Customer Identification Program (CIP): Definitions and Requirements – Part II

[Continued from Customer Identification Program (CIP): Definitions and Requirements – Part I]

How Does Risk Assessment Affect a Firm’s CIP?

Appropriate verification procedures for a CIP are governed by a risk-based assessment. A CIP must include risk-based procedures for verifying the identity of each customer to a reasonable and practicable extent. These procedures must be based on the broker-dealer’s assessment of the relevant risks, including those presented by the types of accounts maintained by the broker-dealer, the methods of opening accounts, and the types of identification information available. Additionally, this risk-based assessment should take into consideration the broker-dealer’s size, location, and customer base.

Read More…

Customer Identification Program (CIP): Definitions and Requirements – Part I

A broker-dealer must establish, document, and maintain a written Customer Identification Program (CIP) as a part of the broker-dealer’s anti-money laundering (AML) compliance program (31 CFR 1023.220) as required by FINRA Rule 3310. The CIP must be appropriate for the broker-dealer’s size and business, and it must outline the following procedures: Read More…

RegTech: Regulatory Intelligence & Risk Management and Assessment

This blog post is the third and final entry in our series on the five major areas of Regulatory Technology (RegTech) tools as determined by FINRA: surveillance and monitoring, customer identification and anti-money laundering (AML) compliance, regulatory intelligence, reporting and risk management, and investor risk assessment. If you missed our previous entries on how the financial services industry is using RegTech tools to keep up with their regulatory compliance requirements, they can be found at “RegTech: Surveillance and Monitoring” and “RegTech: Customer Identification and AML Compliance”. Our final entry will address the areas of regulatory intelligence, reporting and risk management, and investor risk assessment. Read More…

RegTech: Customer Identification and AML Compliance

Welcome to the second part of our three-part series on Regulatory Technology (RegTech) tools and the securities industry! As we discussed in our previous post, “RegTech: Surveillance and Monitoring,” more and more members of the financial services industry are using RegTech tools to effectively and more efficiently meet their regulatory compliance requirements. FINRA has identified five major areas in which RegTech tools are being applied: surveillance and monitoring, customer identification and anti-money laundering (AML) compliance, regulatory intelligence, reporting and risk management, and investor risk assessment. Today we will be focusing on customer identification and AML compliance RegTech applications.

Read More…

RegTech: Surveillance and Monitoring

In an effort to keep current with regulatory compliance requirements, many financial services firms are turning to regulatory technology (“RegTech”) tools to help them meet their obligations effectively and most efficiently. After discussions with over forty participants in the RegTech space, FINRA has provided a summary of how RegTech tools are being applied in five major areas: surveillance and monitoring, customer identification and anti-money laundering (AML) compliance, regulatory intelligence, reporting and risk management, and investor risk assessment. We will be tackling these areas across three different blogs. Our first area of interest is surveillance and monitoring. Read More…

FINRA Rule 3310: Anti-Money Laundering Compliance Program

FINRA Rule 3310 sets forth minimum standards for the required anti-money laundering (AML) compliance programs to be implemented by broker-dealers. This written AML compliance program must be reasonably designed to achieve and monitor compliance with the requirements of The Currency and Foreign Transactions Reporting Act of 1970 (more commonly known as the “Bank Secrecy Act” or “BSA”) and with the implementing regulations declared thereunder by the U.S. Department of the Treasury. Read More…

FINRA Enhances Disclosure Review Process

As I’m sure you already know from reading our previous blogs on the subject, FINRA Rule 3110(e) (Responsibility of Member to Investigate Applicants for Registration) requires that member firms must “ascertain by investigation the good character, business reputation, qualifications, and experience of an applicant” prior to submitting a Form U4 and requesting to associate and register such an applicant with the firm. However, as recently announced, FINRA has made enhancements to its disclosure review process that will make this verification easier than ever.  Such enhancements will allow member firms to rely upon FINRA’s verification process for purposes of compliance with the requirement to conduct a search of public records relating to bankruptcies, judgments and liens.

Read More…

Cryptocurrency and The Securities Industry

Cryptocurrency (also spelled crypto currency) is everyone’s new favorite hot topic. Even if you’ve done no research into the topic, you’ve probably heard of the most (in)famous cryptocurrency: Bitcoin. But what are cryptocurrencies? And how are they affecting the securities industry?

Read More…

Form U10 and TESS (Test Enrollment Services System)

Since our last post about Form U10, FINRA has implemented the Test Enrollment Services System (TESS). Beginning in June 2017, FINRA began transitioning all non-U4 examination enrollments to TESS and ended the utilization of the Form U10.

Read More…

Cybersecurity Programs Remain a Priority in 2018

Cybersecurity programs remain a significant priority for financial services industry regulators, including the SEC, FINRA, and state securities regulatory agencies. As mentioned in FINRA’s 2018 Annual Regulatory and Examination Priorities Letter, member firms need to have cybersecurity programs in place and such programs must capable of protecting sensitive information, including personally identifiable information of clients, from both internal and external threats. Over the past couple of years, awareness of cybersecurity risk has increased dramatically. However, as awareness increases, so does the sophistication of cybersecurity threats. And even a robust cybersecurity program can be compromised by something as simple as an employee opening an email attachment that contains malware. So, what can a firm do to combat phishing and spearphishing attacks, ransomware attacks, fraudulent third-party wires, etc.?

Read More…