In the evolving landscape of global finance, investment management firms occupy a uniquely exposed position when it comes to financial crime risks. As key players in mobilizing capital across borders, sectors, and financial instruments, these firms are both attractive targets for illicit actors and critical gatekeepers in the fight against money laundering and terrorism financing. 

With increasingly sophisticated methods being used to obscure the origin of illicit funds, ranging from the use of shell companies to complex cross-border structures, regulatory scrutiny of these firms has intensified. This paper examines the unique vulnerabilities of the investment sector, the primary compliance challenges faced by firms, and the regulatory expectations that shape the industry’s AML/KYC landscape. Drawing on real-world cases, supervisory findings, and EU directives, it underscores the urgent need for robust internal controls, business-wide risk assessments, and an integrated culture of compliance.

This article is written by Kristi Rutgers ([email protected]) and Herman Annink ([email protected]). Kristi and Herman are part of RSM Netherlands Business Consulting Services, specifically focusing on International Trade and Strategy.  

Why Investment Management Firms Are at Risk

Investment management firms operate in a highly dynamic and complex environment, which inherently makes them vulnerable to money laundering and other financial crimes. The nature of their services -managing large volumes of capital, interacting with global markets, and utilizing complex financial instruments- presents unique risks that demand compliance with Anti-Money Laundering (AML) standards.

The investment sector is particularly exposed due to the sheer volume and complexity of its transactions. Whether managing mutual funds, hedge funds, or private equity vehicles, these firms process significant sums that can easily conceal illicit funds if not adequately monitored. Moreover, their cross-border operations often involve jurisdictions with differing regulatory frameworks, creating gaps that criminals can exploit. The use of financial structures, such as shell companies or offshore accounts, further compounds the risk by masking the true identity and intentions of investors. Both investment accounts and shell companies are commonly used tools for laundering money, making it appear as though illicit funds are the result of legitimate business activities.

Complicating matters is the anonymity afforded by specific investment instruments, such as private equity or cryptocurrency-related assets, which can be used to obscure the source of funds. Investments in these instruments can be channelled through multiple intermediaries or pooled vehicles, allowing for complex layering of transactions. Combined with the pressure to deliver strong financial returns, firms might inadvertently overlook suspicious activities in pursuit of profitable opportunities. This environment necessitates robust internal controls and a culture of compliance to prevent becoming unwitting facilitators of money laundering.

A significant issue lies in the inconsistent application of due diligence. In some cases, firms may perform only basic checks at onboarding, neglecting to update client information or monitor ongoing behavior. The involvement of third-party intermediaries, such as brokers, agents, or financial advisors, adds another layer of complexity. Without sufficient oversight, these actors can introduce substantial risk into the transaction lifecycle. Regulatory gaps also exist in jurisdictions where AML requirements are not uniformly enforced, allowing sophisticated actors to exploit loopholes across borders.

Due diligence on and oversight of delegates is equally essential. Professionals often fail to perform risk-based due diligence measures, leading to gaps in the understanding of potential exposure from delegates. There is also a persistent deficiency in properly analyzing investment fund assets and ensuring appropriate sanctions screening. Weaknesses like delayed periodic reviews, insufficient data collection on source of funds and wealth, and poor documentation standards continue to be noted by regulators.

Regulators continue to highlight significant shortcomings in the name-matching processes used for financial sanctions screening. Delays in updating sanction lists, failure to conduct timely and ongoing screening, and poor alert management have been widely observed. In some cases, the use of third-party providers outside the EU has resulted in incomplete coverage of EU sanctions, particularly for jurisdictions such as Luxembourg. These failures create vulnerabilities that must be urgently addressed, especially in today’s geopolitical environment.

The importance of conducting a comprehensive business-wide AML/CTF risk assessment cannot be overstated. Many professionals still struggle to account for the risks posed by their delegates and third-party service providers. Risk assessments must be thorough, continuously updated, and aligned with internal developments and external changes such as new legislation or geopolitical events.

Regulators expect professionals to evaluate the risks stemming from all delegates and to apply proper oversight. This includes implementing structured oversight frameworks, key AML/CTF indicators, on-site visits, and periodic sampling of activities. The CSSF has consistently emphasized this area as a point of concern, particularly regarding the oversight of high-risk or lightly regulated managers.

Despite the clear requirement to report suspicious transactions to Financial Intelligence Units (FIUs) promptly, a significant gap remains in practice. Delayed or missed reporting undermines the entire AML framework and hampers law enforcement efforts. Professionals must treat cooperation with the FIU as a core obligation and ensure that internal protocols guarantee swift and accurate reporting of red flags.

Regulatory scrutiny is increasing, especially regarding the role of Politically Exposed Persons (PEPs) and high-net-worth individuals. These clients often require enhanced due diligence given their potential exposure to corruption or illicit activities. Additionally, risk profiling has become central to effective KYC, as it allows firms to tailor monitoring efforts based on a client’s behavior, transaction patterns, and financial background. High-risk clients may require more frequent checks and detailed documentation to ensure compliance. Risk profiling helps identify irregular spending habits, unusual transaction frequencies, and complex investment strategies that deviate from expected norms.

Real-world cases underscore these vulnerabilities. A leaked FBI memo, for instance, revealed how small investment funds in the U.S. were used to launder over $400 million derived from a cryptocurrency Ponzi scheme. These funds obscured illicit proceeds by routing them through multiple accounts and presenting them as legitimate investments from wealthy European families. The fraud was facilitated by a network of shell companies and cross-fund transactions, effectively concealing the origin of the funds. Similar cases have surfaced in Europe, with Dutch investment institutions implicated in laundering money through offshore betting companies linked to organized crime networks such as the ‘Ndrangheta.

Regulatory Responses in the EU and the Netherlands

The European framework, especially through the Alternative Investment Fund Managers Directive (AIFMD), seeks to mitigate these risks by imposing compliance requirements on fund managers. The directive was introduced in the aftermath of the 2008 financial crisis to address the systemic risks posed by unregulated investment institutions. However, gaps remain, particularly for “light regime” managers who fall under reduced supervision due to the scale of their operations. In the Netherlands, some managers of Alternative Investment Funds (AIFs) operate under a registration regime, resulting in reduced oversight. This regulatory gap increases the potential for abuse, particularly when linked to high-risk investments such as cryptocurrencies and cross-border financial instruments.

Dutch authorities, including the AFM, are actively working to identify and mitigate such risks through collaborative investigations and regulatory initiatives such as the Financial Expertise Center (FEC). Projects under the FEC aim to analyze money laundering risks specific to investment firms and generate actionable insights based on real-life case studies. These efforts reflect a growing recognition that money laundering through investment funds is not just a theoretical risk but a present and evolving challenge.

The international nature of investment firms further complicates oversight. Not only do Dutch institutions attract foreign investors, but they also make cross-border investments that may expose them to jurisdictions with weak AML controls. Investigations into Dutch investments in gambling companies operating abroad -later found to be connected to money laundering networks- highlight the urgent need for rigorous due diligence in all stages of the investment lifecycle. The Dutch National Risk Assessment has already identified money laundering through investment firms as a future-oriented threat.

Forward Looking

The global scope of investment firms and the constantly evolving tactics of financial criminals make AML and KYC vigilance indispensable. Ensuring robust compliance not only meets regulatory obligations but also protects firms from reputational and economic damage. As regulatory landscapes tighten, particularly in light of growing cross-border threats, investment companies must prioritize a culture of ethical conduct, continuous monitoring, and transparent operations. Strengthening cooperation with domestic and international regulatory bodies and embedding compliance into every layer of operation are key strategies for staying ahead of the curve and securing the integrity of the investment sector.

RSM is a thought leader in the field of Strategy and International Trade consulting. We provide frequent insights through training and the sharing of thought leadership, based on a detailed understanding of industry developments and practical applications gained from working closely with our customers. For more information, please contact one of our consultants.