Skip to main content

Mitigating Regulatory Issues and Reputational Harm with AML Compliance

A number of laws, rules and regulations — some of them originating from the 1970 Bank Secrecy Act, and others from the 2001 USA Patriot Act — exist to prevent proceeds from criminal or illicit activities from being funneled into the financial system. By following these anti-money laundering (AML) guidelines, financial institutions and other entities, such as venture capital (VC) firms, can help the U.S. government identify, detect and deter instances of money laundering, while also protecting themselves from reputational and financial harm.

While the Bank Secrecy Act does not expressly require VC firms to have formal AML programs in place, adhering to AML best practices — like knowing who you're doing business with and that they’re not subject to sanctions — is essential for VC firms. 

  • Anti-money laundering best practices can help prevent regulatory issues and reputational harm for VC firms. 
  • An effective risk-based approach to anti-money laundering is grounded in five pillars. 
  • Foreign Limited Partnerships (LPs), crypto investments and fast-paced deal environments can heighten risks.

First Republic recently hosted a panel to discuss how VC firms can implement an effective risk-based approach to anti-money laundering. Read on for insights from these experts:

  • Suzanne Elovic, President of Parallel Markets
  • Annie Kong, Managing Director at IQ-EQ
  • Vince Timoney, Managing Director at First Republic Bank

“While technically the regulators are not going to knock on your door and ask to see your AML protocols, if and when they do identify an instance where you have done business with someone that you shouldn't, the fact that you weren't required to have an AML program is not going to in any way protect or absolve you from the strict liability of having done business with the wrong person or the wrong entity,” says Suzanne Elovic, President of Parallel Markets. 

Key AML concepts
Money laundering is the process of making illegally gained funds appear to come from a legitimate source.
OFAC stands for the Office of Foreign Asset Control. It is the administration enforcement arm of the U.S. Treasury, which enforces economic and trade sanctions. It maintains over 35 various sanctions lists with different foreign policy goals, either names, companies, vessels or different things that U.S. citizens and U.S. companies are prohibited from doing any business with.
Know Your Client (KYC) procedures are designed to ensure entities know who they're doing business with. They include any measures to identify and verify a customer's or investor's identity or understand the source of potential investment funds.  

Framework for an AML compliance program

Mitigating reputational damage due to money laundering issues requires a risk-based approach to AML. 

VC firms, like most businesses, have a requirement to make sure that they are compliant with the OFAC sanctions list. Beyond that, effective AML compliance requires understanding the level of risk attached to certain financial activities and applying controls based on those levels of risk. 

An effective risk-based approach is grounded in the five pillars of an AML program:

1. Policies and procedures

A boilerplate policy isn’t going to work for your firm's specific needs and structure. Firms need to create policies and procedures to address the unique levels of risk involved in various activities — such as accepting investments from new investors or investing in new companies. These policies and procedures should dictate which individuals are subject to various KYC diligence and AML reporting measures

2. Designation of a compliance officer 

While not all venture capital firms have a chief compliance officer (CCO), it is important for them to have an AML "czar" — someone who is senior enough in the organization to have a voice.

“I tend to see somebody on the finance team — perhaps a CFO, but more or less a senior member of the team — that is responsible for this [AML] area. Now, registered investment advisors are required to have a CCO. So that person is typically designated as the AML officer and person responsible for OFAC requirements by default," says Annie Kong, Managing Director at IQ-EQ. 

“The person responsible for your AML program has to decide whether or not to accept a particular customer or client, and that can obviously be a very difficult decision if that individual or that entity is wanting or willing to invest a sizable sum of money,” said Elovic. “You really need somebody who has the ear of the leadership of the firm and influence over that leadership and arguably even a leadership role himself or herself, because you very much want somebody who is going to be able to influence those decisions.”

3. Ongoing training of employees

AML is everyone’s responsibility. An effective program ensures that there is “ongoing training ensuring all of those employed at the firm understand their responsibilities and obligations under the broad policy that the firm is implementing,” says Vince Timoney, Managing Director at First Republic Bank.

4. Ongoing risk-based diligence

This is the pillar in which firms put their policies into action. Efforts may include undertaking KYC measures to identify and verify who you’re working with, conducting ongoing OFAC screenings to ensure you are not investing in or receiving investments from anyone on the sanctions list and screening for negative news mentions and inclusion on the Politically Exposed Persons (PEP) list, which describes individuals who may be more susceptible to being involved in bribery or corruption.

5. Continuous review of the policy

Depending on the firm and its exposure to risk, reviews and audits of the policy may be performed by an internal compliance officer, another party within the financial institution or a third party.

Common areas of risk for VCs

The exposure to AML risk is different for every firm, depending on their level of involvement with people or entities such as the following:

Foreign limited partnerships (LPs)

  • Risk: Determining beneficial ownership can be difficult with this group. “There's often less readily available information on foreign LPs,” says Timoney. “Oftentimes there are blocker entities in place, or perhaps they're aggregators, but understanding who the beneficial owners are and what the source of funds is has really only grown in importance, particularly given the macro political environment."
  • Best practice: Ask the tough questions. “Oftentimes relationships with LPs are very sensitive and we can be reluctant to upset those LPs by asking questions,” Timoney adds. “But those are important questions to have to ensure that you really are sure that the people and the source of funds you're working with are things that you want to be associated with.”


  • Risk: When founders go unchecked, things can go very wrong, very fast in the world of crypto. “In the pretty recent history, especially in the Web3/crypto space, there have been some investments in decentralized autonomous organizations and other projects that are totally anonymous and then it's just a great big rug pull and the money disappears,” said Elovic.
  • Best practice: Conduct due diligence on founders whose names you know. “Not only is it important to do because you may be dealing with somebody who's subject to sanctions, but just in terms of protecting your own investment, it's wise to run background checks and OFAC checks and things like that,” said Elovic. 

Fast-paced deal environment

  • Risk: Cutting corners on protocol to get a deal done quickly, or to accommodate a new investor, can come back to haunt a firm later. 
  • Best practice: Uniformly apply policy. “One of the things to really think about when you're talking about a risk-based approach is uniformity in that approach,” said Elovic. “I've seen firms get themselves into all kinds of trouble when they make exceptions to their own policy without really a rationale for why they're doing it.”

Tips for setting up a successful program

  • Understand existing processes. When Annie Kong’s team at IQ-EQ crafts an AML program for a client, they start by “getting to know each and every team that is involved at the firm, such as compliance, operations and finance and understanding what they're doing now and what the firm would like to do in the future: for example, future fundraises, types of investors, jurisdictions they want to market in. Then, we think through what we need to help them implement,” says Kong. “Having that rapport serves us well because when we're making recommendations and setting up a policy with the client, they're more likely to implement, and be happy to implement, something that is not disruptive to their overall workflow.”

  • Get buy-in from everybody, especially the senior members of the firm. To push the program forward, it needs to be advanced with support from the top.

  • Be proactive. Some investors may proactively ask funds whether or not any companies they’ve invested in have exposure to sanctioned people or are affected by Russia’s war on Ukraine. Venture funds need to think through these kinds of questions as they craft their policies, so that they can provide straightforward answers. 

  • Monitor the OFAC sanctions lists. It’s recommended to do OFAC checks at the start of investor subscription, then on an annual basis for all US-based investors. For foreign investors or other higher-risk ones, checks at least quarterly are an advisable best practice. Continuous, 24/7 monitoring is also available from providers like Parallel Markets. 

In conclusion: Avoid regulatory issues and reputational harm

Ultimately, by understanding who you’re doing business with and setting up a risk-based approach to AML, you can set your firm up for success and help avoid reputational and regulatory issues.

Connect with First Republic today to learn more about our offerings for venture capital firms.

This article is part of Emerging Manager Operational Road Map: Real-World Insights From the Experts, First Republic’s series for emerging manager VCs.

The views and opinions of the third-party panelists are not necessarily those of First Republic Bank and should not be relied upon as such. The content of this publication is for information purposes only and should not be considered as legal, financial, accounting or tax advice, nor as an investment recommendation or an endorsement of any investment fund. First Republic Bank makes no representations, warranties or other guarantees of any kind as to the accuracy, completeness or timeliness of the information provided in this publication. You should consult with your own professional advisors to fully understand and evaluate the information provided in this publication before making any decision that could affect the legal or financial health of you or your business.

Related Content


The Current State of Emerging Manager Fundraising in 2023 The Current State of Emerging Manager Fundraising in 2023

Private debt (or credit) has increasingly become a key component in private equity dealmaking.  Read more


The State of Gender Compensation in Venture 2022 The State of Gender Compensation in Venture 2022

First Republic Bank is pleased to partner with J.Thelander Consulting, Inc., to provide compensation data and analysis for women in U.S. venture capital (VC) firms. Read more


You're now leaving First Republic.

By clicking Continue, you will be entering a third-party website. First Republic is not responsible for the content, links, privacy policy or security policy of this website.

Complete the information below to download the report.