Registered Investment Advisers are facing a historic shift in regulatory expectations. FinCEN’s 2024 final rule places RIAs directly under the Bank Secrecy Act, mandating independent AML and CFT programs with the same rigor expected of banks and broker-dealers. For years, advisers relied heavily on custodians to handle AML responsibilities, believing that oversight of client account flows was sufficient to satisfy regulators. That assumption is now obsolete.
As January 1, 2028 approaches, RIAs must redesign how they manage financial crime risk, client due diligence, and reporting obligations. The firms that adapt early will avoid regulatory pressure, business disruption, and reputational risk. The ones that wait may find themselves scrambling to implement complex systems without the time, staffing, or structure required to do it effectively.
Advisers are asking important questions: What does an independent AML program actually involve? Why can’t custodians cover these controls anymore? What tools or workflows are required to stay compliant without overwhelming compliance teams?
The answers reveal a central truth: AML success requires full control of data, risk insights, and decision-making. The era of dependent compliance is ending.
Why RIAs Can’t Rely On Custodian AML Controls
Custodian oversight has historically provided a narrow view of transactional activity. Although custodians monitor transfers into and out of accounts, they do not monitor advisory-level behaviors such as fee arrangements, external investment instructions, or cross-platform movements. As a result, suspicious behavior that emerges through the advisory relationship itself often goes unnoticed.
FinCEN’s ruling clarifies that AML responsibility cannot be delegated. Suspicious Activity Reports must be filed by the party with actual visibility into red flags. A custodian cannot assess risk tied to client intent, beneficial ownership structures, or unusual advisory requests. Those fall under adviser responsibility.
This is the foundation of the shift outlined in Custodian’s AML Program No Longer Covers RIAs: Why You Need Your Own Compliance Solution, which explains why firms must build autonomous monitoring and reporting capabilities instead of relying on third-party coverage.
What Independent AML Compliance Looks Like For RIAs
To comply with the rule, every RIA must build a complete AML framework aligned with BSA requirements, including:
- Ongoing customer due diligence and beneficial ownership verification
- Transaction monitoring for advisory payments, subscriptions, redemptions, and transfers
- SAR investigation and filing workflows for suspicious activity above $5,000
- Independent testing and third-party audits
- Role-based AML training programs
- Documented policies and leadership-approved controls
The shift transforms how RIAs manage data. To evaluate risk accurately, firms must consolidate identity information, advisory flows, and transaction patterns in one system rather than spread across disconnected tools. Fragmentation weakens investigative accuracy and increases compliance exposure.
Why AML Ownership Strengthens Competitive Positioning
AML programs are no longer viewed strictly as regulatory obligations. They serve as signals of institutional integrity. Research from PwC shows 84 percent of wealth management clients prefer firms with strong risk and security controls, viewing them as indicators of professionalism and safety.
Independent AML programs increase transparency with investors, reduce friction during institutional allocation reviews, and prevent costly remediation cycles when regulators demand proof of risk oversight.
Strong compliance is a competitive differentiator, not just a safety mechanism.
Common Challenges When Building Independent AML Programs
RIAs shifting into ownership roles often encounter predictable obstacles:
Manual processes
Spreadsheet reviews and delayed reviews cannot support scaling or audit requirements.
Fragmented data environments
Client and transaction records spread across CRMs, custodians, and legacy reporting tools create blind spots.
No structured SAR workflow
Weak escalation rules increase risk of missed filing responsibilities.
Limited training
Compliance knowledge decays without structured reinforcement cycles.
Lack of independent testing
Exam success depends on provable, validated, and documented effectiveness.
Mismatched technology choices
Tools designed for banks rarely align with advisory workflows.
How Technology Enables Complete AML Ownership
Modern tools allow advisers to automate surveillance, reduce review workloads, and centralize data across advisory ecosystems. Solutions purpose built for RIAs support:
- Real-time monitoring and dynamic risk scoring
- Integrated CDD workflows and sanctions screening
- Consolidated audit logs and reporting dashboards
- SAR case management and approval routing
- Unified client and activity records for faster investigations
Platforms designed for advisers simplify compliance by combining multiple functions into one environment. A modern AML compliance solution can help RIAs replace custodial dependency with a scalable and audit-ready structure built for regulatory expectations.
Key Preparation Steps For Firms In 2025
- Conduct a detailed gap assessment mapping advisory processes to FinCEN rule components
- Centralize data sources and eliminate fragmented visibility
- Build clear escalation and SAR submission workflows
- Establish role-specific training and documentation practices
- Implement independent testing cycles before exam sweeps begin
- Communicate regulatory readiness clearly across investor relationships
Starting early reduces urgency pressure and strengthens institutional resilience.
AML Responsibility Is Now A Core Part Of Fiduciary Duty
Advisers cannot outsource AML responsibility. Regulators expect ownership. Investors expect transparency. Custodian coverage is no longer sufficient.
The advisory profession is entering a period where compliance quality reflects leadership quality. Firms that treat AML as a strategic investment instead of a cost obligation will gain a clear advantage.
Strong AML frameworks safeguard clients, reduce regulatory threats, and reinforce long-term trust. Building now positions advisers to lead confidently in a market shaped by scrutiny, accountability, and ethical responsibility.
A resilient compliance program is a growth strategy. RIAs that embrace independent AML ownership today will enter 2028 with strength, credibility, and stability.
