SEC actions signal warning to investment advisers over-promising on AML

Earlier this month, the US Securities and Exchange Commission (SEC) charged a registered investment adviser (RIA) with willfully violating Section 206(4) of the Investment Advisers Act of 1940 by making misrepresentations about its anti-money laundering (AML) procedures and for related compliance failures.

Notably, the RIA is not yet legally required to have an AML program. A final rule from the Financial Crimes Enforcement Network that will classify most RIAs as “financial institutions” subject to the Bank Secrecy Act (BSA) does not go into effect until January 1, 2026 (IA AML Rule).

These charges, announced on January 14, 2025, come after the SEC announced eight similar AML-related enforcement actions in the last seven months – including three in the last three weeks alone.

Combatting money laundering is an SEC enforcement focus that has endured regardless of the composition of the SEC, and we expect that the SEC will continue to enforce AML-related laws and regulations under Paul Atkins, who was recently nominated to serve as SEC Chair. During his previous service as SEC Commissioner, Atkins helped to implement the AML provisions of the USA PATRIOT Act, working in conjunction with the Financial Crimes Enforcement Network and other bureaus of the Treasury Department, and he is unlikely to reverse course.

The SEC action

According to its order instituting cease-and-desist proceedings, the SEC found that the RIA, Navy Capital Green Management, LLC (NCGM), made misrepresentations to private fund investors in its offering materials. Specifically, the SEC alleged that NCGM represented that it had conducted AML diligence into prospective investors and ongoing due diligence into existing investors, yet failed to actually do so in several instances. On one occasion, NCGM represented that it would not accept funds until it verified the beneficial owners of a prospective investor. Despite that representation, NCGM ultimately accepted the investments without verifying the identities of the investors’ beneficial owners.

Additionally, although NCGM is not yet subject to the BSA, the primary US AML statute, NCGM’s AML manual required employees to comply with specified due diligence policies and procedures, including identifying red flags and other suspicious activity. Employees did not, however, comply with these procedures, even where high-risk factors associated with money laundering were present. The SEC also found that, despite its representations to the contrary, NCGM failed several times to verify the identities of an investor’s beneficial owners (including those of an investor that was the majority owner of an adviser-affiliated fund).

Why RIAs and others should pay attention

The NCGM enforcement action is notable in part because RIAs are not required to have an AML compliance program under the BSA until January 1, 2026. In this case, however, the SEC found that NCGM failed to follow its own voluntary AML policy and misrepresented its AML diligence to investors. The fact that the SEC brought charges against an RIA prior to the IA AML Rule’s effective date, which stemmed from alleged misrepresentations to investors in the private offering of securities, signals that the SEC will continue taking a strong approach to AML enforcement. As the new presidential administration has emphasized national security and anti-terrorism initiatives, AML and countering the financing of terrorism (CFT) measures will likely remain in focus.

Indeed, the January 14, 2025 charges follow a trend of AML-related SEC enforcement actions. Since July 2024, the SEC has announced and settled charges against at least nine firms for alleged AML-related violations, resulting in over $100 million in civil penalties and other sanctions. Taken together, these enforcement actions reveal the SEC’s deliberate and sustained approach to policing the AML space leading up to the IA AML Rule’s January 1, 2026 effective date. The enforcement actions have involved firms ranging in size and sophistication and have related to a variety of AML compliance failures, including failures to file suspicious activity reports (SARs); failures to file accurate, timely, and helpful SARS with sufficient information; failures to perform effective customer identification procedures and customer due diligence; and making misleading or false disclosures about AML programs themselves. The remedies imposed by the SEC have also varied and have included the imposition of independent compliance consultants to assist in remedying deficient practices.

The SEC’s trend of AML enforcement actions should serve to remind RIAs (as well as certain exempt reporting advisers) of the upcoming compliance deadline of the new IA AML Rule. Read more about the IA AML Rule in our previous alert, “National security risks headline new AML requirement for investment advisers – and more to come?” Other businesses subject to AML requirements should also pay attention to potential issues that could lead to regulatory scrutiny and enforcement.

What can RIAs take away from this action?

RIAs are encouraged to:

• Review marketing materials and disclosure documents (such as offering memoranda, due diligence questionnaires, and subscription agreements) to confirm that any statements regarding the company’s AML procedures and/or compliance program align with current practices, policies, and procedures.


• Conduct a risk assessment and evaluate their existing AML program to make sure that it appropriately addresses the risks facing their business. If an RIA does not have an existing AML program, they are encouraged to begin developing one based on what will be required under the BSA and IA AML Rule.


• Assess their investor onboarding materials and consider whether updates should be made to subscription materials and disclosures checklists, among others, ahead of the IA AML Rule’s January 1, 2026 effective date.


• Review agreements with third-party providers of AML due diligence products and services. Instead of accepting an AML service provider’s off-the-shelf products, the adviser will need to ensure the service provider tailors its services to align with the adviser’s internal compliance requirements. Advisers that plan to use a third-party AML service provider to conduct their due diligence should start discussing the IA AML Rule with their service provider.


• Start incorporating training on AML compliance (including, but not limited to, customer due diligence, risk assessments, and suspicious activity reporting) into employee compliance trainings.

For more information

If you have any questions about this action or developing a risk-based AML program, please contact the authors, your DLA Piper relationship attorney, or any member of DLA Piper’s White Collar, National Security and Global Trade, or Investment Funds practices.