Blog

AML FAQs: What Your Firm Needs to Know About the SEC AML Rule

Feb 10, 2025

While anti-money laundering (AML) obligations have been a tried-and-true component of any broker-dealer’s compliance program, only recently have rules been introduced to mandate such requirements for registered investment advisers (RIAs), exempt reporting advisers (ERAs), and other private fund advisers.  To help you navigate what is sure to be one of the most significant rule adoptions in recent years, we’ve aggregated the answers to some of your most frequently asked questions. 

While anti-money laundering (AML) obligations have been a tried-and-true component of any broker-dealer’s compliance program, only recently have rules been introduced to mandate such requirements for registered investment advisers (RIAs), exempt reporting advisers (ERAs), and other private fund advisers.  But how significantly will the new SEC AML rule impact your compliance program? And what exactly will be required? 

To help you navigate what is sure to be one of the most significant rule adoptions in recent years, we’ve aggregated the answers to some of your most frequently asked questions. 

What is the New SEC AML Rule?  

On August 28, 2024, the Financial Crimes Enforcement Network (FinCEN) issued a final rule adding certain registered and exempt reporting investment advisers (more on this later) to the definition of “financial institution” under the Bank Secrecy Act (BSA).  

In short, the expanded definition mandates any RIAs or ERAs that are now classified as a financial institution to implement anti-money laundering (AML) and countering the financing of terrorism (CFT) programs. Additionally, firms will be required to report any suspicious activity to FinCEN.  

“This rule aims to help address the illicit finance risks in the investment adviser sector in the United States, which the U.S. Department of the Treasury documented in a February 2024 risk assessment.  The risk assessment highlights numerous cases in which sanctioned persons, corrupt officials, fraudsters, and other criminals have exploited the investment adviser industry to access the U.S. financial system and launder funds.  Moreover, it finds that foreign states, most notably the People’s Republic of China and the Russian Federation, leverage investment advisers and their advised funds through investment in early-stage companies to access certain technologies and services with national security implications.  This rule aims to mitigate these risks and deliver on a key component of the Biden-Harris Administration’s 2021 U.S. Strategy on Countering Corruption.” 

FinCEN previously made similar rule proposals in 2002, 2003, and 2015. However, these proposals were never finalized and adopted. 

The current AML rule has a Compliance Date of January 1, 2026. 

Who is Covered Under the New Rule? 

Per FinCEN’s fact sheet, “the final rule adds ‘investment adviser’ to the definition of ‘financial institution’ under the BSA’s implementing regulations.” 

FinCEN defines “investment adviser” as: Any person who is registered or required to register with the SEC under section 203 of the [Investment] Advisers Act [of 1940]…or any person that currently is exempt from SEC registration under section 203(l) or 203(m) of the Investment Advisers Act [of 1940]… 

It is clear that a federal RIA is covered by the new SEC AML rule.  And because certain Venture Capital Managers and Private Fund Advisers rely on the exemptions noted above, they will also fall under FinCen’s definition of investment adviser, and will therefore be required to meet the mandates of the AML Rule. 

It should be noted, FinCEN does not require dually-registered investment advisers and broker-dealers to establish separate or multiple AML/CFT programs to comply with the rules. Instead, a dual-registrant’s overall AML/CFT program must be designed to (i) address the different money laundering, terrorist financing, or other illicit finance activities risks posed by different aspects of such dually-registered entity’s business and activities and (ii) satisfy each of the risk-based AML/CFT program requirements to which it is subject in its different capacities. 

Similarly, an investment adviser that is affiliated with (or a subsidiary of) another entity required to establish an AML/CFT program in a different capacity is not required to implement multiple or separate programs. These entities may choose to implement one program or may instead establish separate or multiple AML/CFT programs, so long as each satisfies the applicable AML/CFT obligations. 

What is Required by the New SEC AML Rule? 

Applicable firms are required to establish and implement policies, procedures, and internal controls reasonably designed to prevent money laundering, terrorist financing, and other illicit finance activities. This includes: 

  • Establishing AML/CFT programs, including risk-based procedures for conducting ongoing customer due diligence (CDD) 
  • Filing suspicious activity reports (SARs) with FinCEN 
  • Filing currency transaction reports (CTRs) involving a transfer of more than US$10,000 in currency by, through, or to the investment adviser (in lieu of Form 8300) 
  • Maintaining records of origination and beneficiary information for certain transactions (in accordance with the “Recordkeeping” and “Travel Rules” of the BSA) 
  • Appling information-sharing provisions between and among FinCEN, law enforcement, agencies, and certain financial institutions under Section 314(b) of the USA Patriot Act; 
  • Implementing special due diligence requirements for correspondent and private banking accounts; and 
  • Additionally, impacted firms will now be subject to Section 311 of the USA Patriot Act, by which the U.S. Secretary of Treasury requires them to take certain “special measures” to address money laundering concerns, such as obtaining, retaining or reporting additional account or customer information 

As you develop your own AML/CFT program, it’s important to note that there is no one-size-fits-all answer. Each investment adviser is required to establish a “reasonably designed risk-based” program that includes, at a minimum: 

  • The development of internal policies, procedures and controls; 
  • The designation of an AML/CFT compliance officer; 
  • An ongoing employee training program; and 
  • An independent audit function to test the program. 

Additionally, the rulemaking requires that an adviser’s AML/CFT program be approved in writing by its board of directors or trustees. For advisers without a board, the program needs to be approved by its sole proprietor, general partner, trustee, or other person(s) with a similar function to a corporate board. 

What is a SAR? And When Must a SAR be Filed? 

Investment advisers will be required to file a Suspicious Activity Report (SAR) when they detect a known or suspected violation of federal law, or a suspicious transaction related to a money laundering activity or a violation of the Bank Secrecy Act.  

This includes if a financial institution suspects that one of its accounts is being used to launder money or if a financial institution knows or suspects any of the following: 

  • A transaction involves funds from criminal activities 
  • A transaction is a part of a plan to evade reporting requirements 
  • A transaction has no relevant or lawful purpose 
  • A computer breach which attempts to steal money, illegally obtain information, and/or damage the institution’s critical systems 
  • Other activities that are categorized as suspicious activities 

What is the SEC Customer Identification Program (CIP) Rule Proposal? 

On May 13, 2024, both the SEC and FinCEN proposed the Customer Identification Programs for Registered Investment Advisers and Exempt rule. 

Under this proposal, “RIAs and ERAs would be required to implement reasonable procedures to identify and verify the identity of their customers, among other requirements, in order to form a reasonable belief that RIAs and ERAs know the true identity of their customers.” 

If the rule were to be adopted as it stands today, requirements would include that the investment adviser: 

  • Establish, document, and maintain a written CIP as part of the AML/CFT program under 31 U.S.C. 5318(h) 
  • Implement “reasonable procedures” for verifying the identity of any person seeking to open an account “to the extent reasonable and practicable” 
  • Maintain records associated with such verification 
  • Consult lists of known terrorists and terrorist organizations 
  • Ensure that the CIP is appropriate for the adviser’s size and business 

Comments on the proposal were due by July 22, 2024. 

What Should Firms Be Doing Now to Prepare for the SEC AML Rule? 

While the compliance date for the FinCEN rule is January 1, 2026, we highly recommend firms start establishing and implementing their AML/CFT programs early in 2025. As a significant change for many firms, it will be critical that compliance programs are adequately adapted, and requirements cascaded throughout the firm prior to the compliance date. 

Have questions on how to socialize new rules? Check out New Rules, New Requirements: How to Implement New Regulatory Requirements for Ongoing Compliance. 

It may be necessary for firms to bring in third-party experts, like COMPLY’s compliance consultants, to support the scope of change necessary. Leveraging outside expertise, especially from sources who have worked with and supported broker-dealer AML programs, can help ensure your advisory firm effectively implements a program that meets the full breadth of requirements as outlined by FinCEN.  

Interested in learning more about COMPLY’s comprehensive solutions and services? Schedule time to speak with one of our experts today.