Beginning January 1, 2026, many investment advisers will be required under federal law to implement anti-money laundering (“AML”) programs.[1] These requirements are intended to deputize investment advisers to help law enforcement prevent money laundering, terrorist financing, and other illicit finance activity throughout the investment adviser industry. An investment adviser AML program must consist of (i) internal policies, procedures and controls reasonably designed to mitigate AML risk, (ii) independent testing of the investment adviser’s AML program, (iii) an AML compliance officer, (iv) ongoing AML training, and (v) appropriate risk-based procedures for conducting ongoing “customer” due diligence. Hunton has deep experience with designing, implementing and managing AML programs for other categories of financial institutions and can assist investment advisers with tailoring and rolling out their AML program in advance of the January 1, 2026 implementation date.

For more information, please see below.

Why are investment advisers required to have an AML program?

Beginning in the 1970s, Congress began passing a series of laws that collectively became known as the Bank Secrecy Act (“BSA”). These laws required banks to help law enforcement fight money laundering. Over time, these laws were extended to apply to additional categories of financial institutions, such as broker-dealers, insurance companies and money services businesses.

The Financial Crimes Enforcement Network (“FinCEN”), a federal agency that is part of the Treasury Department and has rulemaking and enforcement authority with respect to the BSA, has long sought to bring investment advisers within the federal AML framework. FinCEN first attempted to bring investment advisers under AML regulation in 2002 and 2003, when it proposed separate rules that covered unregistered and registered investment companies, respectively.[2] Both proposals met heavy opposition from investment advisers and the private fund industry, and were withdrawn in 2008. In 2015, FinCEN again proposed an AML framework for investment advisers.[3] Again, industry opposition led FinCEN to abandon its proposal. FinCEN released its third proposal for the investment adviser industry in 2024.[4]

Are all investment advisers covered by the AML requirement?

The scope of the rule is found in the definition of investment adviser (31 C.F.R. § 1010.100(nnn)). It applies to:

(1) Any person, other than a person identified in (2), wherever located, who is registered or required to register with the SEC under section 203 of the Investment Advisers Act of 1940 (the “Act”), or any person who is exempt from SEC registration under section 203(l) (the venture capital adviser exemption) or 203(m) (the private fund adviser exemption).

(2) For the purposes of this subpart, investment adviser does not include:

1. any person who is registered or required to register with the SEC under section 203 of the Act only because such person is an investment adviser that meets the conditions of
   1. mid-sized adviser, as set forth in Section 203A(a)(2)(B) of the Act (AUM of $25-$100 million),
   2. a pension consultant, as defined under 17 CFR 275–203A–2(a), or
   3. multi-state adviser, as defined under 17 CFR 275–203A–2(d).
2. any person who is registered or required to register with the SEC under section 203 of the Act and does not report any assets under management, as defined under Section 203A(a)(3) of the Act, on its most recently filed initial Form ADV or annual updating amendment to Form ADV (17 CFR 279.1).

If you are an investment adviser that meets this definition, then the AML requirements apply to you.

How do the AML requirements for investment advisers compare with the AML requirements for other financial institutions?

The AML program requirements for investment advisers are based on, and largely identical to, the AML requirements for banks and many other categories of financial institutions. Accordingly, hiring BSA officers and other AML compliance personnel from outside of the investment adviser industry may help investment advisers fulfill their AML compliance obligations.

What does an investment adviser AML program consist of?

Other financial institutions frequently refer to AML programs as consisting of five pillars:

1. Internal controls;
2. Independent testing;
3. AML Officer;
4. AML training; and
5. Customer due diligence.

Investment adviser AML programs are required to have these same five pillars as part of their AML program. Investment advisers must also have suspicious activity reporting processes as part of its AML program.

Notably, investment adviser AML programs are not required to have a customer identification program (“CIP”) or collect beneficial ownership data and information for legal entity customers (these two requirements apply to other categories of financial institutions). However, it is likely that these requirements will be implemented through other rulemakings.[5]

What constitutes an investment adviser’s “customer” for AML compliance?

The investment adviser’s diligence and similar obligations apply only with respect to the investment adviser’s “customers.” The final rule “[u]ses the term ‘customers’ for those natural and legal persons who enter into an advisory relationship with an investment adviser.”

The final rule also says that in order to make risk-based assessments of funds that are customers of an investment adviser, an investment adviser must conduct some level of investor diligence:

FinCEN expects an investment adviser that is the primary adviser to a private fund or other unregistered pooled investment vehicle to make a risk-based assessment of the money laundering, terrorist financing, and illicit finance activity risks presented by the investors in such investment vehicles by considering the same types of relevant factors, as appropriate, as the adviser would consider for customers for whom the adviser manages assets directly. As noted above, the risk-based approach of the rule is intended to give investment advisers the flexibility to design their programs to meet the specific risks presented by their customers, including any funds they advise. In assessing the potential risk of a private fund under the rule, investment advisers generally should gather pertinent facts about the structure or ownership of the fund, including the extent to which the adviser is provided with relevant information about the investors in that private fund, who may or may not themselves also be customers of the investment adviser, and the nature of such investor-related information that they investment adviser receives.[6]

When do I need to file a suspicious activity report?

Investment advisers must file a suspicious activity report (a “SAR”) if a transaction

(1) is conducted or attempted by, at, or through an investment adviser;

(2) it involves or aggregates funds or other assets of at least $5,000; and

(3) the investment adviser knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part):

1. Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation;
2. Is designed, whether through structuring or other means, to evade any requirements of this chapter or any other regulations promulgated under the Bank Secrecy Act;
3. Has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the investment adviser knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or
4. Involves use of the investment adviser to facilitate criminal activity.

If I use a third party administrator, do we both have these obligations? How much can I delegate to my third-party fund administrator?

An investment adviser may delegate its AML obligations to a third party, including to fund administrators. However, “if an investment adviser delegates the implementation and operation of any aspects of its AML/CFT program, the investment adviser will remain fully responsible and legally liable for, and be required to demonstrate to examiners, the program’s compliance with AML/CFT requirements and FinCEN’s implementing regulations.”[7]

How will compliance with the AML program requirements be assessed?

FinCEN has delegated its examination authority for investment advisers to the Securities and Exchange Commission (“SEC”) given the SEC’s expertise in the regulation of investment advisers and the existing delegation to the SEC of authority to examine broker-dealers and mutual funds for compliance with FinCEN’s regulations implementing the BSA. Once the rule goes into effect, investment advisers should expect the SEC's Examination Division to focus on these new requirements during examinations.

What are the penalties for AML program violations?

FinCEN has overall authority for enforcement and compliance with its regulations, including coordination and direction of procedures and activities of all other agencies exercising delegated authority. Further, pursuant to 31 C.F.R. § 1010.810(d), FinCEN has the authority to impose civil penalties for violations of the BSA and its regulations.

What should investment advisers be doing now?

Investment advisers should work with their internal and external compliance and legal functions to design and implement an AML program that complies with these new requirements. We encourage investment advisers to have these programs implemented by the beginning of the fourth quarter of 2025 in order to test and prepare for the January 1, 2016 implementation date.

Footnotes

[1] Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 72,156, (Sept. 4, 2024).

[2] Anti-Money Laundering Programs for Unregistered Investment Companies, 67 Fed. Reg. 60,617 (Sept. 26, 2002). Anti-Money Laundering Programs for Investment Advisers, 68 Fed. Reg. 23,646 (May 5, 2003).

[3] Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers, 80 Fed. Reg. 52,680 (Sept. 1, 2015).

[4] Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 12,108 (Feb. 15, 2024).

[5] See Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 44,571 (May 21, 2024).

[6] 89 Fed. Reg. at 72,191.

[7] 89 Fed. Reg. at 72,188.