Alerts

FinCEN Issues Final AML/CFT Program Rule for Certain Investment Advisers

September 30, 2024

On Sept. 4, 2024, the US Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a long-awaited final rule extending the anti-money laundering/countering the financing of terrorism (“AML/CFT”) program and related requirements, such as suspicious activity reporting, to certain SEC-registered investment advisers (“RIAs”) and exempt reporting advisers (“ERAs,” and with RIAs, collectively, “Covered Advisers”) (“Final Rule”).[1]

The Final Rule’s effective date is Jan. 1, 2026. This Alert outlines the scope of the Final Rule and the new obligations it will impose on Covered Advisers.

Prior Rulemaking Attempts

The Final Rule arrived nearly nine years after FinCEN last attempted similar AML regulations for RIAs in 2015,[2] and followed even earlier efforts by FinCEN in 2002 and 2003 to apply AML regulations to the asset management industry.[3] Although these proposed rules were never finalized, the asset management industry responded to them by implementing AML programs and investor due diligence measures on a voluntary basis. Over time, industry best practices developed that captured the requirements of the prior proposed rules. However, the Final Rule includes requirements that exceed prior proposed rules and industry best practices, as well as requirements that may be unfamiliar to many Covered Advisers — most notably the obligation to adopt and implement a risk-based written AML/CFT program and report suspicious activity to FinCEN.

2024 Investment Adviser Sector-Wide Risk Assessment

The Final Rule was issued following the results of the US Department of the Treasury’s February 2024 investment adviser sector-wide risk assessment (“2024 Risk Assessment”),[4] which was issued concurrently with its Feb. 15, 2024, notice of proposed rulemaking on AML/CFT program and Suspicious Activity Report (“SAR”) requirements for investment advisers (“Proposed Rule”).[5] The 2024 Risk Assessment found that, while the degree of illicit finance activity risk is not uniform across the entire investment adviser sector, Covered Advisers pose a material risk of misuse for illicit finance.[6] First, case examples in the Proposed Rule and 2024 Risk Assessment highlighted that a range of illicit actors view Covered Advisers as potential entry points into the US financial system, and many illicit actors have already sought to exploit them.[7] The 2024 Risk Assessment also noted that Covered Advisers’ compensation arrangements disincentivize the voluntary review of illicit finance risks presented by investors and investment arrangements. FinCEN explains that without an AML/CFT program requirement or an obligation to file SARs with FinCEN, Covered Advisers have no obligation to evaluate the risk of money laundering, terrorist financing (“ML/TF”), or other illicit activity associated with their advisory activities.[8]

Scope of Investment Advisers Covered by the Final Rule

The Final Rule adds “investment adviser” to the definition of “financial institution” under the Bank Secrecy Act’s (“BSA”) implementing regulations. While the Proposed Rule broadly defined “investment adviser” to include RIAs and ERAs, in the interest of balancing commenters’ concerns about the Proposed Rule’s potential burden on smaller investment advisers with the sector-wide illicit finance risks identified in the 2024 Risk Assessment, the Final Rule excludes:

RIAs that register with the SEC solely because they are (i) mid-sized advisers, (ii) multi-state advisers or (iii) pension consultants.[9]
RIAs that do not manage clients’ assets as part of their advisory activities and report zero AUM[10] to the SEC on Form ADV. FinCEN explained that the services provided by these advisers “may include non-discretionary financial planning (such as fee-only advice) and publication of securities-related newsletters, ‘model portfolios,’ or research reports.” These RIAs, FinCEN notes, “are generally unlikely to have sufficient information about a customer’s source of funds, background, and investment objectives to detect suspicious financial activity.”[11]

Foreign-Located Covered Advisers

The Final Rule also addresses commenters’ concerns about the Proposed Rule applying to RIAs or ERAs that have a principal office and place of business outside of the United States, particularly the reach of the rule to these advisers and the scope of activities covered. The Final Rule defines a “foreign-located investment adviser” as an “investment adviser whose principal office and place of business is outside the United States.”[12] The Final Rule sets forth the scope of the foreign-located Covered Adviser’s obligations, stating that it only applies to advisory activities that (i) take place within the United States, including through the involvement of US personnel[13] of the foreign-located Covered Adviser, such as the involvement of an agency, branch, or office within the United States or (ii) are provided to a US person or a foreign-located private fund with an investor that is a US person.[14] To determine whether an investment adviser is a foreign-located investment adviser for purposes of the Final Rule, the adviser must look to its “principal office and place of business,” which FinCEN considers to be the “executive office of the investment adviser from which the officers, partners, or managers of the investment adviser direct, control, and coordinate the activities of the investment adviser.”[15]

With respect to a foreign-located Covered Adviser’s advisory services to a foreign-located private fund[16], the Final Rule requires such Covered Adviser to determine whether any such private fund that it advises has at least one investor who is a US person. If that private fund has at least one US person investor, the foreign-located Covered Adviser must apply the Final Rule with respect to that private fund.[17]

State-Registered Investment Advisers

Consistent with the Proposed Rule, the Final Rule does not apply to state-registered investment advisers.

Foreign Private Advisers and Family Offices

As in the Proposed Rule, the Final Rule does not apply to foreign private advisers or family offices as defined in the Advisers Act.[18]

Requirements of the Final Rule

1. AML/CFT Program

Under the Final Rule, Covered Advisers are required to adopt and implement a risk-based written AML/CFT compliance program. Covered Advisers’ AML/CFT programs must include the following five minimum components as required by section 5318(h) of the BSA: (i) internal policies, procedures and controls that are reasonably designed to prevent the Covered Adviser from being used for ML/TF or other illicit finance activities; (ii) independent testing to be conducted by the Covered Adviser’s personnel or a qualified outside party; (iii) designation of a qualified AML/CFT compliance officer or committee; and (iv) an ongoing employee training program. We discuss each in turn below.

1. Internal Policies, Procedures and Controls. The Final Rule requires Covered Advisers to establish and implement risk-based internal policies, procedures and controls reasonably designed to prevent the Covered Adviser from being used for ML/TF or other illicit finance activity.[19] In determining which policies, procedures and controls to implement, the Final Rule requires Covered Advisers to review the types of advisory services they provide and the nature of the customers they advise in order to understand their particular ML/TF and other illicit finance risks.[20] This approach is intended to provide Covered Advisers with flexibility in designing their AML/CFT program to be commensurate with the ML/TF risks presented by the Covered Advisers business—including the specific advisory services provided, the unique customer base and geographical reach. When assessing their independent risk profiles, Covered Advisers must consider the types of accounts they offer (e.g., managed accounts or private funds), the channel(s) through which such accounts are opened, the types of customers opening such accounts (e.g., individuals or entities with managed accounts, private funds, closed-end funds, or real estate funds), including their geographic location, sources of wealth and investment objectives.[21] The preamble to the Final Rule provided some guidance as to which funds may generally be considered lower risk (e.g., exchange listed, registered funds) or higher risk (e.g., private funds that do not disclose identifying information about the investors in a private fund). FinCEN identified exchange-listed registered closed-end funds as typically lower risk because they (a) do not offer their shares continuously or redeem their shares on demand; (b) issue a fixed number of shares, which typically trade at negotiated prices on a stock exchange or in the over-the-counter market; (c) do not have an account relationship with their investors; and (d) have shares that are purchased and sold through BSA-regulated financial institutions, such as banks and broker-dealers, which are required to verify the identity of their customers and obtain beneficial ownership from legal entity customers. FinCEN clarified that private funds are not categorically treated as low-risk for ML/TF because there are various factors that may influence the risk-profile of a private fund, such as the subscription amount, whether there are any restrictions on redemptions or withdrawals, the Covered Adviser’s investment strategy, the targeted investor base, jurisdictions involved, and currency used with investors. Where a private fund presents a higher risk of being used for ML/TF, FinCEN expects that a Covered Adviser will adopt and implement mitigating policies, procedures and internal controls, such as gathering information about the structure or ownership of the fund, and identifying information about the investors in the fund.
2. Independent Testing. The Final Rule requires that Covered Advisers provide for independent testing of their AML/CFT programs by their own personnel or a qualified outside party.[22] The frequency of independent testing will depend on Covered Advisers’ ML/TF and other illicit finance activity risk profiles, in addition to their overall risk management strategies.[23] While Covered Advisers may use trained internal staff who are not involved in the function being tested, the AML/CFT officer, or any party who directly and, in some cases, indirectly reports to the AML/CFT compliance officer or AML/CFT compliance officer-equivalent role, will generally not be considered sufficiently independent for the purposes of the Final Rule.[24]
3. Qualified AML/CFT Compliance Officer or Committee. The Final Rule requires that Covered Advisers designate a person or group of persons to be responsible for implementing and monitoring the internal policies, procedures and controls of their AML/CFT programs. Covered Advisers may designate a single person or persons (including a committee) to be responsible for AML/CFT compliance.[25] The designated individual or committee must be qualified to oversee the Covered Adviser’s compliance with the BSA and FinCEN’s implementing regulations.[26] Among other criteria, a qualified AML/CFT officer or committee must have sufficient knowledge and understanding of the Covered Adviser’s ML/TF and other illicit finance activity risks, the BSA and its implementing regulations, and how those laws and regulations apply to the Covered Adviser and its activities.[27] Additionally, an AML/CFT compliance officer or committee should have decision-making authority over the Covered Adviser’s AML/CFT program, and sufficient stature within the organization to ensure that the program meets the applicable requirements of the BSA.[28]
4. Ongoing Employee Training Program. Under the Final Rule, employees of a Covered Adviser and any agent or third-party service provider that is tasked with administering any portion of such Covered Adviser’s AML/CFT program must be trained in the AML/CFT requirements relevant to the Covered Adviser’s functions.[29] The Final Rule requires that the employees of a Covered Adviser (and of any agent or third-party service provider that is charged with administering any portion of the AML/CFT program) must also be trained to recognize signs of ML/TF or other illicit finance activity that could arise in the course of their duties.[30] The frequency of periodic training will depend on the Covered Adviser’s risk profile and overall risk management strategy.[31] For other BSA-regulated financial institutions, AML/CFT training is typically provided on an annual basis. FinCEN assumes that approximately two-thirds of Covered Advisers’ employees will require training each year, which must include periodic updates and refresher training on AML/CFT compliance.[32]
5. Risk-based Procedures for Conducting Ongoing Customer Due Diligence. The Final Rule requires that Covered Advisers’ AML/CFT programs include appropriate risk-based procedures for conducting ongoing customer due diligence (“CDD”) that includes (i) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile and (ii) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.[33] The Final Rule does not require Covered Advisers to collect customer identifying information and verify that information, which will be addressed by FinCEN in a separate joint rulemaking with the SEC.[34] Nor does the Final Rule include a categorical requirement to collect beneficial ownership information (“BOI”) from legal entity customers. Instead, Covered Advisers are required to make a risk-based determination as to whether they need to collect a legal entity customer’s BOI based on the customer’s independent risk profile.[35] By comparison, banks and broker-dealers have an obligation to collect BOI from their legal entity customers.[36]

Scope of Activities Covered by the Final Rule

The Final Rule requires Covered Advisers to apply their AML/CFT program to all advisory services they provide. While the Final Rule does not define “advisory services,” the preamble explains that advisory services would include the management of customer assets and the submission of customer transactions for execution.[37] FinCEN has provided some relief as Covered Advisers are not required to apply their AML/CFT programs to advisory services where the customer is a mutual fund (including open-end exchange-traded funds), a collective investment fund established by a national bank and federal savings association, or another investment adviser[38] that is independently subject to the Final Rule.[39] FinCEN declined to include additional exclusions for:

European Société d’investissement à Capital Variable (“SICAV”)[40] vehicles (or other pooled investment vehicles administered by foreign financial institutions). FinCEN noted that although SICAVs may be subject to comparable AML/CFT regulation by foreign supervisory authorities, those regulations may not specifically address illicit finance risks to the US financial system or provide relevant information directly to US regulators or law enforcement.
Retirement plan participants. FinCEN explained that while such plans are subject to regulation and supervision under ERISA, exempting such participants would leave a material gap in addressing illicit finance risks. That is because retirement plans may not be offered directly through a financial institution with AML/CFT program, SAR and recordkeeping obligations under the BSA, and applying AML/CFT requirements to Covered Advisers to such plans, such as SAR filing requirements, may help identify illicit activity involving the theft or misappropriation of plan assets
Exchange-listed registered closed-end funds. FinCEN explained that while these funds are not categorically excluded from a Covered Adviser’s AML/CFT program, such funds can often be treated as lower risk because they are typically offered to retail investors through a broker-dealer, which performs customer identification and verification as well as CDD, with the Covered Adviser managing the investment portfolio of the fund.

Implementation of AML/CFT Program Requirements

Use of Third-Party Service Providers and Foreign Personnel. Covered Advisers may delegate the implementation and operation of some or all aspects of their AML/CFT program to a service provider, but the Covered Adviser will remain responsible for overall compliance with the requirements of the Final Rule. At this time, FinCEN has determined not to include in the Final Rule the provision implementing 31 U.S.C. § 5318(h)(5), which provides that the duty to establish, maintain and enforce AML/CFT programs must be the responsibility of, and be performed by, persons in the US who are accessible to, and subject to oversight and supervision by, the Secretary of the Treasury and the appropriate Federal functional regulator (“Duty Provision”).[41] FinCEN’s omission of the Duty Provision from the Final Rule is significant for foreign-located Covered Advisers that may have operations entirely outside the US and Covered Advisers that use third-party service providers, such as fund administrators, that are located outside the US. However, Covered Advisers should be aware that FinCEN continues to take the Duty Provision under advisement and may consider applying it to Covered Advisers in a subsequent rulemaking.[42]

Board or Board-Equivalent AML/CFT Program Approval and Oversight. Under the Final Rule, a Covered Adviser’s AML/CFT program must be approved in writing by its board of directors or trustees. If the Covered Adviser does not have a board of directors or trustees, approval must come from individuals or groups with functions similar to a board of directors and with the authority to approve the Covered Adviser’s AML/CFT program. Such individuals may include: a Covered Advisers’ sole proprietor, general partner, CEO, CFO, COO, Chief Legal Officer, Chief Compliance Officer or Director.[43] Groups with AML/CFT program oversight responsibilities may include board committees, such as compliance committees or audit committees, or a group of some or all individuals with the aforementioned titles.[44]

2. Reporting Requirements

SARs. The Final Rule requires Covered Advisers to file a SAR with FinCEN for any suspicious transaction (or pattern of transactions) conducted or attempted by, at or through the Covered Adviser that involves or aggregates at least $5,000 in funds or other assets. Suspicious transactions are those that:

Involve funds derived from illegal activity or that are intended or conducted to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation;
Are designed, whether through structuring or other means, to evade the requirements of the BSA;
Have no business or apparent lawful purpose, and the Covered Adviser knows of no reasonable explanation for the transaction after examining the available facts; or
Involve the use of the Covered Adviser to facilitate criminal activity.[45]

Covered Advisers will have 30 days from when a determination is made to electronically file the SAR with FinCEN by uploading it to FinCEN’s BSA E-filing database.

FinCEN interprets “transactions conducted or attempted by, at, or through” to include a Covered Adviser’s “advisory activities on behalf of its clients.”[46] The Final Rule provides the following examples of activities occurring by, at, or through a Covered Adviser[47]:

When a Covered Adviser’s customer provides an instruction to the Covered Adviser for the Covered Adviser to pass on to the custodian (e.g., an instruction to withdraw assets, to liquidate particular securities or a suggestion that the adviser purchase certain securities for the customer’s account), or a Covered Adviser instructs a custodian to execute transactions on behalf of its client;
Transactions designed to hide the source or destination of funds and fraudulent activity;
An investor in a private fund, including a venture capital fund requesting access to detailed non-public technical information about a portfolio company the fund is invested in that is inconsistent with a professed focus on economic return, in a potential case of illicit technology transfer in violation of sanctions, export controls or other applicable law;
Funding a managed account or investing in a private fund by using multiple wire transfers from different accounts maintained at different financial institutions or requesting that a transaction be processed in a manner to avoid funds being transmitted through certain jurisdictions;
Unusual wire activity that does not correlate with a customer’s stated investment objectives;
Transferring funds or other assets involving the accounts of third parties with no plausible relationship to the customer, transfers of funds or assets involving suspicious counterparties—such as those subject to adverse media, exhibiting shell company characteristics or located in jurisdictions with which the customer has no apparent nexus;
The customer behaving in a manner that suggests that the customer is acting as a “proxy” to manage the assets of a third party;
An unusual withdrawal request by a customer with ties to activity or individuals subject to US sanctions following or shortly prior to news of a potential sanctions listing;
Potential fraud and manipulation of customer funds directed by the investment adviser, such as insider trading, market manipulation or an unusual wire transfer request by an investment adviser from a private fund’s account held for the fund’s benefit at a qualified custodian.
With regard to portfolio companies: where the Covered Adviser: (i) is approached by an investor in a fund about unusual access to particular technology or processes being developed by a portfolio company, (ii) becomes aware that such investor has reached out to a portfolio company for such information, or (iii) is asked to obscure participation by an investor in a particular transaction to avoid notification to government authorities.

The Final Rule also makes clear, however, that non-advisory activities of a Covered Adviser are not in scope of a Covered Adviser’s SAR filing obligation.

SAR Confidentiality. SARs are subject to strict confidentiality. The Final Rule allows Covered Advisers and their agents to disclose the underlying facts, transactions and documents upon which a SAR is based; provided that no person involved in the reported transaction is notified that the transaction has been reported.[48] Covered Advisers or any current or former directors, officers, employees, or agents of a Covered Adviser are prohibited from disclosing a SAR or any information that would reveal the existence of a SAR except in the following three circumstances.[49]

To FinCEN, or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the Covered Adviser for compliance with the BSA.
Where: (i) the Covered Adviser and the recipient entity or entities are jointly filing a SAR or (ii) the disclosure is in connection with certain employment references or termination notices.[50]
Within a Covered Adviser’s corporate organizational structure for purposes consistent with the BSA as determined by regulation or in guidance.[51] FinCEN has yet to release any regulation or guidance that would permit a Covered Adviser to share SARs within its corporate organizational structure.[52]

CTRs. Under the Final Rule, Covered Advisers are required to file CTRs for transactions in currency over $10,000.[53] Given that Covered Advisers do not typically engage in currency transactions, complying with the CTR filing obligation should not be burdensome. The CTR filing obligation replaces the obligation to file a Form 8300 for the receipt of more than $10,000 in currency and certain negotiable instruments requirement.[54]

The requirement to file other reports under the BSA, such as FBARs, remains unchanged.

3. Enhanced Due Diligence For High-Risk Customers

The Final Rule will require Covered Advisers to adopt special standards of due diligence for correspondent accounts and private banking accounts that are reasonably designed to enable the Covered Adviser to detect and report any known or suspected money laundering or suspicious activity conducted through or involving any such accounts.[55]

Correspondent Accounts. The special due diligence requirements for correspondent accounts[56] will apply to any Covered Adviser that provides foreign financial institutions (“FFIs”) “with a conduit for engaging in ongoing transactions in the U.S. financial system.” Only those relationships between a Covered Adviser and a FFI that provide ongoing services are included in this requirement—isolated or infrequent transactions between a Covered Adviser and a FFI are excluded. Such special due diligence requirements include obtaining and considering information relating to the FFI’s AML program; obtaining the identity of any person with authority to direct transactions through any correspondent account that is a payable-through account (and the sources and beneficial owner(s) of funds or other assets in the payable-through account); determining whether the FFI in turn maintains correspondent accounts for other FFIs; and determining, for any correspondent account established or maintained for a FFI whose shares are not publicly traded, the identity of each owner of the FFI and the nature and extent of each owner’s ownership interest. FinCEN expects to issue additional guidance on this topic to aid Covered Advisers in complying with this requirement.

Private Bank Accounts. The Final Rule extends special due diligence requirements for private bank accounts to Covered Advisers and requires Covered Advisers to adopt policies, procedures and controls which enable Covered Advisers to detect and report suspicious activity involving
high-net-worth foreign persons with private bank accounts. These special due diligence requirements will apply to accounts for which a Covered Adviser manages at least $1 million in funds or assets (including in a private fund) for the benefit or on behalf of a non-US individual who is the direct or beneficial owner of the account and involves services provided by an employee or agent of the Covered Adviser acting as a liaison to such non-US individual. The discussion in the preamble regarding how to apply this rule to Covered Advisers is quite limited and we expect FinCEN to issue clarifying guidance on this point. Based on the application of this special due diligence rule to other financial institutions, we expect that it will require Covered Advisers to adopt measures for ascertaining the identity of all nominal and beneficial owners of a private banking account; ascertaining whether any such nominal or beneficial owner is a senior foreign political figure (“SFPF”) or family member or close associate of a SFPF; ascertaining the source(s) of funds deposited into a private banking account and the purpose and expected use of the account; and reviewing the activity of the account to ensure that it is consistent with the information obtained about the accountholder’s source of funds and the stated purpose and expected use of the account.

4. Special Information Sharing Procedures

The Final Rule applies sections 314(a) and 314(b) of the USA PATRIOT Act to Covered Advisers.[57]

Section 314(a). Section 314(a) requires Covered Advisers, upon FinCEN’s request, to search their records for specified information to determine whether the Covered Adviser maintains or has maintained any account for, or has engaged in any transaction with, an individual, entity, or organization named in FinCEN’s request.[58] Covered Advisers must report any such identified information to FinCEN.[59] For purposes of section 314(a) requests, FinCEN does not expect Covered Advisers to have accounts for the underlying investors in a private fund unless the Covered Adviser has a separate advisory relationship with that underlying investor, such as, for example, a managed account relationship.[60] The Final Rule permits Covered Advisers to exclude from the section 314(a) information requirement mutual funds, bank- and trust company-sponsored collective investment funds and any other investment adviser they advise that is already subject to obligations under the BSA.

Section 314(b). Section 314(b) allows Covered Advisers to participate in voluntary information-sharing arrangements with other BSA-regulated financial institutions, through which they are able to gather additional information to help them mitigate ML/TF and other illicit finance risks.[61] To participate in the section 314(b) information-sharing program, Covered Advisers must first register with FinCEN’s Secure Information Sharing System if they are not already a registered user of the system.[62]

5. Special Measures

The Final Rule extends the requirements of Section 311 of the USA PATRIOT Act and Section 9714(a) of the Combatting Russian Money Laundering Act to Covered Advisers. Covered Advisers will be required to implement “special measures” if the Secretary of the Treasury determines that a foreign jurisdiction, institution, class of transaction or type of account is of “primary money laundering concern.”[63] Special measures include imposing additional recordkeeping, information collection and reporting requirements, as well as prohibitions or conditions on the opening or maintenance of certain correspondent accounts.[64] Covered Advisers will be subject to the special measures requirements with respect to customers that are not mutual funds, collective investment funds or other investment advisers they advise that are independently subject to the Final Rule.[65]

6. Recordkeeping

AML/CFT-Related Record Retention Requirement. The Final Rule requires Covered Advisers to maintain, for a period of five years: (i) AML/CFT-related records, such as a written AML/CFT program that includes internal policies, procedures and controls, as well as records of certain transactions and transfers of funds specified in subpart D of the Final Rule and (ii) copies of filed SARs and underlying supporting documentation.[66]

Transaction Records Under the Funds Transfer Travel Rule. The Final Rule extends the Recordkeeping and Travel Rules to Covered Advisers.[67] The Recordkeeping and Travel Rules require financial institutions to create and retain records for transmittals of funds and ensure that certain information pertaining to the transmittal of funds “travels” with the transmittal to the next financial institution in the payment chain.[68] Under the Recordkeeping and Travel Rules, Covered Advisers will be required to: (i) obtain and retain records for extensions of credit and cross-border transfers of currency, monetary instruments, checks, investment securities and credit in excess of $3,000 for a period of five years and (ii) pass on this information to the next financial institution in the payment chain.[69] “Transmittal of funds” includes funds transfers processed by banks, as well as similar payments where one or more of the financial institutions processing the payment (i.e., the transmitter’s financial institution, an intermediary financial institution, or the recipient’s financial institution) is not a bank. It is still unclear how the Travel Rule will apply to Covered Advisers.

Under the Recordkeeping and Travel Rules, a transmitter’s financial institution must obtain and retain the name, address and other information about the transmitter and transaction for the same five-year period. The Recordkeeping and Travel Rules also require the recipient’s financial institution (and in some instances, the transmitter’s financial institution) to obtain and retain identifying information on the recipient for the same five-year period.[70]

Delegation of Examination Authority to the SEC

In the Final Rule, FinCEN delegated examination authority to the SEC over Covered Advisers’ compliance with the Final Rule. [71] The delegation reflects FinCEN’s recognition that the SEC is best equipped to handle such examinations given the existing SEC regulatory and examination apparatus with respect to investment advisers.

This is consistent with FinCEN’s existing delegation of its examination authority to the SEC to examine broker-dealers and mutual funds for compliance with BSA implementing regulations meant to maintain efficiencies and avoid duplication.[72]

Additional Rulemakings

There are several rules that have been proposed or are yet to be proposed that will have an impact on Covered Advisers and may supplement this Final Rule.

Customer Identification Program Rule. With respect to customer identification programs (“CIP”), on May 21, 2024 FinCEN and the SEC published a joint notice of proposed rulemaking to apply CIP requirements to Covered Advisers (“CIP Proposed Rule”).[73] The comment period for the CIP Proposed Rule closed on July 22, 2024, and FinCEN and the SEC are currently reviewing comments as they work toward finalizing this rule.[74] Notably, the CIP Proposed Rule includes a provision permitting Covered Advisers to rely on other financial institutions to perform CIP subject to certain conditions, including that the financial institution is subject to a rule implementing the AML/CFT program requirements of 31 U.S.C. section 5318(h) and is regulated by a Federal functional regulator.[75]

Customer Due Diligence Rule. On May 11, 2016, FinCEN published a Final Rule imposing CDD requirements on financial institutions, including Covered Advisers (the “CDD Rule”).[76] As part of Congressional efforts to harmonize the BOI reporting requirements across financial institutions, the Corporate Transparency Act requires FinCEN to rescind the information collection requirements of the CDD Rule by January 1, 2025.[77] Thus, Covered Advisers will not be required to identify and verify the beneficial owners of legal entity customer accounts until the effective date of the revised CDD Rule.

AML Program Effectiveness Rule. FinCEN notes that the AML/CFT program requirements for Covered Advisers in the Final Rule do not yet incorporate the AML/CFT program amendments directed by Section 6101(b) of the Anti-Money Laundering Act of 2020 and included in a FinCEN notice of proposed rulemaking published on July 3, 2024.[78] Once this rule is finalized, it may be extended to Covered Advisers. The Final Rule does currently require Covered Advisers to develop AML/CFT programs based on their own business structures.[79] Accordingly, Covered Advisers are required to identify their exposure to ML/TF and other illicit finance activity risks; understand the BSA requirements applicable to them; identify the risk factors relating to these requirements; design internal policies, procedures and controls that are required to reasonably assure compliance with these requirements; and periodically assess the effectiveness of these procedures and controls.[80]

Takeaways and Next Steps

Covered Advisers should review the Final Rule carefully because it will add significant compliance obligations and contains many requirements that exceed industry best practices. Covered Advisers should begin taking steps toward compliance with the Final Rule by the effective date of Jan. 1, 2026, including by:

Reviewing existing AML/CFT policies and procedures to determine whether any elements must be added to ensure compliance with the new requirements of the Final Rule, including, for example, formalizing delegation of certain compliance measures to third-party service providers, including administrators, and oversight of such third-party service providers, adding specific procedures for filing and maintaining confidentiality of SARs, and implementing risk-based procedures for conducting due diligence on different investor-types;
Evaluating whether procedures for collecting information from investors need to be revised and/or tailored based on the money laundering and terrorist financing risks presented by particular types of investors, e.g., a fund-of-funds domiciled in a high-risk jurisdiction, a nominee investing on behalf of an undisclosed principal or legal entity customer with a SFPF as its beneficial owner; this may require a formal risk assessment to be done;
Appointing a dedicated AML/CFT compliance officer (which may be satisfied by training an existing compliance professional to properly execute that role at the Covered Adviser);
Developing and implementing an AML/CFT training program, taking into consideration which employees should be trained, the content of such training and how to document such training;
Adopting a formal process for conducting independent testing, as well as determining the frequency of such independent testing;
Reviewing existing contracts with third-party service providers, such as administrators, to ensure that such contracts include the requirements of the Final Rule, including escalation of suspicious activity to Covered Advisers and proper recordkeeping. Such agreements should set forth the level of oversight and testing that the Covered Adviser should apply to the third-party service provider. Specifically, FinCEN clarifies in the Final Rule that it would not be sufficient to simply obtain a certification from a service provider that the service provider “has a satisfactory AML program” although a Covered Adviser could take into account such a certification as part of the Covered Adviser’s periodic oversight of the service provider’s operations;
Formally approving the written AML/CFT program by senior management and documenting that approval; and
Preparing for additional final rules from FinCEN that may require further modifications to Covered Advisers’ AML/CFT programs, including the CIP Proposed Rule, revised CDD Rule and AML Program Effectiveness Rule. Covered Advisers will likely need to further update their risk-based policies procedures and internal controls upon publication of the forthcoming final rules.

Schulte attorneys have deep experience in this area and have been assisting asset managers with their AML/CFT compliance needs for over 20 years.

Authored by Michael S. Didiuk, Melissa G.R. Goldstein, Betty Santangelo, Kyle B. Hendrix and Noah A. Wright.

If you have any questions concerning this Alert, please contact your attorney at Schulte Roth & Zabel or one of the authors.

[1] Final Rule, Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 72156 (Sept. 4, 2024), available here; see also FinCEN, Investment Adviser Final Rule Fact Sheet (August 28, 2024) (hereinafter, “IA Final Rule Fact Sheet”).

[2] FinCEN, Notice of Proposed Rulemaking, Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers, 80 Fed. Reg. 52680 (Sept. 1, 2015). FinCEN withdrew this notice of proposed rulemaking upon issuing its new Proposed Rule in 2024.

[3] On Sept. 26, 2002, FinCEN issued a proposed rule requiring unregistered investment companies, including private funds, to establish AML programs. FinCEN, Notice of Proposed Rulemaking, Anti-Money Laundering Programs for Unregistered Investment Companies, 67 Fed. Reg. 60617 (Sept. 26, 2002). On May 5, 2003, FinCEN issued another proposed rule requiring certain investment advisers to establish AML programs. FinCEN, Notice of Proposed Rulemaking, Anti-Money Laundering Programs for Investment Advisers, 68 Fed. Reg. 23646 (May 5, 2003). In June 2007, FinCEN announced that it was reviewing the broader AML regulatory framework and, as part of that review, rescinded these proposed rules on Nov. 4, 2008. FinCEN, Withdrawal of the Notice of Proposed Rulemaking, Anti-Money Laundering Programs for Investment Advisers, 73 Fed. Reg. 65568 (Nov.4, 2008).

[4] Treasury, 2024 Investment Adviser Risk Assessment (February 2024), available here.

[5] FinCEN, Notice of Proposed Rulemaking, Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 12108. (Feb. 15, 2024). For more information regarding the Proposed Rule, please see our prior Alert, “FinCEN Once Again Proposes Anti-Money Laundering Program Requirements for Investment Advisers”.

[6] Final Rule, 89 Fed. Reg. at 72159 (citing 2024 Risk Assessment at 32).

[7] Final Rule, 89 Fed. Reg. at 72163; see also National Counterintelligence and Security Center, Safeguarding Our Innovation, 1 (July 24, 2024), available here.

[8] Final Rule, 89 Fed. Reg. at 72163.

[9] FinCEN notes that, should the registration status of an RIA change such that the RIA would no longer be exempt from the definition of ‘‘investment adviser,’’ the adviser will become subject to the AML/ CFT requirements in this rule as of its next annual updating amendment to Form ADV. Final Rule, 89 Fed. Reg. at 72170.

[10] While FinCEN in the preamble uses “AUM” (assets under management), the correct term as used by the SEC in Form ADV and for purposes of the Investment Advisers Act of 1940 is “RAUM” or “Regulatory Assets Under Management.”

[11] Final Rule, 89 Fed. Reg. at 72168.

[12] Final Rule, 89 Fed. Reg. at 72172 (citing 31 C.F.R. § 1032.110).

[13] For the purposes of the Final Rule, “U.S. personnel” means, regardless of citizenship, any director, officer, employee, or agent of the investment adviser conducting advisory activities from a US agency, branch, or office of the investment adviser. Final Rule, 89 Fed. Reg. at 72172. US personnel would be involved in advisory activities if, for example, an employee of the investment adviser manages assets of a client from a US office or other US workplace of the investment adviser, or if the employee works remotely from the United States on a regular basis. Id. Conversely, a US citizen employee of the investment adviser managing assets of a client from a non-US office of the foreign-located investment adviser would generally not constitute US personnel involved in advisory activities for this purpose. Id.

[14] Final Rule, 89 Fed. Reg. at 72173 and 72200. In contrast, an adviser with its principal office and place of business in the United States must comply with the Final Rule with respect to all of its advisory activities. Id. at 72172, n.122.

[15] Final Rule, 89 Fed. Reg. at 72172.

[16] The Final Rule defines “foreign-located private fund” by reference to Section 202(a)(29) of the Advisers Act, which defines “private fund” to mean “an issuer that would be an investment company, as defined in section 3 of the [Investment Company of 1940], but for section 3(c)(1) or 3(c)(7) of the Act.” Id. at 72173. The “foreign-located” aspect of the definition refers to a fund that is a legal entity or arrangement that is incorporated or organized outside the United States and therefore is not a US person for purposes of the Final Rule. Id.

[17] FinCEN, in the preamble, notes that a “U.S.-located private fund advised by a foreign-located investment adviser is itself a U.S. person under this definition, and so a foreign-located investment adviser will also be required to apply the [F]inal [R]ule with respect to any U.S.-located private fund it advises, irrespective of the presence or absence of any U.S. person investors in such U.S.-located private fund.” Final Rule, 89 Fed. Reg. at 72173, n.132.

[18] See 15 U.S.C. 80b–2(a)(11)(G) (excluding family offices as defined by the SEC from the Advisers Act definition of ‘‘investment adviser’’); 15 U.S.C. 80b–3(b)(3) (exempting foreign private advisers from registration with the SEC).

[19] Final Rule, 89 Fed. Reg at 72191.

[20] Id.

[21] Id.

[22] Id. at 72192.

[23] Id.

[24] Id.

[25] Id. at 72193.

[26] Id.

[27] Id.

[28] Id.

[29] Id.

[30] Id.

[31] Id. at 72193, n.224.

[32] Id. at 72230, n.361.

[33] Id. at 72193.

[34] Id. at 72194.

[35] Id.

[36] Id. at 72200, n.245.

[37] Id. The preamble also explains that Covered Advisers need not apply their AML/CFT to non-advisory services. Id. at 72181. One example of non-advisory services would be in the context of private funds, including venture capital funds: an adviser’s personnel may play certain roles with respect to the portfolio companies in which its customer fund invests. Id. Generally, activities undertaken in connection with those roles (e.g., making managerial/operational decisions about the activities of portfolio companies) would not be “advisory activities.” Id.

[38] As applied to sub-advisers, the preamble explains, this exclusion will permit an investment adviser (acting as sub-adviser) to exclude from its AML/CFT program another investment adviser (the primary adviser) to which it provides sub-advisory services where the sub-adviser has a direct contractual relationship with the primary adviser and not with the underlying customer of that primary adviser. Id. at 72184. The investment adviser may also be able to exclude wrap-fee programs, separately managed accounts, or other advisory relationships, so long as the customer is another investment adviser (as defined in the Final Rule) and the adviser does not have a direct contractual relationship with the underlying customer of the other investment adviser. Id.

[39] Id. at 72181.

[40] SICAVs are a type of collective investment fund commonly used in Europe. Id. at 72185 n.206.

[41] Final Rule, 89 Fed. Reg. at 72197.

[42] Id. at 72198.

[43] Id. at 72197.

[44] Id.

[45] Id. at 72199 (citing 31 C.F.R. § 1032.320(a)(2)(i)-(iv)).

[46] Id. at 72200.

[47] Id.

[48] Id. (citing 31 C.F.R. § 1032.320(d)(1)(ii)(A)(1)).

[49] Id. at 72202.

[50] Id. (citing 31 C.F.R. § 1032.320(d)(1)(ii)(A)(2)).

[51] Id.

[52] Id. (citing 31 C.F.R. § 1032.320(d)(1)(ii)(B)).

[53] Id. at 72214.

[54] Id.

[55] Id.; see also 31 C.F.R. § 1010.610 through § 1010.620.

[56] The term account, in the phrase “correspondent account,” includes “any contractual or other business relationship established between a person and an investment adviser to provide advisory services.” Final Rule, 89 Fed. Reg. at 72274.

[57] Id. at 72204; FinCEN, USA PATRIOT Act Section 314(a) Fact Sheet (last updated Sept. 3, 2024); FinCEN, USA PATRIOT ACT Section 314(b) Fact Sheet (last updated December 2020).

[58] Final Rule, 89 Fed. Reg. at 72204.

[59] Id.

[60] Id. at 72205. At this time, Covered Advisers are not specifically required to collect BOI for private funds. Therefore, when responding to a section 314(a) request on behalf of a private fund, Covered Advisers will typically need to provide information only about the private fund itself, not about its underlying investors.

[61] Final Rule, 89 Fed. Reg. at 72196; see also USA PATRIOT Act Section 314(b) Fact Sheet at 1.

[62] USA PATRIOT ACT Section 314(b) Fact Sheet at 6.

[63] Final Rule, 89 Fed. Reg. at 72237.

[64] Id.

[65] Id. at 72206.

[66] Id. (citing 31 C.F.R. § 1010.410).

[67] Id. at 72156.

[68] Id. at 72180.

[69] Id. at 72179 (citing 31 C.F.R. § 1010.410(e), (f); 31 C.F.R. § 1020.410(a)).

[70] Id. at 72180.

[71] Id. at 72207 (citing 31 C.F.R. § 1010.810(b)(6)).

[72] IA Final Rule Fact Sheet at 3.

[73] Final Rule, 89 Fed. Reg. at 72161 (citing FinCEN and SEC, Joint Notice of Proposed Rulemaking, Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 44571 (May 21, 2024)); for more information regarding the CIP Proposed Rule, please see our prior Alert, “FinCEN Issues Proposed Rule Requiring Customer Identification Programs for Investment Advisers.”

[74] Final Rule, 89 Fed. Reg. at 72161.

[75] Id. at 72195.

[76] FinCEN, Final Rule, Customer Due Diligence Requirements for Financial Institutions, 81 Fed. Reg. 29398 (May 11, 2016).

[77] Pub. L. 116–283, div. F, title LXIV, § 6403(d), 134 Stat. 4624 (Jan. 1, 2021).

[78] IA Final Rule Fact Sheet at 3; for more information regarding the proposed pule, please see our prior Alert, “FinCEN Issues Proposed Rule to Strengthen and Modernize AML/CFT Programs for Financial Institutions.”

[79] Final Rule, 89 Fed. Reg. at 72181.

[80] Id.

This communication is issued by Schulte Roth & Zabel LLP for informational purposes only and does not constitute legal advice or establish an attorney-client relationship. In some jurisdictions, this publication may be considered attorney advertising. © 2024 Schulte Roth & Zabel LLP. All rights reserved. SCHULTE ROTH & ZABEL is the registered trademark of Schulte Roth & Zabel LLP.