Investment Advisers and Generative AI

Eric Young March 25, 2024

Start Planning Now to Reduce Your Increased Money Laundering, Sanctions, and Conflicts of Interest Risks

The introduction and use of generative artificial intelligence (GenAI) and predictive data analytics (PDAs) by registered and exempt investment advisers (IAs) will dramatically increase their money laundering, terrorist financing, and conflicts compliance risks.

IAs should begin planning for and addressing these potential risks now, especially as major anti-money laundering (AML) and conflicts of interest proposals will significantly affect them.

IAs’ compliance risks today

Thousands of IAs oversee the investment of trillions of dollars into the U.S. economy. Despite their importance, IAs today are lightly regulated as compared to banks, dealers, and other financial institutions. This is because IAs do not handle money[1], unlike financial institutions.

IAs today meet registration and disclosure rules, and light-touch Labor Department conflicts rules to meet their clients’ best interests. However, IAs are not required to implement granular compliance risk assessments, automated surveillance, and risk metrics.

The way forward

This current landscape will change dramatically because IAs could soon be subject to proposed US Treasury/Financial Crimes Enforcement Network’s (FinCEN) AML[2] requirements and the US Securities and Exchange Commission’s (SEC) more prescriptive conflicts management rules[3].

IAs should holistically address a common risk:  Generative AI

Many IAs are analyzing FinCEN’s AML and SEC’s conflicts proposals and risks as mutually exclusive.

Understanding GenAI risks enable IAs to implement risk-based AML and conflicts compliance programs concurrently. Doing so will in turn protect the best interests of their clients more effectively, while preserving their hard-earned reputation.

GenAI and IAs

Granted, IAs’ use of GenAI promotes greater portfolio optimization, deeper and faster analytics of markets and clients’ investment patterns, natural language processing to analyze unstructured data, and produces predictive analytics.

However, there are also yet-unknown compliance risks to IAs with GenAI and PDAs.

AI Exacerbates Money Laundering, Sanctions, and Terrorist Financing Risks

Lawyers, accountants, and IAs are viewed as vulnerable or willful “enablers” of financial crimes. Compounding this, the hasty embrace of GenAI and PDAs by IAs increases the following risks:

  1. Complex GenAI algorithms can outpace IAs’ understanding of rapidly changing trends, “generative output”, and client activities. This enables criminals to mask illicit transactions within larger legitimate ones.
  2. Sanctioned Iranian entities can hack and inject false data to manipulate unsecured AI algos and then hide behind legitimate or multi-layered shell companies.
  3. Sanctioned Russian oligarchs could hide behind non-sanctioned family offices or alter “deep fake” identities.
  4. Sophisticated players can alter or overwhelm surveillance models to evade money laundering and sanctions red flags, particularly for IAs.
  5. Biased input and output, opacity of data and analytics, client data leaks, corrupted data, cyber-crimes, output hallucination, unidentified flaws, etc. each

The absence in the meantime of definitive AML rules for large and small IAs makes it difficult to implement a robust AML compliance program including:

  • Know your customer and other policies and procedures;
  • Training;
  • Board-appointed BSA/AML officer;
  • Independent testing and robust surveillance to investigate and file suspicious activity reports; and
  • Due diligence processes to validate IAs clients’ true identity and risk profile.

AI, the SEC, and DoL Conflicts Rules

If uncontrolled, IAs’ use of AI technologies could create unique investment strategies which inadvertently enables IA profits over investors’ best interests. The SEC proposes a more prescriptive oversight framework than existing Labor Department rules. The former will require detailed policies and procedures and recordkeeping to ensure AI and PDAs do not create greater conflicts. For example:

  1. Predictive models encouraging clients to keep assets in an advisory account instead of 401(k) or retirement accounts;
  2. Revenue sharing for investment products creating incentives for advisers to favor those investments; and
  3. AI software promoting a firm’s proprietary products over other products (regardless of the best interests of the customer).

AI-driven AML and conflicts of interest rules affecting IAs are very likely

over the next 12 months, especially because the Congressional “ENABLERS” Act will likely pass, subjecting lawyers, accountants, and investment advisers to the BSA Act and AML regulations. The SEC conflicts rule, despite major pushback from IAs, could also be adopted over the same period.

Recommended next steps for IAs: PREPARE NOW

  1. Risk assess, understand proposed or in-place AI strategies, uses, and underlying algorithms, i.e., establishing governance standards over AI development, revising the Software Development Life Cycle (SDLC) process to incorporate AI best practices and NIST AI principles.
  2. Consider the importance of integrating next steps for an effective AML compliance[4] and more robust conflicts management compliance program, especially if AI is or will be part of your business model.
  3. Don’t forget the fundamental compliance programs components for investment advisers including training and awareness, policies, and procedures, while anticipating how generative AI and PDA technology, together with off-channel communications will add complexities to your program.
  4. Evaluate the benefits of working with a third-party consultant to assist with the planning, design, and implementation of robust GenAI, PDA, AML, and conflicts management compliance program.

Planning ahead to address major GenAI, money laundering, sanctions, and conflicts management compliance risks holistically and simultaneously will enable investment advisors to manage these risks efficiently and give IAs the necessary lead time to build the proper policies and procedures, training programs, and critical systems to continue to grow safely and profitably.

 

[1] “Financial institutions” lend, safeguard, transmit fiat or digital “money” as a medium of exchange, representing a measure of value, and a means of payment.  IAs advise or manage clients’ portfolios only.

[2] FinCEN Proposes Rule to Combat Illicit Finance and National Security Threats in Investment Adviser Sector | FinCEN.gov.

[3] Proposed Rule: Conflicts of Interest Associated with the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers (sec.gov)

[4] Including terrorist financing and sanctions compliance.

Eric Young

Senior Managing Director

Eric T. Young advises highly regulated organizations on reengineering compliance, ethics, and regulatory technology programs to enable reputable and sustainable business growth. He has deep regulatory experience having spent close to 40 years in chief compliance officer roles at some of the world’s largest institutions, including five global banks. Throughout his career, Mr. Young has remediated and transformed corporate compliance programs and financial crime compliance programs including sanctions; integrated compliance and ethics cultures between regions, countries and companies to ensure consistency across enterprises; built compliance budgets; enhanced reporting; created governance frameworks and risk assessment, monitoring and testing programs; closed compliance gaps; restructured compliance teams; and mentored junior staff to create a pipeline of future compliance leaders and enable grassroots compliance ideas, solutions and digital upgrades.

InvestigationHotlines