This post is part of our Emerging Manager's Guide to Fundraising. Download the full guide for more best practices to launch and scale your fund.
Financial security is an issue across the economy. Private capital markets are not immune—as you build and scale your firm, you need to commit to the highest standards of due diligence and transparency. Ensuring your fund’s KYC and AML compliance is essential to safeguard the integrity of your fund—and mitigate the risk of fraud, money laundering, and terrorist financing.
“It's a legal and regulatory requirement to ensure that [funds are] not facilitating money laundering or terrorist financing or other illicit activities. The main concern is protecting the integrity of the financial system,” says Ricardo Serrano, Passthrough’s Financial Crimes Analyst. “Also, it protects fund managers from reputational risks, legal risks, financial risks, and promotes confidence from investors in their operations. All those reasons make it really important to be KYC and AML compliant."
Money laundering is a significant but opaque problem.
The true scale of money laundering is difficult to assess due to its clandestine nature, but it’s significant. The United Nations Office on Drugs and Crime (UNODC) estimates that somewhere between 2% and 5% of global GDP is laundered each year; or $800-billion - $2-trillion in current US dollars.
In a leaked document, the FBI stated it believes firms in the nearly $10-trillion private investment funds industry are being used as vehicles for laundering money at scale and raised concerns that AML programs aren’t adequately designed to detect threat actors’ use of private capital markets to launder money.
While this is a broad generalization, fund managers must be acutely aware of the risk.
There are two components to meeting regulatory standards: compliance and diligence. “Compliance is making sure that the fund stays on top of every regulation, according to the jurisdiction that they are in,” explains Ricardo. “That could be financial regulations, regulations based on the bank or their source of funds or the way that they do business, or similar.”
“Diligence is the process to identify their risk assessment for each individual or entity, and then making sure that, based on the regulations, they're acting within that scope,” Ricardo continues. “So each investor can be assessed as either high risk or low risk, depending on their activities.”
Each fund decides how much risk they are willing to take on. Risk tolerance can vary depending on the fund, but there's still the reality of internal regulations in banks and other financial institutions a fund has relationships with. “Risk mitigation is an ongoing exercise,” says Ricardo. “Investors’ risk status can change over time as they engage in different business and political activities, so fund managers need to have review processes in place to give them up-to-date information about their risk exposure.”
For example, an investor who is on a town council at the time they invest may present a low risk, but if elected to state governor their risk status will become higher. This is because a politically exposed person (PEP) with a high position is often associated with a higher risk of being involved with corruption, money laundering, or financing criminal activity. However, if the PEP can provide documentation to prove the source of their funds and that they’re not currently involved in any high-risk political activity, a fund can still accept the risk and use that investor’s funds.
“It's subjective [depending] on the investor and the entity,” Ricardo says. “We also have, for example, entities that don't have any sanctions in the United States, but they or one of their sub-companies may have sanctions in other countries.” If an entity has faced a fine or other sanctions in another jurisdiction, it would be considered something for a compliance officer to investigate to determine the risk the entity poses in the fund’s jurisdiction.
What does staying compliant involve?
First, fund managers must understand what red flags to look out for and their own tolerance for risk. Because investors’ situations can change due to many reasons—such as becoming politically exposed, going into a type of business considered high risk for money laundering, gambling for example, or changing the jurisdiction their money is kept in—it’s rarely a set-and-forget situation.
And with recent sanctions imposed by the USA, United Kingdom, Europe, Cayman Islands and other countries, compliance has become increasingly complex.
The sanctions imposed against a nation or regime are often broad and all-inclusive, with the prohibition of trade with the targeted country, the ban of financial services to the targeted nation, and a prohibition against new investments in the area. Trade and the ability to do business may be severely restricted, if not outright banned.
In some cases, prohibited transactions don’t apply to the country or nation as a whole, but rather to specified individuals, organizations, or entities involved in activities that are considered to put the peace and stability of the US at risk.
Such is the case with the OFAC Ukraine-Related Sanctions program, which doesn’t prohibit all transactions with Ukraine but rather with certain entities involved in the Ukraine crisis.
KYC/AML is not set-and-forget
“Diligence is not only something that you do once,” says Ricardo. “It's something that you have to do continually in order to ensure the investor's situation doesn't change to make them a higher risk investor.”
Fund managers also need to realize that a robust KYC/AML program is a complex, multi-step process. “They have a lot of parts and the workflow is really complicated, but there's a couple of things that are really important to consider.” Ricardo says.
“They must verify the investor's identity and the identity of the beneficial owners of any entity,” he says. “That's first and foremost because you need to understand who the ultimate beneficial owners are, who are the natural persons that actually receive the benefit from any investment.”
While definitions vary by jurisdiction, under US financial regulations a beneficial owner is considered anyone with a stake of 25% or more in a legal entity or corporation. Beneficial owners can also be considered anyone with a significant role in the management or direction of those entities, or any trusts that own 25% or more of an entity.
“Fund managers need to know where that money's coming from and what the investor or the entity did in order to get that money,” says Ricardo.
“After that, we get into AML, and that's where risk profiles start coming in. Fund managers need to create an investor's risk profile, which includes geographical location, industry, and any activities that basically create potential exposure to high-risk activities,” he says. “And conducting ongoing reviews is important because an investor's risk profile might change at any moment.”
“The last component is creating a robust compliance program,” Ricardo continues. “That’s critical for both emerging and established fund managers. They need to create the structure in order to have appropriate procedures and risk management to stay compliant with regulations.”
Aside from the obvious benefit of avoiding sanctions and fines, Ricardo says there are huge reputational benefits to maintaining KYC and AML compliance.
“Once you can show your fund is compliant with regulations, you earn the trust of your banks and financial institutions,” Ricardo says. “You can avoid legal penalties, sanctions and fines, and you ensure smooth operations and make it easier for the fund to actually reach its goal.”
In an industry that relies on trust, having a robust compliance program is crucial. Establishing and maintaining the confidence of a community of investors to increase your access to capital means the difference between building a fund and building a firm.
Talk to us about how our fully managed KYC/AML can help you get and stay compliant.