AML Guide Part 2: AML/CFT Monitoring

Part II: Creating an Anti-Money Laundering (AML) Monitoring Program for Investment Advisers

AML investment adviser compliance: Is an AML/CFT monitoring program required for registered investment advisers and exempt reporting advisers?

Yes. The FinCEN issued rule requires investment advisers to adopt risk-based monitoring processes which involve asking questions and analyzing activity to detect potential money laundering, terrorist financing, and other illicit finance risks and report suspicious transactions and activity when applicable.

Note: State registered investment advisers are not yet required to adhere to these implementing regulations or USA PATRIOT Act requirements, but these advisers should consult their state securities regulator. Also, some advisers subject to exchange commission (SEC) registration may be exempt if they are mid-sized or qualify for another exemption.

What are the main objectives of the AML/CFT monitoring program?

The primary objective as described in the FinCEN issued rule is to establish adequate monitoring processes so that your firm can effectively identify AML/CFT red flags and suspicious activity. Once identified, suspicious activity must be reported as required by the final rule.  As FinCEN (Financial Crimes Enforcement Network) and the Bank Secrecy Act has stated, the ongoing monitoring obligation is intended to apply to “all transactions by, at, or through the financial institution”.

When should I develop an AML/CFT monitoring program?

This is the one of the first steps for covered investment advisers and should be completed prior to the effective date of the final rule. It should also be formulated before the adoption of your AML/CFT Program, since written policies and procedures should clearly explain your monitoring processes. The FinCEN issued compliance date is January 1, 2026. We expect the Securities and Exchange Commission (SEC), as the examination authority, to begin examining advisers subject to this final rule in 2026.

What is the best resource for AML programs? Is there a Bank Secrecy Act (BSA) AML/CFT monitoring template I can use?

Investment advisers operate through a variety of business models. therefore, one generic AML/CFT program or template for this requirement is not practical. Covered advisers must develop a program based upon its own business profile and risk assessment.

Does monitoring only apply to accounts which I actively manage?

No. FinCEN proposed to apply the requirements to all advisory services provided by an investment adviser, including services that do not include the management of customer assets.

Therefore, per the final rule, an investment adviser will be required to apply an AML/CFT program to all advisory services provided to its customers. So this may include, for example, financial planning and the selection of other investment advisers. (Note: This does not apply to foreign-located private fund advisers and state registered advisers. Such advisers should monitor for other requirements.)

What is a “risk-based” approach?

To apply a risk-based approach means that a covered adviser should focus on elements of its AML/CFT program on activities or customers that it considers of elevated risk, and may comply with the BSA by applying more limited measures to those customers or activities that it identifies as lower or standard risk.

An investment adviser should review the types of services that it provides and the customer profile information to identify the investment adviser’s vulnerabilities to being used for money laundering, terrorist financing, and other illicit finance activities. The adviser will also need to review investment products offered, investment strategies and recommendations, types of accounts opened, distribution channels, intermediaries, and geographic locations of customers and advisory activities.

Registered Investment Advisers and Exempt Reporting Advisers should also evaluate types of customers opening such accounts and related information about such customers, including their geographic location, sources of wealth, and investment objective.

What about private fund advisers? Should I monitor investors of a private fund if they aren’t “customers”?

To assess the risk of a private fund customer under the rule, registered investment advisers and exempt reporting advisers should gather information about the structure and ownership of the fund. Also, information about the investors in that private fund, (not necessarily “customers” of the investment adviser), and the nature of the information received such as geographic location. Unfortunately, there are no related private fund adviser exemptions which can provide relief.

When an investment adviser is unable to ascertain the true identity of investors in a private fund, the adviser may determine that the fund as a customer poses an elevated risk for money laundering, terrorist financing, or other illicit finance activity. When a private fund adviser’s vulnerability to AML/CFT activity is elevated, the adviser’s procedures should address steps to address these risks to prevent the investment adviser from being used for illicit activity, and to achieve compliance with BSA/USA PATRIOT Act monitoring and filing requirements.

Do I need to gather additional customer information to satisfy anti-money laundering compliance obligations?

Possibly, and this could also benefit other adviser act requirements. An adequate “customer risk profile” is important as its purpose is the gather information at the time of forming a new advisory relationship. Examples include income, net worth, other investments, goals, and risk tolerance. This information (also important to satisfy the advisers act) forms a “baseline” against which customer activity is evaluated for suspicious activity reporting.

Regarding private fund advisers / exempt reporting advisers and underlying investors, and per the final rule, the investment adviser may need to collect additional information. Without information on the underlying investor, it would be difficult to develop a baseline for AML/CFT monitoring and suspicious activity reporting. (Note: Private fund adviser exemptions applicable to exempt reporting advisers do not assist here.)

For pooled investment vehicles, when the fund does not provide baseline investor information, the investment adviser should reflect this in the risk assessment and monitoring procedures.

Does the final rule require investment advisers to implement an automated system for monitoring?

No. FinCEN clarified in its final rule that automated systems are not necessary for transaction and activity monitoring. The type of transaction monitoring utilized by an investment adviser should be commensurate with its risk profile and the adviser should have reasonable internal policies, procedures, and controls to monitor and identify red flags and suspicious activity.

As FinCEN clarified in the preamble to the CDD Rule, the anti-money laundering monitoring obligation is intended to apply to “all transactions by, at, or through the financial institution.”

Should I utilize automated anti-money laundering reports/technology for conducting ongoing monitoring?

It depends on volume of activity and number of clients/investors, and whether manual reviews are practical. It may not be necessary to pay fees for automated solutions, but these solutions may be highly effective and efficient for monitoring, if they are customized to your business. We expect custodians to offer tools and reports to assist with these efforts. When evaluating options, consider the following:

  • What is the total volume for the particular type of transaction to be monitored? For example, if client deposits or distributions are very infrequent, you could probably implement a manual process instead of finding an automated solution.

  • Is any trading done by customers, or is it all portfolio manager driven? If all trading is discretionary, it may be easier to monitor this activity manually. There are other factors to consider, such as trading strategies, but overall this should be easier to manage if transactions are not client directed.

  • Can the criteria for reports/alerts be customized for my business?

  • What activities / clients are high risk, and how can technology help lower my risk?    

What factors should be considered in developing my investment adviser’s AML/CFT monitoring program?

Services provided by the investment adviser: Advisory activities include, for example, asset management, financial planning, and the selection/recommendation of other advisers and investment managers.

Investment Products: Some products may require a longer holding period, such as a private Regulation D offering, versus a publicly traded stock which can be actively traded. The ability for a client/investor to purchase or sell an investment quickly should be considered. Also, regarding public equities, some are more commonly ties to market manipulation such as low-priced securities (penny stocks), microcap securities, and thinly traded securities.

Investment Strategy: For example, holding investments long-term versus actively trading (day trading). The use of an algorithm is also a unique risk, which should be evaluated to ensure there are no trading patterns which could indicate manipulative trading.   

Customers/Investors: This could include individuals, institutions, pooled investments, pension plans, and other advisers. Individuals tend to require the most monitoring as a result of the activities performed. For example, individuals may conduct more money movement activity (ACH/wires/check writing).

Accounts: For example, taxable investment only accounts, retirement accounts, accounts which offer cash management services.  

Distribution Channels: Direct interaction with customers vs. robo-advice. Referrals vs. cold calling. These are all important factors.  

Intermediaries: Is there a legal entity customer or other entity between you and the ultimate client/investor? Certain financial institutions such as banks and broker-dealers may have robust compliance processes. Due diligence will ascertain how these other financial institutions identify and verify customers and beneficial owners for compliance and USA PATRIOT Act compliance.

How should the AML Compliance Officer conduct AML/CFT monitoring for retail asset management customers maintaining separately managed accounts? What are some examples of monitoring?

Monitoring should be conducted on a risk basis through Compliance or appropriate personnel to identify suspicious transactions and money laundering. This is generally conducted through:

  • Daily and ongoing contact with your customers. Conducting ongoing customer due diligence is crucial. The good news is, you are most likely already doing this during client calls and portfolio review meetings. By gathering and updating customer relationship information (e.g. objectives, goals, income needs, etc.) you obtain information to form a solid baseline to then identify red flags. This also assists with other elements of the investment advisers act and is part of customer due diligence requirements.

  • To supplement client interaction, Compliance should also review customer transactions on an ongoing basis.

Examples of anti-money laundering ongoing transaction monitoring:

  • Reviewing incoming deposits and outgoing disbursements, with a focus on frequent money movements

  • Money movement which is just under reporting thresholds

  • Transactions which are inconsistent with the client profile information on file. For example, deposits over a specific dollar amount which exceeds a clients income.  

  • Non-discretionary trading of low-priced securities

  • Significant trading just prior to a major news announcement  

  • The deposit of cash equivalents (cashier’s checks or money orders)

  • Receipt of wires from a foreign country

  • The deposit of securities, either in certificate form, or from another institutions, outside of the new account ACAT process  

  • Foreign entities deemed a compliance “high risk” for tax evasion who engage in large or frequent currency transactions, or subject to special measures

How should I document we are adhering to our AML program requirements including filing requirements?

There are five important elements of maintaining proper review documentation:

  1. Description of the reviews performed.

  2. Name(s) or person(s) who completed reviews. (Generally AML compliance officer or designee subject to ongoing training)

  3. Date of completion.

  4. Results of review. (i.e. “no issues” or notes to describe potential issues)

  5. Follow up action taken on issues, if applicable.  

April 14, 2025 | by  amlaudit

Write A Comment

Your email address will not be published. Required fields are marked *

Recent posts