Anti-Money Laundering (AML) Source Tool for Broker-Dealers

Date: October 4, 2018

This research guide, or “source tool,” is a compilation of key AML laws, rules, orders, and guidance applicable to broker-dealers. Several statutory and regulatory provisions, and related rules of the securities self-regulatory organizations (SROs), impose AML obligations on broker-dealers. A wealth of related AML guidance materials is also available. To aid research efforts into AML requirements and to assist broker-dealers with AML compliance, this source tool organizes key AML compliance materials and provides related source information.

When using this research “tool” or guide, you should keep the following in mind:

First, securities firms are responsible for complying with all AML requirements to which they are subject. Although this research guide summarizes some of the key AML obligations that are applicable to broker-dealers, it is not comprehensive. You should not rely on the summary information provided, but should refer to the relevant statutes, rules, orders, and interpretations.

Second, AML laws, rules, and orders are subject to change and may change quickly. Statutes that include AML-related provisions may be amended from time to time, and new statutes may be enacted which include AML-related provisions. The information summarized in this guide is current as of October 4, 2018. In addition, please note that in July 2007, the SEC approved the establishment of the Financial Industry Regulatory Authority (FINRA). FINRA consolidated the former NASD and the member regulation, enforcement, and arbitration operations of NYSE Regulation. The Source Tool reflects the historical issuance of AML rules and guidance by the NASD and NYSE as well as new rules and guidance issued by FINRA.

Finally, you will find a list of telephone numbers and useful websites at the end of this guide. If you have questions concerning the meaning, application, or status of a particular law, rule, order, or guidance, you should consult with an attorney experienced in the areas covered by this guide.

This compilation was prepared by staff in the Office of Compliance Inspections and Examinations (OCIE), Securities and Exchange Commission. The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed in this document are those of the staff and do not necessarily represent the views of the Commission, or other Commission staff.

TABLE OF CONTENTS

The following topics are addressed in this guide:

1. The Bank Secrecy Act
2. The USA PATRIOT Act
3. AML Programs
4. Customer Identification Programs
5. Beneficial Ownership and Customer Due Diligence (“CDD”)
6. Correspondent Accounts: Prohibition on Foreign Shell Banks and Due Diligence Programs
7. Due Diligence Programs for Private Banking Accounts
8. Suspicious Activity Monitoring and Reporting
9. Other BSA Reports
10. Records of Funds Transfers
11. Information Sharing With Law Enforcement and Financial Institutions
12. Special Measures Imposed by the Secretary of the Treasury
13. Office of Foreign Asset Control (OFAC) Sanctions Programs and Other Lists
14. Selected Additional AML Resources
15. Useful Contact Information

1. The Bank Secrecy Act

The Bank Secrecy Act (BSA), initially adopted in 1970, establishes the basic framework for AML obligations imposed on financial institutions. Among other things, it authorizes the Secretary of the Treasury (Treasury) to issue regulations requiring financial institutions (including broker-dealers) to keep records and file reports on financial transactions that may be useful in investigating and prosecuting money laundering and other financial crimes. The Financial Crimes Enforcement Network (FinCEN), a bureau within Treasury, has regulatory responsibilities for administering the BSA.

Rule 17a-8 under the Securities Exchange Act of 1934 (Exchange Act) requires broker-dealers to comply with the reporting, recordkeeping, and record retention rules adopted under the BSA.

Source Documents:

• Bank Secrecy Act: The Bank Secrecy Act is codified at 31 U.S.C. §§ 5311 et seq. and is available at:
   
  http://www4.law.cornell.edu/uscode/html/
  uscode31/usc_sup_01_31_08_IV_10_53_20_II.html
• Bank Secrecy Act Rules: The rules adopted by Treasury implementing the BSA are located at 31 C.F.R. Chapter X and are available at:
  http://edocket.access.gpo.gov/2010/pdf/2010-25914.pdf
  31 C.F.R. Chapter X is comprised of a “General Provisions Part” and separate financial-institution-specific parts for those financial institutions subject to FinCEN regulations. The General Provisions Part (Part 1010) contains regulatory requirements that apply to more than one type of financial institution, and in some cases, individuals. The financial-institution-specific parts contain regulatory requirements specific to a particular type of financial institution. The financial-institution-specific part that pertains to broker-dealers is Part 1023 (31 C.F.R. §§ 1023.100 et seq.).
• Exchange Act Rule 17a-8: 17 C.F.R. § 240.17a-8.

2. The USA PATRIOT Act

The USA PATRIOT Act was enacted by Congress in 2001 in response to the September 11, 2001 terrorist attacks. Among other things, the USA PATRIOT Act amended and strengthened the BSA. It imposed a number of AML obligations directly on broker-dealers, including:

• AML compliance programs;
• customer identification programs;
• monitoring, detecting, and filing reports of suspicious activity;
• due diligence on foreign correspondent accounts, including prohibitions on transactions with foreign shell banks;
• due diligence on private banking accounts;
• mandatory information-sharing (in response to requests by federal law enforcement); and
• compliance with “special measures” imposed by the Secretary of the Treasury to address particular AML concerns.

Source Document:

• USA PATRIOT Act: Title 3 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. No. 107-56, 115 Stat. 296 (2001). The full text of the USA PATRIOT Act is available at:
  http://www.sec.gov/about/offices/ocie/aml/patriotact2001.pdf

3. AML Programs

Section 352 of the USA PATRIOT ACT amended the BSA to require financial institutions, including broker-dealers, to establish AML programs. Broker-dealers can satisfy this requirement by implementing and maintaining an AML program that complies with SRO rule requirements.

An AML program must be in writing and include, at a minimum:

• policies, procedures, and internal controls reasonably designed to achieve compliance with the BSA and its implementing rules;
• policies and procedures that can be reasonably expected to detect and cause the reporting of transactions under 31 U.S.C. 5318(g) and the implementing regulations thereunder;
• the designation of an AML compliance officer (AML Officer), including notification to the SROs;
• ongoing AML employee training; and
• an independent test of the firm’s AML program, annually for most firms.
• risk based procedures for conducting ongoing customer due diligence which should include, but not be limited to: 1) understanding the nature and purpose of customer relationships to be able to develop a risk profile and 2) conducting ongoing monitoring to identify and report suspicious transactions as well as maintaining and updating customer information, including beneficial ownership information for legal entity customers.

Source Documents:

• AML Program Rule: 31 C.F.R. § 1023.210 .
• Final Rule Release: 67 Fed. Reg. 21110 (April 29, 2002)
• SEC Order Approving FINRA AML Compliance Program Rule: Exchange Act Release No. 83154 (September 10, 2009). See also 74 Fed. Reg. 47630 (September 16, 2009).
• Joint Guidance Issued by FinCEN, SEC, and other Federal Regulators:

• Guidance on Obtaining and Retaining Beneficial Ownership Information (Mar 2010)

• FINRA AML Compliance Rules and Related Guidance

• FINRA Rule 3310: Anti-Money Laundering Compliance Program
• Supplementary Material 3310.01: Independent Testing Requirements
• Supplementary Material 3310.02: Review of Anti-Money Laundering Compliance Person Information

• Other Related Guidance:

• NTM 02-21: NASD Provides Guidance to Member Firms Concerning Anti-Money Laundering Compliance Programs Required by Federal Law (April 2002).1
• NTM 02-78: NASD Adopts Amendments to Rule 3011 to Require Members to Provide to NASD Contact Information for an Anti-Money Laundering Compliance Person(s) (November 2002).
• NTM 06-07: SEC Approves Amendments to Anti-Money Laundering Compliance Program Rule and Adoption of Interpretative Material (February 2006).
• NTM 17-40: FINRA Provides Guidance to Firms Regarding AntiMoney Laundering Program Requirements Under FINRA Rule 3310 Following Adoption of FinCEN's Final Rule to Enhance Customer Due Diligence Requirements for Financial Institutions Effective Date.
• NTM 18-19: FINRA Amends Rule 3310 to Conform to FinCEN's Final Rule on Customer Due Diligence Requirements for Financial Institutions.
• FINRA Small Firm Template: The template provides model language for AML program compliance and supervisory procedures and is available on the FINRA website at:
  http://www.finra.org/industry/anti-money-laundering-template-small-firms.
• FINRA AML Frequently Asked Questions: The Qs and As are available on the FINRA website at:
  http://www.finra.org/industry/faq-anti-money-laundering-faq

• Historical Source Documents:
  Please note that the NYSE and NASD rules noted below have now been incorporated into a new FINRA Rule 3310 (see above). The information below is provided for historical purposes, and may still contain useful guidance.

• SEC Order Approving Initial NASD and NYSE AML Compliance Program Rules:

• Exchange Act Release No. 45798 (April 22, 2002). See also 67 Fed. Reg. 20854 (April 26, 2002).

• NYSE AML Compliance Program Rules and Related Guidance:

• NYSE Rule 445: Anti-Money Laundering Compliance Program.
• SEC Release Approving NYSE Amendment to Rule 445: Exchange Act Release No. 53176 (January 25, 2006). See also 71 Fed. Reg. 5392 (February 1, 2006). (The rule amendments refine AML compliance program requirements relating to independence, testing, and AML Officer notifications.)
• Other Related NYSE Guidance:

• IM-02-16: Anti-Money Laundering Compliance Requirements (April 12, 2002).
• IM 02-21: Approval of New Rule 445 — Anti-Money Laundering Compliance Program (May 6, 2002).
• IM 03-48: Rule 445 — Initial Anti-Money Laundering Audit (October 23, 2003).
• IM 06-04: Amendments to Rule 445 (February 3, 2006).

4. Customer Identification Programs

Section 326 of the USA PATRIOT Act amended the BSA to require financial institutions, including broker-dealers, to establish written customer identification programs (CIP). Treasury’s implementing rule requires a broker-dealer’s CIP to include, at a minimum, procedures for:

• obtaining customer identifying information from each customer prior to account opening;
• verifying the identity of each customer, to the extent reasonable and practicable, within a reasonable time before or after account opening;
• making and maintaining a record of information obtained relating to identity verification;
• determining within a reasonable time after account opening or earlier whether a customer appears on any list of known or suspected terrorist organizations designated by Treasury;² and
• providing each customer with adequate notice, prior to opening an account, that information is being requested to verify the customer’s identity.

The CIP rule provides that, under certain defined circumstances, broker-dealers may rely on the performance of another financial institution to fulfill some or all of the requirements of the broker-dealer's CIP. For example, in order for a broker-dealer to rely on the other financial institution the reliance must be reasonable. The other financial institution also must be subject to an AML compliance program rule and be regulated by a federal functional regulator. The broker-dealer and other financial institution must enter into a contract and the other financial institution must certify annually to the broker-dealer that it has implemented an AML program. The other financial institution must also certify to the broker-dealer that the financial institution will perform the specified requirements of the broker-dealer's CIP.

Source Documents:

• Customer Identification Program Rule: 31 C.F.R. § 1023.220.
• Final Rule Release: Exchange Act Release No. 47752 (April 29, 2003). See also 68 Fed. Reg. 25113 (May 9, 2003)
• Other Related Documents:

• Proposed Rule: Exchange Act Release No. 46192 (July 12, 2002). See also 67 Fed. Reg. 48306 (July 23, 2002).
• Treasury Department Provides Guidance on Compliance with Section 326 of the USA PATRIOT ACT: PO-3530 (October 11, 2002).³
• Withdrawal of the Notice of Proposed Rulemaking; Anti-Money Laundering Programs for Investment Advisers: 73 Fed. Reg. 65568 (October 30, 2008).

• FinCEN Guidance:

• Guidance: Customer Identification Program Rule No-Action Position Respecting Broker-Dealers Operating Under Fully Disclosed Clearing Agreements According to Certain Functional Allocations (FIN-2008-G002; March 4, 2008)
• Ruling: Bank Secrecy Act Obligations of a U.S. Clearing Broker-Dealer Establishing a Fully Disclosed Clearing Relationship with a Foreign Financial Institution (FIN-2008-R008; June 3, 2008)

• SEC Staff Guidance:

• Staff Q&A Regarding the Broker-Dealer Customer Identification Program Rule (October 1, 2003). (The Q&A provides staff guidance regarding when a broker-dealer maintaining an “omnibus account” for a financial intermediary may treat the financial intermediary as the “customer” for CIP purposes.)
• No-Action Letters to the Securities Industry Association (“SIA”) (February 12, 2004; February 10, 2005; July 11, 2006; January 10, 2008; January 11, 2010; January 11, 2011; January 9, 2015; and December 12, 2016). (The letters provide staff guidance regarding the extent to which a broker-dealer may rely on an investment adviser to conduct the required elements of the CIP rule, prior to such adviser being subject to an AML rule. Among other things, the 2015 letter provides additional details regarding the reasonableness of a broker-dealer’s reliance on an investment adviser and also includes a requirement that the investment adviser promptly report to the broker-dealer potentially suspicious or unusual activity detected as part of the CIP being performed on the broker-dealer’s behalf. )
• Staff Q&A Regarding Broker-Dealer CIP Rule Responsibilities under the Agency Lending Disclosure Initiative (April 26, 2006). (The Q&A provides staff guidance on the application of the CIP rule to the Agency Lending Disclosure Initiative.)
• National Exam Risk Alert — Master/Sub Accounts (September 29, 2011)

• NYSE Guidance:

• IM 02-46: Compliance with Section 326 (“Verification of Identification”) of the USA Patriot Act (October 31, 2002).
• IM 03-32: Customer Identification Programs For Broker-Dealers (July 14, 2003).

• NASD Guidance:

• NTM 02-50: Treasury and SEC Request Comment on Proposed Regulation Regarding Broker/Dealer Anti-Money Laundering Customer Identification Requirements (August 2002).
• NTM 03-34: Treasury and SEC Issue Final Rule Regarding Customer Identification Programs for Broker/Dealers (June 2003).
• NASD Customer Identification Program Notice (2003).
• NASD Comparison of the AML Customer Identification Rule and the SEC’s Books & Records Customer Account Records Rule (2003).

• FINRA Guidance:

• Regulatory Notice 10-18: Master Accounts and Sub-Accounts (April 2010)

5. Beneficial Ownership and Customer Due Diligence (“CDD”)

Covered financial institutions are required to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers and to include such procedures in their anti-money laundering compliance program required under 31 U.S.C. 5318(h) and its implementing regulations.

Legal entity customer means a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account.

Beneficial owner means each of the following:

(1) Each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a legal entity customer; and

(2) A single individual with significant responsibility to control, manage, or direct a legal entity customer, including:

(i) An executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or

(ii) Any other individual who regularly performs similar functions.

(3) If a trust owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner for purposes of paragraph (d)(1) of this section shall mean the trustee. If an entity listed in paragraph (e)(2) of this section owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, no individual need be identified for purposes of paragraph (d)(1) of this section with respect to that entity's interests.

Source Documents:

• Beneficial Ownership Requirements for Legal Entity Customers: 31 C.F.R. §1010.230
• Final Rule Release: 81 Fed. Reg. 29398 (May 11, 2016)
• FinCEN Guidance

• FAQs Regarding Customer Due Diligence Requirements for Financial Institutions (July 19, 2016)
• FAQs Regarding Customer Due Diligence Requirements for financial Institutions (April 3, 2018)

• FINRA Guidance

• NTM 17-40: FINRA Provides Guidance to Firms Regarding Anti-Money Laundering Program Requirements Under FINRA Rule 3310 Following Adoption of FinCEN's Final Rule to Enhance Customer Due Diligence Requirements for Financial Institutions Effective Date.

6. Correspondent Accounts: Prohibition on Foreign Shell Banks and Due Diligence Programs

Overview: Sections 312, 313, and 319 of the USA PATRIOT Act, which amended the BSA, are inter-related provisions involving accounts called “correspondent accounts.” These inter-related provisions include prohibitions on certain types of correspondent accounts (those maintained for foreign “shell” banks) as well as requirements for risk-based due diligence of foreign correspondent accounts more generally.

A “correspondent account” is defined as: “any formal relationship established for a foreign financial institution to provide regular services to effect transactions in securities.”

A “foreign financial institution” includes: (i) a foreign bank (including a foreign branch or office of a U.S. bank); (ii) a foreign branch or office of a securities broker-dealer, futures commission merchant, introducing broker in commodities, or mutu