AML/CFT Program and SAR Filing Requirements for U.S. Investment Advisers

After proposing to broaden the definition of “financial institution” under the Bank Secrecy Act (BSA) earlier this year, the Financial Crimes Enforcement Network (FinCEN) finally issued a Final Rule on August 28, 2024 imposing anti-money laundering (AML) requirements for Registered Investment Advisers (RIAs) and Exempt Reporting Advisers (ERAs). The rule requires RIAs and ERAs to establish and maintain AML and countering the financing of terrorism (CFT) programs and file suspicious activity reports (SARs) in an effort to enhance the transparency and integrity of the U.S. financial system.

This rule will go into effect on January 1, 2026. The U.S. Securities Exchange Commission (SEC) will have examination authority over these requirements.

Scope of the rule

The rule applies to RIAs and ERAs, including foreign-located investment advisers whose advisory activities occur within the U.S. or who provide services to U.S. persons or foreign-located private funds with U.S. investors.

Investment advisers may exclude from their obligations any mutual funds they advise, bank and trust company-sponsored collective investment funds, or other investment advisers subject to the final rule. This exclusion can be carried out without verifying that the mutual fund has implemented an AML/CFT program.

Certain advisers are excluded from this rule, including RIAs registered with the SEC solely as mid-sized advisers, multi-state advisers, or pension consultants, as well as those not required to report any assets under management (AUM) to the SEC on Form ADV. State-registered advisers, foreign private advisers, and family offices are also excluded.

Risk-based and reasonably designed AML/CFT program

The final rule requires RIAs and ERAs to establish an AML/CFT program that addresses the specific risks and activities of the adviser. At a minimum, this program should include:

• Internal policies, procedures, and controls reasonably designed to prevent money laundering, terrorist financing, and other illicit activities, and comply with the BSA and other related regulations.
• Independent testing of the AML/CFT program completed by an objective party. If the investment adviser’s personnel are completing the testing, individuals implementing the AML/CFT program cannot participate. Internal staff not involved in the function may be used, or the adviser can hire an external party to complete the testing.
• Designation of an AML/CFT officer with expertise and experience to oversee compliance with the BSA and FinCEN regulations. While certain aspects of the AML/CFT program can be delegated to third parties, the designated AML/CFT officer must be an internal employee.
• Employee training tailored to the employees' responsibilities and the extent of their contact with AML/CFT requirements or potential illicit activities. This training can be conducted through various methods, including seminars and virtual training. Employees must receive this training when they start their duties, and periodic refresher courses thereafter.
• Ongoing Customer Due Diligence (CDD) risk-based procedures. The rule does not mandate the collection of beneficial ownership information for legal entity customers, but advisers should determine this need based on the customer's risk profile. FinCEN intends for the collection of beneficial ownership information of legal entity customers to be implemented alongside the final Customer Information Program (CIP) Rule once the proposed rule is finalized.
  • Understand the nature and purpose of customer relationships to develop customer risk profiles. Investment advisers must gather information about customers at the start of a relationship to create a customer risk profile. This profile helps monitor for suspicious activities and conduct ongoing due diligence. FinCEN clarifies that advisers can use various approaches to assess risk, tailored to their business activities and customer profiles. There are no mandatory risk profile categories, and the level of detail will vary based on the adviser's size and complexity. Key risk factors for individual customers include the source of funds, jurisdiction, citizenship, and status as a politically exposed person (PEP). For legal entities, factors include the type of entity, domicile, and regulatory regime. Advisers must also consider their historical experience with the customer.
  • Ongoing monitoring to identify suspicious transactions and update customer information. The final rule requires investment advisers to implement risk-based procedures for ongoing monitoring to identify and report suspicious transactions and update customer information as needed. Investment advisers must file Suspicious Activity Reports (SARs) in a timely manner, and update customer information when relevant risk information is identified. Ongoing monitoring can be integrated into transaction monitoring systems and may involve information sharing under the USA PATRIOT Act. Smaller RIAs may delegate transaction monitoring to qualified custodians, but remain responsible for compliance.
• AML/CFT program approval is required by a board of directors or trustees. If an adviser lacks a board, senior management such as the CEO, CFO, COO, CLO, CCO, or directors, as well as board committees, like compliance or audit committees, can approve the program.

Suspicious Activity Reporting

• SAR filing is required when the adviser "knows, suspects, or has reason to suspect" illicit activity, based on available evidence.
• Advisers may need to file a SAR if:
  • Approached by a limited partner or investor about unusual access to technology or processes (e.g., venture capital firms).
  • Aware that a limited partner or investor has reached out to a portfolio company for such information.
  • Asked to obscure an investor's participation in a transaction to avoid government notification (e.g., transaction reporting).
• Investment advisers must file a SAR with FinCEN within 30 days of detecting suspicious activity. Immediate threats, like terrorist financing, require prompt notification to law enforcement and timely SAR filing.
• Investment advisers must keep copies of filed SARs and related documentation for five years. This documentation must be available to FinCEN and relevant law enforcement and regulatory authorities upon request.
• The requirement to file SARs applies to transactions conducted or attempted by, at, or through an investment adviser, including advisory activities on behalf of clients.
  • Advisers must not disregard suspicious transactions involving funds they do not advise or portfolio companies. They remain responsible for meeting SAR obligations if they have relevant information.
• The rule clarifies that filing a SAR does not exempt advisers from other reporting obligations under the Advisers Act and SEC regulations.
• Private fund advisers may have limited involvement in and visibility into the operations of their portfolio companies, including access to material non-public technical information. As such, SAR obligations for private fund advisers are as follows:
  • SAR filing should focus on the adviser’s activities within their AML/CFT program.
  • Non-advisory activities, like staff management roles at portfolio companies, should be excluded.
• Advisers can disclose underlying facts and documents for joint SAR preparation, provided no one involved in the transaction is notified (e.g., a qualified custodian can share relevant transaction monitoring information with an investment adviser, as long as the information doesn’t involve suspected misconduct by the adviser or its employees).

Information sharing

Section 314(a) is part of the PATRIOT Act, which facilitates information sharing between financial institutions and law enforcement. This section allows law enforcement to request information from financial institutions about individuals, entities, and organizations suspected of engaging in money laundering or terrorist activities. Financial institutions are required to search their records against FinCEN’s Section 314(a) list found in their Secure Information Sharing System (SISS), and report specific information when requested by law enforcement agencies. Authorized individuals at financial institutions can access and download the list from SISS. Investment advisers are not expected to have all account information for underlying investors in private funds unless they have a separate advisory relationship.

Section 314(b) of the PATRIOT Act allows financial institutions to share information to identify and report activities that may involve money laundering and terrorist financing. Advisers can voluntarily share information with other financial institutions after notifying the U.S. Department of the Treasury using FinCEN’s SISS and submitting the 314(b) registration. This section provides a safe harbor from liability for participants, protecting them from legal repercussions.

Special due diligence and special measures

The rule has special due diligence requirements for correspondent and private banking accounts. Financial institutions must perform due diligence on private banking accounts for non-U.S. persons that includes identifying the beneficial owners of the accounts and understanding the source of the funds. In addition, financial institutions must establish risk-based procedures to assess the risks associated with correspondent accounts. This includes understanding the nature of the foreign bank’s business and the purpose of the account. Investment advisers must adhere to special diligence standards, prohibitions, and measures for their customers, with the exception of mutual funds, collective investment funds, and other investment advisers they manage.

Recordkeeping and travel rules and currency transaction reports

• Advisers are required to file Currency Transaction Reports (CTRs) and adhere to Recordkeeping and Travel Rules. These rules mandate creating and retaining records for the transmittal of funds and ensuring certain information accompanies the transmittal.
• Advisers must comply with the Travel Rules only when they are acting as a transmitter or recipient, except for transfers involving qualified custodians.

How we help

ACA’s AML and Financial Crimes practice offers advisory services and solutions to assist financial services firms in addressing threats and regulatory obligations associated with financial crime. We work with investment advisers and broker-dealers, among others, to assess risk, develop policies and procedures, and perform independent tests and gap analyses.

Our support can incorporate our ComplianceAlpha^® regulatory technology and managed services to help your firm meet its data screening, ongoing monitoring, remediation and reporting needs.

Reach out to your ACA consultant, or contact us to find out how ACA can help you meet your AML requirements and launch, grow, and protect your firm. 

Contact us