The Financial Crimes Enforcement Network (FinCEN) introduced a new rule aimed at strengthening and modernizing anti-money laundering (AML) and countering the financing of terrorism (CFT) programs for registered investment advisers (RIAs) and exempt reporting advisers (ERAs). As of January 1. 2026, RIA and ERA firms will be in scope for the AML/CFT requirements of the Banking Secrecy Act and must establish, implement and maintain AML compliance programs that are effective, risk-based and reasonably designed. These programs aim to identify clients or potential clients who are laundering money or funding terrorism through the United States financial system, report suspicious activities, and prevent bad actors or antagonistic foreign agents from accessing sensitive US technologies through investments in American firms.  

Covered firms must also maintain compliance with other AML regulators and standards, including the Office of Foreign Assets Control (OFAC), the USA PATRIOT Act and the Bank Secrecy Act (BSA). 

 

Which firms must comply with the FinCEN RIA Final Rule?

According to the Rule, "these regulations will apply to certain investment advisers who may be at risk for misuse by money launderers, terrorist financers, or other actors who seek access to the U.S. financial system for illicit purposes and who threaten U.S. national security." 

The Rule defines investment advisers as firms registered with or required to register with the SEC and investment advisers that report information to the SEC as exempt reporting advisers (ERAs). 

Investment advisers generally must register with the SEC if they have over $110 million in assets under management (AUM). ERAs are investment advisers that advise only private funds and have less than $150 million in AUM in the United States or advise only venture capital funds. 

Certain firms are excluded from the Rule: RIAs that register with the SEC solely because they are mid-sized advisers, multi-state advisers, or pension consultants, and RIAs that are not required to report any AUM to the SEC on Form ADV. 

 

A Risk-Based Approach to AML/CFT Compliance 

The Rule mandates that financial institutions adopt a risk-based approach to AML compliance. This means tailoring programs to the specific risk levels of the firm, ensuring that resources are directed where they are most needed and the areas of highest risk are flagged. A risk-based approach requires institutions to identify, assess, and understand the money laundering and terrorist financing risks they are exposed to and then implement measures commensurate with the identified risk level.  

Given the rapid pace of change, a one and done approach to identifying and scoring relevant risks will not be sufficient for compliance under the Rule. To stay compliant, firms will need to continuously monitor their clients through ongoing due diligence, looking for changes in Sanctions, PEPs, Adverse Media, or any material change that will impact the risk profile of their customer. 

 

Implementing an AML/CFT Compliance Program 

The FinCEN RIA Final Rule requires a comprehensive approach to defining, owning, and implementing an AML/CFT policy. The scope covers not only the definition and implementation of an AML/CFT policy but also the senior leadership, training, and validation to ensure that it is enforced. Specifically, the required elements of the AML/CFT program must include: 

  • Developing internal policies, procedures and controls designed to meet the bespoke needs of the firm 
  • Designating an AML/CFT compliance officer 
  • Instituting an ongoing employee training program 
  • Independent testing and verification 
  • Implementing risk-based procedures and systems for conducting ongoing customer due diligence

Firms must also submit filings to FinCEN and properly maintain data 

  • Providing reporting, including Suspicious Activity Reporting (SARs) and Currency Transaction Reports (CTRs) 
  • Maintaining records so information can be provided to law enforcement agencies and regulators upon request as per Record-keeping Rules and the Travel Rule

 

Response to Patriot Act Obligations 

Financial institutions must comply with USA PATRIOT Act obligations as part of their anti-money laundering (AML) programs. This includes implementing customer identification programs (CIPs) to verify the identity of individuals opening accounts. Institutions must also conduct enhanced due diligence on foreign correspondent accounts and private banking accounts for non-U.S. persons.   

 

What is Enhanced Due Diligence? 

To manage higher-risk clients, financial institutions must implement robust EDD procedures to detect and prevent money laundering and terrorist financing effectively.  

RIAs and ERAs must complete due diligence on their clients, including data collection, document collection, sanction/political exposure/adverse media screening, risk analysis, and review and approval processes. Enhanced Due Diligence (EDD) is a core component of the FinCEN RIA Final Rule, requiring additional due diligence on higher-risk customers and transactions in order to develop a more comprehensive risk profile.  

EDD involves collecting additional information beyond standard due diligence better to understand the customer's activities and potential risks. This process includes verifying the source of funds, identifying more beneficial owners, and closely monitoring transactions for suspicious activity. EDD is particularly important for customers and transactions that pose heightened risk, such as foreign correspondent banking and private banking for non-resident aliens. As these are the highest-risk customers, it is crucial that the following of proper process is easily demonstrable to regulators and auditors. 

 

MCO Empowers Firms to be Ready for the FinCEN RIA Final Rule with Streamlined KYC/AML Compliance 

The MCO solution ensures that Registered Investment Advisers can meet their compliance obligations under the FinCEN RIA Final Rule, without sacrificing efficiency or negatively impacting the client experience. 

  • Minimize cost and effort while maximizing compliance
  • Expedite onboarding compliance to keep your business moving forward 
  • Protect your customer experience and relationships 
  •  Integrate into existing upstream and downstream systems 

MyComplianceOffice enables firms to screen customers and transactions to uncover potential money laundering or terrorist funding activity with powerful: 

  • Customer Due Diligence 
  • Screening
  • Risk Assessment
  • Transaction Screening & Monitoring 
  • Onboarding, Maintenance, and Periodic Reviews 

 

An End-to-End Due Diligence Solution 

 MCO provides the end-to-end solution to allow firms to complete due diligence on the client across data collection, document collection, and related party/UBO capture. This data can be automatically pre-populated by leveraging the MCO Entity Data master to minimize the amount of manual data capture required. Once the relevant details are verified, the client and any relevant related party can be screened for Sanctions, PEPs, and Adverse Media to the appropriate level, leveraging our integration with screening data providers such as Factiva. The client profile, any relevant related parties, and the outcome of the screening process are all factored into a real-time Risk Calculation, which will systematically drive Enhanced Due Diligence, Periodic Review Cycle dates, and escalations for Approval. Once onboarded, any client transactions are screened before processing and meta-analyzed post transaction to look for patterns of unusual behavior that could trigger an AML or CFT review. These lifecycle events are all efficiently managed in workflows for Onboarding, Maintenance, and Periodic Review. 

 

Automation for Efficient Identification of Relevant Risk 

The MCO platform is designed to be robust and automated; clients are assessed continuously against updates from data providers and screening hits such as new Sanctions or incidents of criminal activity by clients or associates of clients. The solution will automatically appraise any updates and re-calculate risk accordingly. Only when there is an issue or event of relevant importance will a user be notified by the system, where they can make a final decision. This ensures that compliance is kept at the highest level while protecting the team's time so that they can focus on value-added activities. And because these are all managed in MCO's workflows, the automated processes are highly visible and traceable and can be easily demonstrated to a regulator or auditor. 

 

Configurable to Meet the Needs of Your Firm 

Out-of-the-box standardized capabilities including rules, workflows and forms can be easily tailored to the firm's specifications to meet the bespoke needs of the firm, delivering the risk-based approach to AML/CFT compliance mandated by the Rule. As MyComplianceOffice is a SaaS platform, firms benefit from regular platform updates that address industry and regulatory changes, plus the ability to configure self-service updates on the fly to manage evolving business needs.  

 

Part of a Complete Compliance Solution 

MCO provides firms with an extensible and adaptable core platform to address long-term needs compliance needs. With one platform, one login and one data source, MCO enables the standardization of processes across the firm, increasing the efficiency of the compliance team's monitoring activities.  

With MCO's modular approach, the firm can add additional capabilities to strengthen and enhance its AML/CFT compliance program while taking a holistic view of compliance risk across the organization. 

Have questions? Speak to our experts