FinCEN Pauses the Clock: AML Deadline for RIAs Pushed to 2028
FinCEN has just announced it is giving Registered Investment Advisers (RIAs) two more years to get their anti-money laundering (AML) ducks in a row. The new effective date is January 1, 2028, instead of the original January 1, 2026. That's a delay affecting almost 16,000 SEC-registered advisers out there, all together managing over $140 trillion for about 68 million clients. It's a massive market pause one with an interesting backstory.
Just for added perspective: as of late 2022, U.S. advisers reported over $284 billion in private fund equity held by foreign investors whose real owners often remain totally unidentified. Gaps like this are exactly why regulators wanted new AML rules in the first place.
Background: How We Got Here?
A couple months ago, FinCEN dropped its final AML rule for RIAs, dropping investment advisers right in the middle of Bank Secrecy Act requirements for the first time. That meant RIAs plus certain exempt reporting advisers were officially being made "financial institutions" under the law. (We covered FinCEN rules in more detail pretty recently.)
The main deal: RIAs would have to stand up full-blown AML programs as part of their RIA compliance requirements, submit Suspicious Activity Reports (SARs) every time something looked off, keep all sorts of transactional records, and even comply with the so-called "Travel Rule" for certain money transfers. The SEC would become their examiner on AML, right alongside their usual oversight.
Why the sudden urgency? Criminals.
Treasury's 2024 risk review openly said that the absence of required AML for advisers had turned some corners of the industry into a playground for dirty money (think sanctioned oligarchs and anonymous billions bouncing through shell structures). One Treasury review even flagged that, as of late 2022, advisers reported over $284 billion in private fund equity owned by foreigners whose real identities were basically a black hole. This wasn't just an American problem: international bodies had been calling attention to this, too.
So until now, most firms were treating that 2026 deadline as non-negotiable. No one at Treasury was signaling otherwise, and it's not every day you see both political parties in Washington agreeing that financial crime has had a free lunch for long enough. The Investment Adviser Association (IAA), among others, had been trying to get some breathing room, but honestly? Not much luck, until now.
Why the Delay, and Why Now?
According to FinCEN's own words, this is not about walking back on oversight. They said the time is needed for "efficient regulation that appropriately balances costs and benefits." Which, if you read between the lines, means: regulators think they moved a bit fast, and they want to avoid slamming thousands of advisers with rules designed for big banks.
There's been huge pressure from the industry, and not just from lobbyists collecting air miles. Many advisers don't actually handle client money themselves, it sits with big custodians or banks so their direct AML risk might be low. Yet under the AML rule, even those with hardly any actual money-laundering exposure would have to hire people, buy tech, and file SARs left and right. The IAA made a fuss about the costs and the duplication basically, why make advisers build systems that custodians and banks already operate? Even the National Venture Capital Association (not exactly home to hardened compliance nerds) said the rules would punish start-up financing in a way that didn't really match the risk.
So, now: the pause button. And the Treasury keeps saying this is a regulatory breather. They plan to use it to figure out which types of advisers really need bank-style AML and which deserve to be left alone. Plus, they're planning to sync up the long-stalled Customer Identification Program (CIP) rules for RIAs so firms won't need to scramble through overlapping deadlines in a couple years' time.
Industry watchers get that this is just a timeout. The smart money is already making preparations behind the scenes.
What RIAs Should (Actually) Do With This Time?
If anything, the advisers who start retooling their compliance now before the rush end up saving cash and avoiding headaches down the road. It’s only logical to assume that early birds on AML compliance end up spending less and dodging operational messes when the rules finally go live.
A lot of the biggest headaches flagged by the Treasury like not knowing who's behind a fund structure, or missing red flags because there's no SAR reporting can be fixed by moving early, voluntarily. Some advisers have already bolted on AML practices (as part of operations or under so-called no-action relief with their broker-dealer partners) and apparently life goes smoother for them now. Onboarding solid ID checks, adding training on financial crime, testing tech, and plugging known holes in compliance now just means you're ready when this becomes mandatory (and who wants to be the firm with a news headline next to its name?).
Technology Isn't Optional Anymore
Yes, keeping up with AML rules can get expensive. North American financial institutions coughed up something like $46 billion for financial crime compliance last year prices that keep going up. Throwing technology at the problem bends that cost curve. Firms that start testing software and integration now are going to be handling compliance as a basic routine when 2028 actually hits. Wait, and you'll just be playing catch-up under the gun.
Pretty much everyone in finance is going digital for compliance. One survey showed that 53% of companies are already ramping up with new tech to deal with regulatory pressure, and another recently said that 98% of financial firms in the UK plan to add AI and machine learning for compliance by 2026. RIAs that get ahead of the curve, especially the smaller ones, will find that early investment in automation and smart software means less chaos and fewer mistakes later.
What Luthor Can Do (and Already Does) for RIAs?
Now seems as good a time as any to mention that this is exactly the kind of situation where Luthor shines. If you want actual results, not just a "compliance tickbox," here's what an AI-powered compliance solution might really get you:
- Automated AML, CFT, and marketing compliance, including smart SAR logs, risk scores, and document generation.
- Advanced AI tools to surface missing data, file regulatory forms, and streamline reviews without the slog of hunting down errors.
- A compliance dashboard that puts everything in plain sight for the chief compliance officer. No more hoping someone remembers a filing due next month. And more.
So, in this gap year for regulatory deadlines, you're not sitting still. Luthor isn't, either.
We're helping advisers get everything in line, automating the annoying parts, and making it easier for your team to spot problems before the regulators do.
Well, one more thing, don't wait for FinCEN to decide what kind of adviser you are. Set your playbook while you have the time, use the new tools, run the tests.
TL;DR: Use the Delay, Don't Waste It
To wrap up, here's the bottom line: FinCEN gave advisers more time, but the requirements aren't going away. The compliance finish line just moved, nobody erased it. Use this window to fix the gaps, test your systems, and train your staff or you'll be back in the panic queue when 2028 lands.
If you've got questions or wonder how to even start sorting out compliance chaos, you might want to try a demo of Luthor. We're an AI tool made for compliance professionals, helping you review marketing assets, automate policies, and stop wasting your days playing "Where's that disclosure?" You don't want to get tangled in another rush. See for yourself request demo access.
Take the time. Avoid the mess. Less drama, more peace of mind. We're happy to help with that.
