This March, our Quest CE team had the opportunity to exhibit at the Investment Adviser Association (IAA) 2025 Conference. Between connecting with compliance professionals at our booth and attending packed sessions, we gathered valuable insights worth sharing with our community. Here are our key takeaways from some of the most impactful sessions we attended.

FinCEN’s New AML Rule

One of the most attended breakout sessions focused on unpacking the implications of FinCEN’s final rule published on September 4, 2024. The session provided a deep dive into these comprehensive Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) requirements that will significantly impact the industry. This landmark regulation affects SEC-registered investment advisers and exempt reporting advisers who have voluntarily registered with the SEC. Firms have until January 1, 2026 to achieve full compliance with these new requirements.

As a compliance professional, here’s what you should be prioritizing to ensure your investment advisers meet these new obligations:

1. Secure Executive Buy-In: Begin educating your leadership team about the scope and impact of these requirements. Board-level approval of your AML/CFT program is mandatory, so establishing this channel early is critical.

2. Develop Risk Assessment Protocols: Create methodologies to evaluate your client base for money laundering risks. This means identifying high-risk client categories, geographic considerations, and transaction types specific to your business model.

3. Establish Clear Suspicious Activity Procedures: Design step-by-step procedures for identifying, escalating, and reporting suspicious activities.

4. Create Information Request Response Workflows: Develop protocols for how your firm will respond to information requests from authorities regarding suspected criminal activity, including designated personnel and documentation requirements.

5. Build Practical Training Programs: Develop role-specific training that focuses on the actual scenarios your staff might encounter rather than generic compliance education.

The significance of this regulatory shift cannot be overstated. For many investment advisers, these AML/CFT requirements represent uncharted compliance territory, with the SEC now poised to scrutinize firms’ adherence to these new standards.

Electronic Communications: Navigating the Digital Compliance Minefield

The conference also highlighted the increasingly complex realm of electronic communications compliance, where regulatory scrutiny continues to intensify. Speakers noted that regulatory agencies have imposed $2 billion in total fines related to communications violations, with these penalty amounts ultimately paid to the U.S. Treasury.

Implementation Approaches

Firms are primarily adopting two strategies:

     1. Integrated Software Solutions

  • Applications installable on platforms like Zoom
  • Separate work phone numbers
  • Comprehensive usage reporting
  • On-device/application record-keeping capabilities

    2. Dedicated Work Devices

  • Company-issued phones for work communications
  • Verifiable monitoring mechanisms
  • Thorough documentation of monitoring processes, particularly for non-client-facing positions

Persistent Compliance Challenges

Compliance professionals face significant hurdles in electronic communications oversight. Perhaps most fundamental is the struggle to measure program effectiveness, compounded by a scarcity of authoritative guidance for establishing monitoring best practices. This uncertainty is exacerbated by the overwhelming volume of false positives generated by current monitoring technologies, creating resource strain without clear standards for appropriate review processes.

For many firms, the most vexing challenge remains the personal device dilemma, with SEC representatives acknowledging the inherent difficulties in accessing work-related communications on employees’ personal devices.

Emerging Trends and Considerations

The conference revealed several evolving aspects of communications compliance:

  • Generational Shifts: Younger professionals increasingly prefer text-based communication over traditional phone calls
  • Emoji Monitoring: The necessity of including emojis in surveillance programs, despite implementation difficulties and increased false positives
  • Tailored Training: The critical importance of customizing training to align with firm-specific policies

As electronic communications technology continues to evolve, teams will need to remain adaptable in their approach to compliance. The most successful firms will be those that balance regulatory requirements with practical implementation strategies while accommodating changing communication preferences across their organizations.

Technology Evolution: AI and Cybersecurity Landscape

The IAA conference also delivered valuable insights on two technology-driven areas impacting investment advisers: artificial intelligence applications and evolving cybersecurity threats. Both topics underscore the need for compliance teams to develop expertise beyond traditional regulatory domains.

AI in Investment Management: Opportunity and Oversight

AI adoption continues to accelerate across investment management functions, with applications ranging from portfolio construction to risk assessment and client service enhancement. Conference speakers noted that while machine learning algorithms offer powerful market analysis capabilities, they also introduce new compliance considerations that firms must address.

The SEC is maintaining scrutiny of AI implementation in financial services, with a particular focus on transparency, accountability, and algorithmic bias. Firms leveraging AI technologies must ensure these systems operate within existing regulatory frameworks and uphold fiduciary responsibilities.

Data quality emerged as a critical foundation for effective AI implementation, with speakers emphasizing that even sophisticated algorithms produce questionable outputs when trained on incomplete or biased datasets. This represents both a technical and compliance challenge, requiring cross-departmental collaboration between investment, technology, and compliance teams.

Cybersecurity: Evolving Threats and Regulatory Response

Cybersecurity discussions revealed increasingly sophisticated attack vectors targeting firms, with ransomware and phishing attempts specifically engineered for financial services professionals and firms. The distributed work environment has expanded the potential attack surface, creating vulnerabilities that require comprehensive mitigation strategies.

Presenters outlined a multi-layered approach to cybersecurity risk management that compliance professionals should consider implementing:

  1. Formal risk assessment methodologies that identify and prioritize firm-specific vulnerabilities
  2. Advanced threat detection systems complemented by encryption and multi-factor authentication
  3. Comprehensive training programs that address the human element of cybersecurity
  4. Incident response protocols that include communication strategies and regulatory reporting procedures

The consensus among cybersecurity experts was that while technology solutions are essential, human awareness and responsive governance structures remain equally critical components of an effective security program.

Staying Ahead in an Evolving Compliance Landscape

The 2025 IAA Conference highlighted how rapidly the compliance landscape is evolving across multiple fronts. From the implementation of FinCEN’s new AML requirements to the challenges of electronic communications monitoring, compliance teams face a complex regulatory environment that requires vigilance and adaptation. Successful firms will be those that recognize these interconnected challenges and develop integrated compliance approaches that address multiple regulatory priorities efficiently.

As these regulatory developments continue to reshape the compliance landscape, Quest CE remains committed to providing the training, technology, and expertise compliance teams need to navigate these challenges successfully.

For more information on how Quest CE can support your firm’s compliance, please contact our team here or visit our full training catalogs, click here.