Contents
In August 2024, the Financial Crimes Enforcement Network (FinCEN) finalized new anti-money laundering (AML) and counter-terrorism financing (CFT) regulations specifically for Registered Investment Advisors (RIAs).
This new rule, set to go into effect on January 1, 2026, was formulated to close a regulatory gap, requiring RIAs and Exempt Reporting Advisors (ERAs) to adopt the same rigorous standards long applied to other financial institutions under the Bank Secrecy Act (BSA).
With these changes, RIAs must implement AML/CFT programs that include comprehensive risk-based customer monitoring, reporting of suspicious activities, and strict compliance oversight.
This guide highlights the key requirements for RIAs under the new AML/CFT regulations, providing actionable steps to help with compliance by the 2026 deadline.
See also:
InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013. If you need assistance with compliance or fintech regulations, click here.
What Changed: Investment Advisors Now Defined as Financial Institutions
Under the new rule, RIAs and ERAs are now officially classified as “financial institutions” under the Bank Secrecy Act.
This reclassification is a substantial shift, extending the BSA’s anti-money laundering and counter-terrorism financing requirements to include investment advisors alongside traditional financial entities like banks and broker-dealers.
The Significance of Reclassification
With the new AML requirements for Registered Investment Advisors, RIAs must now establish AML/CFT programs that include customer due diligence, risk-based monitoring, and independent auditing. Previously, these compliance elements only applied to other financial institutions.
Additionally, RIAs are required to report suspicious activity through Suspicious Activity Reports (SARs) and comply with currency transaction reporting and recordkeeping requirements.
This reclassification directly responds to a need for enhanced transparency and regulatory oversight across advisory channels, which has become increasingly important to financial stability.
Firms without existing AML programs will face significant adjustments, including allocating resources to training, compliance staffing, and technology upgrades. In the long term, however, these steps can strengthen the advisory sector’s defenses against financial crimes, enhancing both market integrity and client trust.
Key Requirements for RIAs Under the New AML Rule
Here’s an overview of the core components RIAs must implement under the new AML/CFT mandate.
AML/CFT Compliance Program Essentials
Each Registered Investment Advisor (RIA) must develop a risk-based AML/CFT program that adheres to the five-pillar approach required by regulations, ensuring comprehensive and structured compliance. The five essential components include:
Internal Policies and Procedures: These policies should be tailored to each firm’s unique risk profile, which considers factors such as client demographics, investment products, and geographic reach. By focusing on higher-risk areas, firms can allocate resources more effectively, enhancing their ability to promptly identify and address potential red flags.
Dedicated Compliance Officer: RIAs must appoint a dedicated compliance officer responsible for overseeing and monitoring AML efforts. This role is essential for ensuring the program’s effective implementation, ongoing development, and timely updates as risk profiles and regulatory requirements evolve.
Ongoing Employee Training: Regular training ensures staff can recognize and report suspicious activities effectively. Employees must stay informed of the latest AML/CFT best practices and regulatory updates, fostering a culture of vigilance and compliance throughout the organization.
Independent Testing: Regular, independent testing conducted either internally or by a qualified third party evaluates the AML program’s effectiveness and identifies any compliance gaps for prompt resolution. This testing ensures the firm’s AML efforts remain thorough, current, and aligned with regulatory standards.
Customer Due Diligence (CDD): The program must include comprehensive CDD measures, ensuring that the firm accurately understands its clients’ identities and risk levels, and adjusts its compliance approach as necessary.
For foreign-located investment advisors, these AML regulations apply only to activities conducted within the US or those involving US persons. This provision ensures that AML requirements effectively align with US jurisdictional reach while maintaining comprehensive oversight of cross-border transactions involving US clients.
Reporting Obligations: Introduction to SARs
Under the new AML requirements for Registered Investment Advisors, RIAs are required to file SARs with FinCEN for transactions involving at least $5,000 in funds or assets when the activity appears suspicious. Such transactions include any actions that could indicate money laundering, fraud, or other financial crimes.
SARs are critical in the broader financial ecosystem as they provide FinCEN and other authorities with insights into potential illegal activities, helping to prevent the misuse of financial services.
Recordkeeping and Additional Reporting Requirements
The AML requirements for Registered Investment Advisors also include compliance with the Travel Rule, which mandates that specific information must accompany certain transactions. Additionally, advisors must keep records of any transactions over $10,000.
These provisions align RIAs with traditional BSA financial institutions, adding a new layer of transparency crucial for preventing illicit activities.
Additionally, FinCEN permits RIAs to collaborate with other institutions through information-sharing mechanisms under Sections 314(a) and 314(b) of the USA PATRIOT Act, which enhance detection capabilities across the industry.
How to Prepare for the 2026 Deadline
To ensure compliance with the new AML requirements for Registered Investment Advisors, firms should begin preparations well before the deadline.
Given the regulatory scope and the required organizational changes, a phased approach with clear milestones can help RIAs meet the deadline efficiently.
See also:
Key Dates and Compliance Milestones
The final rule requires that all applicable AML/CFT measures be fully operational by January 1, 2026. This timeline leaves firms with a narrow window to establish thorough compliance frameworks, including establishing a risk-based AML/CFT program, and ensuring proper training and auditing measures are in place.
Firms should also anticipate increased regulatory scrutiny as the deadline approaches, with the SEC conducting inspections to confirm adherence.
Need help with RIA compliance?
Fill out the form below and our experts will get back to you.
Preparing for and Addressing Compliance Challenges
Transitioning to a full-scale AML program comes with potential challenges, including adapting to new software requirements. To address these challenges:
Invest in Technology: Consider AML compliance tools like Regly that automate transaction monitoring and SAR reporting to reduce the manual burden on compliance teams.
Engage Compliance Consultants: Given the complexity of AML regulations, working with specialized consultants like InnReg offers invaluable insights and helps identify gaps in your program.
Regularly Update Compliance Procedures: As the regulatory landscape evolves, so should your policies. Frequent updates to your AML policies and training programs help align them with any future changes in FinCEN or SEC requirements.
Non-compliance with AML/CFT regulations can lead to significant penalties, including hefty fines, legal action, and reputational damage. RIAs that fail to comply may also face regulatory sanctions, suspension of advisory licenses, and increased SEC and FinCEN scrutiny.
These consequences not only affect financial standing but can also erode client trust and hinder future business growth.
Suggested Timeline for Compliance Implementation
To meet the 2026 deadline, here’s a sample timeline RIAs can follow to help with compliance:
Phase 1: Initial Assessment (Early 2025)
Begin by conducting a comprehensive review of current AML practices to identify any gaps that could impact compliance. Engaging a compliance consultant like InnReg at this stage can clarify specific obligations and help develop a tailored action plan based on the firm’s risk profile and resources.
Phase 2: Program Design & Development (Mid 2025)
Develop the core elements of the AML program, including written policies, a customer due diligence framework, and SAR reporting protocols. This phase should also involve designating a compliance officer and establishing independent testing protocols that must be operational by the deadline. At InnReg, we offer outsourced CCO services that can help you mitigate regulatory risks.
Phase 3: Staff Training & Internal Testing (Late 2025)
Roll out an ongoing AML/CFT training program to educate employees on detecting suspicious activities and reporting obligations. Internal testing and independent audits should be scheduled to ensure all AML controls function as intended, allowing time to address any issues that arise.
Phase 4: Final Adjustments & Compliance Confirmation (Early 2026)
Conduct final adjustments to the AML program based on testing feedback, and confirm all policies, controls, and training are up to date. This period should focus on integrating every compliance element and preparing for the SEC examination when the rule takes effect.
Early and thorough preparation will be essential to meet FinCEN’s standards, especially since the rule requires programs tailored to specific risk profiles. By starting now, RIAs can mitigate regulatory risk and position themselves to operate efficiently under the new standards by January 1, 2026.
Implementing AML Compliance: Operational Changes, Best Practices, and Overcoming Challenges
The new AML Requirements for Registered Investment Advisors will affect daily operations, client interactions, and compliance oversight. Here’s a breakdown of how RIAs can navigate these new obligations.
Operational Impact of the New AML Rule
The integration of AML standards will affect internal processes across client onboarding, transaction monitoring, and reporting practices.
RIAs will now need to perform comprehensive customer due diligence (CDD) at the beginning of client relationships, implementing risk-based approaches to monitor ongoing transactions for suspicious activities.
This shift requires investment in technology and personnel to track and report potentially illicit activities, with SARs becoming a standard part of daily operations.
Client interactions will also change, as advisors may need to collect more detailed information and explain AML policies to maintain transparency and trust.
Internally, RIAs must align their procedures with FinCEN’s requirements, meaning operations and compliance teams must collaborate closely to ensure that AML/CFT obligations are met consistently.
Best Practices for Establishing a Compliant AML/CFT Framework
Here are key practices to guide the creation of this framework:
Develop Internal Controls: Establish risk-based internal controls to manage compliance and client monitoring. These should include written AML policies and a clearly defined reporting structure that ensures suspicious transactions are promptly identified and escalated.
Conduct Regular Risk Assessments: Periodically evaluate the firm's exposure to AML/CFT risks, including customer types, geographic regions, and transaction patterns. These regular assessments help internal controls remain effective and aligned with current risks.
Enhance CDD and KYC Procedures: Strengthen CDD and KYC processes to verify client identities and assess risk levels. This includes enhanced due diligence for high-risk customers, ensuring proper documentation and ongoing monitoring.
Document and Audit: To mitigate risks, maintain thorough records of AML activities, such as customer due diligence, SAR filings, and internal audits. Regular audits, whether internal or third-party, can highlight areas for improvement and keep your AML program effective. This documentation will also be crucial during SEC examinations and in case of regulatory inquiries.
Use Technology for Transaction Monitoring: Implement automated monitoring systems to detect unusual activity more effectively. These systems can flag high-risk transactions in real time, providing compliance teams with timely alerts for further investigation.
Firms should also create a dedicated AML/CFT compliance team or committee to oversee program implementation, address issues promptly, and align with regulatory changes. This team should meet regularly to review the program's effectiveness and adapt as needed.
The 2026 AML requirements for Registered Investment Advisors represent a significant step toward fortifying the financial advisory sector against money laundering and terrorist financing. For investment advisory firms, proactive compliance isn’t just about meeting regulatory expectations—it’s an opportunity to build trust, enhance transparency, and secure long-term client confidence.
As these AML rules take effect, the complexity and scale of compliance may require expert guidance. Partnering with a compliance consulting firm, like InnReg, can streamline the transition by offering industry-specific insights, tailored AML solutions, and strategic compliance support.
Contact us today to explore how we can support your firm’s AML compliance needs.
How Can InnReg Help?
InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013.
We are especially effective at launching and scaling fintechs with innovative compliance strategies and delivering cost-effective managed services, assisted by proprietary regtech solutions.
If you need help with RIA compliance, reach out to our regulatory experts today:
Published on Nov 14, 2024
Last updated on Nov 14, 2024