AML Compliance for US Wealth Managers and Investment Advisers 2026

US registered investment advisers (RIAs), broker-dealers, and wealth managers face a dramatically changed AML/CFT landscape in 2026. FinCEN's landmark Final Rule published in August 2024, effective January 1, 2026, extends Customer Identification Program (CIP) and Anti-Money Laundering obligations under the Bank Secrecy Act (BSA, 31 U.S.C. § 5311) to investment advisers registered with the SEC and state-registered advisers with AUM above $25 million. After decades of a regulatory gap, US wealth management now has binding federal AML requirements that mirror those long imposed on broker-dealers. This guide covers every obligation and how to operationalize them efficiently.

Who Is Covered: FinCEN's 2024 Investment Adviser Rule

The FinCEN Final Rule (31 CFR Part 1032) applies to: SEC-registered investment advisers (RIAs) regardless of AUM, state-registered investment advisers with $25 million or more in AUM, and exempt reporting advisers (ERAs) filing Form ADV with the SEC. Broker-dealers remain covered under existing 31 CFR Part 1023 rules and face no change, but must now coordinate AML programs with affiliated RIAs serving the same clients.

The rule became effective on January 1, 2026, with an 18-month grace period for full CIP implementation running through June 30, 2027. FinCEN estimated in the rule's preamble that approximately 15,000 RIAs would become newly covered. (FinCEN, Final Rule Investment Advisers AML/CFT Program)

Family offices relying on the SEC's "family office" exception under the Investment Advisers Act of 1940 (Rule 202(a)(11)(G)) are explicitly excluded from the new FinCEN rule. However, any family office that accepts non-family clients or files Form ADV loses this exclusion.

Five Core AML Obligations Under the BSA (2026)

1. Customer Identification Program (CIP)

The BSA's Customer Identification Program requirements (31 CFR § 1023.220 for broker-dealers, adapted for RIAs under the 2024 rule) require collecting and verifying the full name, date of birth, Social Security Number (SSN) or Tax Identification Number (TIN), and residential or business address for every individual customer. For legal entities: legal name, EIN or TIN, principal place of business, and identification of beneficial owners with 25% or more ownership under FinCEN's 2016 Beneficial Ownership Rule (31 CFR § 1010.230).

Acceptable US identification documents include a US passport, US driver's license, state-issued ID, or military ID. For foreign national clients — a significant segment in US wealth management — acceptable documents include a foreign passport with visa or other government-issued document. CheckFile supports over 3,200 document types across 32 jurisdictions, enabling verification of documents from international clients without manual re-keying.

2. Enhanced Due Diligence (EDD) for High-Risk Clients

SEC Rule 17a-8 (for broker-dealers) and the 2024 FinCEN rule (for RIAs) require Enhanced Due Diligence for:

• Politically Exposed Persons (PEPs) — defined under FinCEN guidance as foreign individuals holding prominent public positions and their immediate families
• Clients from FATF-designated high-risk jurisdictions (updated list published by FinCEN as Advisories)
• Complex legal structures — LLCs, trusts, partnerships — that obscure beneficial ownership
• Non-US persons transacting in amounts inconsistent with disclosed sources of wealth

EDD must include source of wealth (SoW) and source of funds (SoF) documentation. In compliance forums, US RIA compliance officers consistently flag that SoW verification for high-net-worth foreign clients is the most operationally intensive step, requiring coordination with tax counsel, estate attorneys, and foreign document translators.

For detailed EDD procedures, see our guide on enhanced due diligence for high-risk clients.

3. Ongoing Transaction Monitoring and Program Testing

The BSA's AML program requirements (31 U.S.C. § 5318(h)) require ongoing monitoring of customer activity for suspicious patterns. For RIAs, this means: reviewing investment activity against the client's stated investment objectives and source of wealth, flagging atypical redemption requests or unusual transfer patterns, and conducting periodic client reviews (annually for high-risk clients).

FinCEN's 2026 Examination Procedures for Investment Advisers specifically identify failure to monitor transactions for patterns inconsistent with stated SoW as a top examination finding, citing the risk of layering in structured note redemptions and private fund distributions.

4. Suspicious Activity Reports (SARs)

The AML program rule requires RIAs to file Suspicious Activity Reports (SARs) with FinCEN via the BSA E-Filing System when they know, suspect, or have reason to suspect that a transaction involves funds from illegal activity, is designed to evade BSA requirements, or lacks a lawful purpose. The filing threshold for SARs is $5,000 for known or suspected violations by an identifiable person.

RIAs must file the SAR within 30 days of becoming aware of the suspicious activity (60 days if no suspect is identified). The mandatory 5-year record-keeping requirement applies to SAR-related documentation.

For practical SAR guidance applicable to investment advisers, the FinCEN SAR Activity Reviews provide sector-specific typologies.

5. OFAC Sanctions Screening

All US financial institutions — including newly covered RIAs — must screen clients, counterparties, and transactions against OFAC's Specially Designated Nationals (SDN) List and other OFAC sanctions lists. OFAC screening is required before establishing any business relationship or executing any transaction. The OFAC SDN search tool is the authoritative source.

Violations of OFAC regulations can result in civil penalties up to $1,469,901 per violation (as of 2025, indexed for inflation) or criminal penalties up to $1 million and 20 years imprisonment for willful violations.

AML Risk Classification Table for US Wealth Managers

2026 Updates: Corporate Transparency Act and State-Level Rules

The Corporate Transparency Act (CTA), enacted in 2021 and effective January 1, 2024, requires most US corporations, LLCs, and similar entities to report beneficial ownership information (BOI) to FinCEN's secure BOI database. Investment advisers must verify that entity clients have filed their required BOI reports, as an unregistered beneficial owner is a red flag under the FinCEN AML rule.

Additionally, state-level AML requirements vary considerably. California, New York, and Massachusetts have more stringent state money transmission laws that may impose additional obligations on wealth managers operating in those states. New York's DFS Part 504 (Transaction Monitoring and Filtering Program Requirements) remains one of the most prescriptive state-level AML frameworks.

Penalties for Non-Compliance

FinCEN civil penalties for BSA violations can reach $250,000 per violation or twice the amount of the transaction, whichever is greater. Criminal BSA penalties reach $500,000 per violation and up to 10 years imprisonment. The SEC has authority to impose its own sanctions, including disgorgement, penalties, and revocation of registration, for AML failures that constitute securities law violations.

For a comprehensive view of AML obligations across all sectors, see our complete AML compliance guide.

How to Automate AML Document Verification for US RIAs

The FinCEN 2024 rule's CIP and EDD requirements create significant new document management obligations for RIAs. Firms that previously relied on informal client documentation processes now need systematic, auditable workflows. CheckFile provides an API-driven approach to document verification that scales from simple CIP photo ID checks to complex multi-document EDD packages for foreign PEP clients.

The API integration embeds these controls directly into CRM and portfolio management systems (Salesforce, Orion, Black Diamond) without disrupting the adviser workflow. See pricing details or contact us for a compliance-focused demo.

Frequently Asked Questions

Are state-registered investment advisers with less than $25 million AUM covered?

No. The FinCEN 2024 Final Rule explicitly covers only SEC-registered RIAs and state-registered advisers with $25 million or more in AUM. Advisers below this threshold are encouraged to implement voluntary AML programs but face no federal mandate under the 2024 rule. However, they remain subject to state securities laws and may be required to implement AML controls under state-level legislation in certain jurisdictions.

What is the grace period for full CIP compliance under the FinCEN 2024 rule?

FinCEN's Final Rule set an 18-month implementation grace period from the effective date of January 1, 2026, giving RIAs until June 30, 2027 to have fully implemented CIP procedures. However, firms are expected to demonstrate good-faith implementation progress during examinations conducted before that date.

How does OFAC screening differ from standard KYC?

OFAC screening is a real-time sanctions check against Treasury's SDN list and other embargo lists — it is a legal compliance obligation separate from and in addition to KYC/AML. KYC verifies who the client is; OFAC checks whether the US government prohibits doing business with them. Both checks must be run at onboarding and periodically thereafter, especially when new OFAC designations are published.

Are foreign nationals working in the US subject to the same CIP requirements?

Yes, but with adaptations. For foreign nationals, the CIP may use alternative documentary evidence such as a foreign passport, government-issued photograph ID, or, for foreign nationals without SSNs, an Individual Taxpayer Identification Number (ITIN). The firm must document its reliance on alternative documents and apply risk-appropriate scrutiny to the relationship.

How long must SAR-related records be kept?

Five years from the date of the SAR filing or from the date the suspicious activity was first discovered, whichever is later. All underlying documentation that supported the decision to file (or not to file) a SAR must be retained for the same period.