Understanding EU AML and KYC for US Asset Managers

European asset managers are generally subject to more stringent anti-money laundering (AML) regimes than their US counterparts. However, US asset managers might still need to comply with EU or UK AML requirements due to a European nexus – be it overseas operations or fund vehicles in the EU. Additionally, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently published a Final Rule on AML and counter-terrorist financing (CTF) that will bring SEC-regulated advisers and exempt reporting advisers (ERAs) within the scope of the US customer due diligence framework set out under the Bank Secrecy Act (BSA).

Even for US investment managers not currently subject to a formal AML regime, an increasing number of US managers adopt AML programs that are somewhat aligned with the European regime. This is as a result of:

• Need to identify beneficial owners of transaction counterparties and investors to ensure compliance with OFAC and other sanctions regimes;

• Client expectations e.g. institutional investors with heightened compliance expectations;

• Maintaining a consistent global approach to AML where also operating in jurisdictions with mandatory AML rules for asset managers (e.g. UK, EU);

• Affiliation with a regulated entity (e.g. a broker-dealer); and/or

• To understand and manage reputational and financial risks associated with entering into business relationships with persons who may be subject to media controversy and/or legal or regulatory sanctions.

This move towards greater global alignment on AML regulations for asset managers will see US firms increasingly have to contend with AML obligations that are much closer to the European rules. Because of this, there has never been a better time for US managers to become familiar with European AML requirements.

Applying European AML to Private Transactions

1. Who do they cover?

One of the key differences between the US AML regime and European AML regimes is the types of entities within scope.

In the US, AML-related rules and requirements are most notably codified in the federal BSA and administered by FinCEN. These requirements apply to “financial institutions”, which include banks, broker-dealers, and money services businesses. Notably, several types of private asset managers – including investment advisers, private investment funds and real estate firms – currently do not fall within BSA’s existing “financial institution” definition.

However, this is about to change – FinCEN’s new Final Rule, which is set to take effect on 1 January 2026, will expand the definition of “financial institution” to registered investment advisers and exempt reporting advisers.

While there are jurisdiction-specific variations, the UK and EU regulations all broadly follow the EU’s Anti-Money Laundering Directive (now in its 6th iteration). European AML regulations apply to a broad range of credit and financial institutions, estate agents, certain professional advisers and investment advisers. This means that, if they operate or have dealings in those jurisdictions, advisers that are not subject to the US AML framework may still be directly or indirectly subject to the UK’s and/or the EU’s regimes. This can include, for example, having Luxembourg entities in their fund structures or using a European AIFM.

2. Risk-Based Approach

Any firm subject to the EU or UK AML frameworks must take a “risk-based approach” to AML compliance. The core principles of a risk-based approach is also reflected under the BSA for the US regime. The EU rules do not require compliance with a “one-size-fits-all” program, instead requiring firms to design AML policies, procedures and internal controls that fit their own specific needs and risk exposure.

Regulators expect that there will be some differences between firms’ approach to AML, but they require that each firm’s AML policy be documented clearly and applied consistently.

When looking specifically at private transaction investing, it is typical to apply risk weighting to the transaction to determine the extent of the compliance diligence needed. This will include a documented analysis of the following:

• Nature and complexity of the transaction,

• Jurisdiction of the counterparties, asset or other key parties,

• Relevant industry,

• If there are any “politically exposed persons” (PEPs) in the structure,

• Results of background screening checks.

Its worth remembering an initial risk rating is not static. It can be revised based on further information collected during the due diligence process.

A key point also to note is that risk rating isn’t a formula. Each transaction needs to be reviewed within the broader context of the transaction, applying experience, legal knowledge and commercial sensibility. Too rigid an approach can result in important risk factors being missed, or in excessively burdensome KYC requests. For this reason, at Avantia, we operate transaction risk weighting by analyzing each category of risk factor in the context of the transaction, rather than trying to adopt a formal point-scoring system.

3. KYC

The UK and EU regimes require managers to carry out “customer due diligence” (CDD) or informally, “know your customer” or “KYC”. This is broadly equivalent to the US framework’s Customer Identification Program (CIP), one of the “5 Pillars” of US AML.

One of the key current differences between the EU/UK regime and the US is that “customer” includes transaction counterparties with respect to private investments, not just the funds and/or investors of an asset manager.

These rules therefore specifically require the identification and verification of transaction counterparties and their ultimate beneficial owners (UBOs) by way of carrying out KYC on those persons (and source of funds).

KYC may be “simplified”, “standard” or “enhanced” (the last of which often being referred to as “enhanced due diligence” or EDD). Entities may conduct “simplified KYC” in circumstances with relatively low AML risk, such as when dealing with a regulated financial institution or companies listed on a recognized stock exchange. Conversely, entities are expected to conduct EDD in circumstances with higher AML risk, such as transactions with PEP exposure and/or in higher-risk geographies and industries. Standard KYC should apply in all other cases.

Turning then to the process of collecting KYC information. Another of the key differences between the US and European approaches is the approach used to identify UBOs. US managers can generally adopt a lighter-touch approach, often relying on customer self-declaration or bespoke “beneficial ownership” forms. The European approach, however, is more granular and prescriptive under the regulations and there are restrictions on relying on third-party databases and/or self-declarations to establish ownership. UBOs are therefore identified through the collection of certified structure charts and the collection of various corporate and ownership documents (e.g. capitalization tables and shareholder registers) up the customer’s chain of control to the ultimate UBOs who are individuals. Collecting identity documents and proof of address (often certified) for UBOs and/or key managers and directors is also mandatory in most cases.

Having identified key persons connected with a transaction counterparty through the KYC process, those parties are then typically screened against global sanctions lists, PEP watchlists and financial crime databases. This helps inform the risk profile of the transaction (are the screens clear or are there further hits?) and ensures the transaction is compliant with application sanctions and other legal and regulatory regimes.

To the extent there are higher risk factors connected with the transaction or the counterparty, further work is then typically undertaken as part of a more comprehensive EDD program. Avantia handles EDD diligence for its clients, and we have an upcoming note on the key features of a sensible EDD policy.

4. Ongoing Monitoring

The US, UK and EU frameworks agree that AML due diligence is not a “one-and-done” exercise. An effective AML program involves risk-based ongoing monitoring to ensure that (i) suspicious activities and/or material changes to a customer’s risk profile are promptly flagged and escalated for further handling, and (ii) that CDD materials are kept updated by way of periodic “refresher” KYC exercises.

With staffing changes and investment teams focused elsewhere, keeping up to date with monitoring and refresher checks can get deprioritized. However, with audits on the rise, asset managers subject to the EU/UK rules need to ensure they have a clear system in place to monitor their private transactions during the lifetime of the investment. In our last blog, we looked at the key steps asset managers should take to implement an effective ongoing monitoring process.

Streamline your AML / KYC Compliance

Avantia’s AML team is led by ex-Big Law compliance experts and lawyers, based in Europe and the US. We combine AI and technology with human experts to meet asset managers’ KYC needs quickly and cost-efficiently. Find out more about our Transaction KYC services here.