About a-team Marketing Services

A-Team Insight Blogs

FinCEN’s Final Rule Puts the Buy-Side on Notice – AML/CFT Compliance by Jan ‘26

Subscribe to our newsletter

The US Financial Crimes Enforcement Network’s (FinCEN) long-anticipated final rule on Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) – issued in August – closes a significant regulatory gap that previously allowed certain advisers to operate with limited oversight. This made them potential targets for exploitation by illicit actors, including money launderers and terrorist financiers.

The new rule expands compliance obligations to include for the first time Registered Investment Advisors (RIAs) and Exempt Reporting Advisors (ERAs), explicitly categorizing investment advisers as ‘financial institutions’ under the Bank Secrecy Act (BSA). This “will make it harder for criminals to exploit our strong residential real estate and investment adviser sectors,” according to Treasury Secretary Janet Yellen.

The final rule aligns the US financial system with international standards, responding to weaknesses identified in the 2016 Financial Action Task Force (FATF) Mutual Evaluation. Investment advisers are now required to implement comprehensive AML/CFT programs, report suspicious activities to FinCEN, and comply with customer due diligence (CDD) and recordkeeping requirements.

The earlier proposed rule issued for industry comment in February covered all SEC registered IRAs and ERAs. Following industry feedback, the final rule exempts certain midsize and family advisers and pension consultants. Also dropped is the requirement that the individual responsible for the AML program reside the U.S. and be subject to Treasury and appropriate federal oversight. Foreign advisers will only fall under the requirements when a U.S. adviser is involved, or if service is provided to a U.S. person.

This rule represents a substantial shift in compliance expectations for the firms now covered. Until now, many advisers operated without formal AML/CFT programs, leaving them vulnerable to exploitation by bad actors. The new requirements mandate the implementation of risk-based controls, pushing firms to overhaul existing frameworks or build new compliance structures from the ground up.

Firms without established compliance programs face a steep learning curve, as they must quickly implement governance and oversight and invest in technology, data management systems, and expertise to meet the regulatory deadline.

FinCEN’s final rule takes effect on January 1, 2026, providing firms just over a year to establish fully compliant AML/CFT programs. Despite appearing distant, this deadline presents challenges, especially for firms that must build comprehensive programs from scratch. The rule requires a risk-based approach, meaning that firms must conduct detailed risk assessments based on their client profiles and investment activities.

Developing these programs will involve re-engineering existing workflows, updating policies, and ensuring that compliance frameworks meet FinCEN’s expectations well before the deadline.

Governance and Oversight

A key governance change is the requirement for firms to appoint a compliance officer to manage the AML/CFT program. For smaller buy-side firms, this is a significant adjustment, as many may lack formalized compliance roles. The compliance officer will need the authority and resources to enforce AML policies across the organization.

The final rule also introduces an independent audit function to assess the AML/CFT program’s effectiveness. Firms must ensure that this audit capability is in place, whether through internal teams with expertise in AML or through external consultants. In complex organizations managing multiple entities or funds, the rule clarifies that overlapping AML obligations may exist. Firms involved in multi-party agreements, such as sub-advisory relationships, will need to delineate responsibilities clearly. FinCEN provides some relief by excluding sub-advisers from direct responsibility in certain cases, but firms must still ensure robust coordination.

Integrating AML/CFT into Buy-Side Workflows

The integration of AML/CFT controls will have a far-reaching impact on client-facing processes, particularly in customer onboarding and ongoing due diligence. The rule emphasizes ongoing customer due diligence (CDD), requiring firms to regularly update client risk profiles and continually monitor all transactions for suspicious activity.

For smaller firms, implementing these controls will require considerable investment in technology and staff training. However, FinCEN allows some flexibility, noting that AML/CFT programs should be “reasonably designed” and proportionate to the firm’s specific risk profile. However, the operational burden remains substantial for firms starting from scratch.

Leveraging Technology and RegTech Solutions

Advanced technology will play a crucial role in enabling firms to meet their AML/CFT obligations. Automation and RegTech solutions, particularly those offering artificial intelligence (AI) and machine learning capabilities, are already well established in helping firms with complex portfolios manage large volumes of data, detect suspicious activity, and streamline regulatory reporting.

RegTech solutions offer the scalability and expertise required to navigate FinCEN’s complex requirements. However, buy-side firms must conduct thorough due diligence before outsourcing these responsibilities, ensuring that third-party providers meet regulatory standards and align with the firm’s risk management strategy on an ongoing basis.

Data Collection, Monitoring, and Security

Under FinCEN’s rule, buy-side firms must establish robust systems for collecting, monitoring, and securing data to meet recordkeeping and reporting obligations. Suspicious Activity Reports (SARs) and customer profiles must be maintained and updated regularly. As the rule emphasizes ongoing monitoring, firms will need advanced analytics to manage large datasets, identify risks, and flag high-risk transactions.

FinCEN’s forthcoming rules on customer identification and beneficial ownership (BOI) are expected to overlap with the AML/CFT final rule, requiring firms to capture and verify additional client data. Buy-side firms will need to prepare for these additional requirements by ensuring their systems are equipped to handle increased data collection and storage responsibilities.

Data security is another critical concern, given the sensitive nature of the information involved. Firms must establish audit trails and demonstrate compliance during SEC examinations.

Artificial intelligence (AI) and machine learning (ML) are increasingly being used to enhance AML/CFT programs, offering comprehensive real-time monitoring and analysis of suspicious activity. AI systems can identify complex patterns in transaction data that may not be evident through traditional rule-based approaches, reducing false positives and improving the accuracy of suspicious activity detection.

Although still in its early stages, generative AI (GenAI) shows potential to further scale and enhance AML/CFT efforts by automating complex compliance processes.

Third-Party Delegation and Oversight

The final rule allows buy-side firms to delegate certain AML/CFT responsibilities to third-party providers, such as fund administrators. However, the rule clearly states that the investment adviser retains ultimate responsibility for compliance. Firms must conduct due diligence on all critical service providers and establish clear contractual obligations to ensure that AML requirements are being met.

Firms managing multiple entities must also evaluate how third-party delegation impacts their overall risk profile and maintain oversight through regular audits and performance reviews. While delegation can reduce the operational burden, it also requires careful coordination to ensure compliance across all entities.

The Need for Immediate Action

Affected firms face both financial and reputational risks if they fail to comply with FinCEN’s final rule by the January 2026 deadline. Firms should immediately begin reviewing their current control frameworks, identifying gaps, and seeking expert guidance where necessary. As the SEC has been delegated examination authority for these AML requirements, buy-side firms must prepare for increased regulatory scrutiny, with enforcement actions likely for non-compliance.

The time to act is now. By investing in advanced RegTech solutions, firms can build scalable, future-proof AML/CFT programs that meet both current and evolving regulatory demands.

If you want to learn more be sure to join us at the next RegTech Summit event coming to NYC on November 21st – view the full agenda and sign up here or register below.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Practical considerations for regulatory change management

Regulatory change management has become a norm across financial markets but a challenge for financial institutions that must monitor, manage and adapt to ensure compliance with both minor and major adjustments to obligations. This year is particularly troublesome, with major upgrades to EMIR Refit, Markets in Financial Instruments Directive II (MiFID II) and Markets in...

BLOG

LBBW Selects Fenergo for Onboarding and Client Lifecycle Management (CLM)

Landesbank Baden-Württemberg (LBBW), Germany’s largest state bank, is implementing a cloud-based client onboarding system aimed at improving its compliance processes, based on Fenergo’s client lifecycle management platform (CLM). LBBW, with total assets of €324 billion, hopes the initiative will enhance its automation capabilities and increase operational efficiency. As part of the project, LBBW will deploy...

EVENT

Data Management Summit New York City

Now in its 15th year the Data Management Summit NYC brings together the North American data management community to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

Regulatory Data Handbook 2024 – Twelfth Edition

Welcome to the twelfth edition of A-Team Group’s Regulatory Data Handbook, a unique and useful guide to capital markets regulation, regulatory change and the data and data management requirements of compliance. The handbook covers regulation in Europe, the UK, US and Asia-Pacific. This edition of the handbook includes a detailed review of acts, plans and...