AML Guide Part 1: Risk Assessment

The final rule goes into effect January 1, 2026.

Part I: Creating an Anti-Money Laundering Risk Assessment for Covered Investment Advisers

AML investment adviser compliance: Is an AML/CFT risk-assessment necessary/required for registered investment advisers and exempt reporting advisers?

Yes. The final rule issued by Financial Crimes Enforcement Network (FinCEN) states that certain investment advisers (including exempt reporting advisers) should design a risk assessment to identify specific risks presented by its various services and customers.

The final rule will require an investment adviser’s AML/CFT program to adopt adequate risk-based procedures for conducting ongoing monitoring to identify red flags, and report suspicious activity. and to maintain customer profile information.

When should I develop an AML/CFT program risk assessment?

This is the first step for certain registered investment advisers and should be completed prior to the effective date of the final rule and adoption of your AML/CFT Program. The compliance date is January 1, 2026. We expect the Securities and Exchange Commission as the examination authority to actively begin examining this final rule in 2026.

What are the main objectives of the AML/CFT investment adviser assessment?

The Risk Assessment is necessary to support the following critical elements which are required by the final rule:

1.      AML/CFT Program Policies and Procedures Manual: The final rule requires registered investment advisers and exempt reporting advisers to implement a risk-based and reasonable designed AML/CFT program. (Herein called “AML Program”) This program should be based on the firm’s customers, services, investment products, and other factors so that it can effectively identify money laundering and other illicit finance activities.     

2.       AML/CFT Program Monitoring: The final rule requires that investment advisers implement a risk-based approach to analyze potential money laundering, terrorist financing, and other illicit finance risks. (Herein the use “money laundering” or “AML” should be viewed to include terrorist financing and other illicit finance risks.) By designing a comprehensive risk assessment, this will form the foundation for establishing adequate and customized anti-money laundering monitoring processes to detect red flags and perform ongoing customer due diligence, which leads to the adviser’s obligation to submit suspicious activity reports.

3.       AML/CFT Program Training: The final rule requires ongoing training for appropriate persons. A risk assessment can assist in determining training topics and the frequency of training. For example, if an adviser only has institutions as clients, then training materials which focus on retail clients may not be relevant. In addition, if the investment adviser’s customers are only US federally regulated financial institutions, it may be appropriate (other factors come into play here) to conduct training less frequently than training conducted by a retailed-oriented registered investment adviser.  

What factors should be considered in my investment adviser’s AML/CFT program risk assessment?

Customer Risk: This type of customer should be a primary consideration when assigning categories of risk. FinCEN does not officially recognize certain types of customers as low or high risk, they are giving the adviser the flexibility to make that determination. Historically, many in the industry would consider the following entities to be of lower risk:

·       Pension/retirement plans

·       US government entities, including municipalities and state agencies

·       Other Registered Investment Advisers/ other US federally regulated financial institutions (e.g. SEC, OCC) subject to Bank Secrecy Act

·       Publicly traded companies, if on a major exchange (e.g. NYSE)

In contrast to the above, private banking accounts and certain foreign financial institutions may be considered higher risk due to a history of illicit financial risks. Regarding individuals and retail accounts (including legal entity customers), which many in the industry would consider to be of higher risk, there could be several other factors (sub-categories), including:

·       Manner in which customer was introduced to the firm (e.g. cold call or long-term acquaintance of advisor)

·       Location of customer (US or foreign). If foreign, different countries may vary by risk. (The US State Department publishes reports on AML risks by country which may be useful to refer to.)

·       Results of customer risk profile information and conducting ongoing customer due diligence   

Investment Risk: The types of investments offered/managed should be another consideration. For example, there are AML risks relative to the trading of individual stocks (especially “microcap” stocks) which do not apply to mutual funds. There are also risks relating to investment strategy (e.g. day trading, robo advice) which should be considered.

Services Risks: There are various advisory services offered by investment advisers, with the most common services being financial planning and asset management. The majority of SEC registered investment advisers engage in active asset management and have at least $100 million in assets under management. For firms who offer both discretionary and non-discretionary management, there are differences which should be evaluated as this may also effect investment risk as described above.

Transaction Risk: Outside of securities transactions, there are other account-related transactions which may increase the firm’s risk profile and require additional monitoring. Many of these involve money movement and should be evaluated as part of the assessment. For example:

·       The receipt of customer checks and/or physical securities (stock certificates) for deposit/forwarding to the custodian.  

·       Incoming and outgoing wires and ACHs, especially if instructions are accepted to transfer funds to third parties

·       Customer debit/credit card activity

·       Customer checkwriting/billpay activity

·       Deposits of securities (DTC, ACAT) from an outside account   

Other AML/CFT Risks: The investment adviser’s profile may also be affected by the below. These other factors should be evaluated and memorialized in the risk assessment to be best prepared for compliance with the final rule:

·       Services provided by affiliates (including broker-dealers and other financial institutions)

·       Past regulatory examinations and independent testing which identified deficiencies relative to anti-money laundering or illicit finance activities.

·       SEC examination priorities / areas of focus and risk alerts

·       Technology capabilities

·       Reporting available from custodians

Investment advisers can develop their own method to calculate and assign risk.

How should I document the investment adviser AML/CFT assessment?

Neither the final rule nor investment advisers act dictate how this should be memorialized, so the firm has flexibility to document this in a manner which works for them. We expect many firms to use a spreadsheet, to explain the various risks, and assign a risk rating.

The rating system could be as straight forward as “low risk” and “high risk”, or it could be more advanced using a numbering system which would more likely be employed by larger institutions. The assessment should be continuously reviewed and updated when necessary, and each version should be dated and retained in accordance with record retention policies and rules.

——-  

Conclusion

In conclusion, investment advisers have the flexibility to design a risk assessment and anti-money laundering program which is customized to their business. Treasury Department/Financial Crimes Enforcement Network (FinCEN) acknowledged that AML/CFT programs for covered investment advisers should be reasonably designed and risk-based, consistent with the investment adviser’s risk assessment and profile, and is adopting an AML/CFT program rule that requires policies, procedures, and controls to be reasonably designed to prevent the investment adviser from being used for money laundering, terrorist financing, or other illicit finance activities, as well as risk-based procedures that consider an investment adviser’s risk profile.

More Information

If you are a financial institution such as a covered investment adviser (including exempt reporting advisers and multi state advisers) and have questions regarding your AML/CFT program or applying USA PATRIOT Act/Bank Secrecy Act or FinCEN anti-money laundering requirements, please contact us.

We can offer guidance on program development and independent testing for a variety of other financial institutions including foreign located investment advisers, foreign located private funds including venture capital funds, state registered investment advisers, pension consultants, broker-dealers, foreign private advisers, and other financial institutions.

Are you prepared for independent testing?

For questions regarding this final rule for financial institutions or a quote for investment adviser independent testing from a qualified outside party, please contact ITA Compliance at [email protected] or 617-854-7500.

February 27, 2025 | by  amlaudit

Write A Comment

Your email address will not be published. Required fields are marked *

Recent posts