Introduction:
On August 28, 2024, the Financial Crimes Enforcement Network (“FinCEN”) issued a final rule (the “Final Rule”) that will define most SEC-registered investment advisers (“RIAs”) and exempt reporting advisers (“ERAs”) as “financial institutions” for purposes of certain anti-money laundering (“AML”) laws and regulations under the Bank Secrecy Act (“BSA”). The definition of “financial institution” encompasses several categories of financial businesses, including banks, broker-dealers, and mutual funds. However, the definition historically has not encompassed RIAs or ERAs, and as a result, RIAs and ERAs generally have not been subject to comprehensive AML regulations or examined for AML compliance. Under this change, effective January 1, 2026, certain RIAs and ERAs will be required to (1) adopt AML and countering-the-funding-of-terrorism (“CFT”) programs, (2) monitor for and report suspicious activity via Suspicious Activity Reports (“SARs”) to FinCEN, and (3) comply with certain record-keeping requirements. The rule also provides authority to the SEC to examine covered investment advisers’ compliance.
Coverage:
Unless otherwise exempted, this Final Rule will apply to all RIAs and ERAs. However, the Final Rule exempts and excludes certain RIAs from its coverage. These include:
- RIAs that register with the SEC solely because they are:
- Mid-sized advisers[1],
- Multi-state advisers, or
- Pension consultants.
- RIAs that do not report any assets under management on Form ADV.
At this time, FinCEN is not applying this Final Rule to State-Registered Investment Advisers, Foreign Private Advisers, or family offices.
Unless expressly exempted, AML programs must be applied to all advisory activities. Covered advisers must apply AML programs to all advisory activities, with only a handful of activity- and customer-based exemptions. Advisers will not be required to apply their AML programs to non-advisory services (e.g., making managerial/operational decisions about the activities of portfolio companies).
For RIAs or ERAs that have a principal office and place of business outside the United States (defined in the Final Rule as “foreign-located investment advisers”), the Final Rule only applies to their advisory activities that (1) take place within the United States, including through the involvement of the investment adviser’s US personnel, (2) provide advisory services to a US person, or (3) provides services to a foreign-located private fund with an investor that is a US person. There is no requirement to have the responsible persons of the program be in the United States.
The Final Rule does not apply to covered advisers in the context of providing advisory services to Mutual Funds and 1940 Act-registered exchange-traded funds, as well as collective investment funds sponsored by banks and trusts, as these are already subject to the AML programs of financial institutions.
The Final Rule provides that AML programs do not need to be applied in the context of advisory services provided to another adviser subject to this rule. Thus, advisers can exclude sub-advisory relationships, wrap-fee programs, and separately managed accounts so long as (1) their direct customer is another adviser subject to the BSA and (2) the adviser does not have a direct contractual relationship with the other adviser’s underlying customers.
An adviser will not be required to apply its AML program to non-advisory services. This is most relevant in terms of determining when the AML program must be applied to dealings involving portfolio companies. Generally, activities undertaken in connection with an adviser’s involvement in making managerial/operational decisions about the activities of portfolio companies would not be advisory activities and, thus, not subject to the final rule.
FinCEN will permit an investment adviser to delegate contractually the implementation and operation of some or all aspects of its AML program to a third-party provider, including a fund administrator. However, if an investment adviser delegates the implementation and operation of any aspects of its AML program, the investment adviser will remain fully responsible and legally liable for and be required to demonstrate to examiners the program’s compliance with AML requirements and FinCEN's implementing regulations. An RIA or ERA that delegates any aspect of its AML program to a third party must undertake reasonable steps to ensure that the third-party delegate conducts such procedures effectively. While the Final Rule does not prescribe minimum requirements for conducting such oversight, the preamble clarifies that obtaining a certification from the third-party delegate without more is insufficient.
Requirements:
Compliance Program approved by the Board. The Final Rule requires that RIAs and ERAs establish and implement a written AML compliance program by January 1, 2026. This program must be approved in writing by the adviser’s board of directors, trustees, or other persons who have functions similar to a board of directors. The AML program must include the following minimum elements:
- internal policies, procedures, and controls reasonably designed to prevent the RIA or ERA from being used for money laundering, terrorist financing, or other illicit finance activities;
- designation of one or more AML compliance officers;
- provision of ongoing AML training for appropriate personnel;
- independent testing of the program’s effectiveness; and
- risk-based procedures for conducting ongoing customer due diligence to (1) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile and (2) identify and report suspicious transactions and, on a risk basis, maintain and update customer information.
Beyond these required elements, the AML/CFT program requirement must be risk-based and reasonably designed. This approach is intended to give advisers the flexibility to design their programs so that they are commensurate with the specific risks of the advisory services they provide and the customers they advise.
The Final Rule requires RIAs and ERAs to provide for independent testing of their AML program by the adviser’s personnel or a qualified outside party. For advisers that seek to perform such testing internally (versus incurring the cost associated with an outside provider), the internal personnel tasked with performing the testing must be independent of the AML program—i.e., neither involved in nor reporting to a person involved in, implementing the AML program.
We note that FinCEN intends for the still-pending Customer Identification Program (CIP) rule to also become effective on Jan. 1, 2026. Depending on the scope of that final rule, covered RIAs and ERAs may also need to revise their policies and procedures as well as renegotiate or amend contracts with a range of banks, broker-dealers, fund administrators and any other party to whom advisers may delegate or share compliance obligations.
Suspicious Activity Reporting. The Final Rule introduces a requirement for RIAs and ERAs to file Suspicious Activity Reports (“SARs”) in respect of transactions “conducted or attempted by, at, or through” the RIA or ERA if:
- the transaction involves or aggregates funds or other assets of at least $5,000; and
- the RIA or ERA knows, suspects, or has reason to suspect that the transaction (or a related pattern of transactions):
- involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity;
- is designed to evade BSA reporting requirements;
- has no business or apparent lawful purpose or is not the sort in which the customer would normally be expected to engage, and the investment adviser knows of no reasonable explanation for the transaction after examining the available facts; or
- involves the use of the RIA or ERA to facilitate criminal activity.
FinCEN interprets the phrase “conducted or attempted by, at, or through” to encompass advisory services that RIAs and ERAs provide on behalf of clients, such as when (1) a customer provides instructions for the investment adviser to pass on to the custodian (e.g., instructions to withdraw assets, liquidate particular securities, or a suggestion to purchase particular securities for the customer’s account); or (2) an investment adviser instructs a custodian to execute transactions on behalf of a customer.
FinCEN also provided examples of when an adviser may be required to file a SAR on a portfolio company, including when the adviser (1) is approached by a limited partner about unusual access to technology developed by a portfolio company; (2) becomes aware that a limited partner has reached out to a portfolio company for such information; or (3) is asked to obscure participation by an investor in a particular transaction to avoid notification to government authorities.
Although the obligation to file SARs does not take effect until January 1, 2026, FinCEN observes that “some SAR filings triggered by activity after the compliance date may implicate transactions that occur on behalf of a customer prior to the compliance date,” underscoring that effective implementation of the suspicious activity reporting requirement may have the practical effect of advancing the Final Rule’s implementation date.
Recordkeeping and Travel Rule. Covered advisers will be required to create and retain records regarding transfers of money. Many retail funds will be exempt from these rules, as most retail customers’ funds are custodied with financial institutions that are already subject to the BSA’s travel and recordkeeping rules, but they will apply to private fund advisers with “authority and discretion over the fund and customer assets in the fund.” FinCEN notes in the commentary that many RIAs advising retail funds may be exempt from these rules if their custody of customer assets is with a qualified custodian. In that case, the custodian entity is already required to comply with the Recordkeeping and Travel Rules. For private funds, FinCEN expects advisers with “authority and discretion over the fund and customer assets in the fund” to comply with the Recordkeeping and Travel Rules. In such circumstances, the adviser would be required to maintain all written communications received and copies of all written communications sent by the adviser relating to the receipt, disbursement, or delivery of funds or securities.
Under the Recordkeeping and Travel Rules, RIAs and ERAs will be required to create and retain records for transmittals of funds and ensure that certain information pertaining to the transmittal of funds “travels” to the next financial institution in the payment chain.
There are exceptions that are designed to exclude transmittals of funds from the Recordkeeping and Travel Rules’ requirements when certain categories of financial institutions are the transmitter and recipient. The final rule will add investment advisers to the list of institutions, among which transfers are excepted from the travel rule. While FinCEN acknowledges that many RIAs and ERAs do not engage in the type of transactional activity covered by these requirements, this means that advisers will be treated in the same manner—and with the same exceptions for transfers to certain other financial institutions—as banks, broker-dealers, futures commission merchants, introducing brokers in commodities, and mutual funds.
Currency Reports. RIAs and ERAs will now also be required to file Currency Transaction Reports (CTRs) for any transaction involving a transfer of more than $10,000 in currency by, through, or to the investment adviser, unless subject to an applicable exemption. “Currency” includes hard currency as well as cashier’s checks, bank drafts, traveler’s checks, and money orders. For many private funds, this requirement will not impose any new obligations as the adviser does not hold any investor funds or assets—rather, the fund administrator conducts the activity that might meet this new requirement.
[1] The SEC defines a “mid-sized adviser” as an investment adviser that has between $25 million and $100 million of assets under management.
The content above is based on information current at the time of its publication and may not reflect the most recent developments or guidance. Neal Gerber Eisenberg LLP provides this content for general informational purposes only. It does not constitute legal advice, and does not create an attorney-client relationship. You should seek advice from professional advisers with respect to your particular circumstances.