Rules Navigator

New FinCEN AML Rule brings investment advisers under bank-like scrutiny

A worker uses a magnifying glass to inspect a sheet of brand new printed $100 bills at the United States Treasury Department.
Photo: James Leynse/Getty Images

Janaya Moscony | SEC3

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The rule places RIAs and ERAs under Bank Secrecy Act-style compliance obligations.

In a landmark regulatory move, the Financial Crimes Enforcement Network (FinCEN) has finalized its long-anticipated laundering and counter-terrorism financing (AML/CFT) rule for investment advisers.

Effective January 1, 2026, the rule places registered investment advisers (RIAs) and exempt reporting advisers (ERAs) under Bank Secrecy Act (BSA)-style compliance obligations – ushering in a new era of heightened monitoring and reporting expectations across the advisory space.

Who’s in scope?

The rule applies broadly to SEC-registered RIAs and ERAs, with a few carve-outs. Firms such as mid-sized advisers, pension consultants, family offices, and advisers reporting no assets under management (AUM) are exempt. Foreign private advisers, however, are in scope if their advisory activities touch the US – whether through domestic clients, funds, or employees operating in the United States.

What’s required?

The rule introduces a five-pillar AML/CFT framework that RIAs and ERAs must adopt, each element designed to align adviser oversight with existing financial institution standards:

  1. Risk-based AML/CFT program
    Advisers must develop written policies and procedures tailored to the size, structure, customer base, and services of the firm. These programs must be approved by senior leadership and reasonably designed to prevent misuse of the adviser for illicit purposes.
  2. Independent testing
    A qualified, independent party must periodically review the firm’s AML program to ensure proper implementation and ongoing effectiveness.
  3. Designated AML officer
    Each firm must appoint a dedicated AML officer responsible for administering the program, coordinating reporting, and ensuring organizational compliance.
  4. Ongoing training
    Employees must receive continuous education on AML responsibilities, including red flags and reporting obligations.
  5. Customer due diligence
    Advisers must perform ongoing assessments of client risk using a risk-based approach. While FinCEN has indicated that a separate rulemaking will address full Customer Due Diligence (CDD) requirements – such as beneficial ownership identification – firms are expected to adopt KYC practices appropriate to their business model in the interim.

Reporting obligations: SARs and CTRs

FinCEN’s rule also requires advisers to submit Suspicious Activity Reports (SARs) for transactions involving $5,000 or more where there is reason to suspect potential money laundering or terrorist financing. These reports must be filed within 30 days of detecting suspicious activity and are subject to strict confidentiality.

In addition, advisers must submit Currency Transaction Reports (CTRs) for currency transactions exceeding $10,000. The CTR reporting requirement is new for investment advisers. Unlike other financial institutions, advisers were not previously required to file IRS Form 8300 for cash transactions, so this rule introduces a formal currency reporting obligations for the first time.

Key next steps for advisers

As the compliance deadline approaches, advisers should begin laying the foundation for a fully operational AML program. Early planning will be essential, particularly for firms that have not previously implemented bank-style AML processes. Action items include:

  • Budgeting and resourcing: Determine whether to manage compliance internally or engage third-party providers for policy development, testing and training.
  • Policy development: Draft or upgrade AML policies to meet the rule’s new standards. Consider risk categories such as investor type, fund structure, and jurisdiction.
  • AML officer selection: Identify the individual who will serve as AML officer and ensure adequate training and authority are in place.
  • Customer risk profiling: Begin compiling data and tools necessary to categorize investors by risk level and perform ongoing due diligence.
  • Vendor review: Evaluate whether fund administrators, consultants, or other service providers need revised agreements or enhanced AML responsibilities.

See also on GRIP: SEC and FinCEN extend customer identification program obligations to IAs.

Janaya Moscony, President, SEC3. As a former SEC regulator, Janaya has significant experience in the examination, implementation and enforcement of securities regulations. Contact: janaya@sec3compliance.com

, , , , , , ,
You may also like