Investment advisers may soon have a new cybersecurity reporting requirement from a federal regulator. Anti-money laundering (“AML”) requirements have recently been interpreted to include cybersecurity suspicious activity reporting (“SAR”) requirements, so if AML obligations are extended to investment advisers, then these newly articulated cybersecurity reporting obligations will follow.

And AML obligations are on the horizon: On August 25, 2015, the US Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) proposed a regulation to add investment advisers who are registered with the SEC or required to be registered with the SEC under Section 203 of the Investment Advisers Act of 1940 (“Investment Advisers”) to the definition of “financial institution” in the Bank Secrecy Act (“BSA”) implementing regulations, and to require Investment Advisers to maintain AML programs and file suspicious activity reports (“SARs”) (“Proposed Rule”).1 If the Proposed Rule becomes effective, Investment Advisers will be required to abide by FinCEN’s rules and regulations and follow its guidance relating to AML. AML may also become a focus of SEC exams.