Risk Alert: Broker-Dealers Must Comply With Their AML And Sanctions Obligations - Money Laundering

On July 31, 2023, the Securities and Exchange Commission's (SEC) Division of Examinations (EXAMS) issued a risk alert summarizing observations from its recent anti-money laundering (AML) and counter-financing of terrorism (CFT) compliance exams of broker-dealers. This is the second risk alert related to AML compliance to be issued by the EXAMS staff in recent years.¹ These alerts reinforce the SEC's stated commitment to prioritizing AML/CFT compliance by broker-dealers. They further highlight the critical function that an effective AML/CFT compliance program serves in protecting the safety of investor assets and the integrity of the financial markets. Broker-dealers should take this opportunity to ensure that their AML/CFT compliance programs align with the best practices and regulatory requirements outlined in this most recent risk alert.

Two Preliminary Observations

The risk alert first highlights two key observations that emerged from recent broker-dealer AML examinations: (1) insufficient resources devoted to compliance functions (such as staffing), which further complicates a firm's ability to meet both its AML and sanctions compliance requirements; and (2) inconsistent implementation of compliance measures, which, in turn, reduces the effectiveness of existing AML policies, procedures, and internal controls. As the risk alert highlights, these issues have a negative impact on the effectiveness of an AML/CFT compliance program and can expose firms to adverse agency action. This risk alert reminds broker-dealers of their obligations to maintain AML/CFT compliance programs that meet regulatory requirements, including compliance with U.S. sanctions that are administered by the Office of Foreign Assets Control (OFAC).

Review of Existing Requirements

The risk alert first provides an overview of existing broker-dealer AML/CFT requirements and then focuses on three areas found commonly deficient.

AML Programs

Broker-dealers are required by law to implement a written AML program that includes a minimum of six elements:

Policies, procedures, and internal controls reasonably designed to achieve compliance with AML laws;
Policies and procedures that can be reasonably expected to detect and trigger the reporting of transactions, as required;
A designated AML compliance officer to implement and monitor the program;
Ongoing employee AML training;
Independent testing of the AML program; and
Appropriate risk-based procedures for conducting ongoing customer due diligence (CDD).

Independent Testing and Training

The risk alert notes deficiencies with independent testing undertaken by some broker-dealers, including the lack of testing, the lack of timely testing, and the absence of testing documentation. Other observations include testing that did not cover all aspects of the broker-dealer's business or AML program and testing for requirements inapplicable to the securities industry. For some broker-dealers, EXAMS observed a lack of a timely process or any process to address issues identified by the independent testing. In addition to the deficiencies identified in independent testing, the alert further notes that AML training materials were not tailored to the activities of a broker-dealer and had not been updated to reflect existing changes in the law, including the CDD Rule.

Customer Identification Program (CIP) Rule

The risk alert reinforces that the CIP Rule requires broker-dealers to collect sufficient information for each customer to enable the broker-dealer to form a reasonable belief that it knows the true identity of each customer. Staff found that broker-dealers were failing to collect sufficient or, in some instances, any identifying information from customers and failing to perform required CIP procedures for investors in a private placement.

CDD and Beneficial Ownership Requirements

Broker-dealers are also required to have written procedures reasonably designed to identify and verify the identity of beneficial owners of legal entity customers. The risk alert notes that broker-dealers had failed to update existing AML programs to reflect the current regulatory CDD requirement adopted in 2016. EXAMS also observed deficiencies in broker-dealers that did have complete CDD measures but failed to follow procedures that required obtaining information about underlying parties acting through omnibus accounts or failed to obtain the necessary information to verify beneficial owners.

OFAC Requirements

AML/CFT exams include a review of broker-dealers' sanctions compliance programs. EXAMS observed weaknesses in OFAC compliance, including entities failing to adopt or implement reasonable, risk-based internal controls for timely conducting OFAC searches, or following up on potential matches with sanctions lists.

The Bigger Picture

This SEC risk alert and recent enforcement actions reinforce the importance the SEC places on AML compliance for broker-dealers. In July, a company settled two related AML enforcement actions with the SEC and the Financial Industry Regulatory Authority. As part of the settlement, the company agreed to pay a $6 million penalty to the SEC and an additional $6 million to FINRA for its failure to file hundreds of SARS. AML examinations are listed priorities in the SEC Examination Priorities Reports for 2019, 2020, and 2021. This risk alert highlights the need for broker-dealers to review the adequacy of their AML risk management systems to ensure compliance with all federal rules and regulations.

Footnote

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.