The United States established a modern anti-money laundering (AML) regulatory regime in 1970 with the enactment of the Bank Secrecy Act (BSA). Since then, the AML regulatory framework has expanded, providing additional guidance and requirements for financial institutions and other financial services sectors to combat money laundering risk and the financing of terrorism.
New requirements under the BSA, effective Jan. 1, 2026, will expand the definition of a financial institution to include most private equity (PE) fund managers and venture capital (VC) firms. These entities were previously not subject to many aspects of the BSA requirements.
Requirements for financial institutions under the BSA include implementing an effective BSA/AML compliance program capable of preventing and detecting money laundering. BSA guidance notes that key elements of an effective BSA/AML compliance program include:
- Risk-based customer due diligence (CDD) procedures;
- Reporting suspicious activity to the Financial Crimes Enforcement Network (FinCEN) through Suspicious Activity Reports (SARs); and
- Independent testing of compliance procedures and related internal controls.
- Audits and independent testing of AML/BSA programs and AML internal controls;
- AML/BSA framework reviews, health checks, and/or development;
- Implementation of AML/BSA policies and procedures;
- Training over AML/BSA compliance and other FCC topics; and
- Financial crimes investigations and internal controls remediations.
I am an AML compliance expert with the CBIZ Risk and Advisory Services (RAS) Practice. Our Financial Crimes Compliance (FCC) Advisory team provides tailored solutions to help clients maintain an AML/BSA program that meets industry and regulatory standards.
To help analyze the impact of the coming BSA expansion on our financial services clients, I asked Ian Comisky, a partner with Fox Rothschild LLP, for a legal perspective on the changes and their specific implications on PE fund managers and VC firms. Ian has represented corporations in litigation and disputes for over 35 years of experience, with a core focus on white-collar criminal defense matters related to AML compliance program weaknesses.
Below are the highlights of our discussion.
Dunlap: Thank you, Mr. Comisky, for speaking with me and sharing your expertise and insights. Can you please describe the changes to the BSA coming in January 2026 regarding the definition of financial institutions?
Comisky: I would be happy to. In late 2024, the Director of FinCEN, the person with delegated responsibility from the U.S. Treasury for the administration of the BSA, issued final rules to expand the definition of a “financial institution” under the BSA to include Registered Investment Advisers (RIAs) and Exempt Registered Advisers (ERAs). As you state, these rules will come into effect on Jan. 1, 2026. RIAs are investment advisers with over $110 million in assets under management (AUM) and are registered with the U.S. Securities and Exchange Commission (SEC). ERAs are investment advisers that either advise only private funds with less than $150 million in AUM or advise only VC funds. ERAs are exempt from SEC registration.
Dunlap: How does the expansion of the definition of “financial institution” within the BSA impact PE fund managers and VC funds that are classified as RIAs or ERAs?
Comisky: Most PE fund managers and VC funds will soon be required to have in place an AML/BSA program very similar to that of financial institutions, which was not a requirement before the rule changes. For applicable fund managers and firms, requirements will include:
- Establish a risk-based AML/Counter-Terrorist Financing (CTF) program.
- Designate an individual responsible for implementing and monitoring the AML/CTF program and its internal controls, referred to as the Money Laundering Reporting Officer, or MLRO.
- Implement risk-based procedures for conducting ongoing customer due diligence, including understanding the nature and purpose of customer relationships for the purpose of developing a risk profile and conducting ongoing monitoring to identify and report suspicious transactions on a risk basis and to update customer information.
- Perform or engage an independent advisor to perform independent testing of the firm’s AML/CTF program for compliance with all applicable regulations.
At this time, FinCEN is not yet mandating what will be updated customer due diligence requirements for full customer/investor bases for RIAs and ERAs, as is required for banks and other financial institutions, but this does appear to be on the horizon for future BSA updates.
Dunlap: What is your advice for firms that meet the criteria you described and will soon be mandated to have in place an AML/BSA compliance program?
Comisky: Start procedures now, not close to the effective date in January 2026, to comply with the rules. Firms should have in place compliant processes well before then. From my experience, due to the requirements of their banks, investors, and other stakeholders, many PE fund managers and VC firms already have one or more of the core elements needed for an effective AML/BSA compliance program. However, I would recommend having an independent adviser review your program and identify any potential gaps that need to be filled. Where I think most firms may be lacking is the independent review requirement as many firms had no need for an independent testing function before this rule change. Another element that is uncommon is having in place a mechanism for the ongoing due diligence of investors. CCOs or their advisers should look into these areas sooner rather than later.
Dunlap: Thank you so much, Mr. Comisky, for your expertise and guidance. I know Fox Rothchild has been advising financial services clients on issues such as these for decades, and I appreciate your expertise.
CBIZ regularly works with PE fund management firms and VC funds of all sizes, organizational complexity, and geographical reach. We are perfectly placed to act as a trusted partner for strategic, financial, or compliance advisory services for PE and VC. RAS is a one-stop shop for all FCC advisory services with professionals who possess deep expertise in financial crimes and have even served as MLROs and Heads of Financial Crimes Compliance for financial institutions and other global financial services firms. Core service offerings of RAS FCC Services include:
For more information on RAS FCC Services, please connect with Guler Wiefling, Benjamin Dunlap, Kyle Konopasek, or Michael Gallagher.
© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.
“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.