Preparing for FinCEN’s New AML Rule: Why Investment Advisers Should Start Planning Now
Effective January 1, 2028 (extended from January 1, 2026), investment advisers registered with the Securities and Exchange Commission (RIAs) and Exempt Reporting Advisers (ERAs) will become subject to the Bank Secrecy Act (BSA) for the first time. This marks a significant shift in the Anti-Money Laundering (AML) regulatory landscape, requiring advisers to implement formal AML and Counter-Financing of Terrorism (CFT) programs that will be subject to Securities and Exchange Commission (SEC) oversight.
What’s Required Under the New AML Rule?
RIAs and ERAs will be required to establish and maintain a written, risk-based AML/CFT program that includes elements outside of current industry practices. Below is a brief overview of the requirements and new obligations expected of all advisers:
Risk-Based Program Design
Advisers must adopt an AML/CFT program tailored to the specific risks associated with a firm’s clients, strategies, products, services and geographic exposure.
Designation of an AML Officer
Advisers must appoint a qualified in-house resource to oversee day-to-day AML/CFT compliance.
Employee AML/CFT Training
A training program must be created and specifically tailored to highlight employee responsibilities under the new AML/CFT program.
Independent Testing
Advisers must conduct periodic testing of the AML program by an independent party (internal audit or external consultant).
Suspicious Activity Reporting (SARs) Filing Obligations
Advisers will be required to file SARs when appropriate, in accordance with the Financial Crimes Enforcement Network (FinCEN) requirements.
Compliance with the Travel Rule and Information Sharing Obligations
Advisers must implement controls to ensure compliance with the Travel Rule and the USA PATRIOT Act’s Section 314 information-sharing provisions.
Key Dates: New AML Rule
The compliance deadline for the new FinCEN AML rule is approaching, ensure you’re prepared:
- Final Rule issued: August 28, 2024
- Compliance deadline: January 1, 2028 (extended from January 1, 2026)
Why Advisers Should Act Now
Meeting the Rule’s new requirements will require careful planning and execution. Advisers should begin developing their AML/CFT programs sooner rather than later to allow sufficient time for:
- Conducting a risk assessment, which is expected to be a central focus during SEC examinations
- Designing and documenting policies and procedures
- Developing training materials
- Vetting independent testing vendors or internal resources
- Implementing tracking mechanisms for SARs and Travel Rule compliance
Best Practices for Implementation
To navigate the new FinCEN AML requirements successfully, advisers should adopt a systematic approach. The following best practices will guide firms through the process and help ensure compliance.
Conduct a Risk Assessment
Understand your exposure across client types, products, delivery channels and geographies. This assessment will drive the entire AML program.
Leverage Existing Controls
If your firm already performs certain AML-related tasks (e.g., investor due diligence), identify and incorporate these into your formal program.
Document Compliance Processes
Regulators will expect thorough documentation, including written policies, procedures, training logs, testing and reports.
Tailor Training
Customize AML/CFT training by role (e.g., operations, investor relations, portfolio management) and updated it annually to ensure against stale information.
Establish Escalation Protocols
Define how SARs will be monitored, documented and evaluated, who makes the final filing decision, and how communications with FinCEN will be handled.
Employ Experienced Compliance Resources
Many firms lack in-house AML expertise. External consultants are able to provide the critical insight and independent testing required for compliance with the new AML rule.
Common AML Compliance Pitfalls to Avoid
As advisers work to meet FinCEN’s AML standards, certain mistakes can undermine compliance efforts. Below are some key pitfalls to avoid in order to maintain a comprehensive and sustainable AML regulatory framework.
Relying on Fund Administrators Alone
While administrators may conduct investor due diligence, advisers remain independently responsible for compliance and must assume the duty themselves.
Applying One-Size-Fits-All Policies
Generic policies often fail to address firm-specific risks. This can lead to compliance gaps and possibly result in findings during examinations.
Delaying Internal Risk Assessments
Without a timely assessment, your program may lack the necessary foundation for customization and effective implementation.
Neglecting Ongoing Compliance Monitoring
AML programs must evolve with the business; annual reviews and updates are essential.
Failing to Train Key Employees
Training is expected to be practical and role-specific. This goes beyond typical industry-standard compliance training and must be tailored to the firm’s risk profile.
Practical Application Steps for Advisers
Advisers can follow these practical steps to develop and execute a plan for meeting the new AML requirements. These actions will support both operational efficiency and regulatory confidence:
- Appointing an internal working group or project lead to manage implementation.
- Engage a qualified AML consultant to conduct the necessary risk-assessment and help draft your program.
- Map existing compliance processes (e.g., KYC, sanctions screening) to new AML requirements to avoid duplication.
- Create a timeline and testing plan that ensures all aspects of the rule are met by year-end 2027.
- Prepare for mock testing and sample reviews in Q4 2027.
For more detailed information, you can access FinCEN’s official final rule here.
How Waystone Can Help
At Waystone, we recognize that there is no one-size-fits-all approach to compliance. Different investment advisers have varying requirements, fund structures, and areas of focus. Our dedicated team of compliance specialists has extensive experience assisting firms in meeting their FinCEN obligations and implementing tailored AML programs.
Waystone offers a range of AML solutions designed to support investment advisers, regulated funds, and unregulated funds in fulfilling their regulatory obligations, including:
- AML Audits
- Outsourced AML Officers
- Risk Assessments
- Bespoke Customer Due Diligence (CDD) Solutions
- AML Delegate Service
- AML Training
Our solutions are customized to align with each client’s specific needs, ensuring compliance while supporting your broader business objectives.
Global AML Expertise Backed by Proven Methodologies
In addition to our US expertise, Waystone brings global insight and proven methodologies from our established AML teams in the Cayman Islands and Europe. This cross-jurisdictional experience enhances our ability to implement effective AML programs that stand up to regulatory scrutiny.
For implementation guidance or assistance with developing your AML program, please reach out to your usual Waystone representative, or contact us below.