FinCEN (Finally) Subjects Advisers to AML Regulations

On August 28, almost a decade after their first attempt to do so, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a final rule subjecting investment advisers to Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT) regulations. This represents a significant change from the current status quo in which advisers typically have relied upon third parties (such as client custodians or private fund administrators) to handle things like customer verification, screening clients and investors against sanctions lists, and reporting of suspicious activity.

The final rule expands the definition of “financial institution” under Bank Secrecy Act regulations to include most SEC-registered investment advisers as well as unregistered advisers that file as Exempt Reporting Advisers (ERAs) with the SEC. However, the definition under the final rule is a bit narrower than the one in the rule proposal and excludes advisers that register with the SEC solely because they are mid-sized advisers, multi-state advisers, or pension consultants. Additionally, advisers that report $0 in regulatory assets under management are carved out of the definition.

The final rule also narrows the impact of the rule on investment advisers based outside of the United States, clarifying that it would only apply to the adviser’s advisory activities that either take place within the U.S. (including through the involvement of U.S.-based personnel) or to advisory services that are provided to U.S. persons or to a non-U.S. private fund with at least one investor that is a U.S. person.

Advisers subject to the rule are required to implement written policies and procedures (referred to as the “AML/CFT program” in the rule) that are reasonably designed to prevent the adviser from being used for money laundering, terrorist financing, or other illicit activities. The rule establishes certain minimum requirements for the AML/CFT program, including that it (1) provides for compliance with the program to be tested by the adviser’s personnel or a qualified outside party; (2) designates one or more persons who are responsible for oversight of the program; (3) provides for ongoing training of relevant personnel; (4) establishes appropriate risk-based procedures for ongoing customer (i.e., client and investor) due diligence, including with respect to obtaining and maintaining identifying information for each customer and monitoring to identify and report suspicious transactions. The rule also imposes related recordkeeping requirements on the adviser.

In order to avoid duplicative efforts, the requirements of the rule substantively do not apply with respect to customers that are mutual funds, bank- and trust-company sponsored collective investment funds, or other investment advisers that are themselves subject to the rule.

The effective date of the rule is January 1, 2026.