AML/CFT Requirements for RIAs and ERAs: The countdown has started

The financial advisory sector is facing a transformative period, particularly involving Registered Investment Advisors (RIAs) and Exempt Reporting Advisers (ERAs). Today, RIAs and ERAs are only subject to the Advisers Act and various Securities and Exchange Commission (SEC) rules and regulations thereunder that govern, among other things, marketing practices, disclosures to clients, best execution of client transactions, transparency in disclosing conflicts of interest, and reporting of Assets Under Management (AUM), among others.

The lack of comprehensive Anti Money Laundering/Counter Financing Terrorism (AML/CFT) regulations applicable to investment advisers means they are not currently required to understand their customers’ ultimate sources of wealth or identify and report potentially illicit activity to law enforcement.

This year, on August 28, the Financial Crimes Enforcement Network (FinCEN) issued a final rule adding part of the segment of RIAs and ERAs to the definition of “financial institution”, prescribing minimum standards for AML/CFT programs to be established by such entities, requiring them to report suspicious activity to FinCEN, and delegating supervisory authority to the SEC.

The rule will be effective as of January 1, 2026, and covered organizations must be ready to implement its requirements. For this reason, Chaindots gathers in this article the essential information you need to comply with this final rule:


1. Regulatory shift and rule motivation

As mentioned, the regulatory environment for RIAs and ERAs has traditionally been governed by the Advisers Act, primarily focusing on fiduciary duties and investor protection. However, current dynamics in global finance have highlighted emerging risks in the advisory space, prompting FinCEN to act. While the Advisers Act includes certain compliance requirements, such as the need for RIAs to register with the SEC and the obligation for ERAs to file an abbreviated Form ADV, these measures have historically emphasized anti-fraud and ethical transparency rather than targeting financial crime.
 
In some circumstances, depending on their registration status, investment advisers are reached by Federal securities, tax, or other rules and regulations that may impose information collection or disclosure obligations similar to some AML/CFT measures. Some investment advisers also voluntarily adopt AML/CFT measures, but such practices are not widespread across the industry, leaving gaps that criminals may exploit.
 
The Treasury’s Investment Adviser Risk Assessment report highlights these vulnerabilities, finding that 15.4% of RIAs and ERAs were referenced in at least one Suspicious Activity Report (SAR) between 2013 and 2021. The number of SAR filings related to RIAs and ERAs increased by approximately 400% over this period, revealing significant risks posed by inadequate oversight in the advisory sector. According to the report, the investment adviser industry has served as an entry point into the U.S. financial system for illicit proceeds associated with foreign corruption, fraud, and tax evasion.
 
In 2023, investment advisers reported approximately $130 trillion in AUM for their clients, making them significant players in the financial system. Given this scale, requiring RIAs and ERAs to file SARs and keep detailed customer records would make critical information more accessible to law enforcement, enabling timely detection, investigation, and prosecution of financial crimes. The FBI’s findings support this need, noting that 36.3% of active investigations into complex financial crimes and 27.5% of public corruption cases relied on BSA reporting. Expanding AML/CFT obligations to investment advisers is expected to fill existing gaps, enhancing the Federal Government’s and the private sector’s ability to shield the U.S. financial system from misuse.
 

2. Entities reached by the final rule

FinCEN’s final rule now includes “investment adviser” in the “financial institution” definition, reaching RIAs and ERA. However, some RIAs are explicitly excluded from the definition. Specifically, the rule does not apply to RIAs categorized as:

  • Mid-Sized Advisers,
  • Multi-State Advisers,
  • Pension Consultants, and
  • RIAs that do not report Assets Under Management (AUM) on Form ADV.


Additionally, foreign-based RIAs are exempt from these requirements if they provide advisory services exclusively to foreign-located persons and all personnel involved in these services are outside the United States.

In total, there are approximately 19,900 entities subject to the final rule.


3. Scope of the new FinCEN regulations

AML/CFT program

Each investment adviser shall develop and implement a written AML/CFT program that is risk-based and reasonably designed according to its business. This program must be approved in writing by its board of directors or trustees, or if it does not have one, by its sole proprietor, general partner, trustee, or other persons with similar responsibilities to a board of directors. Additionally, the investment advisers must designate a person or persons responsible for implementing and monitoring the internal policies, procedures, and controls of the adviser’s AML/CFT program.

Minimum requirements of the AML/CFT program:

(i) Establish internal policies, procedures, and controls reasonably designed to prevent the investment advisers from being used for money laundering, terrorist financing, or other illicit financial activities and to achieve compliance with applicable provisions of the BSA and implementing regulations.
(ii) Provide for independent testing of compliance, to be conducted by the covered investment advisers’ personnel or a qualified outside party.
(iii) Designate a person or persons responsible for implementing and monitoring the operations and internal controls of the program.
(iv) Provide ongoing training for appropriate persons.
(v) Implement appropriate risk-based procedures for conducting ongoing customer due diligence, including, but not limited to:

  • Understanding customer relationships’ nature and purpose to develop a risk profile.
  • Conducting ongoing monitoring to identify and report suspicious transactions and maintain and update customer information on a risk basis.


It is important to note that FinCEN allows the delegation of certain aspects of the AML/CFT program to third-party providers, though the adviser remains legally responsible for compliance.

File SARs and CTRs

Under the final rule, RIAs and ERAs must file a report with FinCEN for any transaction that may involve suspicious activity or a possible violation of law. Additionally, investment advisers are now required to report all currency transactions exceeding $10,000. Previously, RIAs and ERAs used Form 8300 for these reports, but the final rule mandates that covered financial advisers now use Currency Transaction Reports (CTRs) instead. This shift to CTRs brings consistency to reporting standards and aligns RIAs and ERAs with broader financial institution practices under the BSA.

Recordkeeping and travel rules

The final rule requires RIAs and ERAs to gather and maintain detailed information on both originators and beneficiaries for certain transactions. For certain fund transmittals that involve multiple financial institutions, investment advisers must also pass along this information to the next institution in the chain. This enhanced recordkeeping obligation will allow regulators to trace fund flows more effectively and prevent potential misuse of funds for illicit purposes across institutions.

Special due diligence measures for correspondent and private banking accounts

Under the final rule, investment advisers are required to implement due diligence policies, procedures, and controls that are reasonably designed to identify and monitor any suspicious or potentially illegal activity associated with correspondent and private banking accounts. These requirements apply specifically to accounts established or maintained within the United States for foreign financial institutions. Advisers must monitor these accounts and report any known or suspected money laundering activity to FinCEN as part of their ongoing compliance efforts.

Respond to section 314(a) requests

FinCEN’s regulations under Section 314(a) allow law enforcement to request assistance from financial institutions in locating accounts and transactions associated with individuals or entities suspected of terrorism or money laundering. Through these requests, FinCEN shares with financial institutions identifying information, such as names and addresses, enabling them to search their records for relevant accounts and transactions. The final rule extends this mechanism to investment advisers, thereby including RIAs and ERAs in a collaborative effort to combat illicit finance and support national security objectives.

 

4. The cost of compliance

The implementation of this final rule will require substantial financial investment, particularly for smaller firms. These costs will encompass the development and maintenance of AML/CFT programs, including policy creation, ongoing staff training, independent audits, and regular updates to align with regulatory requirements.

To meet these compliance obligations, RIAs and ERAs may need to expand their compliance teams, potentially hiring dedicated compliance officers or assigning specific personnel to AML responsibilities. They will also need to establish comprehensive staff training programs covering topics such as identifying suspicious activities, filing SARs, and staying updated on regulatory expectations. Some firms may consider outsourcing compliance duties to specialized providers to reduce the burden and leverage their expertise.

Moreover, effective AML/CFT compliance in the modern era relies heavily on advanced technology. Investment advisers must invest in robust systems to conduct Customer Due Diligence, monitor ongoing transactions, analyze large volumes of data, and safeguard client information.

The cost assessment section of the final rule outlines the key expenses associated with AML/CFT compliance for RIAs and ERAs. It focuses on the financial requirements needed to meet FinCEN’s new regulations. Below are ten key insights related to these costs:

  1. Initial program setup costs: Small RIAs and ERAs may face around $48,000 in the first year to establish compliance, especially if they have limited AML/CFT measures currently in place.
  2. Annual compliance costs: Following the initial setup, small entities can expect recurring annual costs of approximately $40,000, covering activities like recordkeeping, SAR filings, and ongoing due diligence.
  3. SAR filing costs: SAR reporting is a significant component with an estimated annual cost of $9,000 for small entities. This includes identifying, documenting, and filing reports on suspicious transactions.
  4. Customer Due Diligence updates: The cost will depend on the entity’s current procedures. Entities with limited AML/CFT procedures need to allocate additional resources to update their customer information. Relatively higher costs are assumed in the first three years due to the compliance burden associated with data collection activities to develop a customer risk profile for existing and new customer accounts.
  5. Software licensing for AML/CFT: Investment advisers must invest in AML/CFT software, averaging around $12,400 annually, to monitor and report suspicious transactions effectively.
  6. Independent testing requirements: FinCEN mandates independent testing of AML/CFT programs, which is anticipated to add approximately $17,000 annually for each adviser without existing testing protocols.
  7. Compliance Costs as a Revenue Percentage: For small entities, the estimated annualized compliance burden could represent about 4.7% of their annual revenue, highlighting a substantial financial impact on smaller firms.
  8. Human Resource Allocation for Compliance: FinCEN estimates that small firms, on average, require around 120 hours of compliance labor during the first year to develop policies and internal controls for AML/CFT, decreasing to about 10 hours annually for updates.
  9. Training Costs for Employees: Training is an essential part of compliance. Small firms can expect to spend $11,000 annually on training programs to ensure staff understand and adhere to BSA requirements.

 

5. Compliance checklist for RIAs and ERAs for 2026

As we mentioned before, the rule will be effective as of January 1, 2026, which is why we prepared a checklist of requirements that RIAs and ERAs must have implemented by that date:
 

AML/CFT program development

  • Risk assessments: Conduct comprehensive risk assessments that cover all client interactions, evaluating factors like source of funds and client location.
  • Policy creation: Develop policies that address specific business risks and regulatory expectations, and obtain board approval.
  • Internal controls: Establish adequate internal controls for your firm’s risk profile, ensuring periodic reviews and updates as regulations evolve.

 

Due diligence

  • Due diligence procedures: Implement due diligence procedures to investigate, verify, and evaluate customers’ risk before establishing a formal business relationship or engaging in transactions.
  • Enhanced due diligence: Implement thorough detailed due diligence for high-risk clients, verifying the source of funds, beneficial ownership, sanction screening, negative media, and any other measure necessary to determine the customer’s inherent risk.
  • Ongoing monitoring: Conduct regular reviews and updates for high-risk clients, adjusting their risk scores according to new information, risk indicators, or changes in regulatory standards.

 

SAR filing and record-keeping

  • Documentation standards: Maintain high standards for documentation of SAR filings, ensuring accuracy and compliance with the regulator’s requirements.
  • Reporting timelines: Ensure all SARs are filed within designated timelines, following clear internal processes.
  • Tracking mechanisms: Implement tracking systems for SAR submissions and regulatory reviews to simplify audits.

 

Internal audits, monitoring, and independent testing

  • Regular audits: Plan and conduct regular audits to assess program effectiveness and address potential gaps.
  • Review mechanism: Create mechanisms for continuous compliance improvement, allowing for real-time policy adjustments.
  • Independent testing: Plan regular independent reviews of the AML/CFT program.

 

Training

  • Staff training programs: Schedule regular training sessions on AML/CFT protocols, suspicious activity identification, and SAR filing.
  • Role-specific awareness: Plan training programs for various roles within the organization, ensuring every employee whose duties require knowledge of the BSA requirements understands their compliance responsibilities.
  • Ongoing updates: Implement a process to keep staff informed of regulatory updates.

 

6. Consequences of non-compliance

Failure to comply with AML/CFT requirements can result in significant fines and penalties. Between 2023 and 2024, federal regulators issued more than 45 enforcement actions against financial institutions for failing to develop and maintain a reasonably designed BSA/AML program. In the same period, civil monetary penalties imposed on financial institutions amounted to more than $4 billion.

For RIAs and ERAs, understanding the cost of non-compliance is essential to effectively allocate the resources needed for implementing robust AML/CFT programs.

Moreover, the financial advisory industry is particularly reputation-sensitive. Non-compliance incidents, especially those that become public, can harm a firm’s reputation and potentially lead to loss of clients. Maintaining an adequate compliance record protects firms from regulatory scrutiny and builds trust with clients, who increasingly prioritize transparent advisory services.


7. Conclusion: Proactive compliance for RIAs and ERAs

This new rule requires a proactive approach from RIAs and ERAs, which offers both a shield against potential penalties and a strategic advantage as those who prioritize AML/CFT investments will be better positioned to thrive in a stringent regulatory landscape, ensuring secure, transparent, and compliant operations that instill confidence in clients.
There is still enough time to allocate the necessary resources to your AML/CFT program and implement adequate policies and procedures, ensuring your organization remains compliant when the rule comes into effect. Taking action now will safeguard against regulatory scrutiny and enhance your competitive standing in the financial services industry.
 
Reach out to us at support@chaindots.com to stay ahead of the requirements.

Eager to change?

Document

Copyright © 2024 Chaindots   |   All Rights Reserved   |   Terms and Conditions Website   |   Terms and Conditions Platform  |  Cookie Policy WebsitePrivacy Policy

Copyright © 2024 Chaindots

All Rights Reserved

Terms and Conditions

 Privacy Policy