Introduction

Welcome to Account Opening and Anti-Money Laundering (AML): the requirements that govern how a broker-dealer onboards a customer, screens that customer against federal crime and sanctions lists, monitors transactions for suspicious activity, and protects the customer's information from privacy and identity-theft threats. This unit is the customer-facing front door of Function 3 on the Series 24 exam.

Exam Weight: Part of 21% (~32 questions across Function 3)

Video Resources

Live 1-on-1 tutoring with Dean Tinney ↗


Live 1-on-1 tutoring with Ken Finnen ↗

What You'll Learn

In this unit, you'll cover:

  • Customer Account Information: The customer-data elements every account must capture, the Trusted Contact Person (TCP) request, the 36-month verification cycle, and the 6-year retention windows for updated and most-recent records
  • Customer Identification Program (CIP): The four mandatory data points (name, date of birth, address, identification number) under the PATRIOT Act customer-identification requirement, the documentary and non-documentary verification methods, the TIN application exception, and the 5-year recordkeeping rule
  • AML Compliance Program: The five pillars (policies and procedures, independent testing, AML Compliance Officer (AMLCO), training, customer due diligence (CDD)) under the Bank Secrecy Act (BSA), with annual testing for customer-facing firms and biennial testing for proprietary-only firms
  • Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs): The $5,000 SAR threshold paired with subjective suspicion, the $10,000 CTR objective threshold, the 30-day SAR filing deadline (60 days maximum to identify a suspect), the 15-day CTR window, structuring penalties, and the strict tipping-off prohibition
  • OFAC, FinCEN, and the SEC's BSA-compliance hook: The Specially Designated Nationals (SDN) list screening, the 10-business-day blocking report, FinCEN's role as BSA administrator, FinCEN law-enforcement information-sharing requests (14-day search window), voluntary FI-to-FI information sharing, and the SEC's parallel enforcement hook through the BSA-compliance recordkeeping rule
  • Account Transfers (ACATS) and Transfer-Interference Prohibition: The Automated Customer Account Transfer Service mechanics (1-business-day validation, 3-business-day delivery), Transfer Initiation Form (TIF) workflow, and the prohibition on interfering with customer transfers when a registered representative changes employment
  • Reg S-P and Reg S-ID: The Gramm-Leach-Bliley initial and annual privacy notices, opt-out rights for nonpublic personal information (NPI), the Safeguards Rule, the 2024 amendments adding a 30-day customer breach notification window, and the four-element identity-theft red-flag program for covered accounts
  • Numbered Accounts and Customer Statements: Numbered-account designation with a signed customer ownership statement, quarterly customer account statements, the DVP/RVP exception, and the SEC customer-account-record and 6-year-after-closure retention pairings

Why This Matters

The Series 24 exam tests three principal-level questions on this material:

  • Whether the firm's account-opening intake captures the right data (customer-account information), verifies identity (CIP), and screens against sanctions (OFAC) before any transaction occurs
  • Whether the firm's AML program meets all five pillars and whether the firm's principals correctly distinguish the $10,000 CTR (objective, cash-only, 15 days) from the $5,000 SAR (subjective suspicion, 30 days)
  • How privacy (Reg S-P), identity theft (Reg S-ID), and confidentiality (the SAR tipping-off rule) interact so that a principal can simultaneously protect the customer's data, screen for fraud, and never disclose to the customer that a SAR was filed

A firm that opens accounts but does not file SARs violates the AML-program requirement; a firm that files SARs but tips off the customer violates BSA confidentiality (a federal crime); a firm that secures customer data but ignores identity-theft red flags violates Reg S-ID. The exam pairs these because regulators do.

Let's start with the foundational customer-information requirement that every account-opening process must satisfy.