The U.S. Securities and Exchange Commission (SEC) Division of Examinations (EXAMS) issued a risk alert entitled “Observations from Anti-Money Laundering Compliance Examinations of Broker-Dealers” on July 31, 2023.1 The risk alert focuses primarily on key observations identified by EXAMS where broker-dealers have not been meeting anti-money laundering (AML) regulatory expectations. The identified areas of concern relate to customer identification and customer due diligence/beneficial ownership programming, independent testing, and training. Broker-dealers should take note of these observations to align their AML programming as to avoid similar pitfalls that may result in EXAMS findings and potential referrals to the Division of Enforcement.
Customer Identification Program (CIP) Rule
EXAMS has identified that certain broker-dealers’ CIP programming is not properly designed to enable broker-dealers to form a reasonable belief that they know the true identity of their customers.
• Private placement firms should pay particular attention to EXAMS’ view of CIP programming for their business. The risk alert reminds private placement firms that a customer who has a formal relationship to effect securities transactions with the broker-dealer may be a customer for purposes of the CIP Program Rule since the CIP Program Rule defines an account even when the broker-dealer has a limited role.
•The risk alert also reminds broker-dealers that failing to collect required information such as dates of birth, identification numbers (SSN/TIN), or addresses and permitting customers to open accounts using solely post office box does not demonstrate that a reasonable CIP Program is in place. Moreover, the risk alert suggests that broker-dealers should consider having exception reports that identify when a customer’s identity is not verified or when the broker-dealer is lacking information to verify the customer.
• In addition, the risk alert is an important reminder that broker-dealers should follow their own CIP procedures, particularly when using third-party vendors for monitoring missing, inconsistent, or inaccurate information.
Customer Due Diligence (CDD) and Beneficial Ownership Requirements
The risk alert addresses potential gaps that EXAMS has observed in the implementation of beneficial ownership requirements and customer due diligence for legal entity clients. Notably, broker-dealers should look closely at their procedures to ensure that they have updated their AML programs, new account forms, and procedures to account for the CDD Rule and beneficial ownership requirements.
• The risk alert cautions broker-dealers with omnibus accounts to follow their procedures for obtaining information about certain underlying parties acting through omnibus accounts. The risk alert notes that while the CDD Rule does not require the broker-dealer to collect information regarding the underlying transaction parties in an omnibus account of another financial institution opened at the broker-dealer, the broker-dealer may determine that certain financial institutions present higher risk profiles and collect additional information, including potentially beneficial ownership information, to better understand the customer relationship.
• In addition, more broadly, broker-dealers should continue to ensure that their CDD Rule programming identifies all beneficial owners as required by the CDD Rule as well as the appropriate documentation and information necessary to understand the customer relationship.
Independent Testing and Training
The risk alert puts a spotlight on AML programming requirements for both independent testing and training. While this focus is not necessarily new, it is a reminder that EXAMS is looking closely at the effectiveness of broker-dealers’ independent testing and training.
While the risk alert sets forth some obvious failures that EXAMS observed (e.g., untimely testing or lack of documentation to prove testing occurred), the risk alert makes clear that regulatory expectations are that independent testing should include using someone with the “appropriate” level of knowledge of the requirements of the Bank Secrecy Act (BSA). As a result, broker-dealers should look closely at the individuals who perform independent testing to ensure that their expertise and knowledge regarding BSA requirements specifically for broker-dealers is sufficient to meet regulatory expectations.
Observations in the risk alert regarding training remind broker-dealers to ensure they are updating their training based on changes in the law and to tailor the training on the broker-dealer’s business activities, risks, typologies, and products and services. The risk alert informs broker-dealers that generic training not relevant to the broker-dealer is unlikely to align with regulatory expectations. The risk alert also reminds broker-dealers to establish processes to follow up on personnel who do not attend required training.
Conclusion
The risk alert signals to broker-dealers that EXAMS is focused on AML programming and in particular, customer relationships, independent training, and testing. Broker-dealers should look closely at their AML programming and identify whether their program needs enhancement given the EXAMS observations in the risk alert.
1The risk alert is available here: https://www.sec.gov/files/risk-alert-aml-compliance-examinations-bd-073123.pdf.