Originally tabled for implementation on January 1, 2026, the Financial Crimes Enforcement Network (FinCEN) regulation that brings Registered Investment Advisers (RIAs) and Exempt Reporting Advisers (ERAs) under the Bank Secrecy Act (BSA) was postponed until 2028.
This change seeks to close a long-standing regulatory gap and introduce more comprehensive anti-money laundering (AML) obligations for investment advisers, aligning them with other financial institutions. The estimated universe of RIAs and ERAs impacted is around 20,000, and they have many hundreds of trillions of dollars of assets under their management. While implementation is two years from now — now may be the time for advisers to start preparing.
The investment advisory industry manages trillions of dollars globally, making it an attractive target for criminals seeking to launder money. By extending BSA obligations to RIAs and ERAs, FinCEN aims to create greater transparency, reduce systemic risk, and align advisers with global AML standards.
This change in regulation also reflects a broader trend toward effectiveness-based compliance, where regulators focus on outcomes rather than simply checking procedural activities.
Until now, RIAs and ERAs were not subject to the same AML requirements as broker-dealers or banks, leaving the investment advisory sector exposed to financial crime risks.
The new rule requires advisers to implement risk-based AML programs, verify customer identities through Know Your Customer (KYC) procedures, and report suspicious activity, among other requirements.
These measures aim to strengthen the integrity of the US financial system and reduce opportunities for illicit activity.
Firms need to establish and maintain a written AML program that reflects their risk profile and appetite. They are required to verify client identities through a Customer Identification Program (CIP) and keep detailed records of these checks.
Advisers also need to monitor transactions and file Suspicious Activity Reports (SARs) when they detect potential money laundering or terrorist financing.
In addition, firms will need to conduct independent testing of their AML controls to make sure they are effective and compliant with regulatory expectations.
The rule directly affects RIAs registered with the Securities and Exchange Commission (SEC) and ERAs that report under SEC rules. However, the impacts of this change could extend beyond advisers themselves. Service providers such as custodians, fund administrators, and technology vendors may also need to adapt, as advisers could ask for stronger compliance measures from their partners to meet regulatory obligations.
Implementation of the final rule was postponed until 2028, giving firms a larger window to prepare for compliance. Advisers will need to have fully operational AML programs in place within the next two years as examinations and enforcement actions will then begin, and firms who fail to comply could face consequences.
The U.S. Securities and Exchange Commission (SEC) will examine RIAs and ERAs for compliance with the rule. FinCEN retains primary enforcement authority under the BSA and may coordinate with the SEC on referrals and actions. Non-compliance may result in civil monetary penalties, enforcement actions, and reputational damage. Firms who fail to act promptly risk not only regulatory impacts but also losing customer trust.
Ahead of the deadline, compliance teams can think about the following steps to prepare:
Moody’s offers a suite of solutions that could be used to help address the requirements introduced by FinCEN’s AML rule.
Our automated KYC and AML risk screening solutions support firms to verify identities, assess beneficial ownership, and monitor counterparties against global sanctions and watchlists.
For advisers implementing Customer Identification Programs, Moody’s provides dynamic identity verification and adverse media screening, helping firms conduct compliance activities more efficiently.
In addition, our third-party risk management platform supports continuous monitoring of suppliers and service providers, so advisers can manage risk across extended networks.
With integrated data analytics and AI-driven insights, Moody’s solutions help firms transition towards an effectiveness-based compliance approach, reducing manual processes, and improving risk visibility. By leveraging these tools, RIAs and ERAs can accelerate readiness for the 2028 deadline — strengthening their overall risk management framework.
The FinCEN AML rule for RIAs and ERAs represents a shift for the investment advisory sector. With the effective date set for 2028, firms can act now to build robust AML frameworks that help them with compliance activity and help protect against financial crime risks.
Proactive preparation is key—as is compliance and risk management for long-term resilience.
For more information on Moody’s KYC and AML solutions, please get in touch with the team at any time. We would love to hear from you.
*Disclaimer: This content is for informational purposes only and does not constitute legal, financial, compliance or other professional advice. Please consult with a qualified professional for specific legal, financial, compliance, or other professional advice. For more terms and conditions pertaining to Moody’s products and services, refer to the disclaimer on Moody’s website.