Preparing for FinCEN’s New AML Rule: Why Investment Advisers Should Start Planning Now

      Update (July 2025): The AML rule compliance deadline has been extended to January 1, 2028. While this gives firms additional time, the guidance in this article remains relevant for proactive preparation.

      Effective January 1, 2028 (extended from January 1, 2026), investment advisers registered with the Securities and Exchange Commission (RIAs) and Exempt Reporting Advisers (ERAs) will become subject to the Bank Secrecy Act (BSA) for the first time. This marks a significant shift in the Anti-Money Laundering (AML) regulatory landscape, requiring advisers to implement formal AML and Counter-Financing of Terrorism (CFT) programs that will be subject to Securities and Exchange Commission (SEC) oversight.

      What’s Required Under the New AML Rule?

      RIAs and ERAs will be required to establish and maintain a written, risk-based AML/CFT program that includes elements outside of current industry practices. Below is a brief overview of the requirements and new obligations expected of all advisers:

      Risk-Based Program Design

      Advisers must adopt an AML/CFT program tailored to the specific risks associated with a firm’s clients, strategies, products, services and geographic exposure.

      Designation of an AML Officer

      Advisers must appoint a qualified in-house resource to oversee day-to-day AML/CFT compliance.

      Employee AML/CFT Training

      A training program must be created and specifically tailored to highlight employee responsibilities under the new AML/CFT program.

      Independent Testing

      Advisers must conduct periodic testing of the AML program by an independent party (internal audit or external consultant).

      Suspicious Activity Reporting (SARs) Filing Obligations

      Advisers will be required to file SARs when appropriate, in accordance with the Financial Crimes Enforcement Network (FinCEN) requirements.

      Compliance with the Travel Rule and Information Sharing Obligations

      Advisers must implement controls to ensure compliance with the Travel Rule and the USA PATRIOT Act’s Section 314 information-sharing provisions.

      Key Dates: New AML Rule

      The compliance deadline for the new FinCEN AML rule is approaching, ensure you’re prepared:

      • Final Rule issued: August 28, 2024
      • Compliance deadline: January 1, 2028 (extended from January 1, 2026)

      Why Advisers Should Act Now

      Meeting the Rule’s new requirements will require careful planning and execution. Advisers should begin developing their AML/CFT programs sooner rather than later to allow sufficient time for:

      • Conducting a risk assessment, which is expected to be a central focus during SEC examinations
      • Designing and documenting policies and procedures
      • Developing training materials
      • Vetting independent testing vendors or internal resources
      • Implementing tracking mechanisms for SARs and Travel Rule compliance

      Best Practices for Implementation

      To navigate the new FinCEN AML requirements successfully, advisers should adopt a systematic approach. The following best practices will guide firms through the process and help ensure compliance.

      Conduct a Risk Assessment

      Understand your exposure across client types, products, delivery channels and geographies. This assessment will drive the entire AML program.

      Leverage Existing Controls

      If your firm already performs certain AML-related tasks (e.g., investor due diligence), identify and incorporate these into your formal program.

      Document Compliance Processes

      Regulators will expect thorough documentation, including written policies, procedures, training logs, testing and reports.

      Tailor Training

      Customize AML/CFT training by role (e.g., operations, investor relations, portfolio management) and updated it annually to ensure against stale information.

      Establish Escalation Protocols

      Define how SARs will be monitored, documented and evaluated, who makes the final filing decision, and how communications with FinCEN will be handled.

      Employ Experienced Compliance Resources

      Many firms lack in-house AML expertise. External consultants are able to provide the critical insight and independent testing required for compliance with the new AML rule.

      Common AML Compliance Pitfalls to Avoid

      As advisers work to meet FinCEN’s AML standards, certain mistakes can undermine compliance efforts. Below are some key pitfalls to avoid in order to maintain a comprehensive and sustainable AML regulatory framework.

      Relying on Fund Administrators Alone

      While administrators may conduct investor due diligence, advisers remain independently responsible for compliance and must assume the duty themselves.

      Applying One-Size-Fits-All Policies

      Generic policies often fail to address firm-specific risks. This can lead to compliance gaps and possibly result in findings during examinations.

      Delaying Internal Risk Assessments

      Without a timely assessment, your program may lack the necessary foundation for customization and effective implementation.

      Neglecting Ongoing Compliance Monitoring

      AML programs must evolve with the business; annual reviews and updates are essential.

      Failing to Train Key Employees

      Training is expected to be practical and role-specific. This goes beyond typical industry-standard compliance training and must be tailored to the firm’s risk profile.

      Practical Application Steps for Advisers

      Advisers can follow these practical steps to develop and execute a plan for meeting the new AML requirements. These actions will support both operational efficiency and regulatory confidence:

      1. Appointing an internal working group or project lead to manage implementation.
      2. Engage a qualified AML consultant to conduct the necessary risk-assessment and help draft your program.
      3. Map existing compliance processes (e.g., KYC, sanctions screening) to new AML requirements to avoid duplication.
      4. Create a timeline and testing plan that ensures all aspects of the rule are met by year-end 2027.
      5. Prepare for mock testing and sample reviews in Q4 2027.

      For more detailed information, you can access FinCEN’s official final rule here.

      How Waystone Can Help

      At Waystone, we recognize that there is no one-size-fits-all approach to compliance. Different investment advisers have varying requirements, fund structures, and areas of focus. Our dedicated team of compliance specialists has extensive experience assisting firms in meeting their FinCEN obligations and implementing tailored AML programs.

      Waystone offers a range of AML solutions designed to support investment advisers, regulated funds, and unregulated funds in fulfilling their regulatory obligations, including:

      • AML Audits
      • Outsourced AML Officers
      • Risk Assessments
      • Bespoke Customer Due Diligence (CDD) Solutions
      • AML Delegate Service
      • AML Training

      Our solutions are customized to align with each client’s specific needs, ensuring compliance while supporting your broader business objectives.

      Global AML Expertise Backed by Proven Methodologies

      In addition to our US expertise, Waystone brings global insight and proven methodologies from our established AML teams in the Cayman Islands and Europe. This cross-jurisdictional experience enhances our ability to implement effective AML programs that stand up to regulatory scrutiny.

      For implementation guidance or assistance with developing your AML program, please reach out to your usual Waystone representative, or contact us below.

      Contact us

      Previous post Next post
      Share

      More like this

      Navigating Conflicts of Interest: DFSA and FSRA Requirements for Authorised Firms

      Conflicts of interest may present a significant risk to the integrity of financial services. As a result, identifying, managing, and…
      Read more

      Building a Compliant and Effective Whistleblowing Framework: Key Considerations for Firms

      A robust whistleblowing framework is essential for firms operating under the Dubai Financial Services Authority (‘DFSA’).
      Read more

      Global IT Issue on 19 July

      On Friday, 19 July a global IT issue impacted industries around the world.
      Read more

      Navigating DORA compliance: A practical guide for SMEs

      To address the rising threats of cyber-attacks and digital disruptions in the financial sector, the European Union has introduced the…
      Read more

      Shaping the Future of Cybersecurity

      As digital threats continue to escalate in complexity and frequency, Waystone Compliance Solutions is spearheading cybersecurity solutions under the guidance…
      Read more

      Anti-greenwashing rule - not to be underestimated

      At the end of 2023, the FCA published its long-awaited and delayed Policy Statement: “PS23/16 Sustainability Disclosure Requirements and investment…
      Read more
      Contact us