Historically, the reduced compliance burden associated with private funds was a key advantage over registered funds. However, with recent changes in the regulatory environment, compliance for private funds is no longer a “check-the-box” item.
Private fund investment managers must be able to respond swiftly to new regulations while also ensuring their procedures are sufficiently flexible to accommodate evolution. Keeping current with changing regulations is time consuming; understanding the requirements of various jurisdictions can be complex. Managers often find their administrators and legal counsel to be invaluable for assistance with in depth compliance issues, allowing managers to stayed focused on investment management.
As the industry continues to evolve — whether through cryptocurrencies, foreign feeder structures, SPACs or otherwise — new compliance issues have arisen with greater frequency. In this article, we flag changes and trends in anti-money laundering (AML) requirements and expanded privacy regulations that directly impact private fund managers.
Anti-Money Laundering Requirements
Shifting Ground in U.S. AML Requirements
Traditionally, the U.S. has enforced light AML requirements compared to non-U.S. jurisdictions where private funds are often registered. But the passage of the Anti-Money Laundering Act of 2020 signaled a renewed attention to strengthening AML legislation. This was the first amendment of the Bank Secrecy Act in 20 years.
A potential revival of a FinCEN rule by the Biden administration, which would require investment advisors to maintain more formalized AML policies, is currently under discussion. We are watching this development closely.
Heightened Scrutiny for Cayman Islands AML
Offshore jurisdictions are similarly facing significant changes in AML legislation. For example, the 2018 revision to the Cayman Islands’ AML Regulations required, among other things: i) a risk-based approach to assessing customer eligibility and ii) the implementation of formalized AML Officer requirements.
Even substantial updates such as this one in 2018 continue to evolve. In 2020, the regulations were modified to remove the Equivalent Jurisdictions Regime, which had allowed simplified customer due diligence for specific countries. The modification requires private funds to conduct their own risk assessments on investors’ domiciles.
Heightened Scrutiny May be Accompanied by Fines
Beyond specific updates to the Cayman Island rules, there is also renewed focus on the Administrative Fines Regime. The Cayman Islands Monetary Authority has increased the rate at which it imposes fines on private fund managers and service providers for failure to implement effective AML protocols.
Furthermore, the Financial Action Task Force (FATF) recently added the Cayman Islands to the FATF gray list for enhanced monitoring due to their determination that Cayman Islands is not thoroughly enforcing its AML requirements. Fund managers can expect Cayman authorities to place a greater emphasis on testing and enforcement of AML rules in order to maintain its reputation as an international financial center.
The past few years have also seen a substantial increase in the implementation of privacy regulations globally. Unlike AML rules, which tend to be jurisdiction-specific, customer privacy legislation generally applies to any entity that holds data on an individual resident in a location that has privacy laws.
GDPR Started the Privacy Regulation Trend
With the growth in privacy regulations driven by the General Data Protection Regulation (GDPR) in the European Union (EU) and the continued state-specific privacy regulations being implemented in the U.S., managers must take a broad and accommodating approach to ensure their privacy policies are easily adaptable.
GDPR, which was implemented in 2018, served as the driver of the current push for privacy regulation. While many managers had existing privacy policies, GDPR required anyone who maintained data on EU residents to be far more deliberate about the information collected, and to form definitive response plans for data breaches or requests from data subjects who wished to have their information deleted.
Impact Beyond the European Union
GDPR kickstarted the trend for privacy legislation in other jurisdictions. The Cayman Islands passed a privacy law in 2019, and Switzerland implemented its own law at the end of 2020. While both laws are similar in function to GDPR, they each have their own nuances.
The U.S. faces a complex array of privacy regulations, with individual states continuing to pass their own laws. The California Consumer Privacy Act went into effect January 2020, and Virginia passed similar legislation in 2021. While privacy laws on this level have been passed in only two states, similar laws are being discussed in many other states, signaling a growing desire to address privacy concerns regardless of state or domicile.
Given the continued momentum of privacy regulations, managers must not only address the regulations applicable to the domiciles of their investor base, but also plan for similar privacy legislation to come into effect in other jurisdictions.
Evolving regulations and increased complexity have made compliance for private funds far more challenging than in the past. It is crucial for private fund managers to have service providers who are true partners in their fund operations, who keep in front of regulation changes, and who enable funds to be prepared for compliance as soon as legislation is in effect.
Ultimus LeverPoint Private Fund Solutions is committed to keeping regulatory compliance a top priority. We stay on top of changing regulations so that our clients and their investors are not caught off-guard. In true partner fashion, we help reduce the administrative burden of meeting regulatory updates, allowing fund managers to focus their full efforts on optimizing investments and growth, as well as investor relationships.