What changed
FACT: FinCEN finalized a rule (published 2026-01-02, FR 2025-24184) delaying the Investment Adviser AML/CFT Program + SAR Filing Rule's effective date from 1/1/2026 to 1/1/2028. The mandate itself is intact — only the clock moved. HYPOTHESIS: the two-year delay cooled the near-term vendor market, leaving a quieter field.
Why now
FACT: the obligation is now dated 1/1/2028 in a FINAL rule, so the deadline is near-certain rather than proposed. INFERENCE: an 18–24 month pre-build window exists before firms must have a written program, risk assessment, and SAR capability — long enough to build and pre-sell, short enough that serious firms will start budgeting in 2027.
Converging signals
FACT: a regulation (IA AML Rule), a defined forced-filer class (all SEC-registered RIAs and exempt reporting advisers), and a federal submission channel (FinCEN BSA E-Filing for SARs) meet at one date. RISK: a separate FinCEN proposed rule (FR 2026-07033, 2026-04-10) proposes to 'fundamentally reform' AML/CFT program requirements — the program's required contents could shift before 2028.
Customer pain
HYPOTHESIS (not evidenced in input): small/mid RIAs and ERAs lack bank-grade compliance stacks and in-house BSA officers; standing up a from-scratch AML program, risk assessment, and SAR process is unfamiliar and expensive. No complaint/hiring evidence was provided — pain is inferred from the mandate's scope, not observed.
Who pays
Small/mid RIAs and ERAs without existing AML infrastructure; more likely the boutique compliance consultants and outsourced-CCO firms who serve dozens of advisers and want a white-label kit to resell.
Solved today
Large firms use bank-grade AML vendors (ComplyAdvantage, Actimize) or big compliance consultancies. Small advisers today have no obligation yet, so most have done nothing; those preparing buy templates from compliance consultants or ACA/COMPLY-type firms.
Why current solutions are bad
Bank-grade tools are overbuilt and overpriced for a 3-person RIA; generic AML templates aren't adviser-specific (no adviser risk taxonomy, no ERA carve-outs). But 'bad' here is partly that the deadline is 18+ months out, so urgency is low today.
Proposed product
A packaged, adviser-tailored kit: (1) written AML/CFT program template mapped to the IA AML Rule, (2) a firm risk-assessment generator (questionnaire → documented risk assessment), (3) a lightweight SAR decision + drafting workflow that outputs a filing-ready package for BSA E-Filing. Sold direct as micro-SaaS/document product and white-labeled to consultants.
MVP version
A guided web app: firm answers a structured questionnaire → generates a firm-specific written AML program + risk assessment PDF/DOCX, plus a SAR draft template and filing checklist. No live portal integration needed at MVP — SAR is filed by the firm through BSA E-Filing.
30-day build
Read the final rule + FinCEN adviser FAQs closely; draft the adviser-specific program template and risk taxonomy with a compliance-consultant advisor; build the questionnaire→document generator. Interview 8–10 outsourced-CCO/consulting firms to validate the white-label angle and willingness to pay.
60-day build
Ship the generator + SAR workflow; sign 2–3 consultants to a white-label/reseller pilot; publish '2028 IA AML readiness' content to rank on the exact search terms advisers will use.
90-day revenue plan
Convert pilots to paid: annual per-firm subscription sold via consultants, plus direct sales to advisers who found the content. Realistic first revenue is a slow ramp because the deadline is 2028 — expect early adopters and consultants, not a rush.
Distribution path
Content/SEO on 'investment adviser AML rule 2028', partnerships with outsourced-CCO firms and compliance consultants (channel), IAA/state-IAA and RIA-focused newsletters and LinkedIn.
Pricing hypothesis
Direct: $600–$1,500/yr per firm (program + updates + SAR workflow). White-label: $2,000–$8,000/yr per consultant for a multi-client license, or per-client seat.
Technical difficulty
Low–moderate. Document generation from a questionnaire is easy; the hard part is domain accuracy of the program/risk content, which requires a knowledgeable compliance collaborator, not engineering.
Legal / regulatory risk
Moderate: the product produces compliance documents; must avoid unauthorized practice of law and disclaim that firms remain responsible. Content must be updated if the 2026 AML/CFT reform proposal changes program requirements before 2028.
Platform dependency
Low. SAR filing goes to a government system (BSA E-Filing) — no private platform can deplatform it. No app-store approval risk.
Founder fit
Strong on the forced-filer/regulatory-mandate shape the founder has shipped before (FMCSA ELDT). Weaker than his FMCSA edge on two counts: this is a document/advisory product more than a per-filing portal-submission automation, and the domain (securities AML) is outside his industrial/public-records core, so he needs a compliance collaborator.
Breakout potential
Moderate. If the kit becomes the default adviser-AML program among outsourced CCOs before 2028, it captures a recurring per-firm base with an annual update treadmill (rule changes = renewals). Ceiling is capped by market size (thousands, not millions, of small RIAs) and by established compliance vendors moving down-market.
Final recommendation
WATCH / conditional build. The forced-buyer structure and cleared field are attractive and fundable, but the 2028 horizon plus a live reform proposal that could rewrite requirements make this a stage-and-monitor play, not a build-now sprint. Proceed only if a compliance-consultant partner co-signs the content and pre-commits as a white-label channel; otherwise set a trigger to revisit when FinCEN issues adviser exam/FAQ guidance referencing the 2028 date.
Next action
Contact 8–10 outsourced-CCO/compliance-consulting firms this month to test white-label demand and pricing; in parallel, read FR 2026-07033 to gauge how much of the program requirement is at risk of change before committing to template content.