What Investment Advisers Must Know About FinCEN’s AML/CFT Requirements

Shannon Hull

5 min read

Apr 1, 2025

Is your firm ready to comply with new anti-money laundering (AML) and countering the financing of terrorism (CFT) requirements?

In September 2024, the Financial Crimes Enforcement Network (FinCEN) issued its Final Rule designed to enhance covered advisers’ AML compliance obligations and align them with financial institutions (FIs) under section 5318(h) of the Bank Secrecy Act (BSA). While banks, credit unions, and other FIs have continually spent years honing their programs to meet AML and CFT requirements, the rule presents new challenges for covered advisers.

What exactly does the rule require? Which advisers are impacted by the rule? How can RIAs and wealth management firms improve their programs and processes to comply? Let’s dive in.

Table of Contents

Why the AML/CFT rule matters
Rule overview
RIAs impacted by the rule
The rule’s impact on third-party management
Best practices for compliance

How we got here: Why the AML Rule matters

The passing of the new rule marked the start of a fundamental shift in the investment advisory industry for a few key reasons:

New regulatory requirements: Over the past two decades, rules related to advisers’ AML programs, suspicious activity reporting, and customer identification program (CIP) requirements have been proposed but never passed. Since many advisers’ and firms’ voluntary programs and processes don’t meet the new requirements, they must implement new standards and designate new roles and processes to comply.
Significant supervisory penalties: If advisers don’t comply, they’ll risk the consequences of compliance and financial risks. FinCEN can impose penalties for violations of BSA and its regulations, introducing new financial risks for advisers.
Evolving regulatory focus: While the compliance date has been set, a new administration brings new areas of regulatory focus, underscoring the importance of staying updated on the latest regulatory news and updates.
Additional requirements pending: CIP requirements and revisions to the customer due diligence (CDD) rule, which requires beneficial ownership information for legal entities, may impose further changes on advisers.

AML/CFT rule overview

The rule aims to combat money laundering, terrorist financing, and other financial crimes in the investment advisory industry by focusing on a few key areas.

Written AML compliance program

The rule outlines the following minimum standards for implementing and overseeing a suitable anti-money laundering and combatting the financing of terrorism (AML/CFT) program:

Clearly defined policies, procedures, and controls to detect and report suspected money laundering or other suspicious activity
Periodic independent testing to verify whether the program is functioning effectively
Designation of an AML/CFT officer to oversee the program
Training for employees and vendors so they can perform program requirements and recognize possible signs of money laundering and other illicit financial activities
Ongoing customer due diligence through appropriate risk-based features to analyze and mitigate risks.

FinCEN acknowledges that the AML/CFT program requirement is “not a one-size-fits-all requirement but is risk-based and must be reasonably designed.” For example, larger firms may have the resources to assign team members or departments specific roles, such as employee training or SAR filing. At the same time, a smaller institution may integrate AML/CFT compliance with other compliance and monitoring functions.

RIAs must also receive approval from the board or others with “functions similar to a board of directors.” Every covered adviser will also be required to make its AML/CFT program available for inspection by FinCEN and the SEC.

SAR and CTR Filing

In addition to program requirements, RIAs must file Suspicious Activity Reports (SARs) when they detect potentially suspicious activities, especially when transactions involve $5,000 or more. This is part of an effort to monitor, identify, and prevent money laundering and other illegal activities. Under the rule, advisers must report any transactions within 30 days of initial detection.

RIAs and exempt reporting advisers (ERAs) are also required to file currency transaction reports (CTRs) and create and retain records for the transmittal of funds. While SARs are filed when potential illicit activity is detected, CTRs are filed to report large transactions over $10,000, regardless of whether the activity is suspicious.

Other requirements

Advisers covered under the USA PATRIOT Act must adhere to information-sharing obligations specified in Sections 311 and 314(a). This legislation mandates that advisers apply enhanced due diligence for specific accounts, particularly correspondent and private banking accounts. Additionally, they must comply with any requests from FinCEN to search for and report any specified information or accounts suspected of money laundering or terrorist activity.

Compliance Date

RIAs must implement AML/CFT programs, file relevant SARs, and comply with other reporting and recordkeeping requirements by January 1, 2026.

Regarding Customer Identification Program (CIP) requirements, FinCEN plans to address how these apply to advisory customers in a future CIP final rule.

Related: Stay current on the latest regulations relevant to your firm with daily Ncomply updates.

Which advisers are impacted by the rule?

Advisers covered under the rule include:

SEC-registered investment advisers (RIAs)
Exempt reporting advisers (ERAs)
Foreign-based RIAs and ERAs, but only to the extent of their U.S. advisory activities or advisory activities involving U.S. clients or investors

Mid-sized advisers, multi-state advisers, pension consultants, RIAs that don’t report assets under management on Form ADV, state-registered advisers, foreign private advisers, and family offices are excluded from the rule.

The rule’s impact on third-party management programs

A significant takeaway from the AML/CFT rule — and perhaps the largest lift for many RIAs — is designating an AML officer to oversee the program. As mentioned in the rule, this role cannot be outsourced. However, RIAs can use third parties to meet some obligations, including investor diligence, filing SARS, responding to 314(a) requests, and maintaining records.

It’s important to note that advisers, like FIs, remain “fully responsible and legally liable for” compliance and must provide risk-based oversight of their vendors’ activities. Performing a name check or subscribing to software that pulls information from national lists is insufficient; RIAs must ensure they conduct due diligence and ongoing monitoring to remain compliant.

Related: What Is Compliance Risk?

What’s next? How RIAs can comply with AML requirements

As you revisit your firm’s AML/CFT program and procedures, refer to these best practices to ensure you and your firm are compliance-ready by 2026:

Conduct a gap analysis. An analysis will identify areas of improvement in your AML/CFT program. For example, gaps in knowledge or awareness among team members can inform your employee training programs to ensure staff can identify and address potential signs of illicit activity.
Update risk assessments. BSA/AML risk assessments take the cited gaps further by identifying, evaluating, and prioritizing the risks they present and how they could impact your firm’s compliance, performance, or efficiency.
Evaluate vendor relationships. The rule highlights that advisers are responsible for their vendors’ activities. With AML/CFT program compliance on the line, evaluate your current vendor relationships and adjust service level agreements (SLA) and contracts as needed to ensure performance requirements are met and any operational or compliance-related issues are addressed.
Review your training program. Do your BSA and CFT training sessions need a tune-up? Evaluate your compliance training program and ensure the materials are updated. Include practical examples, hands-on discussions, and activities for engagement and understanding.
Stay updated on regulatory news. In an ever-evolving regulatory environment, staying updated on regulators’ latest rulings, enforcement actions, and guidance is essential. Streamline your compliance process with an automated compliance management system (CMS) that sends relevant notifications based on your firm’s services, size, and geography.

FinCEN’s AML/CFT requirements represent a significant change for investment advisers, but by proactively adapting to these regulations, advisers can mitigate risks, maintain trust with clients and regulators, and stay prepared for future changes in the regulatory landscape.

AML/CFT program requirements are just one risk facing advisers and wealth management firms.

Explore more emerging risks in the securities industry in our guide.

Subscribe to the Nsight Blog

All Topics Risk & Compliance Product Insight Banks Lending Compliance Credit Unions Risk Management Fair Lending Nfairlending Cluster: Risk Management Compliance Lending Compliance Management Integrated Risk Blog Regulatory Compliance Management Nrisk News & Updates HMDA Risk Vendor Management Mortgage Lenders Ncomply Business Resiliency CRA Lending Compliance Blog Third-Party Vendor Management Business Continuity Vendor CFPB Ncontinuity Cybersecurity Fintech Regulatory Updates Nvendor Strategic Planning Regulatory Compliance Ncyber Ntransmittal Audits & Findings Compliance Management OCC Company Culture Audit Nverify Exams FDIC Nfindings Findings NCUA Business Continuity Management Contract Management Employee Intranet Contract Enterprise Risk Management FRB Findings Management Third-Party Vendors Vendor Risk Management FFIEC Ncontracts manager Vendor Risk Artificial Intelligence Compliance Risk Regulatory Brief Wealth Management 1071 ABA Bank Access Control Audit Findings Board Portal Call Report Complaint Management Cybersecurity Assessment Digital Tansformation Due Diligence Efficiency Employee Engagement Exam findings FIEC Governance and Risk Management Inc. 5000 Integrated Risk Management Internal Audit Management Mortgage Lending Nboardportal Press Release Verify

Solutions

Integrated Risk Solutions

Vendor Solutions

Compliance Solutions

Lending Compliance

1071 Compliance Software

Software Solutions

Risk Management Software

Vendor Management Software

Compliance Management Software

Continuity Management Software

Audit Management Software

Findings Management Software

Cybersecurity Assessment Software

Contract Assistant Software

Fair Lending Compliance Software

Compliance EAGLE

Employee Information Security Platform

Board Portal Software

Accredited Certification Program

Banks

Credit Unions

Mortgage Lenders

Fintech

Wealth Management

Blog

Webinars

Podcast

Regulatory News

Events

Nsider Community

Dig into our Certified Vendor Management Professional Training!

Featured Resources

March 2025 Regulatory Brief

1071 Compliance Updates

Webinar: What Does Resilience Look Like?

Webinar: The Future of Risk Management

Ncontracts Tools Got an Update with New Compliance & Risk Content

10 Best Practices for a Better Lending Compliance Program

Book: The Upside of Risk

Book: The Upside of Compliance

Resource Hub

About Us

News

Leadership

Partnerships

Join the Team

Ncontracts Highlights

Ncontracts Launches Nstitute & the Certified Vendor Management Professional (NCVMP) Certification

Ncontracts Named to Inc. 5000 for a Sixth Year

Event: Ngage 2025