Delving into the details, we report that forthcoming and formidable US regulatory requirements mean that advisors will face a rocky road ahead.

Yes, it’s summertime and the living is easy. But an important – and potentially burdensome – regulatory deadline is looming for wealth managers and multi-family offices.

In less than six months RIAs with over $110 million in assets will have to significantly overhaul their due diligence and compliance functions to meet a slew of new requirements imposed by the final Anti-Money Laundering Rule from the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN).

The rule, which takes effect January 1, 2026, will be overseen by the Securities and Exchange Commission. It imposes a wide range of new compliance responsibilities on wealth managers, including sharing more detailed information about clients, reporting suspicious activities, implementing detailed anti-money laundering and “countering the financing of terrorism” programs with new written policies, monitoring, record keeping, independent testing, and staff training.  

Those formidable requirements mean that advisors will face a rocky road ahead, according to leading law firms specializing in regulatory compliance.

“Added burdens”
“RIAs may not have access to the appropriate technologies, reports and/or data points that will allow advisors to properly oversee transactions, red flags and detect suspicious activity,” said Thomas Yates, a partner and managing director at Advisor Assist who heads the firm’s regulatory monitoring. “This may require manual reviews, manipulation of custodial reports or purchasing additional technology.”

What’s more, “the added burdens of operational requirements, identifying red flags and performing Office of Foreign Assets Control reviews may place RIAs at a disadvantage,” Yates added.

The requirement to timely file SARs (suspicious activity reports), may be the biggest initial difficulty for RIAs, according to Joel Cohen, global chair of the white collar and investigations practice at White & Case.

“This is not an area that RIAs have focused on because they weren’t required to do so,” Cohen explains. “When other institutions, including banks and money transmitters, were swept within SAR filing requirements in the past, they tended in early years to over file, bombarding the system with many reports that probably didn’t need to be filed. Now there are many more experienced personnel, counsel and resources to turn to as these decisions are considered. But RIAs need to understand the significant limitations on sharing the contents of SAR reports with external sources or even within their organizations.”

Most RIAs don’t have the infrastructure to effectively identify suspicious activity, noted Richard Chen, managing partner at Brightstar Law Group. Nor do they have the internal resources to search for clients “who might be required to be reported to authorities” under the information sharing provisions of Section 314(a) of the USA Patriot Act, Chen added.

"Begin building out immediately"
Even firms who have already adopted Know-Your-Customer (KYC) best practice policies will be required to comply with the new rule, albeit having a head start. But for RIAs without these policies in place, the AML/CFT compliance obligation will create “a large shift in the way the RIA operates and will require significant time and attention,” according to a White & Case alert.

Wealth managers should begin building out reporting infrastructure and train staff on suspicious activity identification immediately, Chen said. Developing oversight and red flag monitoring should also be priorities, according to Yates. RIAs need to “determine how to obtain reports that provide the necessary details to identify risk areas such as third-party money movement and offshore accounts and transactions,” Yates said. 

RIAs shouldn’t simply import the full range of anti-money laundering controls and processes that non-RIA institutions are obliged to follow, Cohen stressed.

That’s because the AML rule has exceptions that reduce the RIAs’ regulatory burden, he explained. For example, the rule excludes bank and trust company sponsored collective investment funds from compliance obligations and does not include a customer identification program (CIP) requirement, nor the collection of beneficial ownership, data and information for an advisor's “legal entity customers.” 

“Training critical”
Training office staff will also be critical for meeting the rule requirements, experts agreed.

“RIAs will need to designate a person responsible for implementing the program, and providing supplemental training for the appropriate personnel, which means identifying which personnel that includes, and implementing risk-based customer due diligence,” Cohen said.

If possible, the designated AML Officer, should be “assisted by a delegate,” Yates said. “These individuals need training and education, so that they can adequately assess the firm’s specific risk profile based on client base, services, products, geography and operational structure, with the goal to tailor AML policies and procedures appropriately and, hopefully, make implementation manageable.”

Reduced role for custodians 
The new rule also means less RIA reliance on custodians, who the Treasury Department felt weren’t adequately monitoring and controlling AML risk. “Advisors can’t blindly rely on their custodians anymore,” said attorney Brian Hamburger, CEO of Market Counsel, a regulatory compliance consulting firm. “They’re going to have to add more guard rails.”

While RIAs may retain a third party to assist with implementing and operating the rule, advisory firms “will remain fully responsible and legally liable for compliance with applicable AML/CFT requirements,” according to a report released by the New York law firm Debevoise & Plimpton.

"A hotbed of enforcement activity"
So far, “very few RIAs have gotten very far in preparing for compliance with the new rule,” according to Chen. 

Dan Bernstein, chief regulatory counsel for MarketCounsel agreed, but while urging advisors not to wait until the last minute to have requirements in place. He also noted that “there’s no reason to be first. There may be more guidance coming and additional third-party providers. The SEC doesn’t expect firms to be perfect on January 1, but they better not have nothing in place either.”

Initial enforcement of the rule may be rocky, Cohen said. “The SEC does not have a history of doing this kind of oversight and so they will be learning on the job as well,” he explained. “That can lead to confusion, and sometimes to early days of clumsy over enforcement. Patience will be critical.”

Indeed, under the Bank Secrecy Act, which spawned the new rule for RIAs, AML compliance “has been a hotbed of enforcement activity,” according to Debevoise & Plimpton, “with banks and broker-dealers  being subjected to significant monetary penalties for technical non-compliance with AML/CFT requirements.”

Under the Treasury Department’s final rule for RIAs, those penalties may include criminal sentences for non-compliant advisors.

Part Two of this series will cover RIA reaction to the forthcoming AML Rule and a “cheat sheet” outlining what advisors need to do.