On October 8, 2021, the Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 21-36 (the Notice) to member firms. The Notice is in response to Financial Crimes Enforcement Network (FinCEN) issuing the Anti-Money Laundering and Countering the Financing of Terrorism National Priorities (the Priorities) on June 30, 2021, as required by the Anti-money Laundering Act of 2020 (AMLA). The Notice informs member firms of the Priorities and encourages them to assess how they will incorporate them into their risk-based AML compliance programs.
The Notice also highlights FinCEN’s Statement on the Issuance of the Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) National Priorities (the Statement), which provides guidance on the Priorities to nonbank financial institutions, including broker-dealers. AMLA requires FinCEN to promulgate regulations within 180 days of establishing the Priorities. Accordingly, the June 2021 Priorities do not immediately change Bank Secrecy Act requirements or supervisory expectations. Covered financial institutions will, however, need to incorporate the Priorities into their risk-based anti-money laundering (AML) compliance programs in accordance with regulations when they are published.
Background of the Priorities
The Priorities are the first governmentwide priorities for AML and countering the financing of terrorism (CFT), which FinCEN is required to establish under AMLA. The purpose of the Priorities is to assist covered institutions in meeting their AML regulatory obligations designed to combat money laundering and CFT. After consulting with relevant government agencies, including the Office of Foreign Assets Control (OFAC), the US attorney general, federal functional regulators, and certain state financial regulators, FinCEN established the following Priorities, in no particular order:
Cybercrime, including relevant cybersecurity and virtual currency considerations
Foreign and domestic terrorist financing
Fraud (including securities and investment fraud and internet-enabled fraud)
Importantly, FinCEN recognizes that the risks posed by covered financial institutions depend on their business, including customers, products and services, and markets served. FinCEN states that “not every Priority will be relevant to every covered institution… but each covered institution should, upon the effective date of future regulations to be promulgated in connection with these Priorities, review and incorporate, as appropriate, each Priority based on the institution’s broader risk-based AML program.”1 This is particularly important for FINRA member firms, as broker-dealers pose unique risks related to microcap and penny stocks, market manipulation, and Special Purpose Acquisition Companies2, which are closely associated with Priority 4: Fraud. In fact, in the June 2021 Priorities release, FinCEN states under Priority 4:
“…fraud related to the COVID-19 pandemic has been of particular concern…including…pump-and-dump and other market manipulation schemes, and cyber-enabled fraud schemes.”3
Generally, it is a regulatory expectation that financial institutions use information provided by the government, as is the case with FinCEN advisories and OFAC guidance. In this case, however, covered financial institutions’ incorporation of the Priorities into their AML compliance programs will be a measure on which they are examined for compliance.4
What You Can Do Right Now
FINRA’s Notice encourages member firms to start planning how they will incorporate the Priorities. FINRA suggests member firms assess whether they will need to update red flags based on the Priorities and their business, as well as consider whether technology changes may be appropriate. In response to the Notice, broker-dealers should:
Conduct an enterprisewide AML and sanctions risk assessment, if they have not done so already. Enterprisewide AML and sanctions risk assessments have traditionally been standard practice for the banks and money service businesses. It is, however, a regulatory expectation for other covered financial institutions, including broker-dealers, to support and document their risk-based approach, and may even become a regulatory requirement,5 to conduct and periodically update an AML risk assessment. Furthermore, an effective AML and sanctions risk assessment will help broker-dealers identify risks related to the Priorities, and whether it needs to enhance or implement new controls as a result.
Conduct a coverage assessment to ensure their transaction monitoring and trade surveillance provides adequate risk coverage. Transaction monitoring and trade surveillance should be tuned and tailored to the unique risks of the institution. Broker-dealers should assess whether transaction monitoring and trade surveillance cover the risks in the Priorities, and whether they can implement automated or manual controls to fill gaps in coverage.
Assess change management and technology governance processes to ensure they have the protocols in place to update systems, rules, and thresholds. Protocols should include governance structures that designate the parties responsible for approving and implementing system changes, testing, and data validation. Specifically, broker-dealers should assess whether they have the technical capabilities and expertise required to make system updates.
Call to Action
Broker-dealers should start planning now by reviewing the Priorities and using their risk assessment to identify potential areas of exposure. Broker-dealers should also assess whether they have the capability, both technical and in expertise, to update systems properly. After FinCEN’s promulgation of the pending regulations, broker-dealers will be supervised and examined for compliance in incorporating the Priorities into their risk-based AML compliance programs, where appropriate.
Guidehouse can deploy qualified resources to provide AML and sanctions services to broker-dealers, including:
AML and sanctions independent testing and control reviews.
AML and sanctions risk assessments, including methodologies, execution, risk appetite, and risk acceptance procedures.
Transaction monitoring coverage assessment.
AML program enhancements, including incorporating virtual currency solutions if applicable.
AML and sanctions systems implementation.
AML and sanctions model validation.
1 Anti-Money Laundering and Countering the Financing of Terrorism National Priorities, June 30, 2021. 2 FINRA’s 2021 Report on FINRA’s Examination and Risk Monitoring Program, page 7. 3 Anti-Money Laundering and Countering the Financing of Terrorism National Priorities, June 30, 2021. 4 31 USC § 5318(h)(4)(E) (as amended by AML Act § 6101(b)(2)(C)), 31 USC §§ 5321, 5324 and 5330(e) (2012); 12 USC §§ 1829b(j) and 1955 (2012). 5 "Anti-Money Laundering Program Effectiveness," Federal Register 85:181 (September 17, 2020) p. 58026.