The FinCEN Investment Adviser Rule Moved to 2028. Don't Celebrate.

The FinCEN Investment Adviser Rule Moved to 2028. Don't Celebrate.

When FinCEN pushed the investment adviser AML rule's effective date from January 1, 2026 to January 1, 2028, you could hear the sighs of relief across the industry. Compliance projects were shelved. Budgets were reallocated. Somewhere, a consultant's proposal died quietly in an inbox.

I understand the instinct. I also think it's a mistake.

Here's the part of the announcement people skimmed past: the scope and substance of the rule remain intact. FinCEN said it wants time to tailor the rule to the diversity of adviser business models and to coordinate with the related customer identification program rulemaking. That is not a cancellation. That is a regulator saying "we're coming, we're just adjusting the aim."

What the rule actually does

For those who filed this under "later": the rule brings SEC-registered investment advisers and exempt reporting advisers into the Bank Secrecy Act framework as obliged institutions. This translates into: 

  • Risk-based AML/CFT programs 

  • Suspicious activity reporting

  • Independent testing

  • Designated compliance personnel. 

The machinery banks have operated for decades, arriving at the adviser's door.

For a large RIA with institutional infrastructure, this is an extension. For a mid-sized private fund adviser whose "AML program" is a paragraph in the compliance manual and a reliance letter from the administrator, it is a construction project - and construction projects have lead times.

The case against relaxing

The delay is for FinCEN's benefit, not yours

Read the rationale again. The two years exist so FinCEN can review, tailor, and coordinate rulemaking. Yes, they also acknowledged advisers get more time to comply - but the substance survives. Planning on the rule shrinking dramatically is a bet. And if the tailoring narrows some obligations, nothing in your preparation is wasted: knowing your investors is not a regret purchase.

Everyone upstream already treats you as obliged

Here's what the calendar-watchers miss: the market has already moved. Your banks run counterparty diligence on you. Institutional LPs sample your investor files during operational due diligence. Administrators price their AML service on the state of your book. The commercial world is applying banking-grade expectations to advisers years ahead of FinCEN's effective date. The rule formalises a reality that already prices your relationships.

2028 arrives faster than a program gets built

Building a real AML program - risk assessment, procedures, tooling, training, testing, and above all clean investor files - is an 18-to-24-month effort for a firm starting from thin. The advisers who begin in mid-2027 will discover that vendors are booked, consultants are rationed, and their own files need remediation that doesn't compress. We watched this exact movie before the original 2026 date: a stampede, then a reprieve. The reprieve won't repeat.

The delegation trap

One more uncomfortable point, specifically for private fund advisers: "our administrator handles AML" is not a program.

Delegation of tasks is fine and common. Delegation of responsibility is not a thing. When the rule lands, the obligation sits with the adviser, and FinCEN's examiners - via the SEC - will want to see that you understand your investor base, own your risk assessment, and can evidence the work, wherever it was performed. If your administrator's files are your files, you should at minimum know what's in them. Most advisers I speak to have barely looked.

How to spend the runway well

1. Do the risk assessment now

Map your investor base honestly: jurisdictions, structures, wealth sources, distribution channels. This costs little, informs everything, and is the document every subsequent decision hangs on.

2. Sample your own files

Pull twenty investor files - from your admin if that's where they live - and review them against the rule's CDD logic. The result will tell you whether you have a documentation project or a remediation project. Better to learn that in 2026 than 2027.

3. Write the delegation down

If your administrator performs KYC, get the split of responsibilities into a real operating agreement: who collects, who reviews, who escalates, who owns the record. Ambiguity here is where enforcement findings are born.

4. Choose tooling for 2028's standard, not 2020's

Advisers get one structural advantage from arriving late to AML: no legacy systems. You can skip the generation of tooling banks are trying to escape - the rules-engine, false-positive-factory, checklist-ware era - and start with AI-first systems built for how this work is actually done now. It would be a strange choice to spend 2027 buying 2015's technology.

The Steward angle

This is the buyer Steward was built for: investment-world firms that need banking-grade AML without inheriting banking-grade bureaucracy. Reading subscription documents, resolving fund structures, screening and monitoring investors, and keeping evidence a regulator can walk through - done by AI, owned and controlled by your team. Advisers who set this up in 2026 will find 2028 boring. That's the goal.

To sum up

The rule moved, and FinCEN bought itself two years to sharpen the rule, and handed you two years to get ready. One of you should use the time.

There is nothing wrong with being early to a requirement. There is plenty wrong with being late to one you saw coming for a decade.

If you help to get a head start and see how that looks in practice: book a demo.