On August 28, 2024, the Financial Crimes Enforcement Network (FinCEN) unveiled a new rule that introduces new anti-money laundering (AML) and countering the financing of terrorism (CFT) requirements for registered investment advisers (RIAs) and exempt reporting advisers (ERAs) designed to counter efforts by bad actors designed to thwart criminal activity and financing of terrorism. In this article, we will explain the background and purpose for the rule, what RIAs are covered by the rule, what requirements will be imposed on RIAs, and what this will practically mean for RIAs.
Background
FinCEN’s new rule is the culmination of years of efforts to impose AML and CFT requirements on the investment advisory sector. Historically, advisers have not been comprehensively regulated in this regard, even though many financial institutions like banks and broker-dealers have long been subject to AML obligations. Previous attempts by FinCEN to impose such requirements on advisers, dating back to the early 2000s, fell short of adoption. However, the explosive growth of private equity, venture capital, and hedge funds—coupled with the increasing prevalence of high-profile cases involving advisers implicated in money laundering—pushed FinCEN to revisit these efforts.
Recent findings, such as FinCEN’s analysis of Suspicious Activity Reports (SARs) between 2013 and 2021, revealed that over 15% of advisers were linked to potentially suspicious activities. These findings underscored the need for heightened oversight. Moreover, the investment adviser industry’s role in managing private funds, which often provide higher returns but also less transparency, has made it a potential target for those seeking to obscure the origin of illicit funds.
What RIAs Are Covered by the AML Program Rule
The rule casts a wide net, encompassing both RIAs and ERAs within its scope. Essentially, any adviser registered or required to register with the Securities and Exchange Commission (SEC) under the Investment Advisers Act of 1940, or exempt from registration under certain provisions, falls under the rule. This includes advisers who solely manage private funds or venture capital funds, as these entities are considered higher risk for money laundering and other financial crimes.
However, FinCEN has made some accommodations to reduce the burden on smaller firms. For example, mid-sized advisers who manage between $25 million and $100 million in assets and are not required to register with the SEC are exempt from the rule. Pension consultants and multi-state advisers also fall outside the rule’s scope, as do any advisers who do not report assets under management (AUM) on their Form ADV. Additionally, advisers registered only at the state level are excluded.
These exclusions reflect FinCEN’s recognition that certain smaller firms or advisers with lower-risk profiles do not warrant the same level of scrutiny as larger, more complex entities that may be more attractive targets for illicit activities.
AML Program Rule Requirements
Under the new rule, covered advisers will be required to implement a risk-based AML/CFT program tailored to their specific business risks. This means that covered advisers will need to develop and maintain internal systems designed to identify and prevent money laundering, terrorism financing, and other illicit financial activities. The program must be robust enough to detect suspicious behavior, but also flexible, allowing covered advisers to adapt their approach based on their particular client base and services.
To meet the rule’s requirements, covered advisers must establish internal policies, procedures, and controls that prevent their firms from being exploited for illegal activities. This includes performing thorough due diligence when onboarding clients, verifying client identities, and monitoring client transactions for unusual or suspicious activity. The program also mandates ongoing monitoring to ensure that covered advisers stay on top of their clients’ activities and any emerging risks.
Covered advisers are also required to conduct independent testing of their AML/CFT program to ensure compliance. This can be performed by internal personnel or outsourced to a qualified third party, such as a fund administrator, but the responsibility ultimately remains with the adviser. Additionally, advisers must designate a compliance officer who will oversee the program and ensure that it is properly implemented and maintained.
Training is another key element of the rule. Covered advisers must provide ongoing training to relevant personnel, ensuring that everyone understands their responsibilities and how to spot potential red flags. This training should be updated regularly to reflect changes in regulations or emerging threats.
Lastly, covered advisers must implement risk-based procedures for conducting customer due diligence. This includes understanding the nature and purpose of each client relationship to develop a customer risk profile. Covered advisers must continuously monitor these relationships to identify suspicious transactions and update customer information as necessary.
Practical Implications for Covered Advisers
For many covered advisers, the implementation of a fully compliant AML/CFT program will represent a significant shift in their day-to-day operations. Even firms that have some AML measures in place, either because they are affiliated with a broker-dealer or because they voluntarily adopted certain practices, will likely need to enhance their programs to meet the new rule’s standards.
One of the immediate impacts of the rule is the increased cost of compliance. Implementing a risk-based AML program, training staff, and conducting independent testing are all resource-intensive activities. Smaller firms, in particular, may struggle with the cost of these new requirements, although FinCEN has designed the rule to allow for flexibility based on the size and complexity of the adviser’s business. Larger firms or those dealing with higher-risk clients, such as private funds or foreign entities, will need to implement more stringent controls, which will likely increase both the financial and administrative burden.
The new rule also brings greater regulatory scrutiny. The SEC will be responsible for overseeing compliance with the AML/CFT requirements, adding another layer of regulatory oversight for covered advisers. Covered advisers will need to ensure that their compliance programs are up to par, as failure to comply could result in enforcement actions.
Another important aspect of the rule is the ability for covered advisers to delegate some of their AML responsibilities to third parties, such as fund administrators. Delegation can ease the burden on covered advisers, but it doesn’t absolve covered advisers of responsibility should delegees fail to perform such functions in line with applicable rule requirements. Advisers remain fully accountable for ensuring that their AML program meets the required standards, even when certain functions are outsourced. They must also ensure that FinCEN and the SEC can access any necessary information or records related to their AML program.
Compliance Date
Covered advisers will not need to comply with the rule’s new requirements until January 1, 2026. Although the rule’s compliance deadline is over a year away, advisers should begin preparing as soon as possible. The implementation of a comprehensive AML/CFT program takes time and requires careful planning. Advisers will need to conduct a thorough risk assessment to understand where their firm is most vulnerable to money laundering or terrorism financing activities. Based on this assessment, they can develop the necessary policies and procedures to mitigate these risks.
Advisers will also need to establish a training schedule for their staff, ensuring that everyone understands the new requirements and their role in complying with them. In addition, covered advisers should begin identifying potential service providers for independent testing or other compliance functions they may wish to outsource.
While the deadline may seem far off, the complexity of the rule and the potential costs involved mean that early preparation is key to avoiding any last-minute compliance challenges.
Conclusion
FinCEN’s new AML/CFT rule represents a significant change for investment advisers, who are now being brought into the fold of financial institutions subject to the Bank Secrecy Act. By requiring advisers to implement risk-based AML programs, FinCEN is aiming to protect the financial system from being exploited by criminals or terrorists.
Although the new requirements will impose additional costs and responsibilities on covered advisers, particularly smaller firms, the rule’s risk-based approach offers flexibility, allowing firms to scale their programs according to their size and the risk profile of their clients.