SEC Risk Alert: Observations from Anti-Money Laundering Compliance Examinations of Broker-Dealers

On July 31, 2023, the SEC’s Division of Examination released a Risk Alert regarding critical observations from the anti-money laundering (AML) compliance examinations of broker-dealers, emphasizing the importance of AML programs, independent testing, customer identification and due diligence to maintain the integrity of financial markets.

In this blog, we will break down some of the key statements within the Risk Alert, to provide you with the critical insight you need to ensure ongoing compliance.

Key takeaways from the SEC’s Anti-Money Laundering Risk Alert

In 2021, the SEC’s Division of Examinations published a Risk Alert discussing compliance issues in the suspicious activity monitoring and reporting components of broker-dealers’ AML programs. This most recent Risk Alert presents examination observations about other key AML requirements.

AML Pogram Requirements

Broker-dealers are required to implement and maintain a written AML program, approved in writing by senior management, that includes, at a minimum:

1.  an annual independent test of the firm’s AML program
2. policies, procedures, and internal controls reasonably designed to achieve compliance with the Bank Secrecy Act (BSA)
3. policies and procedures that can be reasonably expected to detect and cause the reporting of transactions under 31 U.S.C. § 5318(g)
4. the designation of an AML compliance officer responsible for implementing and monitoring the operations and internal controls of the program
5. ongoing employee AML training
6. appropriate risk-based procedures for conducting ongoing Customer Due Diligence

However, during examinations, it was found that:

1. Broker-dealers that did not conduct testing in a timely manner or could not demonstrate that they conducted testing.
2. Some independent tests appeared ineffective because they did not cover aspects of the firm’s business or AML program or the personnel conducting the testing were not independent or did not have the appropriate level of knowledge of the requirements of the BSA.
3. Broker-dealers did not timely address, or have procedures for addressing, issues identified by independent testing

Customer Identification Program Rule Requirements

The Customer Identification Program (CIP) Rule requires a broker-dealer to establish, document, and maintain a written CIP appropriate for its size and business that includes, at a minimum, procedures for certain requirements including:

1. Obtaining the minimum specified customer identifying information
2. Verifying the identity of each customer, to the extent reasonable and practicable, within a reasonable time before or after account opening
3. Making and maintaining a record of information obtained under the firm’s procedures

However, during examinations, the following failures were uncovered:

1. Failure to follow procedures of their own CIP or keep proper documentation
2. Failure to collect customers’ dates of birth, identification numbers, or addresses, or permitted accounts to be opened by individuals providing only a P.O. box address
3. Failure to verify the identity of customers, including instances in which the firms’ files indicated that verification was complete but required information was missing, incomplete, or invalid
4. Failure to use exception reports to alert the firm when a customer’s identity is not adequately verified

Customer Due Diligence Rule Requirements

The Customer Due Diligence (CDD) Rule requires a broker-dealer’s AML program to contain written procedures that are reasonably designed to identify and verify the identity of beneficial owners of legal entity customers. These procedures involve identifying individuals who hold 25% or more equity interest in the entity or an individual with significant control over it. This rule necessitates recordkeeping, including details about identity verification and methods used. Alongside this, FinCEN updated the AML Program Rule to include ongoing customer due diligence involving understanding customer relationships for developing a “customer risk profile.”

However, during examinations, the following failures were uncovered:

1. Failure of broker-dealers to update their AML programs
2. Failure to obtain documentation necessary to verify the identity of beneficial owners of legal entity customers, including by accepting expired government issued identification
3. Failure to follow internal procedures that required obtaining information about certain underlying parties acting through omnibus accounts
4. opening of new accounts for legal entity customers without identifying all the legal entity’s beneficial owners
5. Procedures that permitted an entity to be listed as a beneficial owner without a corresponding requirement to obtain adequate information about beneficial owners of the entity

Risk Alerts such as this, offer the industry guidance for improvement. We recommend CCOs and compliance professionals read the Risk Alert in full to ensure ongoing compliance for their program.

Looking for expert advice on this or other topics? Schedule time to speak with an expert!