In an era of rapid technological advancement and globalization, the landscape of financial crimes is evolving at an unprecedented pace.
As financial systems become more interconnected and reliant on digital transactions, the tactics used for money laundering, fraud and other financial crimes – including those connected to terrorism – are also becoming more sophisticated. This daunting environment has necessitated a proactive approach from the governing body in charge of combating financial crimes.
On Aug. 28, 2024, the Financial Crimes Enforcement Network (FinCEN) announced a landmark rule that will reshape compliance standards for registered investment advisors (RIAs) and exempt reporting advisors (ERAs) across the United States. Under this rule, RIAs and ERAs were added to the definition of “financial institution” under the Bank Secrecy Act (BSA).
This new regulation mandates that advisors implement a comprehensive anti-money laundering (AML) and countering the financing of terrorism (CFT) program by Jan. 1, 2026. This significant shift aims to mitigate illicit finance risk, enhance transparency and integrity within the financial system, and align with international standards. These changes are part of a broader effort to safeguard the financial system and national security.
However, in some instances, there is confusion regarding the interchangeability of an AML/CFT program and a know your customer (KYC) program. Additionally, there is uncertainty about whether compliance with the BSA is required for organizations that are not a bank.
With this in mind, let’s address some important questions you may have.
To start, let’s make sure you can visualize the relationship between AML/CFT and KYC. We’ll spell out the acronyms again for additional clarity: KYC (know your customer) is a critical component of AML (anti-money laundering) efforts, which, in turn, are part of the broader framework established by the Bank Secrecy Act (BSA).
To help you further visualize this:
For additional background on the scope, impact and key elements of the legislation – including five key steps in establishing a compliance framework – check out our recent article on navigating FinCEN’s final rule.
Now that we understand the basics, let’s dig a little deeper into the intricacies of AML/CFT and KYC.
Anti-money laundering (AML) refers to a comprehensive set of laws, regulations and procedures designed to prevent and detect the process of making illegally obtained funds appear legitimate. Financial institutions implement AML programs to identify suspicious transactions and ensure compliance with legal obligations. This includes employing various monitoring techniques to scrutinize transactions for patterns that may indicate money laundering or other financial crimes. Effective AML measures not only protect the integrity of the financial system but also help institutions avoid severe penalties and reputational damage associated with non-compliance.
Meanwhile, KYC is a vital process within the AML framework that helps ensure that customers are who they claim to be and assess their potential risk for illegal activities such as money laundering or fraud. KYC procedures require financial institutions to gather essential information about customers, such as their name, address, date of birth and identification documents.
KYC procedures also incorporate compliance with the Office of Foreign Assets Control (OFAC) regulations to ensure that financial institutions do not engage in transactions with individuals or entities that are subject to U.S. sanctions. As part of identifying the customer, financial institutions must check customer information against OFAC’s list of specially designated nationals (SDNs), and other sanctions lists to ensure they are not dealing with prohibited parties.
However, KYC is not just a one-time check. Rather, it requires ongoing vigilance, as customer profiles can change over time, necessitating regular updates and reassessments to ensure that any emerging risks are promptly addressed. By conducting thorough due diligence, institutions can evaluate the risk posed by each client and tailor their monitoring efforts accordingly. By integrating KYC into AML programs, financial institutions form a robust defense against financial crimes, while enhancing transparency and accountability in the financial sector.
As FinCEN’s final rule has become a larger conversation topic with RIAs and ERAs that we work with, we’ve observed multiple misconceptions regarding the responsibilities that they face under the final rule. Let’s briefly highlight some of the areas of confusion that we have seen and continue to see, as it pertains to this important topic:
Another common area of confusion surrounds the industry terminology. Banks typically refer to the monitoring and prevention of financial crimes as “BSA,” while other organizations may use “AML” to describe the overall concept. Additionally, some financial professionals refer to their compliance responsibilities as “AML/KYC,” further blurring the lines between the two. Meanwhile, FinCEN uses the term’ “AML/CFT programs,” which stands for anti-money laundering and countering the financing of terrorism. These varying naming conventions further complicate the overall understanding (and differentiation between) these key concepts.
Finally, another complicating factor is that FinCEN may at any time change the broad definition of what qualifies as a financial institution under the BSA. In fact, that’s what happened in this particular instance, as RIAs and ERAs have now been grouped together with banks, insurance companies, casinos, broker/dealers and other types of institutions. Needless to say, as the definition continues to evolve (in response to evolving risks in money laundering and terrorism financing typologies), that adds a layer of complexity to the already tenuous industry-wide understanding of this topic.
Preparing for FinCEN’s Jan. 1, 2026 effective date
Above all, we want to emphasize the importance of getting started right away. Waiting a month or two would be a mistake. Waiting six months would be a major mistake. Please get going now – because the amount of time required to build a fully functional AML program can be significant.
To comply with the new rule, the following steps are suggested:
We’ll have much more on these steps – and the entire compliance process – in the next article in our series, which covers the cost of compliance.
In the meantime, contact us if this seems overwhelming or if you’re unsure where to begin. One of our financial crimes specialists will reach out to you to discuss your organization’s current compliance needs.
Protect your organization, your customers, your community and the global economy. Bringing together BSA/AML/KYC/CFT solutions and investigative experience to strengthen your control environment, prevent and detect financial crimes and reduce regulatory risk.
