules and OFAC regulation regarding investor diligence. OFAC guidance states its requirements regarding diligence on investors extend to the beneficial owners of omnibus accounts established by an intermediary. OFAC regulations do not provide a safe harbor from liability if a fund manager delegates responsibilities to another entity.
PERFORMANCE OF ANTI-MONEY LAUNDERING PROCEDURES BY THIRD PARTIES:
A fund manager may decide to delegate the implementation and operation of certain aspects of their AML program to other entities, for example fund administrators, broker-dealers or futures commission merchants. However, the fund manager continues to remain fully responsible for the effectiveness of the AML program. In the event that the hedge fund manager has relied on a third party introduction to an investor, the fund manager may directly or indirectly rely upon the investor identification procedures performed by such third parties.
The AML Compliance Officer should be involved in the decision to, and the selection of, a third party delegated for the performance of AML procedures. The Compliance Officer may also determine that it be appropriate to rely on identification procedures performed by other categories of third parties that have introduced the investor to the hedge fund. These parties may include placement agents, asset aggregators or other financial institutions such as:
- A U.S. regulated financial institution where the investor is a customer and the investor’s funds are wired from its account at the U.S. regulated financial institution
- A regulated foreign financial institution organized in a FATF jurisdiction where the investor is a customer and the investor’s funds are wired from its account at the foreign financial institution
- An investor intermediary, nominee, fund of funds, or asset aggregator that is itself a U.S. Regulated financial institution or organized in a FATF jurisdiction
If the procedures performed by a placement agent or regulated foreign financial institution do not include procedures that are included in the fund manager’s AML policies and procedures, the fund manager should request and confirm that the third party performs the additional procedures or provide for the performance of such procedures prior to accepting the investor. The fund manager should conduct due diligence with respect to the AML policies of the third party to become familiar with its procedures and to determine whether the policies and procedures meet the standards of the manager. Agreements with third parties should allow for a periodic audit of the third party’s compliance with a fund manager’s AML policies, procedures and controls.
The agreement between a hedge fund and its fund administrator should specifically allocate their respective obligations for compliance under the AML/KYC regulations. In determining whether a fund manager should rely on a third party in performing AML functions, the fund manager should consider the following:
- The jurisdiction of the third party and the existence of applicable AML laws and regulations
- Regulatory status of third party affiliates
- Reputation and history of third party in the investment industry
- The AML and investor due diligence policies, procedures and controls implemented by the third party
Should the hedge fund manager determine that further assurances are warranted, the fund manager may want to consider some of the following:
- Requiring the third party to provide the manager with a copy of its AML and investor due diligence policies, procedures and controls and to notify the fund manager of any amendments to policies or procedures
- Requiring the third party to certify that it complies and will continue to comply with its AML policies and procedures
- Requiring written representations and covenants as to investors verified by the third party
- Requiring the third party to provide access to copies of documents reviewed by the third party in performing investor due diligence
- Requiring the third party to submit to a review or audit of its AML policies & procedures
EMPLOYEE TRAINING PROGRAM:
Employees of the hedge fund manager should be informed of the AML policies and procedures adopted by the manager, should be familiar with the substance and intent of the manager’s AML policies and procedures and should be given appropriate training on how to implement their responsibilities under the manager’s AML program. The employee training program should:
- Review applicable AML laws and regulations and recent trends regarding money laundering
- Address elements of the hedge fund manager’s own AML program, particularly its investor identification procedures and policies regarding detection of suspicious activity
A fund manager’s AML program should include an independent audit to assess compliance with and the effectiveness of its AML program. The independent audit function should include:
- Evaluation by the fund manager’s legal and compliance director or officer, external auditors, or legal counsel, of the manager’s compliance with applicable AML laws and regulations and the manager’s own AML program
- Reporting the results of the evaluation to the audit committee of the board of directors or similar oversight body of the hedge fund or hedge fund manager
The hedge fund manager’s AML program should also provide for appropriate follow-up to ensure that any deficiencies detected in the course of the audit of its AML program are addressed and rectified, as well as provide for a periodic review and update of investor due diligence procedures.
Hedge fund managers should establish procedures designed to ensure that all relevant documentation with respect to the AML program is retained for a period of at least five years or such longer period as may be required by applicable law or regulation.
A non-exclusive list of records the fund manager should retain includes:
- Copies of documents reviewed as part of the performance of its investor identification procedures
- Investor identification checklists or similar due diligence documentation
- The fund manager should maintain copies of all documentation, records and communications relating to a reported transaction on behalf of each hedge fund, including all SAR’s and supporting documentation related to the SAR’s
- Records of all AML training session conducted, including dates and locations of the sessions and the names and departments of attendees