RIAs: Thinking the FinCEN AML final rule is no big deal? Think again.

Start the conversation: RIAs need to engage in conversations with legal counsel, fund administrators and stakeholders to get started down the path of FinCEN final rule compliance. 

• Important questions to ask during this period: Does this rule apply to me? Do we want to consider building this in-house or outsourcing it? Do we know who can help us regardless of which path we choose to go down?  

Conduct a gap analysis: Evaluate any existing AML policies and procedures to identify areas that need enhancement. Determine the specific requirements of the FinCEN final rule, and which ones impact your organization so you can compare them with existing practices. 

• Important questions to ask during this period: What (if any) AML activities are we currently doing? Who is doing these activities for us? Are they qualified to help us maintain full compliance with the new regulatory expectations? 
• Please note: If your fund administrator currently performs know your customer (KYC) searches for you on investor names, confirm if they are checking those names on a continuous basis instead of just one time. One-time searches would miss any changes to sanctions/politically exposed person (PEP) lists as well as negative media and other areas of exposure. It is also important to confirm if counterparties/beneficial owners are included in KYC monitoring. 

Develop a compliance plan: Create a comprehensive plan outlining the steps needed to comply with the new AML requirements. Assign responsibilities and set deadlines for each task. 

• Important questions to ask during this period: What technology can be used to streamline processes and make them more effective? Who will have overall responsibility for compliance? How does your plan for maintaining compliance grow within your organization as you expand into different geographic markets, take on more investors, etc.?   

Stay informed: Subscribe to industry newsletters, attend webinars and participate in professional associations to stay current with the latest developments in AML regulations. 

• Designate a compliance officer: Each RIA must appoint a qualified individual to oversee the AML program and ensure compliance with FinCEN regulations. This individual should have a deep understanding of all AML regulations impacting your organization. This role will serve as the primary point of contact for regulators and any outsourced AML providers, and will be responsible for the health of the program and ensuring it is executed by SMEs.
• Establish internal policies: RIAs are now required to develop comprehensive internal policies, procedures and controls designed to prevent money laundering and detect suspicious activities. This includes creating detailed guidelines for customer due diligence, transaction monitoring and suspicious activity reporting (SAR). It is crucial to document all policies and procedures and ensure they are easily accessible to relevant personnel. These should be risk-based, so the first step is to conduct a thorough risk assessment over your investor/third-party base, geographic market presence and products/services to determine your overall level of risk for money laundering and sanctions issues.

• Train employees: RIAs should develop a training program that educates employees on the new requirements, how to identify suspicious activities and the procedures for reporting them. Training should be conducted regularly and updated at least annually. 
• Implement technology solutions: Consider implementing software solutions that automate customer due diligence, transaction monitoring and SAR filing. These tools can help streamline processes and reduce the risk of human error. They also make monitoring activities more effective by checking the latest listings of sanctioned individuals, negative media, etc. 

• Establish independent testing: Engage a qualified team (independent of the team executing AML tasks) to conduct periodic reviews of the AML policies and procedures. Independent testing will help identify weaknesses and areas for improvement and is typically conducted every 12-18 months to ensure new regulatory expectations and the evolving money laundering and sanctions evasion typologies are sufficiently addressed in your program. 

• Final review and adjustments: Perform a final review of the AML compliance program to ensure all new requirements have been met. Make any last-minute adjustments as necessary. 
• Documentation and reporting: Ensure that all documentation is complete and up to date. Prepare any required reports and submissions to regulatory authorities. 

• Identify and verify clients: RIAs must collect and verify information about their investors and counterparties and appropriately demonstrate and document that they know who they are dealing with. 
• Conduct risk assessments: RIAs should conduct a risk assessment of each client based on factors such as the type of client, their source of funds and their expected transaction patterns. 
• Establish ongoing monitoring: RIAs need to continuously monitor client activities and profiles to detect and report suspicious transactions. 
• Identify suspicious transactions: RIAs must have mechanisms in place to identify and evaluate transactions that raise red flags. 
• Undergo independent testing: The AML program must undergo periodic independent testing to evaluate its effectiveness and ensure compliance. 
• Ensure timely reporting: Suspicious transactions should be reported promptly to FinCEN, usually within 30 days of detection. 
• Collaborate with regulators: Maintain open lines of communication with regulators and industry peers. Staying informed about regulatory developments and best practices will help you navigate the evolving compliance landscape. 
• Keep the program living and breathing: At least annually (and more often if you make a strategic change to your organization) you should update your overall AML risk assessment as well as your policies, procedures and training content.