Navigating FinCEN’s AML rules: A new requirement for asset managers

On August 28, 2024, the Financial Crimes Enforcement Network (FinCEN) issued a final rule extending anti-money laundering (AML) and counter-terrorism financing (CFT) requirements to registered investment advisers (RIAs) and exempt reporting advisers (ERAs). This rule represents a significant expansion of regulatory oversight aimed at closing gaps in financial crime prevention across the investment advisory sector. With a compliance deadline set for January 1, 2026, firms must act quickly to implement the necessary measures.

For legal teams at asset management firms, the rule presents both strategic challenges and an opportunity to strengthen operational integrity and mitigate potential legal risks.

Scope of Application: Who is impacted?

The FinCEN rule applies specifically to:

• Registered Investment Advisers (RIAs): Firms registered with the U.S. Securities and Exchange Commission (SEC) and offering advisory services across diverse client bases.

• Exempt Reporting Advisers (ERAs): Entities exempt from SEC registration but subject to reporting requirements, primarily those advising private equity, hedge, or venture capital funds.

Notably, state-registered advisers, foreign private advisers, and family offices are excluded from these requirements. However, even if technically exempt, adopting elements of an AML framework may be a worthwhile risk management strategy, particularly as we’re seeing an increasing move towards compliance transparency and alignment globally.

The Five Pillars of US AML Compliance

At the heart of the FinCEN rule is the requirement for asset managers to adopt a comprehensive AML program built upon five critical pillars. These elements, while operational in nature, demand close legal oversight to ensure they align with the firm’s risk profile and broader regulatory obligations.

Pillar 1: Designate an AML Compliance Officer

Advisers must appoint a compliance officer with sufficient authority, independence, and resources to oversee the AML program. From a legal standpoint, it is critical to ensure that this individual has a direct reporting line to senior management or the board, as required under FinCEN guidance. Firms should also consider the potential liability of the compliance officer and develop indemnification provisions to protect them in the execution of their duties.

Pillar 2: Development of Internal Policies and Procedures

The second pillar involves the development of internal policies and procedures designed to prevent, detect, and address money laundering and terrorist financing risks. These policies must reflect the firm’s unique risk profile, taking into account client demographics, transaction types, and geographic exposure.

These policies should include:

• Risk-based client onboarding processes: Advisers must evaluate each client’s risk profile based on factors such as geography, transaction complexity, and beneficial ownership structures.

• Transaction monitoring protocols: Firms need clear thresholds and escalation procedures for identifying and investigating unusual activity.

Pillar 3: Ongoing Employee Training

The rule mandates firm-wide training to equip employees with the knowledge to recognize and escalate suspicious activity. Legal advisers should work closely with compliance teams to develop training materials that are both comprehensive and defensible in the event of regulatory inquiries. Firms may consider engaging external experts to provide training, especially on nuanced topics like terrorist financing and emerging risks in cryptocurrency transactions.

Pillar 4: Independent AML Testing

FinCENs AML ruling requires regular, independent audits of the AML program. These audits, whether conducted internally or by external parties, are essential to validate the program’s effectiveness and compliance. For legal teams, these audits serve a dual purpose: ensuring the firm meets regulatory standards and providing a potential defense against enforcement actions. Audits, and their findings, should be comprehensively documented to demonstrate good faith compliance efforts.

Pillar 5: Customer Due Diligence (CDD)

The final pillar is customer due diligence (CDD), also known as “know your customer” (KYC). This means that firms will need to identify their clients and investors (and potentially transaction counterparties) and their respective ownership and control structures, as well as verify this information on the basis of reliable evidence. In most cases, firms will have to collect and review documentation on clients and the clients’ beneficial owners having a greater than 25% interest.

The obligation however extends beyond basic identity verification, and must include thorough checks of a client’s business purpose and financial activities. To mitigate risk, clients and their beneficial owners should be screened ongoing from the time of onboarding against key databases, including for sanctions, financial crime, regulatory enforcement and political exposure.

Similarly to the EU AML requirements, the rule has a retroactive component. Fund managers who have not previously conducted investor screening for active funds linked to their ERA or RIA registration are now expected to perform customer due diligence (CDD) on those investors before Jan 1, 2026.

Other compliance requirements

On top of the 5 pillar compliance requirements, there are also 4 other compliance obligations asset managers need to be aware of:

1. Travel Rule: This rule mandates that certain client and transaction information accompany funds transfers throughout the payment chain. Clear documentation of these procedures in client agreements and onboarding materials is crucial to reducing ambiguity and potential disputes.

2. Suspicious Activity Reporting (SARs): Advisers must file SARs for transactions that appear suspicious or lack an apparent lawful purpose. The reports need to be timely, so training on what to look out for, and how and what needs to be reported, is essential.

3. Currency Transaction Reporting (CTR): Advisers must file SARs for transactions that appear suspicious or lack an apparent lawful purpose.

4. Response to Law Enforcement Requests: The rule requires firms to respond to information requests regarding transactions potentially linked to illicit activities. Counsel should prepare to balance cooperation with law enforcement against the need to protect client confidentiality and privilege.

Conclusion

Whilst the US rules are not quite as stringent as their EU counterparts, these requirements signify a significant shift in regulatory expectations for asset managers and investment advisors.

With an implementation deadline of Jan 1, 2026, firms need to start developing and implanting their AML programs now to ensure compliance by the deadline.

Streamline your AML / KYC Compliance

With offices in New York, Boston and London Avantia’s AML team is led by ex-Big Law compliance experts and lawyers. We combine AI and technology with human experts to meet asset managers’ KYC needs quickly and cost-efficiently. Find out more about our Transaction KYC services here.