The new rules issued by the SEC and FinCEN require exempt reporting advisors (ERAs) and registered investment advisors (RIAs) to scale their anti money laundering (AML) and combatting the financing of terrorism (CFT) programs by 2026.
In this webinar, Mark Mangion, Head of Financial Crime at Passthrough, delves into the recently finalized AML rules, their implications for ERAs and RIAs, and highlights the steps required to comply with these regulations by the January 1, 2026 deadline– everything from the foundations of money laundering and its risks in the private market to the regulatory and geopolitical drivers behind these changes. With practical advice on implementation and managing compliance risks, this session is a must-watch for fund managers navigating this pivotal regulatory shift.
Watch the full video below and read on for a summary recap.
Mark Mangione:
Great. Okay. We are going to be today talking through the new rules that were finalized by the Securities and Exchange Commission (SEC) and the Financial Crimes Enforcement Network (FinCEN) back in August of this year. I'm going to walk through what this means for exempt reporting advisors (ERAs) and registered investment advisors (RIAs).
It's going to be mainly a lot of me talking but in the chat box, feel free to throw in any questions that you have. If it's something real time while we're going through this, I can answer it, or if not, Once we get through the all the slides, I'm going to save some time at the end to answer questions.
So along the way if you have questions, definitely ask them and we'll make sure I can get through as many, if not all of them. And then also just let everyone know we have a presentation here that we're going to walk through. We'll send this presentation around after. So feel free to take notes, but you'll also be receiving the presentation that I'm going to be covering here today So with that just a little bit about myself.
I'm Mark Mangion. I'm the Head of Financial Crime for Passthrough i've been here for a little over seven months and my background has been primarily in anti money laundering and counter terrorist financing, mainly working with financial institutions that had cease and desist or consent orders and working with them to work through those that came either from the SEC or other U. S. based regulators. Then also upstanding AML and compliance programs for private equity firms. And then I also was working for one of the government sponsored enterprises leading their multifamily anti financial crime group and customer compliance management. And then now I'm at Passthrough and as many of you may know, Passthrough is a financial technology firm that specializes in both subscription documents and anti money laundering.
We've been handling know your customer (KYC) and anti money laundering (AML) for about a year and a half now. And we'll be continuing to update our services with these new rules and requirements. So with that, I'm going to jump into it and start walking through what this means, what we're going to cover today is what the new requirements are, why they're coming out now.
Just a high level of what money laundering is at different phases of money laundering and what would be relevant to the private market and fund managers from our understanding what RIAs and ERAs are currently doing And from that slide on what the firms are currently doing I need gaps from the current requirements to new requirements Then some risks of non compliance, just when you're dealing with U.S. regulators, if you're not complying with the rules. I have to be mindful of what any kind of fallout or reputational risk might come from that. Then we'll talk through some penalties of non compliance, mainly at the banking level. Over the last five years or so, they're pretty sizable. This whole AML process, you are able to outsource to a third party.
So we'll walk through what that means and how you can do that. And then also just a timeline for implementation. I know we're coming up here on the end of November of 2024 and everything needs to be in place by the end of December next year. So right around the 13 month time frame, and there are a lot of things that need to take place.
Without further ado, let's dive into it. So what these new rules mean, and what is actually happening here? So back in February of this year, the SEC and FinCEN jointly proposed new rules for fund managers. Mainly, this is affecting exempt reporting advisors that are registered with the SEC and report to the SEC as well as registered investment advisors with the SEC and with these new rules, the ERAs and RAs are going to be considered financial institutions and with that need to comply with the Bank Secrecy Act.
And they need to implement an AML and CFT program by January 1st of 2026. We'll talk through the bank secrecy act. There is essentially five pillars of an AML program that banks and broker dealers have been working through in the U.S. for pretty much23 years. And then now this is spreading into the private market space.
What everything means, the way that Passthrough is looking at this is there's overall seven requirements. Which are the five pillars in addition to suspicious activity reporting and confirming the source of funds and source of wealth on transactions over three thousand dollars. So that's just some high level, the only other thing to add here a lot of from our interactions at Passthrough and what i've seen previously a lot of ERAs and RIAs do have a high level of AML in place at their firms and it's really coming from their financial custodians. So in order to open up a bank account with whoever your financial custodian is, you need to verify that you have an AML program or some aspects of it.
This is going to change that whole dynamic with the custodians. And if you have any counterparties like broker dealers or insurance companies that you're working with. So we'll get into that throughout this presentation. Many people might be thinking, why now are the regulators focusing on this?
As of August this year. Did this rule get finalized and what this means. So in August this year the SEC and FinCEN and mainly the Department of Treasury came out with a risk assessment on the private market space and pretty much did that to identify where the private market space was susceptible to money laundering and other kind of financial crime and this is because in 2019, the FBI had a report that was leaked and said that they were already looking into this and noticed that there was money laundering and other kind of financial crime. Flowing through private funds, and this is because in the government's eyes, my understanding is that anyone who might be trying to commit any kind of illicit activity would use the private market space because they know it's not as heavily regulated or regulated at all compared to going through a financial institution.
So it's a way that has not many requirements in place to prevent or detect money laundering. So it's a way that you can try to sneak elicit funds into the financial system. A lot of this too. So there are definitely geopolitical issues that are leading to why the regulators focus on this now.
Obviously, with Ukraine and Russia, getting back to February 2022, there's more sanctions that come out pretty frequently. Actually, today, the Department of Treasury came out with another 100 or so names that they added to the OFAC specially designated nationals list. And then there's also some sanction related geopolitical issues in the Middle East.
So with that, just pointing out, that's mainly why regulators are focusing on this now. And also, the U. S. is somewhat not up to date with what the standard is from anti money laundering. So the European countries like Luxembourg, the United Kingdom, Jersey, Guernsey, they've had pretty stringent requirements when it comes to anti money laundering and even Cayman Islands, which some people might think are a way that people would be coming through and using lists of funds that come through the Caymans.
The Caymans are actually one of the most heavily scrutinized jurisdictions when it comes to anti money laundering so the U.S. is finally catching up with these rules and requirements, which for many fund managers it's going to be a tedious process, but I think overall it'll be good. Once everyone has implemented the steps within here as we talk through.
So when we say money laundering, I just want to talk through here. What that actually means. And what the different phases of money laundering and the challenges of money laundering so money laundering as it's defined as the conversion of monetary proceeds from illegal activity into funds that appear to be from legitimate sources.
That pretty much says you're taking money that you have gained from, say, narcotics trafficking, human trafficking, something along those lines that is illegal activity, and you're commingling it with funds that are legitimate. And using that to launder or clean the money that was legal and using that money for any kind of day to day financing.
And we'll talk through how that kind of all takes place and how money laundering occurs. Money laundering is very difficult to detect. And if you don't have controls in place, it's pretty much undetectable, but the the criminals that are going through and committing money laundering are very sophisticated.
They're very creative. And they use different networks and ways to get illegal funds into the financial system. And the main thing around this, and we'll talk through this in further detail is the source of funds and source of wealth. When it comes to the private market space is crucial here and for my interactions with certain fund managers, it seems like this process may be in place for some of them, not all of them.
So, when it comes to preventing money laundering confirming that source of funds and source of wealth is very important. And that's actually part of the new requirements that the SEC and FinCEN rolled out. And then there's 3 phases of money laundering: placement, layering, and integration. And in this next slide, I'm going to talk through the one phase that our private market space should be aware of.
So placement is when the money is being implemented into the financial system. This is primarily happening at financial institutions. There is a currency transaction reporting requirement of $10,000. And there's a common term for trying to evade the currency transaction reporting, which is called structuring.
And this is when individuals try to come in under that $10,000 requirement. To avoid detection and having their bank identify that they are over that $10,000 limit. So the fact that I'm talking about it here, and this is well known knowledge criminals are aware of this as well. And they're trying to find other ways to place or get the money into the financial system.
Next, once it's actually in their bank, there is the second phase, which is called layering. And then this is when There may be a complex set of transactions to disguise where the funds were originated and this could be taking money, maybe you're taking this into a U. S. bank account, but then you're sending it to a bank and a bank account in a jurisdiction that has very minimal AML requirements.
And from there, the audit trail pretty much becomes not existent and you can take the money from that bank account in this jurisdiction and then send it back to the U.S. bank account, or even a foreign correspondent bank. And from there, the money has multiple different venues, and it's gone through and it's becoming cleaned and has gone through different channels along the way.
And lastly, once the money is in the last spot, when it's reunited with the criminal, this is called integration. And this is where I want to just spend a little time here. Integration is where the individual that has committed the money laundering is going to use the money that they've cleaned.
Throughout the money laundering cycle, and they're going to use that to purchase luxury assets. They're going to buy cars. They're going to go through by airplanes, any kind of financial investments. They're going to invest in the private market space, potentially to try to get their money into something that's substantial and has good growth over a 5 to 7 year time period.
And they're also going to invest in real estate. So the integration piece is very important for fund managers. very much. To be aware of how to prevent and detect money laundering. And then this is pretty much where the regulators are focusing on the fund manager space to prevent and be aware of money laundering activity.
So, next year, how do we prevent money laundering from happening? And then what are the requirements for compliance? And what do this is what Passthrough is viewing as the 7 requirements that fund managers need to comply with. To be in line with the AML and CFT program and be compliant with the new rules by the end of next year.
So the 1st step here, and this is the 1-5 here of the 5 pillars of an AML program and then six and seven are additional components that the SEC and FinCEN have included So the first piece here the designation of an AML compliance officer. This is someone who's going to be responsible for going through putting all the program requirements in place being the main point of contact for the regulators and then also internally at your firm and they're going to be overseeing everything from your AML perspective and have all AML oversight.
And Kevin, seeing your question live. Yep. ERAs are going to need an AML Compliance Officer. ERAs that are registered with the SEC. We'll need a Compliance Officer as part of the new requirements and rules that compliance officer is going to be responsible for developing and implementing a system of internal controls.
That means they need to have policies and procedures outside of your standard compliance manual and these overarching policies and procedures are going to go through in detail how the firm is preventing detecting and reporting any kind of unusual and suspicious activity. And with that, it is going to be a procedure or multiple procedures on how this is actually executed to prevent and detect.
Money laundering and other kind of financial crime activity. I'm seeing another question come through here. Deborah. It does not need to be a 2nd compliance person. If you already have a Chief Compliance Officer, they can also be designated as the, but we'll talk through here throughout the presentation on any kind of challenges that may present if it's one person that's overseeing all of it.
And also that there is a way that ERAs and RIAs can outsource all of these requirements to a third party to handle for you. So I'll talk through that here in a few minutes. The 3rd pillar and the 3rd requirement here is annual anti financial crime training. So any employee at the firm that's considered an access person or covered employee and has to comply with the compliance manual and the code of ethics needs to go through annual training.
And this training needs to identify how to prevent, detect and report suspicious activity, and it also needs to identify red flags on what suspicious activity would include and dependent on what the firm is and what your business is. It should be tailored. It shouldn't just be one training. That would be more applicable to a bank.
It should be really targeted training for your firm. And everyone needs to attend this. It's not just IR and. And anyone on the accounting team or operations and compliance. It's everyone at the firm. The 5th pillar here is customer due diligence. Anyone who's currently using pass through for your managed service.
KYC (know your customer) and CDD (customer due diligence). This is what we're already doing for you. The customer due diligence pieces is pretty interesting here on. How this is going to be applied by the ERAs and RIAs. And I'm going to talk through this a little bit further later in the presentation, but a few things to point out here to customer due diligence.
There needs to be a risk based approach for onboarding all of your investors and beneficial owners. You need to identify who the beneficial owners are behind of an investing entity that have 25% or more interest in the transaction and if anyone has a controlling interest in the transaction as well, and you need to take a risk based approach to apply your risk rating methodology against those investors.
And this is a retroactive component. So if you have say four funds that are tied to your registration and they're still currently active, the investors in those four funds need to be risk rated and then onboarded and have a risk rating assigned and associated with them, as well as there's a periodic review and refresh. Piece here that based on the risk rating, you need to go through, And make sure that all the information that you've received for that investor is up to date. So it's pretty much going through and onboarding the investor again, based on the risk rating. How Passthrough is looking at this is if you have a low rate of low risk rated investor, you'll re review that information every 3 years, moderate risk every 2.
High risk every year and then critical risk every 6 months. So just something to be mindful of with the customer due diligence piece. Next is the suspicious activity reporting. This is a completely new frontier, I think, for fund managers from the conversations I've had. Not many people have filed suspicious activity reports before.
And what this means is you're going to have, whether it's, your AML Compliance Officer, or you have a compliance function completely at your firm that whoever you designate, that's going to be handling this or your outsource function, they are going to be investigating any unusual or suspicious activity.
And it doesn't need to be confirmed. It's if you have a suspicion, it's supposed to be escalated to your AML Compliance Officer. And from there, the AML compliance officer will have 30 days to determine if you're going to file a suspicious activity report. With the Financial Crime Enforcement Network. So you investigate, do a write up on what you came across.
And if you do think it's suspicious or unusual, go through and file a SAR with FinCEN. There's 2 other things here. 1st is since ERAs and RAs are going to be considered financial institutions, going forward, there's an information sharing component. That's called information sharing and if other institutions reach out and say, "Hey, we're seeing if you have this individual associated with your firm. Can you provide the information and detail on them because we follow the SAR on them?" You have to coordinate With that firm and provide information to them. So just be mindful of that also SARs when they go to the Financial Crime Enforcement Network law enforcement can pick them up if they have an active investigation going on. So you will have to field questions from law enforcement if the subject in your SAR is actually tied to an investigation, so whoever's in that AML Compliance Officer role, Kevin back to your question.
Whoever's in that role and the is going to be fielding all those questions and then filing all the stars and any kind of continuing activity reports as well. And last piece here, the 7th requirement, the source of wealth and the source of funds. What we're doing and what we are coming through for these requirements, what this means is getting the source of funds and source of wealth as part of the onboarding process.
This needs to be in place January 1st, 2026 going forward. But what we're doing from our advice with clients is if you have a fundraise that's taking place next year, it makes sense to get your investors familiar with this process because it needs to be taking place January 1st and going forward, confirming the source of funds and source of wealth means going through your subscription documents and getting those banking details that the investor is going to use for capital contributions and distributions and getting that information as part of the onboarding process, then also having the investor a test of what their source of wealth is.
So, this is going to be providing information by the investor that they derive their wealth from their salary revenue or business profits. Inheritance, whatever it may be. And once the confirmation piece comes in here, when there's actual capital contributions. And distributions and from this, you will have a process or you should have a process that any transaction over 3, 000 is confirmed that it's not going to or being received by sanctioned country or sanctioned individual.
And with this as well, that the banking details provided by the investor, are actually used for this capital contribution, for example. So what we're seeing some firms already have this process in place. Every time they do a capital contribution, they're doing a reconciliation to make sure that the information provided as part of onboarding the investor.
Is consistent with what the investor actually used to fund the investment. So just be mindful that as going through, that's going to be probably 1 of the most time consuming components to get implemented with this program next for what RIAs and ERAs currently doing. So this is based on my experience from working with firms.
And from there, what we've seen just from having conversations with current Passthrough clients, and then also non Passthrough clients. So RIAs and ERAs, a lot of those, especially if you're using Passthrough, you're screening investors and beneficial owners against sanctions, fitness improperty, and regulatory enforcement.
And identifying any kind of risk profile associated with those investors and beneficial owners. If you're using Passthrough as well, there's nightly screening that's taking place. So when you use Passthrough any of the names that are added to the tool are screened nightly just to see if maybe they weren't on that sanctions list or that fitness improbity list when you first onboarded them.
But if they get added, Say six months from now you will be getting that notification or we will be getting that notification from the managed server side and we'll do our review of the tournament, if it's actually associated. With the individual or entity that's in question. And some firms have AML tied to the compliance manual and no standalone policies and procedures.
I know we've provided in the past, certain at the stations around what our managed service process includes for banks based on our relationship with current clients, but this is something just on a go forward basis. When it comes to having an overarching and complete AML program that's where a main gap is going to come into play, that you need to really have these standalone policies and procedures around how you're handling.
And that takes us to the next piece here, just on the current gaps from current to new requirements. So, what I just walked through in that last slide, that is customer due diligence and that's the 5th pillar while there may be some additional components to consider. That's really what we're seeing a lot of fund managers currently have in place where they're screening.
Individuals and entities, they're identifying the beneficial owners, maybe for 1 of their funds or multiple funds. Not all the time. Is it for every fund that's tied to the registration? But main thing to point out here. And I said this earlier as well. This customer due diligence component is going to be retroactively or should be retroactively apply to all your investors tied to your registration.
And you need to have a periodic review and refresh process in place for customer due diligence based on the risk rating that is applied. The looking at the questions right here. Kevin yes, we'll have a recording. We are. This is for all exempt reporting advisors, regardless of the threshold. If you're filing and reporting to the SEC, then you are falling under.
This requirement Scott, the, attestation is not going to be sufficient for the source of funds and source of wealth. I think that's what you're referring to there. And Sean, same thing with the best practices here and what the regulators are expecting is if the investor is providing their banking details, then they're giving a bank statement.
For the source of funds and source of wealth. So just be mindful of that, that it may seem invasive, but I think education to your investor base around this is going to be very crucial. And then Jenny seeing your question here saying it was tied to all investors. So this is going to be tied to all of your unique investor names.
That are coming through as well as 25 percent or greater beneficial owners behind the beneficial owners. So that means if you will an example here, if you have a limited liability company. That is the investing level entity, and then you have 1 managing member who's the controlling party and then 1 beneficial owner that has 25% or more in interest in the LLC.
You need to do due diligence on the LLC, the managing member and the beneficial owner with 25% or more in that investing entity. And you need to do that for all of your investors that are entities, trusts, private corporations, what it may be, whatever it may be. If your investor is just an individual.
Then you're just running the due diligence on the individual. And then last question here, before we go through the slide a little bit further, does the source of funds and source of wealth need to be collected for beneficial owners? No. So the source of funds and source of wealth is mainly collected.
At the investor level the only time you would need to collect source of funds or source wealth At the beneficial owner level is if a beneficial owner is a political or a politically exposed person, you want to confirm that the funds that they're providing are from their own personal gain and not from any kind of fundraising or political contributions that they might have received from fundraising.
So a lot of good questions around the customer due diligence piece. I think this is what everyone seems to be the most familiar with. These other requirements, this is going to, and the customer due diligence, the time consuming aspect of this is going to be getting everyone risk rated from your investor base.
And going through getting them onboarded into some sort of solution and what you can use to identify any kind of new risks that might arise after they've been onboarded and then setting up that periodic refresh process. But otherwise not everyone has an email compliance officer. Or someone that's fully dedicated to anti money laundering.
There's not many policies and procedures in place around this outside of a compliance manual. So wanted to call that out training. I know certain firms take different training approaches where there might be training only. Associated with the firm or with the individuals at the firm that are actually.
Doing the day to day so if you're doing accounting training, it's only impacting your accounting and maybe your finance team. Just to reiterate, this training here is going to have to be for everyone at the firm. The independent assessment, this is something that I think we know for sure. No one currently is having an audit.
Of their AML and CFT program, because it wasn't a requirement before this is going to be something that not from what I understand if you're getting an audit of your fund, or you're having a tax audit, this is a different kind of audit here. So this is going to be only focusing on your anti money laundering and counter terrorist financing program.
And this is going to be going through in reviewing the design of the program. So the program was built out in line with what the requirements are as well as operating effectiveness of this program, meaning that will, or you're going to be doing sample testing of these different components here to confirm that everything that's in place is actually executing appropriately.
So wanted to call that out from the audit component. The suspicious activity reporting. I think I said this before. Not everyone seems to be aware of this requirement. And from what I've heard, not many people have filed SARS before. So that is a completely new requirement. And then the source of wealth and source of funds.
Some fund administrators, I think, have been doing this. Not all and there might be a portion of it. I think this is something that it's important to focus on any kind of gaps from your current source of fund and source of wealth process and process compared to where you need to be come January 1st of 2026.
Now the risk of non compliance here this is not a slide meant to really scare people just more for awareness. On what this can mean if. You don't take the appropriate time to get all these program requirements in place. Just walk through here how the SEC typically handles their enforcement and examinations.
From what we are gathering, the SEC is planning on doing examination sweeps between Q1 and Q3 of 2026. And it's going to be randomly selecting ERAs and RIAs and seeing how they've implemented this AML and CFT program. And just making sure that everything that's in place is consistent with what they are actually needing to do based on these rules and requirements.
If there is anything that's identified throughout the sweep of exams, that is not consistent with what the program needs to be in place. These are what the repercussions of what could potentially happen. So cease and desist order. This is the most intense this one is saying that the SEC could potentially say you're not compliant.
You may have some high risk or critical risk items that came through the firm that were not reported appropriately, or even not detected with that. We're going to have you cease your operations. Until you go through and implement the program and while we're doing that, we're going to sit with you.
And make sure over the next couple of months, whatever you determine, the timing will be to get this program in place. That you're doing the necessary steps. That's the most extreme. Then the second most extreme is consent orders. So you may have to consent to the sec that if you're missing certain aspects of those seven requirements that you have obligations to remediate them timely.
You may have to also report that to your investors that you have a consent order. So just be mindful of that. Fines and penalties. So you could potentially get fines and penalties based on having findings from your examination and obviously no one wants a penalty that you have to pay or fine because you didn't have a program in place.
And then reputational risk and damage. I think what I want to say here is from the due diligence questionnaires. That the institutional investors are providing for the onboarding process before they come into your fund. There's going to be a lot around this where have you ever had a cease and desist order, a consent order, fines and penalties around AML?
Do you have a full AML program in place? Do you have an AML compliance officer? Are you complying with these rules and requirements? And if you don't, I feel like there's going to be much more. Scrutiny from those institutional investors, and depending on your responses there, they might not even want to invest in the fund.
If you're not compliant with those requirements, because then that could lead to reputational risk for you in them. If they still move forward with the investment other thing, a reputational risk. Is if you do get a cease and desist a consent order fines and penalties the sec Does do some around this where they do issue Enforcement letters and put it publicly on their website.
So if you are Named in something not only you have to worry about being on the front page of say the New York Times or Washington Post there could potentially be something on the regulator site. So just be mindful of that and the reason i'm saying that is i'm not sure if everyone is aware Of these money laundering penalties that have come through In the last 6 years or so, but these are really sizable, not saying that this is going to be the type of penalty or finals or settlement that fund managers will have to deal with.
But the size of these fines and settlements are based on the size of the fund or the back. Two things to point out here that I think are important and why I put the slide in here. Is first, banks have, and Binance is a cryptocurrency firm, banks have had to comply with these anti money laundering programs requirements since October of 2001, when the Patriot Act was enacted.
So it's been 23 years and these banks are still getting these huge fines and settlements. So the reason for saying that is it's very important to take The necessary time to get the program implemented and use the resources that you have internally or outsource resources To make sure that you are taking this seriously because you don't want to end up with a fine or a settlement secondly these banks have I'd say every single bank and then even Binance have hundreds of people that are dedicated to AML compliance Whether it's in the U.S. or even offshore and they're still dealing with settlements and issues from regulators. So the reason behind that is. If you take a approach where it's just going to be one person at your shop that's handling this not saying that's the wrong approach. I just think you need to be mindful around this that you don't want to put everything on that one person that has to oversee everything you want to have a team dedicated to this, if you can, or outsource this to subject matter experts that will be able to handle this for you.
So just be mindful of that and these fines, and this is TD Bank just came out, I think about a month or so ago. I wouldn't be surprised if we see another one here the end of the year or early next year now, I I get that Certain firms and fund managers may be looking to outsource this to a third party, that might be the easiest solution.
So i'm going to focus on that and before we do that I'm going to take a look at the questions here because I think the real time is working well. So Kylie does Passthrough have plans to implement a section and due diligence that will allow. Yep. So we are going to be updating our tool to allow the investors to confirm the source of wealth and source of funds in the due diligence questionnaire. So if you plan on using Passthrough we'll be able to cover that for you for the, with the fund admin, like Carta be helping to handle.
I think it really, it depends on the fund administrator on what they are planning on doing from handling these requirements from what we know to date. And just to let you all know Passthrough is planning on handling this and I'll talk to that a little bit more before the webinar ends. So we are planning on being a one stop outsource function.
Arianna to your question I'm, not 100% on the fund administrator. I think it's a great question to ask them and see what their plan is. They might want to handle a certain aspect of it or maybe multiple aspects not everything. So I think that's important when you're evaluating If you're going to use or rely on your fund administrator Internal or just outsource everything to a third party.
Cause the easier, easiest aspect with this is having one party or third party, that's going to be handling all this for you. And Scott, to your question, if you outsource the AMLCO function, it would be a joint finding where the fine will primarily be levied at the fund manager, but the AMLCO or the outsourced third party will have some piece of it.
As well, depending on what happened. So with the outsource function, what I would think makes sense. If, for example, if you're outsourced, says, we don't want you to move forward with this investor because they're either on a sanctions list, or they have regulatory enforcement. That's financial crime related.
And then you decided to still move forward on that. I imagine the AMLCO would say, we're going to say that you're accepting the risk on this. The AMLCO is against it, and then with that, the responsibility, if that's what actually comes back as the issue, would shift to the fund manager if you're not necessarily relying on the 3rd party.
So I hope that answers the question. But if it's something that the overall program wasn't designed appropriately by the 3rd party. And you put everything with them to do that, then I can see that being a joint finding potentially so for this piece here on the outsourcing to a third party, the way we thought about this is there is this 5 key steps to do that and you don't have too much time just because it's 13 months away and getting all of these things in place.
Going back to Ariane's question, evaluate firms like Carta or Passthrough that are offering AML compliance office package. I don't know if Carta is doing that, but I know Passthrough is. So just to let everyone know, we are rolling out a overall AML Compliance Officer package to help our fund manager clients, whether you're an existing or you want to become a new client.
We are planning on helping clients comply with these new SEC and FinCEN requirements. So the first thing is, if you're going to outsource it, find a vendor like Passthrough that is going to be offering this. Second, onboard the vendor. Without time consuming, everything is going to be. From getting these requirements implemented, getting a tone at the top situated at your firm and coordinating with the managing partner.
If you have a Chief Compliance Officer, anyone else at the firm on everything that needs to be done around these requirements, you want to onboard this vendor, this 3rd party as soon as possible. That way you have ample time to make sure you have all these requirements. In place by the end of next year.
Next after you on board the vendor, the 1st step that should take place is to begin the email program implementation. So this is when if you're relying on a 3rd party to be your email compliance officer, they start putting all the policies and procedures in place for you. They start designing all the controls.
They start training employees. They register with you with FinCEN. So if any SARs come up after they've been onboarded, they can file those for you. And then they start developing processes. So you can make sure that you are compliant with these rules and requirements. This fourth step here, the collect documents, screen and risk rate, all investors.
This goes back to the customer due diligence piece. This is going to be extremely time consuming. If you haven't relied on a solution that has all your documentation saves all your documentation for you and screen and risk rated all your investors. Regardless, if you have more than 100 investors here even slightly less, you want to make sure you have months upon months to put this in place mainly because if you haven't done KYC or CDD on your investors previously, and this is a new process, for them, you want to rely on them to provide that documentation and make sure that they are pretty swift in providing this back to you. Then you want to onboard them into a solution like pass through that. You can screen risk rate and then have the ongoing monitoring set up and then have the periodic refresh process.
Established going forward. And then lastly with any program that you're rolling out you want to make sure that you have I would say at least a few months if not a full quarter to review the program make sure the way it's been implemented is in line with the requirements And give the firm and the aml compliance officer and the third party That last month to go through and just clean up any requirements that have been implemented need to be finalized or tweaked and go through and make sure by the end of next year that the whole program is implemented and everything is in place.
Now, this is the timeline here. I just kind of walk through this. I won't spend too much time on this, but I know we're already past the middle point of Q4 for onboarding the vendor. So the reason I say this is with the holidays coming up a lot of people are taking time off and families and everything you want to really focus on onboarding in a vendor as soon as you can.
That way you can begin the implementation in Q1 of next year. And everyone knows there's quarter end reporting, annual reporting. You have to file your form ADV typically by March 31st of the year. So taking that onto account, make sure that you have the appropriate time to get this up and running.
My thought is if you wait until July or so of next year to do this you could have, or even earlier, I'd say maybe the end of Q2 middle of Q2 to go through this and you have hundreds of investors to onboard and get this whole program implemented. There may be some issues with going through and being compliant by the end of next year.
You also want to make sure that if you are outsourcing this to a 3rd party, that they have ample capacity to take you on and that they'll also be comfortable that. If you are being on boarded in June or say even May that they feel comfortable with getting you compliant. By those end of year requirement deadlines.
And that is it from our our slide here in our slide deck in our webinar presentation. The last thing here questions I've been answering questions along the way. I think I saw a few more come in. So if you have questions within here John, thanks. Thanks for listening in. If you have questions, definitely put them in.
I think there's one that I didn't answer in the questions piece. So I'm going to move over in there. If the fund is pre first close planning to close in 2025, important to prior choice that yeah, exactly. You are going to want to prioritize this as soon as possible.
If you're doing fundraising next year, I think it's a great time to start implementing this program. And we can talk through that further if it makes sense, if you want to, but then the main thing here is you want to prioritize it, get your investors familiar with it. If it's actually during a fundraising.
It's going to be easier for them to comply with this rather than retroactively going back and doing it. So I would say definitely prioritize this. So Kylie, is it likely banks custodians will require AML KYC reporting? Yeah, I can see that. I think. With they'll probably what I'm imagining is they will likely update their email questionnaire and have you give either quarterly reports, semiannual annual reports, whatever it may be, I think that the banks are still finalizing what they want to do around this, but have some kind of attestation from you or an AML letter.
Similar to what we might receive from an institution that is regulated by the or similar stating that you have this program in place that none of your investors are on a sanctions list that you're complying with the 7 requirements. I imagine that's what the banks will want to get verification from you on.
And then if there's any kind of questions around that, then it may lead to the further enhancement into looking. Into your process and seeing what's actually in place compared to what needs to be in place David your question pricing for this from Passthrough. Yeah, we have a full AML Compliance Officer package and pricing.
I am happy to walk through that with you further I'm gonna put my email address in the chat. So it's mark@passthrough.com. We also have a sales email address, which is sales@passthrough.com. If you're interested on reaching out to our sales team, we'd be happy to review how we're doing this, how we're outsourcing it.
And take it from there and also the final rule on the retroactive requirement. Yeah. So Jennifer, what I could do is if you shoot me an email to that email address that I put in the chat, I'll I'll take a screenshot of it within like the 200 plus page CFR. Report and I'll send that over to you so you can see where it's at.
I think there's one other question and then Jennifer, that was your question from earlier. Sorry, I didn't see that before. So definitely shoot me an email and then I can send that back to you. And thank you, Johnny. Anyone who's curious about the AMLCO definitely reach out to us. Let us know from that overall compliance package.
You'll be receiving the recording of this webinar as well as the presentation. After I imagine we'll get this to you probably tomorrow. So if there's any questions that arrive from receiving the recording. And the materials, please do reach out, let us know. We're happy to walk through with you further, really appreciate everyone joining the webinar today.
I'm glad everyone is interested in this topic. It's going to be here before we know it. And if you want to share the recording I have to check with. Our marketing team or Cassie is actually typing back on this for now. So Cassie, I'll defer to you on that one,
Peter. Great question. We're going to share it publicly. So anyone who registered for this, we'll get the recording in the deck and then we'll put it publicly. And Scott, your question as well. Can we share this? So I think that is. All the questions I see on my side, if there are any other questions, don't hesitate to reach out.
Thanks to everyone for joining. We'll send a transcript of this recording as well. And yeah, I hope every, if I don't talk to everyone, have a great holiday season and thank you for taking the time to talk to you all in the near future. Thank you.
Your Privacy Choices