SEC Division of Examinations Publishes Risk Alert on Anti-Money Laundering Compliance Examinations of Broker-Dealers
[35392]
August 02, 2023
TO: AML Compliance Working GroupBroker/Dealer Advisory Committee
Chief Compliance Officer Committee
Compliance Advisory Committee
Internal Audit Committee
Operations Committee
Transfer Agent Advisory Committee SUBJECTS: Anti-Money Laundering
Compliance RE: SEC Division of Examinations Publishes Risk Alert on Anti-Money Laundering Compliance Examinations of Broker-Dealers
On July 31, the SEC Division of Examinations ("Division") published a risk alert ("Risk Alert") regarding anti-money laundering ("AML") compliance examinations of broker-dealers.[1] The Risk Alert highlights the Division's observations that: some broker-dealers "did not appear to devote sufficient resources, including staffing, to AML compliance given the volume and risks of their business;" and "the effectiveness of policies, procedures and internal controls was reduced when firms did not implement those measures consistently."
The Risk Alert highlights three aspects of AML compliance, reminds broker-dealers of applicable requirements, and provides related staff observations.
- Independent Testing and Training. With respect to independent testing, the Risk Alert states that the staff has observed:
- Broker-dealers that did not conduct testing in a timely manner or could not demonstrate that they conducted such testing;
- Independent tests that appeared ineffective for various reasons; and
- Broker-dealers that did not timely address, or have procedures for addressing, issues identified by independent testing.
With respect to ongoing training, the Risk Alert states that the staff has observed:
- Training materials that were not updated based on changes in the law or tailored to the broker-dealer's risks and activities; and
- Broker-dealers that could not demonstrate that all appropriate personnel attended the ongoing training or did not establish a process for following up with personnel who did not attend.
- Customer Identification Program ("CIP") Rule.[2] The Risk Alert states that the staff has observed "broker-dealers whose CIPs appeared not to be properly designed to enable the firm to form a reasonable belief that it knows the true identity of customers." The Risk Alert then provides examples of the staff's observations regarding CIPs.
- Customer Due Diligence ("CDD")[3] and Beneficial Ownership Requirements. The Risk Alert states that the staff has observed "broker-dealers that had not updated their AML programs and, as appropriate, new account forms and procedures to account for the adoption of the CDD Rule." The Risk Alert also lists additional staff observations regarding compliance with the CDD Rule.
Finally, the Risk Alert discusses compliance with Office of Foreign Assets Control ("OFAC") regulations and notes that the staff has observed certain weaknesses in OFAC compliance programs. These weaknesses include:
"instances in which entities did not adopt or implement reasonable, risk-based internal controls for (1) following-up on potential matches with the sanctions lists and documenting the outcome of such follow-up, (2) performing periodic or event based screening of existing clients or customers based on, among other things, changes in ownership or to the sanctions lists, and (3) conducting OFAC searches in a timely manner (or documenting that such searches were completed)."
The Division concludes by encouraging entities to "review and strengthen the policies, procedures, and internal controls of their AML programs" and to "monitor for amendments . . . to the rules implementing the [Bank Secrecy Act]."
Kelly O'Donnell
Director, Transfer Agency & Operations
Erica Evans
Assistant General Counsel
Notes
[1] Observations from Anti-Money Laundering Compliance Examinations of Broker Dealers, SEC Division of Examinations Risk Alert (July 31, 2023), available at https://www.sec.gov/files/risk-alert-aml-compliance-examinations-bd-073123.pdf. The Risk Alert notes that the Division published a risk alert in 2021 discussing suspicious activity monitoring and reporting components of broker-dealer AML programs and that this Risk Alert provides observations about other key AML requirements. The 2021 risk alert is available here: https://www.sec.gov/files/aml-risk-alert.pdf.
[2] Customer Identification Program Rule, 31 C.F.R. § 1023.220.
[3] Customer Due Diligence Rule, 31 C.F.R. § 1010.230 ("CDD Rule").