A surge in enforcement cases involving broker-dealers highlights the need for better understanding of AML compliance and the Bank Secrecy Act.
Enforcement action against broker-dealers increased by 20 percent in the first half of FY 2017, representing 25 percent of all total enforcement activity by the U.S. Securities and Exchange Commission (SEC).
Given such close scrutiny, broker-dealers can reduce the likelihood of attracting regulatory attention by ensuring their AML compliance programs meet the Bank Secrecy Act’s (BSA) requirements.
BSA AML requirements
The BSA obligates broker-dealers to monitor their customers for “suspicious” activities and report any such activities to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). To do so, broker-dealers must:
- Establish a written AML program — approved by senior management — reasonably designed to comply with BSA requirements.
- File Suspicious Activity Reports (SARs) with FinCEN.
- Comply with other filing, due diligence and record keeping requirements.
Policies, procedures and internal controls
Regulators have been paying attention to whether firms’ policies, procedures and internal controls are “reasonably designed” to address money-laundering risks and are looking for more than cookie cutter, out-of-the-box policies and procedures.
Rather, AML programs must be “risk-based” and tailored to the specific risks identified through an assessment of the types of customers the firm serves, their location and what kinds of services the firm provides.
Customer due diligence
A fundamental element of an effective risk assessment is a strong customer identification program, with enhanced due diligence for “high-risk” customers, including those linked to countries or organizations recognized as high-risk or with accounts held by nominees.
Such due diligence requires an understanding of who qualifies as a customer and obtaining and verifying all identifying information — name, address, date of birth for individuals and identification number — for every customer.
Detecting suspicious activity
Another fundamental broker-dealer AML obligation is detecting suspicious activity.
Regulators expect the level and sophistication of firms’ automated AML surveillance systems to be proportionate with the volume and nature of the firm’s account activities.
Firms also must routinely test these systems and implement measures to verify the accuracy of data sources.
Enforcement efforts often discover firms fail to ensure the proper functioning of such systems — e.g., capturing complete or accurate data — leading to unclear data or failing to detect suspicious activity.
Watch video — Nigel Morris- Cotterill —Counter Money Laundering Strategist
SAR filing requirements
Once identified, staff must properly follow up on and escalate red flags as necessary and, most importantly, determine when filing a SAR is necessary.
A SAR is required if a transaction is conducted or attempted through a broker-dealer, involves at least US $5,000 and the broker-dealer knows, suspects or has reason to suspect the transaction.
- Involves funds derived from illegal activity or is intended/conducted to hide/disguise funds or assets derived from illegal activity in an attempt to violate any federal law or regulation;
- Is designed to evade any BSA requirement;
- Has no apparent business or lawful purpose or is not the sort of activity normally expected by a particular customer; or
- Involves the use of the broker-dealer to facilitate criminal activity.
Regulators have highlighted that the obligation to file a SAR does not require absolute knowledge a transaction is facilitating bad activity, only that one knows of, or has reason to suspect such activity.
Consequently, filing detailed SARs any time one notices potentially suspicious activity goes a long way toward avoiding regulatory scrutiny.
Adequate AML resources and employee training
Properly identifying red flags and knowing when to report them requires that compliance functions have adequate staff and resources.
Regulators are looking at the experience of a firm’s risk management personnel — particularly AML compliance officers — and fining firms with untrained and/or inexperienced supervisors, understaffed compliance departments and/or inadequate compliance resources.
Thus, all relevant employees should receive annual training to raise awareness and highlight their AML responsibilities.
Basic BSA/AML training, however, often does not impart specific roles and responsibilities; consequently, firms should determine which employees require additional, more specific training.
Independent annual review
Finally, FINRA Rule 3310(c) requires firms to undertake meaningful and independent annual reviews of AML programs to confirm compliance with the firm’s procedures and evaluate the program’s effectiveness.
Regulators also expect to see documentation verifying such independent testing.
In 2016, FINRA reported 32 AML cases resulting in $45.9 million in fines, accounting for nearly a third of FINRA fines levied last year, many of which involved violations due to lapses by compliance personnel.