If you want to understand where compliance is headed, follow the crowd to Washington, D.C. – or more specifically, to the IAA Compliance Conference at the Marriott Marquis. In 2025, it wasn’t just a meeting of the minds; it was the epicenter of regulatory insights, AI debates, vendor management war stories, and more acronyms than should legally be allowed in one ballroom.

With topics ranging from the fast-evolving role of AI to the complexities of vendor oversight and the looming implementation of the AML rule, the agenda was as packed as the conference halls. It was clear: firms across the industry are working within an increasingly complex landscape, so they constantly have to keep looking for smart, scalable solutions to stay ahead.
 

IAA Compliance Conference: Key Insights

 
As always, the Smartria team was there to listen, learn, and contribute to the conversation. Below, we’ve distilled our biggest takeaways from the conference: from shifting expectations around anti-money laundering to emerging best practices in AI and the ongoing challenge of vendor management. These are the key themes we’re bringing home and why they’ll shape how RIAs manage risk, regulation, and operations in the months to come. 

AML: Preparation Over Prediction

The upcoming AML rule for RIAs, proposed by FinCEN, was one of the most discussed topics of the conference. Under the current proposal, RIAs would be required to:

• Implement AML programs based on their specific risk profile 
• File Suspicious Activity Reports (SARs) 
• Comply with enhanced customer due diligence requirements 
• Prepare for a joint SEC/FinCEN Customer Identification Program (CIP) rule 

Some attendees expressed skepticism about the 2026 timeline, given broader regulatory delays—but panelists and regulators alike signaled that firms shouldn’t count on extensions. FinCEN has been vocal about its expectations, and enforcement pressure is likely to increase once the rule is finalized.

The takeaway? Whether or not implementation is delayed, starting now will save time, stress, and regulatory exposure later. 

AI: Useful, But Under Review

Artificial intelligence was another major theme, particularly generative AI tools like ChatGPT. During a live poll, more than half of attendees said their firms had experimented with AI tools. But usage was largely informal and focused on low-risk tasks, such as:

• Rewriting internal communications 
• Transcribing meeting notes 
• Generating first draft content for internal use 

Panelists were clear: firms need to put formal AI usage policies in place. That means defining which tools are permitted, how they’re monitored, and where human review is required. Several experts likened AI to any other third-party tool: if it’s part of your workflow, it needs to be governed.

The SEC hasn’t issued specific AI compliance guidance yet, so until they do, firms are expected to apply existing controls—around data privacy, oversight, and documentation—to any AI use. 

Vendor Oversight: Still a Compliance Challenge

Vendor oversight remains one of the most persistent and complex compliance challenges for RIAs. The message from the IAA conference was clear: third-party risk is an operational resilience issue, not just a compliance checkbox.

Firms are expected to:

• Embed vendor risk into business continuity planning 
• Conduct consistent due diligence and ongoing monitoring 
• Document contingency plans in case a key vendor fails

Many attendees expressed frustration around inconsistent documentation, unresponsive vendors (especially large ones), and a lack of clear industry standards. But none of these are excuses, according to the SEC. The responsibility lies with the firm to ensure oversight happens, even if vendors make it difficult.
 

What Should RIAs Do Next?

 
The three themes of the conference—AML, AI, and vendor oversight—share a common thread: regulators expect proactive engagement, not reactive fixes.

Here’s what your firm can do now:

• AML Readiness: Assume implementation and begin preparing risk-based programs
• Responsible AI Use: Don’t ignore it, but don’t rely on it without human oversight
• Vendor Management: Establish scalable systems for ongoing oversight and documentation 

In other words, regulators expect more structure, more documentation, and more foresight.
 

How Smartria Supports Compliance Teams

 
At Smartria, we build tools designed for the way compliance actually works. Our Data Governance Module helps firms:

• Track and manage vendor documentation and oversight 
• Prepare for AML readiness through task management and audit trails 
• Centralize governance activities into a single platform 

With scalable solutions and automation where it counts, we help RIA compliance teams stay organized, efficient, and audit-ready.
 

Final Thoughts

 
We truly enjoyed the IAA Compliance Conference. At the same time, it was a reminder that regulatory expectations are rising, but so are the tools and strategies available to meet them.

Whether it’s preparing for a new AML framework, managing third-party risk more effectively, or navigating the gray areas of AI, firms that act early will be better positioned for what’s ahead.