AML/CFT requirements delayed for VC and PE

The Financial Crimes Enforcement Network (FinCEN) has postponed new regulatory requirements that would subject venture capital and private equity fund managers to increased compliance burdens by implementing anti-money laundering (AML) and countering the financing of terrorism (CFT) programs. 

Industry pushed policymakers to delay and repropose the rules, originally scheduled to take effect January 1, 2026,  to address some of the more problematic or confusing aspects. FinCEN announced on July 21 that it would postpone the rules until January 1, 2028, and would revisit their scope. 

On August 5 the agency formally exempted investment advisers from the rules and said it would review requirements to ensure they are effectively tailored to diverse business models and risk profiles of IAs.

This article provides an overview of the rules as originally adopted, what drove that change, what to expect now, and how Carta can help fund managers navigate the shifting regulatory environment.

How did the new rules come into play?

FinCEN finalized new rules last August that expanded the definition of “financial institution” under the longstanding Bank Secrecy Act (BSA) to include investment advisers—both SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs)—thereby subjecting private equity and venture capital fund managers to the BSA’s AML/CFT program requirements for the first time.

While many funds voluntarily maintain or incorporate elements of an AML/CFT program, this rule would have subjected many RIAs and ERAs to a formal regulatory AML regime.

What steps do VC and PE funds need to take?

For now, no action is required, as the Treasury Department has granted exemptive relief to covered investment advisers from the requirements until January 1, 2028 at the earliest. 

What happens next?

Treasury has previewed a larger-scale review of the BSA and its AML/CFT requirements, which would likely encompass the new investment adviser rules. The delay also provides time for Customer Identification Program (CIP) and Customer Due Diligence (CDD) rules to get finalized and incorporated into the AML/CFT program requirements.

Are all VC and PE firms subject to the new rules?

FinCEN exempted certain RIAs and state-registered advisers from compliance, so smaller venture capital funds that do not file a Form ADV with the SEC are not subject to the requirements as currently written. 

What does the AML/CFT rule require?

Under the rule, private equity and venture capital funds (not including some smaller venture capital firms that do not file a Form ADV with the SEC) would be required to develop and implement a written AML/CFT program that is risk-based, tailored to the specific activities and client base of the fund, and approved by a board of directors or similar function. 

The program would need to include the following elements:

• Internal policies, procedures, and controls reasonably designed to prevent the fund from being used for money laundering, terrorist financing, or other illicit activities

• A designated AML compliance officer to implement and monitor the program

• Personnel training on AML/CFT requirements and illicit-finance risk 

• Independent testing of the AML program

• Ongoing customer due diligence, not just during onboarding or when making investments 

Advisers would also be required to file suspicious activity reports (SARs) with FinCEN if the adviser knows, suspects, or has reason to suspect a transaction:

• Involves funds derived from illegal activity

• Is intended to hide illicit proceeds

• Does not appear to have a lawful purpose, or 

• Uses the adviser to facilitate criminal activity 

These requirements would apply to transactions “conducted or attempted by, at, or through” the adviser—a broad standard that not only covers advisory services, but could extend to portfolio companies as well.

Private fund managers would also have to keep records with respect to the transmittal of funds and adhere to information-sharing provisions under Section 314 of the USA PATRIOT Act.

Investment advisers would be able to  outsource aspects of their AML program to a third party, but it’s important to note that the adviser would remain liable for compliance.

What is behind the push for greater oversight?

FinCEN aims to address illicit-financing threats involving investment advisers and is spurred by concerns that investment advisers have been an entry point for illicit actors to access U.S. securities, real estate, and other assets.

A risk assessment conducted by the Treasury Department identified cases of foreign adversaries—notably China and Russia—investing in startups through venture capital funds to access sensitive information and critical technologies. 

For the investment adviser sector, Treasury’s assessment found the top  illicit-finance risks to be private fund advisers who are exempt from SEC registration (ERAs), followed by private fund  RIAs. 

Bigger picture: What does this mean for VC and PE firms?

While many advisers have KYC protocols in place that incorporate some of the required elements of the proposed rules, this formal regulatory regime would shift the standard, imposing significant compliance obligations. Adopting and implementing an AML program to comply with the rule would also take time. 

As the rule is currently written, it would be difficult to templatize the process, which the rule acknowledges: “investment advisers operate through a variety of different business models, one generic AMT/CFT program for the industry is not possible.” 

Customized programs, alongside independent testing and staff training and resources, means compliance will be expensive. Venture capital and smaller private fund managers who are ERAs are currently not subject to these types of regulatory obligations, and exam scrutiny will bear the same compliance burden of larger, well-resourced RIAs, potentially creating a disproportionate compliance cost and burden for smaller fund advisers. 

These are all areas that will likely be revisited as FinCEN conducts a broader review of the rules to ensure the compliance burdens reflect the risk profile of the industry.

How would the SEC handle enforcement?

The SEC would be responsible for examining private fund RIAs and ERAs for compliance with the new AML requirements. The commission, which is also responsible for AML oversight for broker-dealers, has historically prioritized AML compliance in exams and enforcement.

What Carta is doing to help our clients

Regardless of how the ultimate rules take shape, KYC will likely remain a significant pillar of any AML regulatory regime. Many financial institutions require funds to have AML policies in place as well. Carta offers AML/KYC services to help your fund stay compliant. 

Carta Policy

Our Policy team is on the ground, engaging with regulators and tracking developments regularly, to bring you the latest developments. As FinCEN considers potential changes to the AML rules for investment advisers, we will work to shape compliance in a way that is reflective of the private capital ecosystem. 

Sign up below to receive Carta’s Policy Weekly Brief