How broker-dealers can tailor compliance programs to meet anti-money laundering (AML) regulations

Broker-dealers are subject to rigorous anti-money laundering (AML) regulations and combating the financing of terrorism (CFT) requirements as they pose a significant money laundering risk due to their dealings with customers involving large amounts of money and a variety of financial instruments

Broker-dealers must ensure that they have developed and implemented policies and procedures reasonably designed to meet their regulatory obligations in developing an efficient AML/CFT program to cope with the dangers of money laundering and to avoid sanctions, penalties and reputational harm.

AML legislation for broker-dealers in the United States is based on two primary legislations: the Bank Secrecy Act (BSA) and the USA Patriot Act.

Broker-dealer AML regulations

The Bank Secrecy Act (BSA): BSA, also known as the Currency and Foreign Transactions Reporting Act, is a U.S. legislation created in 1970 to prevent financial institutions from being used as tools by criminals to hide or launder their ill-gotten gains.

The law requires banks and other financial institutions to provide documentation, such as currency transaction reports, to regulators. Regulation requirements for broker-dealers, found in Part 1023 of the Act, requires firms to implement and maintain a written anti-money laundering program approved by senior management.  A broker-dealer’s anti-money laundering program must include, at a minimum:

(1) The establishment and implementation of policies, procedures  and internal controls reasonably designed to achieve compliance with the applicable provisions of the Bank Secrecy Act and the implementing regulations thereunder.

(2) Independent testing for compliance to be conducted by the broker-dealer‘s personnel or by a qualified outside party.

(3) Designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls of the program.

(4) Ongoing training for appropriate persons.

(5) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:

(i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile.

(ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph, customer information shall include information regarding the beneficial owners of legal entity customers.

USA Patriot Act: The Patriot Act, or USA PATRIOT Act, was passed shortly after the terrorist attacks in the United States which occurred on Sept. 11, 2001, and gave law enforcement agencies broader powers to investigate, indict and bring terrorists to justice. It also led to increased penalties for committing and supporting terrorist crimes.

Broker-dealers are required by the Patriot Act to establish and implement a documented, risk-based anti-money laundering program which includes policies, procedures and measures which may be reasonably expected to provide BSA compliance.

  • UNDER THE PATRIOT ACT, broker-dealer AML obligations should facilitate customer identification and due diligence processes.
  • Transaction monitoring and reporting of suspicious activity.
  • Sharing of information in response to a request from federal law enforcement agencies.
  • Adherence to any requirements introduced by the Treasury.

Broker-Dealer anti-money laundering compliance programs

Risk Assessment: FinCEN recognizes each broker-dealer may have different risk profiles and does not expect a one size fits all compliance program. In fact, they will expect each firm to customize their program based on their own risk assessment.

Therefore, the risk assessment is the most important initial step in developing a compliance program. Broker-dealers should carefully identify the risks inherent in their business, looking at products and services, customers and geographic locations.

Customer Identification Program: Under Section 326 of the Patriot Act, broker-dealers must implement policies and procedures reasonably designed to:

1) Verify the identity of any person seeking to open a new account.

2) Maintain records used to verify the person’s identity including the customer’s name, address, date of birth and other personal details, such as a social security number or equivalents.

3) Determine if the person appears on any list of known or suspected terrorists or terrorist organizations.

In May 2018, FinCEN issued the Customer Due Diligence rule (CDD), which requires financial institutions to identify and verify the identity of the natural persons (known as beneficial owners) of legal entity customers who own, control and profit from companies when those companies open accounts. Under the rule, a beneficial owner is defined as any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity.

Transaction monitoring and reporting: Broker-dealers must develop a transaction monitoring procedure as part of their anti-money laundering program, according to Section 356 of the Patriot Act. Broker-dealers are required to submit a suspicious activity report (SAR) with the Treasury if a transaction involves $5000 or more in money or aggregates money, and there are grounds to think the customer:

  • Is seeking to conceal illicit cash.
  • Is seeking to circumvent Bank Secrecy Act (BSA) regulations.
  • Is doing their transaction for no apparent commercial or legal cause.
  • It aims to criminalize the use of broker-dealer services.

Broker-dealers must report suspicious behavior using form SAR-SF (also known as FINCEN FORM 101), a specific format for the securities and futures business.

Sanctions screening and monitoring: Broker-dealers must screen customers against sanctions issued by the Office of Foreign Assets Control (OFAC) in addition to BSA AML standards. In reality, this entails cross-checking individual customers against Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals and Blocked Persons (SDN) list and the agency’s wider, country-based sanctions list. When a broker-dealer discovers an applicable penalty on the SDN list or a country-specific list, it is required to ban the transactions proposed by the relevant customers and their accounts and any other property or interests implicated.

Internal controls: Firms should conduct periodic review to evaluate the policies and processes with respect to their ability to achieve AML compliance. This review should cover both personnel and structural elements of the broker-dealers AML Program.

Personnel responsibilities should be clear, and procedures should adhere to secure standards like dual controls and segregation of duties. Mandated reporting is at the heart of AML regulations, so having systems in place generate these reports along with record keeping and retention is critical.

Independent testing:  FINRA Rule 3310 requires broker-dealers to provide for independent testing for compliance of their AML Program. This testing is to be conducted annually (on a calendar year basis) with only a few exceptions.  Broker-dealers who do not execute transactions for customers or otherwise hold customer accounts or act as an introducing broker with respect to customer accounts (e.g., engages solely in proprietary trading or conducts business only with other broker-dealers), may conduct the testing every two years.

AML compliance officer:  When designated an AML chief compliance officer (CCO), broker-dealers should take into consideration their knowledge of the AML rules and related regulations.  The AML CCO should also have the appropriate authority, independence, access to resources and competence to effectively execute all duties.

AML compliance training: In developing an AML training program, broker-dealers must consider the target audience in customizing the training.  The anti-money laundering responsibility of the organization should be communicated to every employee, while those whose jobs place them in a specific risk category should be aware of how mandated reporting and responsibilities apply. Firms should periodically review their training programs and should consider if additional training is required as may be the case when people change roles within the firm.

Of course, the CCO should be fully trained and given frequent opportunities for refreshers. Senior management should receive enough training to model a culture of compliance and understand the importance of the internal reviews, audits and compliance reports they receive.

Red flags and SARs

On Mar. 29, 2021, the Division of Examinations (“EXAMS”) of the U.S. Securities and Exchange Commission (“SEC”) issued a Risk Alert on “Compliance Issues Related to Suspicious Activity Monitoring and Reporting at Broker-Dealers.”

The failures noted in the Risk Alert depict an industry focused on earning commissions and neglectful of its AML obligations. Some of the noted issues are as follows:

  • Inadequate policies and procedures to detect suspicious activities, including failure to detail “red flags” that would aid in identifying potentially violative activities.
  • Failure to have automated systems to monitor and report suspicious activities involving large volume trading.
  • Failure to have automated monitoring of trading in stocks priced between $1 and $5 per share, even though they have long been regarded as “penny stocks” subject to fraudulent sales activity.
  • Using trading amounts higher than the $5,000 threshold for filing SARs.
  • Allowing clearing firms and/or introducing firms, rather than the broker/dealer itself, to identify and report suspicious activities.
  • Failure to document why no SAR was filed when activity seemed to call for one.
  • Failure to have procedures to identify red flag activities, such as deposits and immediate liquidation of low-priced securities.
  • Allowing trading in “penny stocks” when the firm’s policies and procedures prohibited it.
  • Inadequately filling out SARs (often using “generic boilerplate”) obscuring the facts about the activity that triggered filing the SAR in the first place.
  • Not reporting customers trading large volumes of multiple issuers, or trading with sudden price spikes and/or the majority of a daily trading volume in low-priced securities.
  • Allowing trading in the stock of shell companies or of issuers subject to trading suspensions.
  • Accepting customers with criminal or regulatory histories.


Given the continued focus on AML by regulators, broker/dealers should give careful attention to the implementation and review of their AML compliance program.

Author: Tom Coonan