AML/CFT Rules Delayed to 2028: Why Pausing Strategic Financial Planning is a Fatal Mistake
Published: 2026-05-09 • Estimated reading time: 9 min
The SEC just handed you a gift. At least, that’s what it looks like. They’ve punted the new, more stringent Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) rules for certain investment advisers all the way to 2028. I can hear the collective sigh of relief from boardrooms across the country. Consultants are being put on hold, budget lines are being reallocated, and founders are turning their attention to what they believe are more pressing matters.
This is a colossal mistake. A trap, baited with the illusion of time.
My team at Greenwood Business Consultants sees this pattern constantly: a regulatory delay is misinterpreted as a cancellation. But what’s really happening is that the regulators are reloading. They’ve giving themselves time to gather intelligence, watch how firms behave in the interim, and sharpen the teeth of their enforcement divisions. Pausing your compliance evolution now isn’t just kicking the can down the road; it’s kicking it directly into a minefield. The most critical work in your company’s strategic financial planning isn’t about navigating the rules of 2028, but about surviving the scrutiny of today.
The 2028 Mirage: Understanding the SEC's Delay Tactics
The SEC’s delay of the AML/CFT rules until 2028 is a strategic pause for them, not a holiday for you; it’s designed to gather more data and refine enforcement strategies. This isn't an act of mercy. It’s a calculated move. Regulatory bodies like the SEC and FinCEN are grappling with a rapidly changing landscape of financial crime, one that’s increasingly digital and decentralized. Pushing the deadline allows them to align the new rules with other massive undertakings, like the full implementation of the Corporate Transparency Act and its beneficial ownership registry, as detailed by FinCEN.
They are essentially letting the market show its hand. By observing how firms operate without an explicit new mandate, they can identify the bad actors and the lazy ones. They can see which firms treat compliance as a core tenet of their corporate governance and which ones see it as a line item to be minimized. When 2028 does roll around, the enforcement actions won’t just be about the new rules; they’ll be about the patterns of behavior established in the years prior. They are building the case files of tomorrow, today.
The Compounding Cost of Deferred Compliance Debt
Deferring compliance work creates a form of “technical debt” that accrues interest in the form of increased risk, higher future implementation costs, and potential regulatory penalties. Think of it like skipping essential maintenance on a factory machine. Sure, you save a little money and time this quarter. But when the machine inevitably breaks down, the cost of repair, lost production, and reputational damage is exponentially higher than the initial maintenance would have been. According to a report highlighted by Compliance & Risks, the average cost of non-compliance can be more than 2.7 times the cost of maintaining compliance.
Every day you operate without robust internal controls and transaction monitoring systems, you accumulate this debt. Your client data gets messier, your ad-hoc processes become entrenched, and your team’s muscle memory for diligence atrophies. When the 2028 deadline looms, the task won’t be a simple upgrade; it will be a painful, expensive, and chaotic overhaul rushed under the threat of fines. This panicked spending is the antithesis of sound strategic financial planning.
How Regulators Will Scrutinize the ‘Interim’ Period
Regulators will judge your company's actions during this delay period as a measure of your corporate governance and “good faith” intent, using existing rules and exam priorities as a proxy for AML/CFT readiness. The SEC isn’t just going dark until 2028. Their examination priorities, like the ones detailed in their 2026 release, consistently emphasize enterprise risk management and fiduciary duties. Examiners will absolutely use these existing hooks to question your firm’s approach to mitigating financial crime risk, even without the new, specific AML rule in place.
They’ll be asking questions like:
How is your
board oversightstructured to address potential financial crime risk?What steps have you taken to understand your customer base and the source of their funds?
How does your current
risk mitigationframework account for the types of illicit activities the new rules are designed to prevent?
Answering “we were waiting for 2028” is not just a bad answer; it’s an admission of negligent governance. The global fight against financial crime is relentless, with an estimated $2 trillion laundered annually according to the Nasdaq Verafin Global Financial Crime Report. Regulators expect you to be a proactive partner in that fight, not a passive bystander.
Here’s a look at how they’ll view your approach:
Building an Agile AML Framework for Effective Strategic Financial Planning
An agile compliance framework can be built incrementally by focusing on foundational elements like risk assessment, internal controls, and leveraging fractional compliance experts, avoiding a massive capital outlay. You don’t need to hire a 20-person compliance department tomorrow. Smart operational readiness is about taking methodical, high-impact steps that build a defensible program over time.
Start with a Real-World Risk Assessment
Your first step is to understand where your specific legal exposure lies. A practical AML risk assessment isn't a theoretical exercise; it’s a deep dive into your actual clients, products, and geographies. It forms the bedrock of a risk-based approach, which is the gold standard for all regulatory bodies from the FDIC to FINRA. This assessment will guide every subsequent decision and prove to regulators that your actions are deliberate, not arbitrary.
Leverage Fractional and Outsourced Expertise
For a growing company, hiring a full-time Chief Compliance Officer with deep AML expertise can be prohibitively expensive. This is where the model of fractional compliance experts becomes a strategic advantage. You get access to top-tier talent and experience for a fraction of the cost, allowing you to build out your policies, procedures, and training programs with expert guidance. It’s the most efficient way to raise your compliance IQ without blowing your budget.
Implement Scalable Transaction Monitoring
Don’t wait to boil the ocean. Start with a system of internal controls and monitoring focused on your highest-risk activities. Modern compliance technology is often modular. You can begin with a foundational Know-Your-Customer (KYC) and Customer Due Diligence (CDD) platform and add more sophisticated transaction monitoring layers as your business grows or the regulatory environment solidifies. The key is to start collecting and analyzing the data now.
Why Proactive Governance is a Valuation Multiplier
Demonstrating a robust, forward-looking compliance and governance structure significantly de-risks the business in the eyes of investors and acquirers, directly increasing your company's valuation multiple. I’ve sat in on enough due diligence meetings to tell you that a weak compliance posture is one of the fastest ways to kill a deal or get a haircut on your valuation. As research from firms like AlixPartners has shown, compliance readiness at exit is a critical factor in defending value. For companies with weak controls, 42% experienced a negative financial impact at closing.
When a potential investor or buyer sees that you’ve thoughtfully built a compliance framework ahead of a mandate, it sends a powerful signal. It says you are a low-risk, high-quality asset. It proves you have sophisticated board oversight and a culture that respects the rule of law. It demonstrates that your strategic financial planning is mature and forward-looking. This “governance premium” is very real. It can be the difference between a good exit and a great one.
The choice is yours. You can treat the 2028 delay as a vacation and hope for the best, or you can use this time as the strategic gift it truly is: a chance to build a resilient, high-value enterprise on your own terms, not on a panicked timeline dictated by regulators. Don’t just prepare for the future. Build a future that acquirers and investors will pay a premium for.
Frequently Asked Questions about the AML/CFT Delay and Strategic Financial Planning
What are the real-world implications of the SEC delaying new AML/CFT rules?
The primary implication is that regulators will use the interim period to conduct surveillance and gather data, scrutinizing firms under existing regulations like fiduciary duty and general anti-fraud statutes. It creates a high-risk environment for firms that choose to do nothing, as they may be building a track record of negligence that will be used against them when the new rules eventually become effective.
Why should we invest in compliance now if the rules are delayed until 2028?
Investing now turns compliance from a panicked, expensive project into a manageable, incremental process. It builds a “compliance asset” that reduces fiduciary risk, improves operational efficiency, and makes your company more attractive to investors and potential acquirers. The cost of retrofitting a compliance framework in 2027 will be far higher than the cost of building it thoughtfully over the next few years.
How does this regulatory uncertainty affect our company's strategic financial planning?
Regulatory uncertainty should compel you to build a more resilient and agile organization. In strategic financial planning, this means allocating a consistent, predictable budget for foundational compliance and risk management rather than facing a massive, unpredictable capital expenditure later. It also means incorporating audit readiness and strong governance into your core business valuation thesis, treating them as drivers of enterprise value, not just as cost centers.
