With a volatile global economic and sanctions environment piling further pressure on compliance teams, this article explores risks, regulatory guidance, and customer due diligence (CDD) best practices for broker-dealers.

Broker-Dealer Regulation: Compliance Enforcement Trends

Enforcement actions against broker-dealer firms have been trending as regulators worldwide refine their requirements and emphasize the importance of enforcement. In December 2022 alone, Financial Industry Regulatory Authority (FINRA) penalties against firms amounted to over $7 million. $4.5 million of this total is attributable to several large financial institutions for compliance deficiencies spanning more than five years. 

These enforcement actions addressed a variety of infractions, but firms regularly face fines for inadequate CDD practices. With these regulatory trends in mind, broker-dealers should take a close look at their current CDD processes and optimize them according to up-to-date risk assessments.

Broker-Dealer Best Practices: Customer Due Diligence 

The first step in creating a risk-based CDD framework should be to establish a quantitative customer risk ranking system. Every customer risk assessment should cover categories tailored to the broker-dealer’s unique risk appetite. Firms should be sure their system considers financial information, source of wealth, occupation, banking information, and the length of the relationship, as well as: 

• The type of account – Account type categories should consider the possibility of higher risk in accounts with more opaque ownership and control structures. For example, all else being equal, individual and joint accounts are generally assigned a lower risk score than a legal entity account in an offshore location – or an entity registered in one country but located in another. 
• Geographical factors – This includes legal residence, current residence, and whether the country of citizenship is in a prohibited, high-risk, medium-risk, or low-risk location. Although geographical factors do indicate the level of risk, they may also affect other risk factors. For example, a high-risk geographic location may increase risks related to banking .
• Publicly available information – This includes public beneficial ownership registers alongside negative news/adverse media.

Firms will likely include other factors based on their situation and jurisdiction. 

Risk scores help teams identify customers needing enhanced due diligence (EDD). For example, a customer’s occupation might designate them as a politically exposed person (PEP). These individuals may present a higher risk of receiving the proceeds of corruption or other illegal activity. But the level of risk associated with PEPs varies, so teams should base their decision on all risk factors taken together in context. EDD can, in turn, be used to inform a more nuanced and dynamic customer due diligence framework and an improved ability to detect suspicious activity.

Regulatory Guidance on CDD

CDD guidance varies jurisdictionally but still overlaps significantly. Both FinCEN and FINRA align their requirements with Financial Action Task Force (FATF) guidance. All three emphasize establishing the nature and purpose of customer relationships – and ultimate beneficial ownership for legal entities. They also emphasize ongoing monitoring as an integral part of robust due diligence. FinCEN’s CDD rule defines a “beneficial owner” as either of the following: 

• Each individual who directly or indirectly owns 25% or more of the equity interests of a legal entity customer. 
• A single individual with significant responsibility to control, manage or direct a legal entity customer, including an executive officer or senior manager or any other individual who regularly performs similar functions.

And the FATF further clarifies: “Only a natural person can be an ultimate beneficial owner, and more than one natural person can be the ultimate beneficial owner of a given legal person or arrangement.” This means that when tracing ultimate beneficial ownership, firms cannot stop when they find company stakeholders owning 25% or more. Since only individuals count as beneficial owners, a firm’s due diligence would not be complete until they had followed the trail of 25% or greater ownership all the way back to individual stakeholders. Broker-dealers can consult the full report for additional guidance on this and other AML measure recommendations.

Key Takeaways

To mitigate the risk of enforcement action, firms should ensure that their current CDD framework covers recommended best practices, consulting local and international regulators for guidance.

After ensuring their risk assessments are up-to-date, firms should implement procedures that thoroughly assess ultimate beneficial ownership (UBO) and politically exposed persons (PEPs). These procedures should follow established recommendations, such as verifying sources of wealth, adverse media, and geopolitical concerns such as global sanctions. Firms should also ensure they have strong enhanced due diligence (EDD) processes in place. By implementing robust CDD measures at onboarding, firms can maximize their ability to proactively curb financial crime risk. 

The post CDD Best Practices for Broker-Dealers appeared first on ComplyAdvantage.

Firms relying on a department dedicated to other duties to carry out its AML functions can experience inefficiencies that could impact compliance and effective risk management. With this in mind, how can broker-dealers ensure their anti-money laundering compliance framework is built on sound governance practices?

Six Best Practices for Broker-Dealer AML Governance

Based on key Financial Industry Regulatory Authority (FINRA) priorities, here are six areas broker-dealers should focus on to ensure sound AML/CFT governance.

1. Establish a proportionate risk profile

Any sound AML program must be risk-based, which means being built on a solid risk profile. To establish this, broker-dealers need to conduct regular and thorough risk assessments that allow them to determine their risk tolerance and appetite. 

Once a broker-dealer has established a sound risk profile, it can tailor its AML/CFT program to its needs. Still, the U.S. Securities and Exchange Commission (SEC) notes that it’s important to include the following, as relevant:

• A Customer Identification Program (CIP)
• Customer due diligence measures that can identify ultimate beneficial owners (UBOs), as well as conduct due diligence on partner businesses and private banking accounts. This may involve screening for adverse media, politically exposed persons, and sanctioned entities. Adverse media analysis, for example, should be tailored to look for things like recent enforcement actions, suspected wrongdoing, or association with specific typologies such as fraud.
• Ongoing monitoring that allows firms to comply with suspicious activity reporting requirements. This might include intelligent transaction monitoring and ongoing customer due diligence (CDD).

The SEC guide for broker-dealers is an excellent starting point for broker-dealers wishing to establish or revamp a risk-based AML/CFT program.

2. Design BSA-compliant procedures & policies

Passed in 1970 by the United States Congress, the Bank Secrecy Act (BSA) was modified to support the PATRIOT Act after the 2001 September 11 attacks. FINRA highlights that the BSA “applies to all broker-dealers, without exception” and calls on firms to create procedures and policies to ensure BSA compliance. Although exhaustive, broker-dealers’ strategies should include:

• Individual policies covering:
  • Anti-Money Laundering & Countering the Financing of Terrorism (AML/CFT)
  • Sanctions
  • Bribery & Corruption
  • Anti-Tax Evasion
• A controls catalog – This should document all controls and be reviewed for needed changes twice a year. Controls recorded in the catalog should be written with adequacy testing in mind (see item four.)

3. Integrate risk-based customer due diligence procedures

Any robust and BSA-compliant AML program should include appropriate risk-based ongoing customer due diligence (CDD) procedures. Every program should be tailored to a given firm’s risk assessments and appetite, but FINRA emphasizes that it should include: 

Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile

Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information, including information regarding the beneficial owners of legal entity customers.

Source: FINRA

Customer risk assessments should look at elements like the nature of the product taken out by the customer, any linked geographies (checked against firms’ internal country risk models), and specific risk indicators presented by the customer’s status, such as political exposure. 

Broker-dealers should document their customer assessment model and standardize their approach to all customers. And as with their policies, firms should review risk assessment models at least annually for relevancy and effectiveness.

4. Provide regular independent testing

Even the most robustly-conceived AML program can fall short of firms’ risk management goals in practice. Accordingly, broker-dealers must conduct annual, independent tests to validate their AML program. These evaluations should check for BSA compliance and the program’s ability to meet firms’ internal, risk-based criteria. As a rule, firms must schedule independent testing every calendar year per FINRA Rule 3310, with some exceptions.

How can broker-dealers be sure their tests are adequate and reliable? Though the details should be tailored to each firm’s unique profile, thorough tests should evaluate two main areas: 

• Adequacy – Can a clear description be made of what the control does? Does it capture who operates the control, how it operates, when it’s operated, and what the control is designed to do? Does the description make sense in light of risk profiles?
• Effectiveness – The evaluator should take a sample of whatever the control is used for (such as verification of new customers) and check whether the control has worked correctly for each given sample.

These evaluations can be performed either by a dedicated internal audit department or a qualified third party. If resources permit, enlisting a dedicated third-party Business Controls Partner is best, which helps ensure true independence.

5. Designate a FINRA-accountable AML compliance officer

The AML compliance officer is a business-critical role. Per FINRA, firms must nominate a team or person to carry out and supervise daily AML/CFT responsibilities. Once they’ve filled the role, firms must provide FINRA with the relevant contact information. If the compliance officer changes, the firm must update the relevant information within 30 days.

To ensure FINRA requirements are met, broker-dealers should establish written procedures to follow if the person performing that role changes. Somebody senior within the organization should own the process. That person should also commit to re-confirm the name of the chief AML compliance officer each new year.

6. Ensure ongoing training

Finally, FINRA Rule 3310 calls for firms to ensure that AML/CFT personnel receive continuous training. Once again, every broker-dealer must tailor their training program to their unique risk profile and needs. That said, here are a few practices that may increase training program effectiveness:

• Monitor training completion rates – Provide regular, mandatory AML/CFT training to personnel. This should include rule updates such as the CDD rules on beneficial ownership of legal entities. Also, keep risk staff informed of AML regulatory changes.
• Provide a feedback mechanism so staff can advise what they thought of the training.
• ‘Pop quiz’ staff on elements of the training throughout the year – Plan quizzes strategically to provide a clear picture of whether employees are retaining core crucial information. 
• Establish 1:1 or small-group mentoring programs as part of AML/CFT career development – By linking AML/FCT training to personal relationships, career goals, and networking, mentorship can help encourage employee ownership of AML/CFT knowledge and skills. In-person mentorship can also help validate employees’ mastery of key concepts from training.

As part of the change management process, it’s crucial to periodically assess whether recent business changes require a training content refresh.

Key Takeaways

In a fast-moving financial services landscape, it can be tempting to make good governance practices an afterthought. Firms saturated with day-to-day work pressures may hesitate to plan sound governance from the ground up. But with rapidly evolving, vigilant AML regulations and the human cost of financial crime, the investment is worthwhile. Firms can see significantly improved efficiency and reduced risk when they standardize approaches, clarify roles, document processes, and plan regular reviews. And supported by effective risk management technology, well-governed AML programs stand prepared for many more changes ahead.

The post AML Governance Best Practices for Broker-Dealers appeared first on ComplyAdvantage.