The AML Rule For RIAs

New Rules

The Financial Crimes Enforcement Network (FinCEN) has introduced a new set of rules under the Bank Secrecy Act (BSA) to counter money laundering and terrorism financing in the investment adviser sector. With this, registered investment advisers (RIAs) are now classified as “financial institutions,” subject to the same standards as other entities already covered under the BSA. If you’re an RIA, this is a critical development. The new rules impose stringent requirements on RIAs to ensure compliance, transparency, and integrity in the financial system. While this may sound complex, the overarching advice is simple:

1. Read the rule
2. Understand it thoroughly
3. Take the time to implement the necessary steps

The core of the new rule is the requirement for RIAs to establish anti-money laundering (AML) and countering the financing of terrorism (CFT) programs tailored specifically to their business’s characteristics and risk profiles. FinCEN emphasizes that this is not a “one-size-fits-all” mandate, meaning your compliance program should be based on the unique risks your business faces. However, there are certain minimum requirements that all AML/CFT programs must meet. First and foremost, RIAs must create internal policies, procedures, and controls designed to prevent money laundering, terrorist financing, and other illicit activities. This includes establishing a process for customer due diligence, ongoing monitoring for suspicious transactions, and ensuring compliance with the BSA and its implementing regulations.

Independent Testing & Training

One critical component of compliance is independent testing. FinCEN’s rule mandates that RIAs conduct independent testing of their AML/CFT program, which can be carried out either by internal personnel or by a qualified third-party service provider. This is not a task you can set up once and forget about; regular reviews will help ensure that your program remains effective and compliant with the evolving regulatory landscape.

Equally important is the designation of a responsible person or persons to oversee the implementation and monitoring of the AML/CFT program. This individual will be responsible for ensuring that the program functions as intended and that any issues are identified and addressed promptly.

In addition to monitoring and independent testing, the rule requires RIAs to provide ongoing training to all relevant employees. This training must be specifically tailored to ensure that employees understand the requirements and risks associated with money laundering and terrorist financing in the investment adviser sector. The training program should be refreshed periodically to account for updates in laws, regulations, and the business’s risk profile.

RIAs and SARs: Meeting Compliance Standards

RIAs are also required to file Suspicious Activity Reports (SARs) with FinCEN when they encounter transactions that raise red flags. These reports, along with associated recordkeeping requirements, follow strict guidelines similar to those imposed on broker-dealers. Additionally, RIAs are required to comply with sections 314(a) and 314(b) of the USA PATRIOT Act, which provide for information sharing between financial institutions and federal law enforcement agencies.

Understanding Your Compliance Responsibilities

While some RIAs might breathe a sigh of relief at the exclusion of mandatory beneficial ownership requirements for legal entity customers, this doesn’t mean the responsibility can be ignored. RIAs are encouraged to take a risk-based approach to determine whether collecting such information is necessary for a given client. In many cases, sufficient customer due diligence will need to be conducted to form a customer risk profile, which can then serve as the baseline for detecting and reporting suspicious activity.

One key thing to remember is that compliance doesn’t mean you have to handle everything in-house. The rule permits RIAs to delegate or outsource some of their AML/CFT functions to third-party service providers. However, it’s critical that any outsourced functions are handled by trusted and capable partners. Want to know more about our Outsourced Compliance Department where we take on the responsibilities of your CCO and compliance analysts? Send us a message with the word “COMPLIANCE”.

This final rule also addresses the rising concerns of illicit finance in the investment adviser sector, as documented in a 2024 risk assessment by the U.S. Treasury. Criminals, corrupt officials, and foreign adversaries have increasingly sought to exploit the investment adviser industry to access the U.S. financial system. As an RIA, it’s essential to remain vigilant and ensure that your compliance program not only satisfies FinCEN’s requirements but also adequately addresses the unique risks your firm may face.

Navigating New Regulations

The most important takeaway from these new regulations is this: don’t delay in taking the necessary steps. Make the time to read and fully understand the new rule.
It may be tempting to rush through compliance, but a poorly implemented program can be more harmful than no program at all. Be thorough in your risk assessments, testing, training, and customer due diligence processes. Taking the time now to fully understand the rule and its implications will save you headaches down the road and protect both your firm and your clients.

Get it Right The First Time — Contact My RIA Lawyer.