On October 8, 2021, the Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 21-36 (the Notice) to member firms. The Notice is in response to Financial Crimes Enforcement Network (FinCEN) issuing the Anti-Money Laundering and Countering the Financing of Terrorism National Priorities (the Priorities) on June 30, 2021, as required by the Anti-money Laundering Act of 2020 (AMLA). The Notice informs member firms of the Priorities and encourages them to assess how they will incorporate them into their risk-based AML compliance programs.
The Notice also highlights FinCEN’s Statement on the Issuance of the Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) National Priorities (the Statement), which provides guidance on the Priorities to nonbank financial institutions, including broker-dealers. AMLA requires FinCEN to promulgate regulations within 180 days of establishing the Priorities. Accordingly, the June 2021 Priorities do not immediately change Bank Secrecy Act requirements or supervisory expectations. Covered financial institutions will, however, need to incorporate the Priorities into their risk-based anti-money laundering (AML) compliance programs in accordance with regulations when they are published.
You can read more on the broader implications of the Priorities here.
Importantly, FinCEN recognizes that the risks posed by covered financial institutions depend on their business, including customers, products and services, and markets served. FinCEN states that “not every Priority will be relevant to every covered institution… but each covered institution should, upon the effective date of future regulations to be promulgated in connection with these Priorities, review and incorporate, as appropriate, each Priority based on the institution’s broader risk-based AML program.”1 This is particularly important for FINRA member firms, as broker-dealers pose unique risks related to microcap and penny stocks, market manipulation, and Special Purpose Acquisition Companies2, which are closely associated with Priority 4: Fraud. In fact, in the June 2021 Priorities release, FinCEN states under Priority 4:
“…fraud related to the COVID-19 pandemic has been of particular concern…including…pump-and-dump and other market manipulation schemes, and cyber-enabled fraud schemes.”3
Generally, it is a regulatory expectation that financial institutions use information provided by the government, as is the case with FinCEN advisories and OFAC guidance. In this case, however, covered financial institutions’ incorporation of the Priorities into their AML compliance programs will be a measure on which they are examined for compliance.4
FINRA’s Notice encourages member firms to start planning how they will incorporate the Priorities. FINRA suggests member firms assess whether they will need to update red flags based on the Priorities and their business, as well as consider whether technology changes may be appropriate. In response to the Notice, broker-dealers should:
Conduct an enterprisewide AML and sanctions risk assessment, if they have not done so already. Enterprisewide AML and sanctions risk assessments have traditionally been standard practice for the banks and money service businesses. It is, however, a regulatory expectation for other covered financial institutions, including broker-dealers, to support and document their risk-based approach, and may even become a regulatory requirement,5 to conduct and periodically update an AML risk assessment. Furthermore, an effective AML and sanctions risk assessment will help broker-dealers identify risks related to the Priorities, and whether it needs to enhance or implement new controls as a result.
Conduct a coverage assessment to ensure their transaction monitoring and trade surveillance provides adequate risk coverage. Transaction monitoring and trade surveillance should be tuned and tailored to the unique risks of the institution. Broker-dealers should assess whether transaction monitoring and trade surveillance cover the risks in the Priorities, and whether they can implement automated or manual controls to fill gaps in coverage.
Assess change management and technology governance processes to ensure they have the protocols in place to update systems, rules, and thresholds. Protocols should include governance structures that designate the parties responsible for approving and implementing system changes, testing, and data validation. Specifically, broker-dealers should assess whether they have the technical capabilities and expertise required to make system updates.
Broker-dealers should start planning now by reviewing the Priorities and using their risk assessment to identify potential areas of exposure. Broker-dealers should also assess whether they have the capability, both technical and in expertise, to update systems properly. After FinCEN’s promulgation of the pending regulations, broker-dealers will be supervised and examined for compliance in incorporating the Priorities into their risk-based AML compliance programs, where appropriate.
Guidehouse can deploy qualified resources to provide AML and sanctions services to broker-dealers, including: