SEC AND TREASURY ADOPT FINAL CUSTOMER IDENTIFICATION PROGRAM RULE FOR MUTUAL FUNDS

[15991] May 2, 2003 TO: MONEY LAUNDERING RULES WORKING GROUP No. 27-03 TRANSFER AGENT ADVISORY COMMITTEE No. 43-03 RE: SEC AND TREASURY ADOPT FINAL CUSTOMER IDENTIFICATION PROGRAM RULE FOR MUTUAL FUNDS Yesterday, Treasury and other federal regulators released final rules for customer identification programs (CIPs) under Section 326 of the USA PATRIOT Act.1 A copy of the final rule applicable to mutual funds is attached. We are pleased to report that the final rule reflects many of the Institute’s comments on the proposed CIP rule, including the adoption of a new provision allowing mutual funds to rely on intermediaries to perform CIP functions in certain circumstances. The major elements of the final rule and the key differences from the proposed CIP rule are summarized below. We will hold a conference call of the Working Group and the TAAC to discuss this rule on Thursday, May 8, 2003 at 2:00 p.m. Eastern time. Information on the call will be forthcoming in a separate memorandum. EFFECTIVE AND COMPLIANCE DATES The rule will be effective thirty days after publication in the Federal Register. However, the rule incorporates a transition period that gives mutual funds until October 1, 2003 to fully implement their CIPs. BASIC REQUIREMENTS OF THE RULE The rule will require all mutual funds to implement a written CIP, appropriate for its size and type of business, that sets forth risk-based procedures for verifying the identity of each new customer to the extent reasonable and practicable. The CIP must be part of the mutual 1 See Financial Crimes Enforcement Network, Treasury; Securities and Exchange Commission; “Customer Identification Programs for Mutual Funds” (the Release). The Release should be published in the Federal Register shortly. In the meantime, it is available on the SEC web site at http://www.sec.gov/rules/final/ic-26031.htm. . 2 fund’s anti-money laundering program, and must, at a minimum, contain the following types of procedures: 1. Procedures for opening an account that specify the identifying information that will be obtained with respect to each customer prior to opening an account; 2. Procedures for verifying the identity of the customer within a reasonable time after the account is opened; 3. Procedures for making and maintaining certain records relating to the identification and verification of customers; 4. Procedures for determining whether the customer appears on certain lists of known or suspected terrorists or terrorist organizations; and 5. Procedures for providing mutual fund customers with adequate notice that the mutual fund is requesting information to verify their identities. DEFINITIONS Account. The final rule defines “account” to include any contractual or other business relationship between a person and a mutual fund established to effect transactions in securities issued by the mutual fund. The Release states that the definition is limited to “securities issued by the mutual fund” to clarify that the purchase or sale of a mutual fund’s underlying portfolio securities does not establish an “account” for purposes of this rule. There are two notable exclusions from the definition of “account.” First, the definition excludes any account that a mutual fund acquires through an acquisition, merger, purchase of assets, or assumption of liabilities from any third party.2 Second, as recommended by the Institute, the definition excludes accounts opened for the purpose of participating in an employee benefit plan established pursuant to the Employee Retirement Income Security Act of 1974 (ERISA). Customer. The definition of “customer” was significantly modified in the final rule. The final rule defines “customer” to mean: (A) A person that opens a new account; and 2 However, the Release states in a footnote that: Nevertheless, there may be situations involving the transfer of accounts where it would be appropriate for a mutual fund to verify the identity of customers associated with the accounts that it acquires from another financial institution. We expect financial institutions to implement reasonable procedures to detect money laundering in any accounts, however acquired. A mutual fund may, as part of its AML compliance program, need to take additional steps to verify the identity of customers, based on its assessment of the relevant risks. Release at n.18. 3 (B) An individual who opens a new account for: (1) An individual who lacks legal capacity, such as a minor; or (2) An entity that is not a legal person, such as a civic club. The rule further states that “customer” does not include: (A) A financial institution regulated by a federal functional regulator or a bank regulated by a state bank regulator; (B) Certain readily identifiable entities, including: (1) financial institutions regulated by a federal functional regulator; (2) banks regulated by a state bank regulator; and (3) governmental agencies and instrumentalities and companies that are publicly traded;3 and (C) A person that has an existing account with the mutual fund, provided that the mutual fund has a reasonable belief that it knows the true identity of the person. This definition, along with the related discussion in the Release, clarifies several points raised by the proposal. First, the definition of customer as originally proposed would have included any person authorized to effect transactions in the shareholder of record’s account. The Institute, as well as a number of others, strongly urged Treasury and the SEC not to adopt this part of the definition. We are pleased to report that the final rule does not include this provision.4 Second, customer is defined (in part) as any person that opens an account, rather than shareholders of record as had been proposed. This change clarifies that, for example, the customer in the case of a trust account would be the trust. The Release notes, however, that a mutual fund is not required to look through a trust or similar account to verify the identities of beneficiaries, and instead is required to verify only the identity of the named accountholder. Similarly, with respect to an omnibus account established by an intermediary, a mutual fund generally is not required to look through the intermediary to the underlying beneficial owners. Instead, the Release clearly states that “the holder of the omnibus account (e.g., a broker-dealer) is considered to be the customer for purposes of this rule.”5 This change also clarifies that each person named on a joint account is a customer under the final rule unless otherwise provided. 3 This exception is limited to the domestic operations of these types of entities. Accordingly, the Release notes that a mutual fund’s CIP will apply to any foreign offices, affiliates, or subsidiaries of such entities that open new accounts. 4 The Release states, however, that: [A] mutual fund’s CIP must address situations in which the mutual fund will take additional steps to verify the identity of a customer that is not an individual (such as a corporation or partnership) by seeking information about individuals with authority or control over the account, including persons with authority to effect transactions in the account. Release at n.29 and accompanying text. This requirement is discussed more fully below in the section on verification. 5 Release at n.47 and accompanying text. 4 Third, the final rule specifically addresses the treatment of a minor child or an informal group with a common interest (e.g., a civic club), where there is no legal entity. Mutual fund. The final rule slightly modifies its definition of mutual fund by limiting it to entities that are registered or are required to register with the SEC under section 8 of the Investment Company Act of 1940. The Release notes that this change was intended to clarify that the rule does not apply to foreign mutual funds that meet the statutory definition but are not subject to the registration requirements of the 1940 Act. REQUIRED IDENTIFYING INFORMATION The final rule adopts the customer information provisions substantially as proposed, with changes to accommodate individuals who may not have physical addresses. Consistent with the proposed rule, the final rule requires every mutual fund to obtain, at a minimum, each customer’s name, date of birth (for an individual), address, and identification number prior to opening an account. However, with regard to the customer’s address, the final rule allows an Army Post Office or Fleet Post Office box number or the residential or business street address of next of kin or another contact individual to satisfy the address requirement for an individual who does not have a residential or business street address. The final rule retains the flexibility in the proposed rule with respect to the identification number requirement for non-U.S. persons. For a customer that is not a U.S. person, the identification number can be one or more of the following: a taxpayer identification number, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. However, the Release cautions funds that the identifying information the mutual fund accepts must permit the fund to establish a reasonable belief that it knows the identity of the customer.6 Exception. The final rule adopts an expanded version of the proposed exception that would have allowed a mutual fund to open an account for an entity that has applied for, but has not yet received, an employer identification number. As adopted, this exception includes both entities and natural persons who have applied for, but have not received, a taxpayer identification number. 6 In this regard, the Release states that: We emphasize that the rule neither endorses nor prohibits a mutual fund from accepting information from particular types of identification documents issued by foreign governments. The mutual fund must determine, based upon appropriate risk factors, including those discussed above, whether the information presented by a customer is reliable. We recognize that a foreign business or enterprise may not have a taxpayer identification number or any other number from a government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. Therefore the final rule notes that when opening an account for such a customer, the mutual fund must request alternative government-issued documentation certifying the existence of the business or enterprise. Release at n.55. 5 VERIFICATION The final rule adopts the provisions on identity verification procedures substantially as proposed. Under the final rule, a mutual fund’s CIP must include risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable. Those procedures must enable the mutual fund to form a reasonable belief that it knows the true identity of each customer, and must be based on the mutual fund’s assessment of the relevant risks, including those presented by the manner in which accounts are opened, fund shares are distributed, and purchases, sales and exchanges are effected, the various types of accounts maintained by the mutual fund, the various types of identifying information available, and the mutual fund’s customer base. Under the final rule, as under the proposed rule, verification must be performed within a reasonable time after the account is opened. The final rule requires that a mutual fund’s CIP include procedures that describe when the fund will use documents, non-documentary methods, or a combination of both to verify customer identities. Documentary verification. The final rule requires a mutual fund’s CIP to contain procedures that set forth the documents that the mutual fund will use for verification. The Release expresses the view that each mutual fund should conduct its own risk-based analysis of the types of documents that it believes will enable it to verify customer identities, given the risk factors that are relevant to the mutual fund. Non-documentary verification. Similarly, the final rule requires the CIP to contain procedures that describe the non-documentary methods the mutual fund will use. The final rule includes an illustrative list of methods, including: (1) contacting a customer; (2) independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; (3) checking references with other financial institutions; and (4) obtaining a financial statement. In addition, the Release recommends that mutual funds analyze whether there is logical consistency between the identifying information provided, such as the customer’s name, street address, ZIP code, telephone number (if provided), date of birth, and social security number. The final rule states that a mutual fund’s non-documentary procedures must address certain enumerated situations, including when the customer opens an account without appearing in person. Additional verification for certain customers. In lieu of requiring verification of any person authorized to effect transactions in a shareholder’s account, the final rule includes a new provision on verification procedures that requires that the CIP address circumstances in which, based on the mutual fund’s risk assessment of a new account opened by a customer that is not an individual, the mutual fund also will obtain information about individuals with authority or control over the account, including persons authorized to effect transactions in the shareholder’s account, in order to verify the customer’s identity. The Release notes that this additional verification method will apply only when the mutual fund cannot adequately verify the customer’s identity using its standard verification methods. The Release states that these additional measures should be used with certain types of accounts that carry a higher risk that 6 the mutual fund will not know the customer’s true identity, such as an account opened in the name of a corporation, partnership, or trust that is created or conducts substantial business in a jurisdiction that has been designated by the United States as a primary money laundering concern or has been designated as non-cooperative by an international body. Procedures upon a failure to verify. The proposed rule took a flexible approach to situations where a fund cannot form a reasonable belief that it knows the true identity of the customer, simply requiring procedures to address those circumstances. The final rule retains this flexibility, adopting the requirement substantially as proposed, but adds a description of recommended features of these procedures. The final rule states that the procedures should describe: (1) when the mutual fund should not open an account; (2) the terms under which a customer may use an account while the mutual fund attempts to verify the customer’s identity; (3) when the mutual fund should file a Suspicious Activity Report (SAR) in accordance with applicable law; and (4) when the mutual fund should close an account, after attempts to verify a customer’s identity have failed. RECORDKEEPING The recordkeeping requirements of the rule have been significantly modified in many of the ways suggested by the Institute. The final rule provides that a mutual fund’s CIP must include procedures for making and maintaining a record of all identifying information obtained under the CIP. However, the final rule is significantly more flexible than the proposed rule, in that it allows a mutual fund’s records to include a description, rather than a copy, of any document that the mutual fund relied on to verify the identity of the customer. This description must note the type of document, any identification number contained in the document, the place of issuance, and the issuance and expiration dates, if any, and must include a description of the methods and results of any measures undertaken to verify the identity of the customer, rather than any documents generated in connection with these measures. In addition, consistent with the Institute’s recommendation, the records need only describe the resolution of “substantive” discrepancies discovered when verifying the identifying information obtained, rather than every discrepancy as originally proposed. As suggested by the Institute, the final rule adopts a bifurcated record retention schedule that is consistent with a general five-year retention requirement. Under the final rule, the mutual fund must retain the identifying information for five years after the date the account is closed, but need only retain verification records for five years after the record is made. COMPARISONS WITH GOVERNMENT LISTS Consistent with the Institute’s recommendation, the final rule modified the requirement that a mutual fund’s CIP must include procedures for determining whether the name of the customer appears on any list of known or suspected terrorists or terrorist organizations. The final rule now states that in order for a list to be subject to this rule, the list must be designated as such by Treasury in consultation with the federal functional regulators. The Release indicates that mutual funds will receive notification by way of separate guidance regarding the lists that they must consult for purposes of this provision. 7 CUSTOMER NOTICE Like the proposed rule, the final rule requires CIPs to include procedures for providing mutual fund customers with adequate notice that the mutual fund is requesting information to verify their identities. The final rule provides additional guidance regarding what constitutes adequate notice and the timing of the notice requirement. The final rule states that notice is adequate if the mutual fund generally describes the identification requirements of the final rule and provides notice in a manner reasonably designed to ensure that a customer views the notice, or is otherwise given notice, before opening an account. The final rule states that a mutual fund may, depending on how an account is opened, post a notice on its website, include the notice on its account applications, or use any other form of oral or written notice.7 In addition, the final rule includes sample language that, if appropriate, will be deemed adequate notice to a mutual fund’s customers when provided in accordance with the requirements of the final rule. The rule states that, if appropriate, a mutual fund may use the following sample language to provide notice to its customers: IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents. RELIANCE ON OTHER FINANCIAL INSTITUTIONS Consistent with the Institute’s recommendations, the final rule provides that a mutual fund’s CIP may include procedures that specify when the fund will rely on the performance by another financial institution of any procedures of the fund’s CIP and thereby satisfy the mutual fund’s obligations under the rule. In order for a mutual fund to rely on the other financial institution, three requirements must be met: 1. Such reliance must be reasonable under the circumstances; 2. The other financial institution must be subject to a rule implementing the anti- money laundering compliance program requirements of section 5318(h) of the Bank Secrecy Act and be regulated by a federal functional regulator; and 3. The other financial institution must enter into a contract with the mutual fund requiring it to certify annually to the mutual fund that it has implemented an anti- 7 With respect to including the notice in a prospectus, however, the Release notes that the prospectus would need to be provided to the investor no later than the trade date in order to satisfy the requirement that the notice be provided in a manner reasonably designed to ensure that a customer receives it before the account is opened. 8 money laundering program and will perform (or its agent will perform) the specified requirements of the mutual fund’s CIP.8 If the mutual fund can establish that these elements have been satisfied, it will not be held responsible for the failure of the other financial institution to fulfill adequately the mutual fund’s CIP responsibilities. The Release also states that the reliance provision of the rule does not affect the ability of a mutual fund to contractually delegate the implementation and operation of its CIP to another service provider, but reiterates that in such cases the mutual fund remains responsible for assuring compliance with the rule and therefore must actively monitor the operation of its CIP and assess its effectiveness. BOARD APPROVAL OF THE CIP The proposed rule would have required a mutual fund’s CIP to be approved by the fund’s board of directors or trustees. The final rule eliminates this board approval requirement.9 However, the Release notes that a fund with an AML program that the board has approved as required must nonetheless obtain board approval of a new CIP, since “the addition of the CIP is a material change that must be approved by the board.”10 EXEMPTIVE AUTHORITY The final rule contains provides that the SEC, with the concurrence of Treasury, may by order or regulation exempt any mutual fund or type of account from the requirements of the rule. Robert C. Grohowski Associate Counsel Attachment (in .pdf format) 8 The Release states that the contract and certification requirement in the final rule apply equally to reliance on affiliated and unaffiliated persons. 9 The Institute commented on the role of fund boards under the proposed rule, seeking clarification on their responsibilities with respect to CIP approval and oversight. 10 Release at 7.