AML Compliance for Investment Advisers: Essential Steps to Meet the 2026 Deadline

Legal Alerts, ,

In August 2024, the Financial Crimes Enforcement Network (“FinCEN”) issued a new rule (“RIA AML Rule”) extending anti-money laundering (“AML”) requirements to certain investment advisers. The RIA AML Rule aims to address illicit finance risks within the investment adviser sector, as highlighted in the Treasury Department’s February 2024 Investment Adviser Risk Assessment.

With the compliance deadline of January 1, 2026, approaching, investment advisers must assess the applicability of the RIA AML Rule to their advisory activities, and take the steps necessary to integrate AML compliance measures into those activities.

Scope of Applicability

With the above in mind, investment advisers need to first determine whether the RIA AML Rule is applicable to their activities. To that end, the RIA AML Rule covers:​

  • Registered Investment Advisers (“RIAs”) – Those registered or required to register with the Securities and Exchange Commission (“SEC”) pursuant to Section 203 of the Investment Advisers Act of 1940 (“Advisers Act”).
  • Exempt Reporting Advisers (“ERAs”) – Advisers exempt from SEC registration under Sections 203(l) or 203(m) of the Advisers Act.

However, some advisers are not covered under this rule, including mid-sized, multi-state advisers, pension consultants, advisers with no assets under management reported to the SEC, state-registered advisers, foreign private advisers, and family offices.

Key Compliance Requirements

RIAs and ERAs (“Covered Advisers”) subject to the rule must implement and maintain a risk-based AML Program, which includes the following elements:

  • Developing Internal AML Policies & Procedures – Covered Advisers must establish robust internal policies and procedures to detect, prevent, and report suspicious financial activities. These policies should be risk-based, and tailored to the adviser’s specific business model, including client risk, transaction risk, geographic risk and product and service risks. Based upon the risk assessment, Covered Advisers should implement clear policies and procedures addressing the following key areas:
    1. Customer Due Diligence (CDD) & Know Your Customer (KYC) – This includes identity verification, enhanced due diligence to detect and report suspicious activities in correspondent and private banking accounts and the ongoing monitoring of client activity.
    2. Transaction Monitoring & Red Flags – Requires the establishment of systems and red flags to monitor transactions for suspicious activity, such as unusual fund movements, rapid in-an-out transactions, large transfers with no clear business purposes, rapid fund movements, and sudden changes in investment behavior. Additionally, implementing internal escalation procedures for further investigation and reporting.
    3. Recordkeeping & Data Retention – Developing procedures related to (i) maintaining client records, transaction data, and due diligence documentation for at least five years, (ii) ensuring records are easily retrievable for regulatory audits and investigations, and (iii) implementing secure storage and data protection measures to prevent unauthorized access.
    4. Responding to Information Requests – Procedures should address Section 314(a) requests from FinCEN and law enforcement regarding individuals and entities under investigation for money laundering, and Section 314(b) voluntary ​information sharing with other financial institutions.
    5. Suspicious Activity Reporting (“SARs”) – Defining clear procedures for detecting and reporting suspicious transactions to FinCEN when activity raises concerns regarding illicit financing, and the establishment of timelines for filing SARs within the regulatory framework.
    6. Independent Testing & Audits – The procedures need to address conducting regular independent audits to ensure AML compliance is performed by independent third-party reviewers for objective evaluations, and how the Covered Adviser will address any weaknesses identified in audits and continuously refine procedures.
  • Designation of an AML Compliance Officer – Every investment adviser is required to appoint an AML Compliance Officer to ensure compliance with AML regulations. This individual plays a crucial role in safeguarding a firm against financial crimes. The key responsibilities of the AML Compliance Officer include:
    • Regulatory Expertise – Possesses knowledge of AML regulations, risk assessments, and financial compliance requirements.
    • Program Oversight – Manage the implementation and effectiveness of the firm’s AML program.
    • Regulatory Liaison – Acts as the primary point of contact for regulatory authorities.
    • Staff Training – Educates employees on AML policies, red flags, and best practices.
    • Program Updates – Continuously improves AML procedures to adapt to evolving regulatory standards and emerging risks.
  • Staff Training – Firms should provide annual AML training for employees, tailored to their roles, offer real-life case studies to help employees recognize suspicious behavior, and conduct periodic tests to ensure staff compliance awareness.

Delegation of Responsibility and Regulatory Expectations

While investment advisers subject to the IA AML Rule can delegate AML Program responsibilities to third parties, they remain legally accountable for compliance.

Additionally, FinCEN has delegated enforcement authority to the SEC, ensuring that the RIA AML Rule aligns with existing oversight of brokers, dealers, and mutual funds. To that end, Covered Advisers should ensure their policies align with Bank Secrecy Act (“BSA”) requirements, SEC guidance on AML programs and the International AML standards, such as those from the Financial Action Task Force (“FATF”).

Compliance Timeline and Next Steps

Covered Advisers must comply with the requirements of the IA AML Rule by January 1, 2026. ​To prepare for compliance, they should:

  • Review and Update Existing Policies – Their existing compliance policies and procedures need to be updated to incorporate the new rule.
  • Establish Access to FinCEN – Access to FinCEN needs to be set up to monitor 314(a) notifications received from FinCEN regarding persons or entities suspected of involvement in money laundering or terrorist financing.
  • Communicate with Custodians – Firms should communicate with any custodian(s) utilized to determine if amendments will be required to custodial agreements addressing the advisers AML Program, information sharing and potential 314(b) Filings.
  • Appoint an AML Compliance Officer – Designate an AML Compliance Officer to implement the AML Program, including the establishment of regular training and testing protocols.

Taking proactive steps now will ensure that the Covered Advisers are fully prepared before the January 1, 2026 compliance deadline.