Sweeping AML Requirements for RIAs and ERAs
Navigating FinCEN’s Final Rule
📅 May 1, 2025
📅 May 1, 2025
The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) in late August 2024 issued a final rule, transforming certain investment advisers (IAs) in the United States into financial institutions with obligations under the Bank Secrecy Act (BSA).
This final rule:
With the January 1, 2026 deadline approaching, RIA and ERA firms must begin building and implementing their compliance programs as soon as possible.
“IAs have served as an entry point into the U.S. market for illicit proceeds associated with foreign corruption, fraud, and tax evasion, as well as billions of dollars ultimately controlled by Russian oligarchs and their associates. IAs (including those that are exempt from SEC registration) and their advised funds, particularly venture capital funds, are also being used by foreign states, most notably the People’s Republic of China (PRC) and Russia, to access certain technology and services with long-term national security implications through investments in early-stage companies.”
– 2024 Treasury Investment Adviser Risk Assessment
The final rule imposes new compliance responsibilities on RIAs and ERAs that include a requirement to implement a “risk-based and reasonably designed AML/CFT program.” But the new obligations don’t end there. RIAs and ERAs will also need to:
The responsibilities are significant because RIAs and ERAs for the first time will have to meet the same AML standards as financial institutions and broker-dealers, and many will need to build AML compliance programs from scratch. Although most investment advisers have not been subject to the BSA AML requirements, many have voluntarily adopted at least some AML programs.
In addition, some investment advisers may perform certain AML/CFT functions if the entity is also a registered broker-dealer, is a bank, or is an operating subsidiary of a bank, according to the U.S. Treasury’s 2024 Investment Adviser Risk Assessment.
IA firms that do not currently have existing AML/CFT programs will need to dedicate resources to meet the new requirements. Building an AML compliance program from the bottom up will include requirements under five pillars of an effective AML compliance program:
Firms to whom the new rules apply will have to:
Firms will need to understand recordkeeping requirements, the details of what to include in SARs and CTRs, recognize information-sharing requirements and respond to Section 314(a) requests to help law enforcement track and investigate possible criminal financial transactions, and implement internal controls that will ensure their risk-based AML program is effective.
Financial institutions must appoint a Compliance Officer, responsible for monitoring day-to-day AML compliance with financial crimes laws and regulations and managing all aspects of the firm’s financial crimes compliance program. This individual will have deep familiarity not just with the firm’s products and services, but also with all applicable financial crimes laws and regulations, the firm’s customer base, geographic risks, and other vulnerabilities.
The Risk Assessment will evaluate both inherent risk and residual risk that remains after the AML program is fully implemented. Here are just some of the questions that should be addressed in the risk assessment:
Reporting and Recordkeeping are significant elements of an AML compliance program. IA and ERA firms will need to develop and implement policies to comply with the requirements to file SARs and CTRs, as well as comply with the BSA Travel Rule and requests pursuant to the USA PATRIOT Act Section 314(a).
SARs are documents filed by financial institutions with FinCEN that report activities that may be indicative of money laundering or other financial crimes. A financial institution is required to file a SAR no later than 30 calendar days after the date of initial detection of the suspicious activity. If no suspect was identified on the date of detection of the suspicious incident, a financial institution may delay filing a SAR for an additional 30 calendar days to identify a suspect, but reporting cannot be delayed more than 60 calendar days after the date of the initial detection of the suspicious transaction.
CTRs are not necessarily indicators of suspicious financial activity, but financial institutions must file a CTR for transactions, such as deposits, withdrawals, or exchanges of currency of more than $10,000.
Section 314(a) of the USA PATRIOT Act of 2001 requires the Secretary of the Treasury to adopt regulations to encourage regulatory and law enforcement authorities to share with financial institutions information regarding individuals, entities, and organizations engaged in or reasonably suspected, based on credible evidence, of engaging in terrorist acts or money laundering activities.
A key pillar of a comprehensive AML program is training. Designed for investment advisers, this course reviews the concepts of money laundering and terrorism financing, illicit financing risks the investment adviser industry faces, as well as global standards, jurisdictional regulations, and institutional controls associated with combating money laundering and terrorism financing.
This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.
Accept settingsHide notification onlySettingsWe may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visit to our site you can disable tracking in your browser here:
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
You can read about our cookies and privacy settings in detail on our Privacy Policy Page.
Privacy Policy