Skip to main content

IAA Supports FinCEN’s Risk-Based Approach to AML/CFT Compliance

June 9, 2026

Download PDF

Andrea M. Gacki, Director
Regulatory and Strategic Affairs Division
Financial Crimes Enforcement Network
P.O. Box 39
Vienna, VA 22183

Re: Anti-Money Laundering and Countering the Financing of Terrorism Programs (Docket No. FINCEN-2026-0034; RIN 1506-AB72)

Dear Ms. Gacki:

The Investment Adviser Association (IAA)[1] appreciates the opportunity to comment on the Financial Crimes Enforcement Network’s (FinCEN’s) proposal to modernize the Bank Secrecy Act (BSA) and implement provisions of the Anti-Money Laundering Act of 2020 (AML Act).[2] We share FinCEN’s objective of detecting and preventing money laundering and terrorist financing in all aspects of the financial system and strongly support the U.S. government’s efforts to combat these activities through a robust anti-money laundering/countering the financing of terrorism (AML/CFT) regime.

We commend FinCEN for taking a risk-based approach to AML/CFT compliance in the Proposal to provide financial institutions with the flexibility needed to tailor their AML/CFT efforts to fit the nature and scope of their businesses. We support this approach and offer some targeted comments and recommendations to enhance clarity and ensure that the Proposal operates as intended. In particular, we believe it is important that the final rule and adopting release preserve meaningful flexibility for financial institutions to exercise reasonable, risk-based judgment and that examining authorities implement the framework consistent with FinCEN’s stated objectives.

We note that the Proposal explicitly does not address the final rule establishing AML/CFT requirements for investment advisers,[3] which has been extended until January 1, 2028.[4] The Proposal thus would not currently apply to investment advisers. The IAA supported the extension of the Advisers AML Rule and we also strongly support FinCEN’s intention to revisit that rule. In our view, the current rule is significantly broader than necessary to address meaningful gaps in the AML/CFT regime. We believe that any final adviser AML rule should apply only to those investment advisers and advisory activities that present actual AML/CFT risk. Such an approach would advance FinCEN’s AML/CFT objectives while avoiding unnecessary, duplicative, or disproportionate regulatory burdens.[5]

Once a final AML rule for investment advisers goes into effect, those advisers that are ultimately brought within its scope will become financial institutions for purposes of the BSA and become subject to the AML/CFT framework that the Proposal seeks to revise. Our comments are thus intended both to inform implementation of the Proposal and to identify principles that should guide any future application of the modified AML/CFT framework to those investment advisers covered under a final Advisers AML Rule.

I. Executive Summary

We offer the following targeted comments and recommendations to further clarify the Proposal and promote implementation consistent with FinCEN’s stated objectives:

  1. We support the risk-based approach described in the Proposal and believe that FinCEN should codify in the rule text that financial institutions may exercise reasonable judgment to determine their AML/CFT risks and allocate resources accordingly.
  2. FinCEN should also codify in the rule text that CIP and customer due diligence (CDD) programs are risk-based.
  3. FinCEN should remain technology neutral and not create a negative presumption as to an AML/CFT program’s effectiveness when technology is not used.
  4. We support FinCEN’s confirmation that certain AML/CFT functions may continue to be delegated outside the United States.
  5. FinCEN and the agencies with delegated examination authority should work together to ensure that FinCEN’s risk-based approach is appropriately integrated into each agency’s examination program and that the examination process is transparent to financial institutions.

II. Comments and Recommendations

The IAA appreciates that FinCEN is proposing to take a risk-based approach to AML/CFT compliance, which is essential to providing financial institutions with the flexibility and discretion needed to tailor their AML efforts to the nature, scope, and risk profile of their businesses. To further advance FinCEN’s stated objectives and promote clarity, consistency, and effective implementation, we believe that the final rule and adopting release would benefit from certain targeted modifications and clarifications. In particular, our recommendations are intended to help ensure that examining authorities apply the rule in accordance with FinCEN’s intent and afford appropriate deference to financial institutions’ reasonable, risk-based judgments.

  1. We support the risk-based approach described in the Proposal and believe that FinCEN should codify in the rule text that financial institutions may exercise reasonable judgment to determine their AML/CFT risks and allocate resources accordingly.
    The IAA appreciates FinCEN’s expressed intent in the Proposal that the respective agencies should give deference to financial institutions in assessing their risk and establishing their risk-based programs.[6] We agree that financial institutions “know their customer base, businesses, and risks better than their regulators and the government; thus, financial institutions are best positioned to identify and evaluate their [AML/CFT] risks.”[7] We also appreciate FinCEN’s statement that the Proposal “does not contemplate regulatory second-guessing of a financial institution’s reasonable determinations regarding appropriate resource allocation or conclusions regarding specific risks.”[8]We are concerned, however, that the proposed rule text could be read to require financial institutions to evaluate business activities they may not conduct, “including products, services, distribution channels, customers, and geographic locations.”[9] We believe that adding the phrase “as appropriate” to the rule text will make clear that financial institutions have flexibility with respect to the risk elements they evaluate when conducting these risk assessments. Specifically, we suggest the following marked revision to proposed Rule 1024.210(b)(1)(i)(A):[10]Evaluate the money laundering, terrorist financing, and other illicit finance activity risks of the mutual fund’s business activities, including, as appropriate, products, services, distribution channels, customers, and geographic locations.Further, we appreciate FinCEN’s expectation that financial institutions direct greater resources and attention to higher risk customers and activities.[11] To reinforce the Proposal’s objective that institutions should retain flexibility in assessing risk and allocating compliance resources, we recommend that the rule text expressly recognize that such determinations may be made in the financial institution’s reasonable judgment. Such codification would align the rule text with FinCEN’s intent that institutions are not required to apply a uniform approach to resource allocation and would help avoid hindsight review of reasonable, documented risk-based judgments. Specifically, we suggest the following marked revision to proposed Rule 1024.210(b)(1)(ii):

    Mitigate the mutual fund’s money laundering, terrorist financing, and other illicit finance activity risks consistent with the risk assessment processes required under paragraph (b)(1)(i) of this section, including by directing, in its reasonable judgment, more attention and resources toward higher-risk customers and activities, consistent with the risk profile of the mutual fund, rather than toward lower-risk customers and activities.

  2. FinCEN should also codify in rule text that CIP and customer due diligence (CDD) programs are risk-based. To provide further clarity to financial institutions and the agencies with delegated examination authority, we believe that the risk-based approach to CIP and CDD obligations should also be codified in rule text. Although existing guidance for banks recognizes the risk-based nature of CIP and CDD obligations,[12] expressly incorporating that principle into the rule text would promote consistency across examining authorities, including the SEC, and better align those obligations with the Proposal’s broader risk-based framework. We are thus proposing targeted modifications to the rule text to reflect that financial institutions should also have flexibility to carry out their CIP and CDD obligations on a reasonable and risk-based basis. Specifically, we suggest the following marked revisions to proposed Rule 1024.210(b)(1)(iii) and Rule 1024.220:1024.210(b)(1)(iii) Conduct reasonable ongoing customer due diligence, including to: (A) Understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (B) Conduct reasonable ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information (including information regarding the beneficial owners of legal entity customers, as defined in § 1010.230 of this chapter);1024.220 Customer identification programs for mutual funds. (a) * * * (1) In general. A mutual fund must implement a risk-based written Customer Identification Program (CIP) appropriate for its size and type of business that, at a minimum, includes each of the requirements of paragraphs (a)(1) through (5) of this section.
  3. FinCEN should remain technology neutral and not create a negative presumption as to an AML/CFT program’s effectiveness when technology is not used.The IAA appreciates FinCEN’s efforts to encourage technological innovation and supports the enforcement safe harbor extended to the use of innovative technology.[13] However, we strongly believe that policy should be technology neutral. Thus, in addition to not favoring any one technology over another, financial institutions should not be penalized for choosing not to use technology. While we agree that the responsible use of technological tools and techniques can improve the effectiveness of an AML/CFT compliance program, the use of technology should not be determinative of a program’s reasonable design or effectiveness.As the Proposal already recognizes, a variety of factors may lead a financial institution to determine that technological solutions are not appropriate for its particular circumstances.[14] Smaller institutions, for instance, may lack the financial resources necessary to acquire, implement, maintain, and periodically update sophisticated technological tools. Financial institutions, regardless of size, may also determine, based on the nature of their business, customer base, products, services, and overall risk profile, that manual controls or less technology-intensive approaches are appropriate to maintain an effective AML/CFT program. In addition, institutions may reasonably conclude that the costs and operational burdens associated with implementing certain technologies outweigh the incremental compliance benefits.While the Proposal acknowledges that use of technology may not be appropriate for every financial institution, especially small institutions, we are concerned that, absent an explicit statement to the contrary, references throughout the Proposal to innovation and technological advancement could create an unintended inference that financial institutions using advanced technologies are more likely to be viewed as maintaining effective AML/CFT programs. Such an outcome would be inconsistent with FinCEN’s stated goal of establishing a flexible, risk-based framework and could place smaller or lower-risk institutions at a disadvantage despite maintaining AML/CFT programs that are otherwise reasonably designed and effective.

    We thus urge FinCEN to expressly confirm that the absence of use of technology, artificial intelligence, machine learning, or other innovative tools will not create a presumption that a financial institution’s AML/CFT program is less effective, less reasonably designed, or otherwise deficient.

  4. We support FinCEN’s confirmation that certain AML/CFT functions may continue to be delegated outside the United States. Many financial institutions maintain AML/CFT personnel, shared service centers, and compliance operations outside the United States as part of their global compliance infrastructure. Requiring those functions to be relocated to the United States would be costly, operationally disruptive, and, in many cases, provide little corresponding regulatory benefit. The IAA thus appreciates FinCEN’s confirmation that financial institutions may continue to delegate certain AML/CFT functions to personnel and resources located outside of the United States and recommends that this flexibility remain explicit in the adopting release.[15]In response to FinCEN’s question whether further clarification is needed on duties that may be performed by personnel outside the United States,[16] we do not believe that additional clarification is necessary at this time. The Proposal appropriately recognizes that financial institutions may employ a variety of compliance structures and staffing models. Providing a detailed list of permissible or impermissible functions could inadvertently reduce flexibility, create negative implications regarding functions not specifically identified, and undermine the Proposal’s broader risk-based approach. We believe that as long as the designated AML/CFT officer remains located in the United States and the financial institution remains responsible for compliance with its AML/CFT obligations, including existing regulations and guidance on the sharing of SARs, institutions should retain discretion to determine how best to allocate compliance functions across their organizations.
  5. FinCEN and the agencies with delegated examination authority should work together to ensure that FinCEN’s risk-based approach is appropriately integrated into each agency’s examination program and that the examination process is transparent to financial institutions. The IAA supports the delegation of examination authority to the SEC with respect to those investment advisers that ultimately become covered financial institutions under a final Advisers AML Rule. At the same time, because implementation and examination of AML/CFT requirements will largely occur through the agencies exercising delegated authority, it is critical that those agencies apply the risk-based framework in a manner consistent with FinCEN’s stated objectives.We thus urge FinCEN to work closely with the relevant agencies, including the SEC, to ensure that the Proposal’s core principles are consistently reflected in examination programs, examiner training, and supervisory guidance.[17] In particular FinCEN should ensure that examiners evaluate financial institutions based on the reasonableness of their documented risk-based judgment and resource allocation decisions, rather than through a hindsight assessment of individual compliance decisions or disagreements regarding particular risk determinations. Consistent implementation of this principle is essential to achieving the Proposal’s objective of providing financial institutions with the flexibility to design AML/CFT programs that are tailored to their unique business models and risk profiles.We also encourage FinCEN to work with the relevant agencies to increase transparency regarding examination expectations under the revised framework. For example, FinCEN should coordinate with the banking agencies to update and publish the FFIEC Manual to reflect the Proposal’s risk-based approach and the principles articulated in the adopting release. Similarly, FinCEN should work with the SEC and other delegated examining authorities to develop and publish examination guidance, procedures, or other supervisory materials describing how the revised AML/CFT framework will be evaluated in practice. Greater transparency regarding examination expectations will promote consistency across agencies, facilitate compliance, and help ensure that the risk-based approach is implemented in a manner consistent with FinCEN’s stated intent.[18]

    The importance of coordinated implementation may be even greater in the context of a final Advisers AML Rule. Unlike banks and broker-dealers, which have long been subject to AML/CFT requirements and are examined pursuant to an established examination framework, investment advisers have not been subject to comprehensive AML/CFT program obligations under the BSA. As a result, applicable examination expectations and supervisory standards will largely be new. It is thus particularly important that any examination framework applicable to investment advisers faithfully reflect FinCEN’s stated principles regarding risk-based compliance, examiner deference to reasonable business judgments, and the avoidance of hindsight review.

*          *          *

We appreciate your consideration of our comments on this important issue. Please do not hesitate to contact the undersigned at (202) 293-4222 if we can be of further assistance.

Respectfully Submitted,

/s/ Gail C. Bernstein
Gail C. Bernstein
General Counsel and Head of Public Policy

/s/ Tracy M. Soehle
Tracy M. Soehle
Associate General Counsel

cc:       The Honorable Paul S. Atkins, Chairman, Securities and Exchange Commission
The Honorable Hester M. Peirce, Commissioner, Securities and Exchange Commission
The Honorable Mark T. Uyeda, Commissioner, Securities and Exchange Commission
Brian Daly, Director, Division of Investment Management, Securities and Exchange Commission

[1] The IAA is the leading organization dedicated to advancing the interests of fiduciary investment advisers. For nearly 90 years, the IAA has been advocating for advisers before Congress and U.S. and global regulators, promoting best practices and providing education and resources to empower advisers to effectively serve their clients, the capital markets, and the U.S. economy. Our members range from global asset managers to the medium- and small-sized firms that make up most of our industry. Together, the IAA’s member firms manage more than $57 trillion in assets for a wide variety of individual and institutional clients, including pension plans, trusts, mutual funds, private funds, endowments, foundations, and corporations. For more information, please visit www.investmentadviser.org. To learn more about the investment adviser industry, see the IAa’s just-released 2026 Investment Adviser Industry Snapshot.

[2] Anti-Money Laundering and Countering the Financing of Terrorism Programs, 91 Fed. Reg. 18704 (Apr. 10, 2026) (Proposal).

[3] Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 72156 (Sept. 4, 2024) (Advisers AML Rule); see Proposal at 18705, footnote 2. The Proposal also does not cover the joint SEC and FinCEN proposed rule requiring investment advisers to adopt customer identification programs (CIPs). See Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 44571 (May 21, 2024) (CIP Proposal).

[4] See Delaying the Effective Date of the Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 91 Fed. Reg. 36 (Jan. 2, 2026).

[5] See IAA Letter to Andrea M. Gacki Re: Delaying the Effective Date of the Advisers AML Rule (Oct. 21, 2025) (IAA Letter on Extension). In the IAA Letter on Extension, we also made several recommendations for FinCEN to consider when it revisits the Advisers AML Rule and urged FinCEN to collaborate with the SEC to ensure that the agencies consider CIP requirements together with AML/CFT requirements. See also IAA Letter to Andrea M. Gacki Re: New AML and CIP Rules for Investment Advisers (Jan. 31, 2025) and IAA Letter to Andrea M. Gacki Re: Proposed AML Rule for Investment Advisers (Apr. 15, 2024).

[6] Proposal at 18711.

[7] Id. The Proposal states that “[f]inancial institutions should therefore, and would under this proposed rule, have significant flexibility and discretion in their decisions and determinations related to risk identification and resource allocation.”

[8] Proposal at 18717.

[9] Proposed Rule 1024.210(b)(1)(i)(A).

[10] Given that the Proposal does not address the Advisers AML Rule, our recommended rule text changes are drafted to apply to the proposed Mutual Funds Rule, 31 CFR Part 1024. They are equally applicable to the proposed rules affecting other financial institutions.

[11] Proposal at 18717.

[12] See Federal Financial Institutions Examination Council (FFIEC), BSA/AML Examination Manual (FFIEC Manual).

[13] Under the Proposal, “[i]nstitutions that responsibly experiment with innovative technologies in their AML/CFT programs will not incur any additional risk of being subject to a significant supervisory AML/CFT action or AML/CFT enforcement action solely based on the use of innovative technologies.” Proposal at 18712-13.

[14] Proposal at 18712

[15] Proposal at 18725.

[16] Id.

[17] FinCEN’s Key Changes and Fact Sheet note that the Proposal was prepared in consultation with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency in order to collectively issue proposed amendments to their respective BSA compliance program rules for the financial institutions they supervise. The degree to which the SEC was consulted is unclear and we encourage FinCEN to ensure that it is similarly collaborating with the SEC.

[18] FinCEN’s authority to coordinate and direct the procedures and activities of agencies exercising delegated authority for AML/CFT is codified in 31 CFR 1010.810.

Tags: AML, FinCEN

You are now leaving Investment Adviser Association

The IAA provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by the IAA, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to

Click the link above to continue or CANCEL