Sweeping AML Requirements for RIAs and ERAs

Navigating FinCEN’s Final Rule

📅 May 1, 2025

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) in late August 2024 issued a final rule, transforming certain investment advisers (IAs) in the United States into financial institutions with obligations under the Bank Secrecy Act (BSA).

This final rule:

Adds certain registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to the definition of “financial institution” under the regulations that implement the BSA
Specifies minimum standards for anti-money laundering and countering the financing of terrorism (AML/CFT) programs to be established by participants in the sector
Requires RIAs and ERAs to report suspicious activity to FinCEN
Makes other relevant changes to FinCEN’s regulations that implement the BSA

With the January 1, 2026 deadline approaching, RIA and ERA firms must begin building and implementing their compliance programs as soon as possible.

“IAs have served as an entry point into the U.S. market for illicit proceeds associated with foreign corruption, fraud, and tax evasion, as well as billions of dollars ultimately controlled by Russian oligarchs and their associates. IAs (including those that are exempt from SEC registration) and their advised funds, particularly venture capital funds, are also being used by foreign states, most notably the People’s Republic of China (PRC) and Russia, to access certain technology and services with long-term national security implications through investments in early-stage companies.”

– 2024 Treasury Investment Adviser Risk Assessment

New Compliance Responsibilities

The final rule imposes new compliance responsibilities on RIAs and ERAs that include a requirement to implement a “risk-based and reasonably designed AML/CFT program.” But the new obligations don’t end there. RIAs and ERAs will also need to:

File certain reports, such as Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs), with FinCEN
Comply with the Recordkeeping and Travel Rules by retaining certain records, such as those relating to the transmittal of funds
Fulfill certain other obligations applicable to financial institutions subject to the BSA and FinCEN’s implementing regulations, such as special information sharing procedures.

The responsibilities are significant because RIAs and ERAs for the first time will have to meet the same AML standards as financial institutions and broker-dealers, and many will need to build AML compliance programs from scratch. Although most investment advisers have not been subject to the BSA AML requirements, many have voluntarily adopted at least some AML programs.

In addition, some investment advisers may perform certain AML/CFT functions if the entity is also a registered broker-dealer, is a bank, or is an operating subsidiary of a bank, according to the U.S. Treasury’s 2024 Investment Adviser Risk Assessment.

Creating an AML/CFT Compliance Program from Scratch

IA firms that do not currently have existing AML/CFT programs will need to dedicate resources to meet the new requirements. Building an AML compliance program from the bottom up will include requirements under five pillars of an effective AML compliance program:

Governance
Internal Controls
Training
Independent Testing
Customer Due Diligence (CDD)

Firms to whom the new rules apply will have to:

✔ Designate a compliance officer
✔ Conduct a risk assessment
✔ Implement internal controls
✔ Conduct training and independent testing
✔ Create customer due diligence (CDD), enhanced due diligence (EDD), and know your customer (KYC) processes

Firms will need to understand recordkeeping requirements, the details of what to include in SARs and CTRs, recognize information-sharing requirements and respond to Section 314(a) requests to help law enforcement track and investigate possible criminal financial transactions, and implement internal controls that will ensure their risk-based AML program is effective.

The Details

Financial institutions must appoint a Compliance Officer, responsible for monitoring day-to-day AML compliance with financial crimes laws and regulations and managing all aspects of the firm’s financial crimes compliance program. This individual will have deep familiarity not just with the firm’s products and services, but also with all applicable financial crimes laws and regulations, the firm’s customer base, geographic risks, and other vulnerabilities.

The Risk Assessment will evaluate both inherent risk and residual risk that remains after the AML program is fully implemented. Here are just some of the questions that should be addressed in the risk assessment:

What are the inherent risks faced by the firm? What products and services offered by the firm are vulnerable to financial crimes? What geographies in which the firm transacts are a high risk for money laundering and other financial crimes?
What are the firm’s existing AML policies, and how can they be adapted to a formal AML program?
Who is responsible for the firm’s current AML policies?
What are the specific requirements of the new FinCEN rule that apply to the firm?
What will the firm’s AML training program include?
What resources will be needed to conduct CDD/EDD/KYC?
What controls can be implemented at the firm to reduce residual risk?

Reporting and Recordkeeping are significant elements of an AML compliance program. IA and ERA firms will need to develop and implement policies to comply with the requirements to file SARs and CTRs, as well as comply with the BSA Travel Rule and requests pursuant to the USA PATRIOT Act Section 314(a).

SARs are documents filed by financial institutions with FinCEN that report activities that may be indicative of money laundering or other financial crimes. A financial institution is required to file a SAR no later than 30 calendar days after the date of initial detection of the suspicious activity. If no suspect was identified on the date of detection of the suspicious incident, a financial institution may delay filing a SAR for an additional 30 calendar days to identify a suspect, but reporting cannot be delayed more than 60 calendar days after the date of the initial detection of the suspicious transaction.

CTRs are not necessarily indicators of suspicious financial activity, but financial institutions must file a CTR for transactions, such as deposits, withdrawals, or exchanges of currency of more than $10,000.

Section 314(a) of the USA PATRIOT Act of 2001 requires the Secretary of the Treasury to adopt regulations to encourage regulatory and law enforcement authorities to share with financial institutions information regarding individuals, entities, and organizations engaged in or reasonably suspected, based on credible evidence, of engaging in terrorist acts or money laundering activities.

Investment Adviser Foundations of Anti-Money Laundering & Countering the Financing of Terrorism

A key pillar of a comprehensive AML program is training. Designed for investment advisers, this course reviews the concepts of money laundering and terrorism financing, illicit financing risks the investment adviser industry faces, as well as global standards, jurisdictional regulations, and institutional controls associated with combating money laundering and terrorism financing.

Learn More

Recommended Blogs

Trump’s IEEPA Tariffs – Blurring the Lines Between Trade Sanctions and Traditional Tariffs

May 13, 2025

The Trump administration’s unprecedented use of tariffs as a tool of national security and foreign policy to compel countries to change policies the U.S. opposes has blurred the lines between tariffs and trade sanctions.

Recent IAR Enforcement Actions

May 7, 2025

Recent SEC enforcement actions against IARs highlight critical compliance failures, including unregistered brokerage activities, misleading marketing practices, undisclosed conflicts of interest, and inadequate compliance policies.

Cartels, Cash, and Capital Flows

April 22, 2025

Cartels and their money laundering networks represent an increasing threat to our security and citizens, as well as being a priority for enforcement action. This article sets out five actionable steps a financial institution can take to ensure it is effectively identifying and responding to cartel risk.

Syndicates of Terror

April 4, 2025

Eight Latin American drug cartels were recently designated by the United States as Foreign Terrorist Organizations and Specially Designated Global Terrorists. The U.S. designation enhances compliance risks for financial institutions and other companies transacting in Latin America.

Lifting Sanctions on Syria

March 28, 2025

Human rights activists have been advocating for the lifting of sanctions to help Syria rebuild after nearly 14 years of destruction. What would U.S. sanctions relief for Syria entail? What changes will likely be required?

Advancement in Digital Asset Markets

March 24, 2025

Review policies and regulation on crypto in the U.S., UK, EU, and globally, how this influences adoption, and measures to capitalize on rewards while managing illicit finance risks.

Navigating the Convergence of Sanctions & AML Regimes

March 11, 2025

In our recent webinar, the director of compliance and enforcement at OFAC and three financial integrity industry leaders discussed the importance of breaking down silos and shared other advice for AML/CFT and sanctions professionals.

Interlocking Action

February 27, 2025

Transnational crime requires a coordinated response. Examine the characteristics of transnational crime, breakdowns in internal cooperation within financial institutions that resulted in enforcement action, and the actions Chief Compliance Officers must take to ensure an effective and coordinated response within their institution.

The Heat is On

February 24, 2025

Explore the key insights and implications from Transparency International’s 2024 Corruption Perceptions Index.