FINRA Rule 3310 sets forth minimum standards for the required anti-money laundering (AML) compliance programs to be implemented by broker-dealers. This written AML compliance program must be reasonably designed to achieve and monitor compliance with the requirements of The Currency and Foreign Transactions Reporting Act of 1970 (more commonly known as the “Bank Secrecy Act” or “BSA”) and with the implementing regulations declared thereunder by the U.S. Department of the Treasury.
FINRA Rule 3310: Anti-Money Laundering Compliance Program
In accordance with the BSA, FINRA Rule 3310 also requires member firms to, at a minimum:
- Establish and implement written policies and procedures that can reasonably be expected to detect and cause the reporting of suspicious transactions relevant to a possible violation of law or regulation, pursuant to 31 U.S.C. 5318(g) and the implementing regulations thereunder;
- Establish and implement written policies and procedures and internal controls reasonably designed to achieve compliance with the Bank Secrecy Act and the implementing regulations thereunder;
- Provide for independent testing for compliance with anti-money laundering rules, regulations and requirements at least annually (on a calendar-year basis). Testing must be conducted by member personnel or by a qualified outside party. However, if the firm does not participate in certain activities – executing transactions for customers, otherwise holding customer accounts, or acting as an introducing broker with respect to customer accounts (e.g. doing business only with other broker-dealers or engaging only in proprietary trading) – then the aforementioned “independent testing” is required every two years (on a calendar-year basis) instead;
- Designate and identify an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the anti-money laundering compliance program. The individual or individuals must be designated and identified to FINRA by name, title, mailing address, email address, telephone number, and facsimile (fax) number. The individual or individuals must be an associated person or associated persons of the firm. Each member must review and make any necessary updates to the filed information within 30 days following a change to its AML compliance person(s) and must verify such information within 17 business days after the end of each calendar year.
Are All Broker-Dealers Subject to the BSA?
There are no exceptions from implementing and maintaining an AML compliance program – the Bank Secrecy Act and FINRA Rule 3310 apply to all broker-dealers. However, just as no two broker-dealers are exactly alike, no two AML compliance programs should be exactly alike. Firms should tailor their AML compliance programs to fit their individual business, operations and risks, accounting for factors such as size, location, business activities, types of accounts maintained, types of customers serviced by the firm and types of transactions engaged in by and with customers.
Approved by Senior Management
In addition to meeting the above requirements, a firm’s AML compliance program must also be approved, in writing, by a member of the firm’s senior management. If there are any subsequent material changes to the program, a member of senior management must approve those as well. Additionally, if there is a change in management, the AML program should be re-approved by the new management.
The CDD Rule
The Financial Crimes Enforcement Network (“FinCEN”) recently adopted the “Customer Due Diligence Requirements for Financial Institutions” (the “CDD Rule”) in order to amend existing BSA regulations to clarify and strengthen customer due diligence requirements for certain financial institutions, including broker-dealers.
The CDD Rule amends the AML compliance program requirements for each covered financial institution to explicitly require covered institutions to implement and maintain appropriate risk-based procedures for conducting ongoing customer due diligence, to include:
- Understanding the nature and purpose of the customer relationships; and
- Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
For more on the CDD Rule, please see our previous post on the subject.
In summary, a covered financial institutions’ AML compliance program must include, at a minimum:
- A system of internal controls,
- Independent testing,
- Designation of a compliance officer or individual(s) responsible for day-to-day compliance,
- Training for appropriate personnel; and
- Appropriate risk-based procedures for conducting ongoing customer due diligence.
If you would like to learn more about AML compliance programs, our other blogs on the subject are a great place to start.