Industry Intel - Conference Recaps and Thought Leadership Article

The Two-Year Runway

FinCEN pushed the investment-adviser AML rule to 2028. Most firms heard “ignore it.” The advisers who read the delay correctly will treat it as a runway — and build the parts that won’t change.

Delayed is not cancelled

On December 31, FinCEN finalized a two-year delay of the investment-adviser AML rule, pushing its effective date from January 1, 2026 to January 1, 2028. For the roughly 21,000 registered investment advisers and exempt reporting advisers the rule covers, the headline landed as relief — and, for many, as permission to stop thinking about it.

That is the wrong read. The delay moved the deadline. It did not move the direction. The 2024 rule did something structural that the delay leaves fully intact: it defined certain investment advisers as “financial institutions” under the Bank Secrecy Act, with the obligation to run a written AML/CFT program, perform customer due diligence, and file suspicious activity reports. FinCEN is re-tailoring that rule’s scope. It is not repealing the obligation.

The delay moved the deadline. It did not move the direction.

The firms that treat the next two years as found time, and the firms that treat them as a runway, will arrive at January 2028 in very different shape.

What the delay actually changed — and what it didn’t

Read carefully, the delay is narrow. It changes exactly one thing: the effective date. The substance of the rule — the program requirement, customer due diligence, SAR filing, and BSA recordkeeping — remains on the books, on pause. FinCEN was explicit that it intends to use the window to review and tailor the rule to the “diverse business models and risk profiles” of the adviser sector. Expect changes; the magnitude is unknown.

Predictive AI Banner

There is a second clock most advisers are missing. The jointly proposed FinCEN–SEC customer identification program (CIP) rule for advisers is still pending, and the industry has asked the agencies to align the two compliance dates. Whatever lands in 2028 will most likely arrive as a package — an AML program requirement plus a CIP requirement — not a single rule in isolation. Planning to one and ignoring the other is planning for half the obligation.

Why “wait” is the expensive option

The instinct to wait assumes the cost of an adviser AML program is mostly the program document itself. It is not. The expensive parts are the ones that take time to get right: clean data, a screening capability that does not drown a lean team in false positives, and the institutional habit of documenting risk decisions. None of those can be stood up in a quarter.

And the formal effective date was never the only source of AML expectations for advisers. Many firms already run AML programs voluntarily — driven by investor operational due-diligence demands, custodian and counterparty requirements, and the reputational cost of being the firm that moved illicit money. The delay changes the regulator’s deadline. It does not change what a sophisticated investor’s due-diligence questionnaire asks this quarter.

Add the broader direction of travel. Across the BSA world, supervision is shifting from “did you check the box” to “does your program actually work.” An adviser that races to assemble a thin paper program for a 2028 deadline will be building to a standard regulators are actively moving away from.

Build the stable parts now, defer the rest

The disciplined move in a re-tailoring window is to separate what is durable from what is in flux, and build only the durable parts. Three things are unlikely to change no matter how FinCEN tailors the scope:

  1. The data and screening foundation. Sanctions, PEP, and adverse-media screening on clients and their beneficial owners is the spine of any adviser AML program, and it is stable regardless of how scope is tailored. It is also the longest-lead-time item: authoritative, current data and a tuned matching process take time to get right, and they cannot be bought off the shelf the week before an exam.
  2. The program skeleton. Designate who owns AML, draft baseline risk-based policies, and run basic training. Cheap, hard to get wrong, and not wasted under any version of the final rule.
  3. The documentation habit. Start recording why client-risk decisions are made the way they are. The audit trail is the hardest thing to reconstruct after the fact and the easiest to build as you go.
Predictive AI Banner

Where the foundation gets built

For a lean adviser compliance function, the data layer is where a program is won or lost — and where the two-year runway is best spent. A model can be configured in weeks; an authoritative, well-tuned data foundation cannot.

Where the architecture earns its place

Building the data layer early, and building it right, is the highest-leverage move an adviser can make in the runway. Vital4 was built for exactly this: 6,000+ source-verified global watchlists spanning sanctions, PEP, and adverse-media coverage; patent-pending contextualized entity extraction that keeps false positives manageable for small teams; and an API-first design that drops into an adviser’s existing technology stack without a heavy build. Vital4 Investigate adds an AI-native investigation and SAR-support workflow, so when the rule takes effect in 2028, the foundation is already in place and tuned — not started.

AI Banner
Vital4 Section

VITAL4

See How Vital4 Helps Advisers Build the AML Foundation Early

REQUEST A DEMO