SEC reminds broker-dealers: Don’t overlook AML testing obligations

The Securities and Exchange Commission’s new risk alert shares key insights from anti-money laundering (AML) compliance exams. Broker-dealers should pay attention to these insights, especially when it comes to independent testing of their AML programs.

For financial institutions, including broker-dealers, banks and other types of financial services firms, having a robust AML compliance program is non-negotiable. Covered institutions are required to develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the entity’s compliance with the Bank Secrecy Act and related Treasury regulations.

As members of the Financial Industry Regulatory Authority (FINRA), broker-dealers are also required to comply with FINRA Rule 3310, which closely mirrors the federal regulations. Both the SEC and FINRA keep a close eye on broker-dealers’ AML compliance programs through regular examinations.

SEC risk alert flags independent testing of AML programs

The SEC’s risk alert from July 31st, titled “Observations from Anti-Money Laundering Compliance Examinations of Broker-Dealers,” shares examination observations about key AML requirements, including independent testing of AML programs, personnel training, and identification and verification of customers and beneficial owners. The risk alert also addressed observed weaknesses in broker-dealers’ compliance with Office of Foreign Assets Controls (OFAC) Regulations, including expectations for compliance, and references the trend of new and increasing sanctions imposed by OFAC against entities and individuals.

In particular, the risk alert shines a spotlight on independent testing of AML programs. In addition to implementing an AML compliance program, broker-dealers are required to provide for independent testing of their programs.

Per FINRA Rule 3310(c), this testing must be conducted by a designated professional with a working knowledge of applicable requirements of the Bank Secrecy Act and its implementing regulations. This person has to be separate from the functions they are testing in order to maintain independence. For example, the independent testing may not be conducted by someone who performs the functions being tested, by the designated AML compliance person, or by someone who reports to a person who performs the function being tested or who reports to the designated AML compliance officer.

And this isn’t a one-and-done deal – while certain broker-dealers may test their AML compliance programs every two years, most broker-dealers need to do this testing every year.

Considerations for annual AML testing

Here are a few considerations for independent AML testing to keep in mind based on the SEC’s exam observations.

1. The test should be conducted by a professional who is independent of the broker-dealers’ AML functions as well as the areas being tested.
2. If using a third-party, the provider conducting the testing should have the appropriate industry expertise and knowledge about applicable anti-money laundering regulations and rules. Moreover, the provider should have a sufficient knowledge base to assess risk factors related to the broker-dealer, such as business lines, customers, products, services, and geographic location.
3. The AML testing should also include a review of whether the broker-dealer’s AML compliance program includes training elements and whether such training addresses applicable new regulatory requirements and is tailored to the firm’s risks, typologies, products and services, and business activities. It should also look at whether all appropriate firm members take the training.
4. Lastly, the firm should document the independent testing, including the scope and results, and it should maintain that written evidence for future reference.

Working with a third party for AML testing

As highlighted by the SEC’s risk alert and as demonstrated by various FINRA and SEC regulatory actions, it is important that broker-dealers have appropriate practices in place to comply with the independent testing requirements. By having an independent third party test its AML compliance program, a broker-dealer can gain valuable feedback regarding whether its program is appropriately tailored to its business, whether it aligns with new regulations and rules, and obtain best practice recommendations when deficiencies and weaknesses are identified.

An independent third party can help identify any gaps, deficiencies and/or weaknesses of the broker-dealer’s procedures, systems, and tools relating to its AML program. For example, the independent test should identify any gaps that may exist in its customer identification program (CIP), customer due diligence/enhanced due diligence (CDD/EDD), or beneficial ownership verification efforts.

Consider these three questions when selecting an AML independent tester:

1. Does the provider have industry-specific experience? Broker-dealers are unique with varying business models. Although brokerage firms have similar BSA/AML requirements to banks, money-service businesses and other types of financial services firms, they may have different regulators responsible for enforcement of their obligations. Confirm the provider has experience working with broker-dealers with similar business models.
2. Does the provider have the needed capabilities and capacity? Small firms or sole practitioners may have more competitive pricing, but they may not be able to provide the same level of expertise, resources or value as a firm with a larger regulatory compliance practice.
3. What is the professionals’ background, qualifications and credentials? While not required, having reputable AML credentials adds another level of expertise to the engagement team. In addition, professionals with former regulatory experience can bring valuable perspectives and insights.

Independent testing of a broker-dealer’s AML program isn’t just a box to check. It’s an investment in compliance – and an area the SEC and other regulators are watching.

Kaufman Rossin’s regulatory compliance team includes former regulators from both the SEC and FINRA. In addition to extensive experience conducting anti-money laundering examinations for broker-dealers, registered investment advisers and other investment firms, our team stays abreast of rule changes and industry best practices.

We have helped numerous broker-dealer clients assess their AML programs while providing insights and best practice recommendations throughout the process. Contact me or another member of our risk advisory services team to learn how we help firms comply with independent testing and other SEC requirements.