AML for investment advisers: What’s changing and why it matters

In July of 2025, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) made a change to the long-awaited AML rule for investment advisers. Instead of it immediately going into effect, firms would have until January 1, 2028, to reach full compliance. The announcement of the AML compliance deadline extension provides a window for most firms to adapt, determine how to strengthen anti-money laundering, and ensure AML/CFT obligations are met. 

While the breath of air from an extension helps, it may not be the wisest move to wait. With recent investigations of leading banking institutions, integrating now can offer many companies a competitive advantage. Instead of remaining vulnerable to operational risk or compliance issues down the road, regulatory scrutiny will not be a concern if all the challenges associated with implementing these changes now are addressed. That ensures investment advisers are better positioned while others struggle to catch up.

What’s changing: The postponement explained

The original intent of the AML rule for investment advisers was to implement the changes in 2026, leaving little wiggle room for most firms. The goal is to bring registered advisers and exempt reporting advisers under the scrutiny of the Bank Secrecy Act. That would place additional requirements on advisers similar to the ones governing banks and broker-dealers. 

By pushing the timeline back to 2028 for compliance, FinCEN ensures more adoption. That will include applying frameworks to firms like: 

• Establishing AML programs based on the size and complexity of an investment advisor entity. 
• Ensuring the creation of a Customer Identification Program (CIP) to reduce identity fraud. 
• Improving suspicious activity monitoring with real-time notification controls. 
• Integrating various internal controls, including additional training for team members. 

Even with the shift in compliance deadline, advisers who do not treat the new window as an opportunity are likely to risk regulatory oversight and additional fines. Compliance risk is simply not equal to the potential added business expense.

Why waiting is risky

The AML compliance deadline extension appears to provide sufficient time for firms to relax. That would be a mistake. A lot can happen in 3 to 4 short years. Just look at the shift in current financial systems happening right now in the U.S. due to tariff exchange and a crackdown on operational management programs. 

The fact is that regulators are already signaling that AML oversight is expanding. Even when the new rules are not in place, AML/CFT compliance strategies now will help avoid FinCEN-issued Geographic Targeting Orders and investigation cases due to weak controls. 

The same risks that exist with other financial intermediaries exist for investment advisers. Weakened cross-border structures, high net worth clients, and alternative investment vehicles have the same red flags as they do in major banking institutions. Regulators want to maintain a reasonable system for preventing illicit financial activity. Even with the AML regulatory expectations 2025 not in place until 2028, you can still expect enforcement for sanction violations, willful blindness, or failure to escalate suspicious activity to remain on the table. 

Yes, the AML rule for investment advisers includes an extension window for implementation, but that doesn’t magically grant immunity from any oversight. Preparing now ensures no scrambling at the last minute, with all investment advisers will be under the regulatory “microscope” in the near future.

Building readiness today: CIP and internal controls

Two crucial areas need to be addressed right now for immediate action. Those include CIP and internal controls. It’s already known that FinCEN and the SEC (Securities and Exchange Commission) have created a joint proposal requiring investment advisers to generate Customer Identification Programs. There were over 2.6 million cases of identity fraud reported to the FTC (Federal Trade Commission), and that is only the ones we know about. 

A CIP integration ensures ongoing monitoring that verifies new client identities. Waiting until 2028 to design and test such a process will be incredibly disruptive to normal operations. Not to mention, it comes at a much higher cost as developers and risk management consultants will happily increase fees to meet compliance. 

Beyond integrating CIP, firms should include AML/CFT compliance strategies, such as internal checks and balances. That might mean hiring independent audits, conducting risk-based due diligence, and generating escalation protocols for suspicious activity. It’s likely examiners are already asking for such systems, even with the AML rule for investment advisers pending and not in place. 

Investing now in tech-driven solutions for future compliance is simply a better choice. Utilizing the power and real-time reporting of platforms like Pirani helps mitigate risk. It centralizes data, automates monitoring, and simplifies reporting so everyone is on the same page regarding compliance burdens.

Regulatory expectations for 2025

The new AML compliance deadline extension sets 2028 as the finish line for investment advisers. However, FinCEN has already made it clear that regulators should emphasize the need for “reasonable” risk-based measures now. 

Messaging to detect suspicious activity aligns well with the DOJ’s (Department of Justice) ongoing efforts to sanction violations. FinCEN is already using GTO to monitor the flow of criminal financial activity. That is beyond simply looking at fiduciary duty compliance and managing any conflicts of interest. Cybersecurity and AI integration are actively being used to detect illicit financial activity, so it only makes sense to use those same tools for greater compliance and proactive monitoring. 

The SEC wants stronger governance. Regulators are pursuing companies without oversight frameworks because they don’t want to lower consumer confidence in the banking system. Illegal financial activity or fraud is, to put it mildly, bad for business at the micro and macro levels. The 2028 deadline cannot be viewed as a starting line, but as the final deadline.

AML/CFT Compliance strategies to implement now

The most effective way to meet goals before the AML compliance deadline extension is to develop a roadmap for compliance now. Embedding AML/CFT compliance strategies lowers risk for the future and demonstrates greater firm resilience to regulators. Four areas should be directly considered now:

• Client Onboarding
  

Firms need to strengthen Know Your Customer (KYC) protocols while equally preparing for formal CIP system integration. Both should be tested using progressive identification fraud detection, including synthetic IDs.

• Transaction Monitoring
  

Effort should be spent on deploying systems that can actively detect anomalies, but in real time. That includes surveillance tools for cross-border activity. Such monitoring helps meet compliance and reduces the risk of reputational damage due to leaks or illegal activity. 

• Internal Culture & Training

Your team must be made aware of these AML/CFT compliance strategies and trained in how their job roles will shift. That includes leadership adopting and reporting analysis. The goal is to use scenario-based drills that simulate AML/CFT risk to cultivate a culture of support.

• Governance & Escalation Protocols
  

Throughout the entire change process, firms must establish oversight channels. Boards and CEOs need to have access to clear risk and compliance reporting, so that escalation protocols can be firmly developed. Otherwise, they will not hold up under regulatory testing by 2028.

A strategic window, not a pause

The postponement of the AML rule for investment advisers to January 1, 2028, is not a much-needed reprieve. Firms and agencies need to view this opportunity as a strategic window. Regulators are already fired up to implement the changes, so meeting compliance sooner rather than later will ensure more chances to design, test, and refine any AML/CFT compliance strategies. 

The mandate is clear: learn to strengthen CIP, fortify internal controls, and get everyone on board inside your company right now. Acting earlier positions a firm for a competitive advantage by 2028. Using advanced, AI-backed tools like Pirani ensures accelerated readiness. It turns compliance into a massive advantage to build robust controls and efficiencies now, rather than deal with a burden later.

Sign up today for free or schedule a demo and get the reassurance needed that your business is well prepared for new stablecoin compliance.

Want to learn more about risk management? You may be interested in this content 👇

• What the TD bank case teaches us about modern AML failures
• Why do banks retain inactive customer data?

• Anti-Money Laundering Solutions: How to Make the Correct Segmentation for Money Laundering