By Alma Angotti, Samantha Welch
On February 9, 2022, the Financial Industry Regulatory Authority (FINRA) published its 2022 Report on FINRA’s Examination and Risk Monitoring Program (the 2022 Report). In the 2022 Report, FINRA details exam findings and effective practices for regulated firms and includes call-out boxes detailing specific concerns related to low priced securities and IPOs of China-based issuers. Further, FINRA provided firms with a number of additional resources, including a call-out box detailing Financial Crimes Enforcement Network’s (FinCEN) National Anti-Money Laundering (AML)/Countering Financing of Terrorism (CFT) Priorities that notably for member firms, includes securities and investment fraud.
Although AML is not new to FINRA’s findings and certain topics such as low priced securities remain an area of focus, the 2022 Report emphasizes specific effective practices such as risk assessments, governance over monitoring technology supporting the AML program, and the criticality of escalation of red flags and communication of potentially suspicious activity from other departments in the organization, such as departments that handle cybersecurity and fraud.
The 2022 Report is organized in three sections, summarizing member firms’ regulatory obligations and related considerations, exam findings and effective practices, and additional resources.
The 2022 Report reminds broker dealers of their obligation to develop an AML Compliance Program in compliance with FINRA Rule 3310 that evolves with any changes to the firm’s business model and considers the firm’s AML risks related to its business lines, products, customers, and geographic locations. The firm’s risk-based program should also consider FinCEN’s AML/CFT National Priorities published in June 2021.
Importantly, FINRA highlights the expectation that firms that use automated monitoring assess both the system’s data feeds and scenario parameters.
FINRA also highlights several points related to suspicious-activity reporting, including that the obligation to report may apply to transactions that did not originate with the broker-dealer, and that introducing brokers should consider how they coordinate with their clearing firms related to suspicious-activity reports (SARs). FINRA also highlights the importance of internal coordination, including how the firm manages roles and responsibilities for cyber events, including filing SARs and reviewing impacted accounts. FINRA indicates it has observed potentially suspicious low priced securities activity from foreign financial institutions (FFIs) nesting within omnibus accounts of financial institutions based in lower risk jurisdictions. The broker-dealer’s independent test should include a review of such SAR procedures.
Lastly, FINRA highlights compliance with the identification and verification requirements for customers and beneficial owners pursuant to the customer identification program (CIP) and customer due diligence (CDD) rules.
FINRA exam findings largely align to the section on “related considerations.”
FINRA notes exam findings related to inadequate monitoring and reporting of suspicious transactions including the following:
FINRA specifically calls out concerns related to underwriting and trading of issuers based in China and calls on firms to assess controls related to onboarding, transaction monitoring, and trade surveillance for issues such as spoofing and layering.
In addition to the above, FINRA also found issues with CIP and CDD compliance, as well as due diligence on correspondent accounts for FFIs required pursuant to FINRA Rule 3310(b). Lastly, FINRA highlights concerns with AML independent tests, specifically ensuring that tests are performed within the required timeframe, that all key areas of the AML compliance program are assessed, and that testers have the requisite independence.
FINRA detailed effective practices designed to mitigate identified deficiencies, including:
Guidehouse has a team of AML experts that can help firms meet their obligations and comply with regulatory expectations including: