Broker-Dealers are required to have written AML compliance policies and procedures. A lot of firms tend to blow this off as a nuisance rule from FINRA believing that money laundering won’t happen to them. This is a mistake. Though you may perceive that chances of money laundering happening through your firm are remote (and even though your perception may indeed be correct), FINRA doesn’t think so as indicated by a significant ramp-up of AML program enforcement actions over the last three years.
Here are some of the issues we’re seeing in our independent AML testing of broker-dealers:
1) FinCEN Requests Under USA PATRIOT Act, Section Act 314(a).
Failures to adequately document client record searching resulting from 314(a) information requests from FinCEN: Firms generally get these emails from FinCEN twice a month. Upon receipt, firms are required to “immediately” begin
searching their client databases to see if there is a match. Back in 2003, a FinCEN FAQ defined “immediately” as upon receipt
, or, if the firm receives the request during non-business hours or a weekend, it must commence its search the next
business day. It’s only in the case of a positive hit that the firm has a 14 calendar-day response window. Some firms have mistakenly thought that they had 14 days to begin and complete the search of their records.
During our annual independent testing, we’ve found that some firms aren’t keeping good records to document that they’re doing their searches, or that they’re doing them on a timely basis. However, it’s becoming a best practice to use the FinCEN website to self-verify searches. It contains a series of automatic time-stamps to document both the receipt of the request and the searching of the database, including the transmission date from FinCEN, the date and time the list was accessed by the firm, the date and time of the self-verification, as well as the person who conducted the self verification for the firm. When you’re done with the verification process, you simply press the print button at the bottom of the page and you will have a one-page, hard copy record ready for your file. As an alternate, you can print to a PDF file and store your records electronically for later production during routine FINRA examinations or independent testing.
2) FinCEN Voluntary Information Sharing Annual Notice Filings Under USA PATRIOT Act, Section 314(b).
Make sure you maintain documentation of these annual filings. A best practice is to maintain a file with the annual notice acknowledgement email sent from FinCEN each year providing the official “share date.” You can then use that date to ensure timely filing for the next year’s notice.
Also, make sure that what you do with regard to the annual notice filing comports with your written AML policy. If your policy says you file, make sure you do. If your policy is silent, amend it to make it clear whether or not you do file or under what conditions you’ll file.
If you use a clearing firm, double check the AML provisions in your clearing agreement. You will likely find that you are required by that agreement to do annual 314(b) notice filings. We find this all the time when doing independent AML testing, firms think they don’t need to file it, or that they’ll file it if and when they want to share information, only to find a deficiency in their annual test results because their clearing agreement requires an annual filing. (Hint: We haven’t found a clearing agreement yet that didn’t require it.)
On a related matter, if your BD firm has an affiliate, make sure your written AML compliance program has adequate policies about sharing information across affiliates. Note that even for sharing information among affiliates, a 314(b) filing is a necessary prerequisite. The best practice here is to file annually (and keep a record).
3) Independent Testing Qualification Change under new FINRA Rule 3310.
Make sure your written AML compliance program and practices are up-to-date. We’re still seeing some out-of-date manuals in this regard. Prior to the rule consolidation process from NASD to FINRA, there was an exception in the older NASD Rule 3011, contained in IM-3011-1, that permitted independent testing by someone who reports to either the AML compliance person or the persons performing the functions being tested if: (a) the firm had no other qualified internal personnel to conduct the test; (b) the firm had written policies and procedures to address conflicts of interest that arise out of allowing the test to be performed by a subordinate who reports to the person(s) he or she is testing; (c) to the extent possible, the tester reports the test results to someone who is senior to the AML compliance officer or senior to persons who are performing the functions being tested; and (d) the firm documents its rationale, which must be reasonable, for determining that there is no other alternative than to follow this methodology, including, where applicable, situations where the firm was so small that it couldn’t even do that, which is usually the case where the tester, may also be the CEO, the CCO, and the AML CCO.
Most of these exceptions were eliminated in the rule consolidation process when FinCEN, which administers the Bank Secrecy Act (BSA), objected that they were inconsistent with the independent audit provision of the BSA and FinCEN’s interpretive guidance on the BSA’s independent audit requirement. Consequently, FINRA eliminated it over the objections (and unpleasant surprise) of many small firms.
All that remain of the former exceptions really inure only to the benefit of larger firms where testing can still be conducted by a firm employee or an affiliate employee, provided that he or she: a) has a working knowledge of the BSA; b) does not perform any of the functions being tested; and c) who is not the AML compliance officer, or someone who reports to any of these persons. In most small firms, this is impossible because nearly everyone from sales, sales management, compliance, operations, to accounting perform one or more of the AML functions that require testing (or supervises someone who performs them). Practically all small firms are now forced to hire outside, independent help to do the AML testing.
For a copy of the FinCEN FAQs, click here
. For the notice and other information about the 2009 FINRA independence qualifications change, click here
. If you have additional questions, or need an independent audit or assistance drafting an AML policy, feel free to give me a call at (616) 752-2526 or email me at firstname.lastname@example.org