With the stages of money laundering in mind, let's look at exactly what broker-dealers must do to combat it. FINRA's Anti-Money Laundering compliance rule spells out the AML compliance program requirements.
AML Compliance Program Requirements
FINRA's AML compliance rule requires every member firm to establish and implement a written AML compliance program that includes these components:
| # | Requirement | Details |
|---|---|---|
| 1 | Policies and procedures | Reasonably designed to detect and cause the reporting of suspicious activity |
| 2 | AML Compliance Officer (AMLCO) | A designated individual responsible for implementing and monitoring the program day-to-day |
| 3 | Ongoing employee training | All relevant personnel must be trained on AML procedures |
| 4 | Independent testing (audit) | Annual testing conducted by internal audit or a qualified outside party |
Additional requirements:
- The AML program must be approved by senior management
- The AMLCO must be identified to FINRA, and the firm must promptly notify FINRA of any changes
- The independent testing must occur on a calendar-year basis
- The program must include a Customer Identification Program (CIP) as required by the USA PATRIOT Act's customer-identification-program requirement
Exam Tip: Gotchas
- There are four core components of an AML program: policies/procedures, compliance officer, training, and independent testing. The exam may list these in different order or try to substitute a fake requirement. Remember all four.
- The AML compliance officer does not have to be senior management, but the program must be approved by senior management.
- Independent testing can be done internally (by audit staff) OR externally (by a qualified outside party); both are acceptable. The "independence" in independent testing means the testers must be separate from those who administer the AML program, not necessarily external to the firm. Internal audit staff who have no role in running the AML program satisfy the independence requirement.
Customer Identification Program (CIP)
The Customer Identification Program (CIP) is a required component of every AML program, mandated by the USA PATRIOT Act's customer-identification-program requirement. It ensures broker-dealers know who their customers are.
What CIP Requires
For every new account, the firm must verify the customer's identity using four pieces of information:
| Information | Notes |
|---|---|
| Name | Full legal name |
| Date of birth | For individual customers |
| Address | Residential or business address |
| Identification number | SSN for U.S. persons; passport or other government-issued ID for non-U.S. persons |
Additional CIP Obligations
- Record retention: Maintain records of the information used to verify identity
- Government list screening: Check customer names against government lists of known or suspected terrorists
- Customer notice: Provide adequate notice to customers that the firm is requesting information to verify their identity
- Verification can use documentary methods (driver's license, passport) or non-documentary methods (credit reports, databases)
Exam Tip: Gotchas
- CIP requires four pieces of identifying information: name, date of birth, address, and identification number. The exam may try to add extra items or leave one out. Remember all four.
- CIP applies to ALL new accounts; there is no exception for existing customers opening additional accounts.
How CIP and AML Work Together
The relationship between CIP and the broader AML program:
- CIP is the front door; it verifies who is opening the account
- AML monitoring is ongoing; it watches for suspicious activity after the account is open
- Reporting (Suspicious Activity Reports/SARs, Currency Transaction Reports/CTRs) is the response; when something suspicious is detected, the firm must report it
Think of it this way: CIP is like checking IDs at the airport entrance. Once you are through security, the cameras (ongoing monitoring) keep watching. If the cameras spot something suspicious, security files a report. CIP gets you in the door; AML monitoring keeps watching afterward.
CIP → Account Opening → Ongoing Monitoring → Suspicious Activity Detected → Filing Reports
Exam Tip: Gotchas
- Know the sequence: FINRA's AML compliance rule requires an AML program → the program includes CIP (the USA PATRIOT Act customer-identification-program requirement) → CIP verifies identity at account opening → ongoing monitoring detects suspicious activity → the firm files reports with the Financial Crimes Enforcement Network (FinCEN)