Broker-dealer AML audit requirements
All broker-dealers must conduct an independent audit of their anti money laundering program prior to the end of each year. To assist you in avoiding common mistakes and oversights that could become comments in your next AML Testing report, please review the following list of common findings identified during AML testing and recommendations on how to avoid them. When reviewing this list keep in mind that in addition to the regulations, it is your AML program manual that dictates the procedures you should be adhering to in order to stay in compliance.
1. The AML Program Manual is not up-to-date or does not reflect the firm’s actual procedures It is important that a broker-dealer’s AML program not only address the rule requirements but that it is also tailored to the broker-dealer’s (“BD”) business and customers. Many BDs will adopt general procedures that include products and services that they do not offer or describe customers they do not have. For example, firms will include procedures for dealing with Private Banking Accounts when there is no possibility the BD will have such relationships instead of stating that they do not engage with these types of clients and what they would do if someone approached them to open such an account.
Reviews also frequently reveal that the manual:
- reflects old rule numbers;
- identifies a person as the AML Compliance Officer/Supervisor (“AMLCO”), who is no longer in that role;
- includes red flags not related to the BD’s business;
- does not identify specific persons or roles responsible for various aspects of the program;
- does not identify the persons required to receive training on AML; or
- has not been adopted by senior management
2. The current AML Supervisor is not named in the AML Procedures Manual and/or on FINRA’s Contact System (FCS). The AMLCO is the person designated by the BD as being responsible for the AML Program overall. This person should generally be listed as the primary contact relative to AML in the FINRA contact system, unless the program clearly identifies someone else as being the primary contact. As with any other supervisory manuals, the person responsible for oversight must be named within the procedures. In addition, the contacts identified in the FINRA contact system are important because these are the persons that will receive notices from FinCEN and agencies relative to AML issues.
3. The broker-dealer believes that a third party (i.e. clearing firm or custodian) is performing all or some AML related duties on their behalf. While broker-dealers may utilize or rely on third-parties to perform certain aspects of their AML monitoring, the relationship has to be memorialized in a contract and clearly spelled out in the AML program. Broker-dealers often assume that their clearing firm is performing certain functions for them such as FinCEN list reviews or OFAC checks when the clearing agreement says the clearing firm is performing these but that the correspondent firm is responsible for their own review. If a broker-dealer will be utilizing or relying on a third-party, the level of responsibility for the BD and this party needs to be clear both in the procedures and in the agreement between the parties. SEC relief allows BDs to rely on certain federally supervised entities for aspects of their customer identification program (“CIP”) but the entity must have an AML program and certify they have CIP procedures in place annually. Ultimately the BD is responsible for ensuring they know their customers, have assurance that someone else is doing the CIP reviews and that they have documentation in their files.
4. The broker-dealer is not maintaining documentation to evidence 314(a) reviews, or is not completing required reviews within the prescribed deadlines. FinCEN provides a list of suspected “bad actors” to the AML contacts listed in the FINRA contact system on a bi-weekly basis, or more often if needed. This list must be reviewed against the broker-dealer’s current client list as well as the clients they have done business with for at least the past 12 months. The AMLCO or his designee must review these lists and identify any positive matches within 14 days of receipt and retain evidence of his review. The broker-dealer should not retain a printed copy of the list to evidence reviews, as FinCEN has issued procedures prohibiting this since the information is only relevant for 14 days after the list is published and is highly confidential.
However, the FinCEN system, where reviews are conducted, has a facility for broker-dealers to print a self-verification report following their review. This report may be retained in hard copy or electronically. If the broker-dealer is relying on another entity to conduct the reviews, the broker-dealer should ensure it is getting a report from this entity showing the review was done and whether there were any positive matches.
5. The broker-dealer is not conducting OFAC screening on all new clients initially, and all existing clients at least annually. OFAC rules prohibit all US persons, regardless of their industry, from doing business with persons or entities appearing on the OFAC list or who are located within a sanctioned country and imposes significant fines for doing so. Broker-dealers need to ensure that they know that clients do not appear on these lists and that they are checking the lists periodically to ensure that none of their clients have been added to the list. A broker-dealer’s AML procedures should clearly identify procedures for screening clients against the OFAC list and ensure documentation is maintained as required.
6. The broker-dealer is not maintaining evidence of all required documentary and/or non-documentary CIP verification on all clients, gathering all required information (i.e. tax id number) or providing notifications on the broker-dealer’s customer identification requirements. Broker-dealers are required to gather specific information regarding each customer, verify each customer’s identity and to provide each customer with a notification relative to their customer identification requirements. Rules also require broker-dealers to maintain records related to their customer identification and verification efforts for a period of 5 years.
7. The broker-dealer is not providing sufficient AML training to employees. Rules require broker-dealers to provide AML training at least annually to all persons in the firm, registered or not, who are performing tasks where money laundering or other suspicious activities may be detected. Many broker-dealers include AML training in the firm element program; however, they do not include the unregistered sales assistant, operations staff or others that could have access to information to identify potentially illicit activities or do not ensure the training is relevant to their business and the people receiving it.
We hope that this article has helped you understand the requirements for broker-dealer AML programs
Pass your exam guaranteed or your money back with our Greenlight Pass guarantee.
Good luck on your exam!
The Securities Institute of America