Loading...

RIAs: Thinking the FinCEN AML final rule is no big deal? Think again. | Baker Tilly

team discussing ria aml requirements

Article

RIAs: Thinking the FinCEN AML final rule is no big deal? Think again.

July 7, 2025 · Authored by Crystal TroutDavid Twomey

Don’t delay the new AML rules for RIAs to the last minute – It's not too late to get started.

Building a program and establishing the tech stack and human capital needs to implement and execute anti-money laundering (AML) compliance takes time, and Registered Investment Advisers (RIAs) are required to be up and running by Jan. 1, 2026. The below article outlines everything you should be focusing on now and tomorrow, as well as a recap of the steps you should have taken over the past several months. To learn more about our AML solutions, check out our webpage on the subject.

FinCEN has established the date for compliance with the requirements of this rule as Jan. 1, 2026. If your organization is a registered investment adviser (RIA), it is important to understand the amount of time and effort that is involved in complying with the FinCEN final rule mandating AML compliance and develop a plan for moving forward. The costs of noncompliance are detailed here, but include significant fines, enforcement actions, reputational damages, asset endangerment, personal liability and regulatory scrutiny.

Our AML and fund administration specialists have been discussing the AML regulations with RIAs since September 2024. RIAs are continuing to tell us

“this doesn’t apply to me,”
“I thought the Corporate Transparency Act (CTA) was on hold,”
“I’ll just ask my fund administrator to do it,”
“we already have a program in place,”
“it’s not until January 2026, we have plenty of time.”

We’re here to tell you that these are common misconceptions and putting an AML program in place that will meet the necessary regulations takes time – and a good amount of it.

Crystal Trout

Crystal Trout

Director

Related sections

Article Tags

AML/CFT Compliance Financial Crimes services for RIAs and ERAs

12 months before deadline

Start the conversation: RIAs need to engage in conversations with legal counsel, fund administrators and stakeholders to get started down the path of FinCEN final rule compliance.

Important questions to ask during this period: Does this rule apply to me? Do we want to consider building this in-house or outsourcing it? Do we know who can help us regardless of which path we choose to go down?

Conduct a gap analysis: Evaluate any existing AML policies and procedures to identify areas that need enhancement. Determine the specific requirements of the FinCEN final rule, and which ones impact your organization so you can compare them with existing practices.

Important questions to ask during this period: What (if any) AML activities are we currently doing? Who is doing these activities for us? Are they qualified to help us maintain full compliance with the new regulatory expectations?
Please note: If your fund administrator currently performs know your customer (KYC) searches for you on investor names, confirm if they are checking those names on a continuous basis instead of just one time. One-time searches would miss any changes to sanctions/politically exposed person (PEP) lists as well as negative media and other areas of exposure. It is also important to confirm if counterparties/beneficial owners are included in KYC monitoring.

Develop a compliance plan: Create a comprehensive plan outlining the steps needed to comply with the new AML requirements. Assign responsibilities and set deadlines for each task.

Important questions to ask during this period: What technology can be used to streamline processes and make them more effective? Who will have overall responsibility for compliance? How does your plan for maintaining compliance grow within your organization as you expand into different geographic markets, take on more investors, etc.?

Stay informed: Subscribe to industry newsletters, attend webinars and participate in professional associations to stay current with the latest developments in AML regulations.

9 months before deadline

Designate a compliance officer: Each RIA must appoint a qualified individual to oversee the AML program and ensure compliance with FinCEN regulations. This individual should have a deep understanding of all AML regulations impacting your organization. This role will serve as the primary point of contact for regulators and any outsourced AML providers, and will be responsible for the health of the program and ensuring it is executed by SMEs.
Establish internal policies: RIAs are now required to develop comprehensive internal policies, procedures and controls designed to prevent money laundering and detect suspicious activities. This includes creating detailed guidelines for customer due diligence, transaction monitoring and suspicious activity reporting (SAR). It is crucial to document all policies and procedures and ensure they are easily accessible to relevant personnel. These should be risk-based, so the first step is to conduct a thorough risk assessment over your investor/third-party base, geographic market presence and products/services to determine your overall level of risk for money laundering and sanctions issues.

6 months before deadline

Train employees: RIAs should develop a training program that educates employees on the new requirements, how to identify suspicious activities and the procedures for reporting them. Training should be conducted regularly and updated at least annually.
Implement technology solutions: Consider implementing software solutions that automate customer due diligence, transaction monitoring and SAR filing. These tools can help streamline processes and reduce the risk of human error. They also make monitoring activities more effective by checking the latest listings of sanctioned individuals, negative media, etc.

3 months before deadline

Establish independent testing: Engage a qualified team (independent of the team executing AML tasks) to conduct periodic reviews of the AML policies and procedures. Independent testing will help identify weaknesses and areas for improvement and is typically conducted every 12-18 months to ensure new regulatory expectations and the evolving money laundering and sanctions evasion typologies are sufficiently addressed in your program.

1 month before deadline

Final review and adjustments: Perform a final review of the AML compliance program to ensure all new requirements have been met. Make any last-minute adjustments as necessary.
Documentation and reporting: Ensure that all documentation is complete and up to date. Prepare any required reports and submissions to regulatory authorities.

Post-deadline

Identify and verify clients: RIAs must collect and verify information about their investors and counterparties and appropriately demonstrate and document that they know who they are dealing with.
Conduct risk assessments: RIAs should conduct a risk assessment of each client based on factors such as the type of client, their source of funds and their expected transaction patterns.
Establish ongoing monitoring: RIAs need to continuously monitor client activities and profiles to detect and report suspicious transactions.
Identify suspicious transactions: RIAs must have mechanisms in place to identify and evaluate transactions that raise red flags.
Undergo independent testing: The AML program must undergo periodic independent testing to evaluate its effectiveness and ensure compliance.
Ensure timely reporting: Suspicious transactions should be reported promptly to FinCEN, usually within 30 days of detection.
Collaborate with regulators: Maintain open lines of communication with regulators and industry peers. Staying informed about regulatory developments and best practices will help you navigate the evolving compliance landscape.
Keep the program living and breathing: At least annually (and more often if you make a strategic change to your organization) you should update your overall AML risk assessment as well as your policies, procedures and training content.