SEC Alert Highlights Broker-Dealers’ AML and CTF Compliance Deficiencies, Calls for Action

On July 31, 2023, the United States Securities and Exchange Commission (SEC) issued an alert outlining deficiencies observed by the Department of Examinations in broker-dealers’ (BDs) compliance with anti-money laundering (AML) and countering terrorism financing (CTF) requirements. The alert emphasizes several key areas where BDs have failed to meet regulatory expectations and outlines specific deficiencies.

The SEC’s alert highlights the following key observations and areas of concern:

1. Insufficient Resources Devoted to AML Compliance: The alert notes that many BDs did not allocate adequate resources, including staffing, to AML compliance, given the volume and risks associated with their business operations.
2. Ineffective Implementation of Policies and Controls: The effectiveness of AML policies, procedures, and internal controls was compromised when BDs failed to consistently implement these measures.

The alert focuses on three critical aspects of AML compliance where deficiencies were identified:

a. Independent Testing: The SEC found several inadequacies in the independent testing of BDs’ AML programs. Some BDs failed to conduct program testing, while others did not do so consistently or in a timely manner. The testing conducted often did not consider the specific risks associated with the BD’s business operations. Additionally, some BDs did not use independent personnel or individuals with sufficient experience and training for testing. Even when testing identified compliance issues, some BDs did not take appropriate corrective actions.

b. Personnel Training: Many BDs failed to update training materials or tailor them to address specific risks associated with their business lines. They could not consistently demonstrate that all relevant personnel received ongoing training.

c. Customer Identification and Due Diligence: The alert emphasizes the importance of maintaining a customer identification program (CIP) appropriate for the BD’s size and business. BDs are required to obtain customer identifying information, verify customer identities, and maintain records of this information. The procedures of the CIP should enable the BD to reasonably believe it knows the true identity of each customer based on an assessment of relevant risks. The SEC observed numerous instances where BDs failed to meet these obligations, including cases where they did not perform CIP procedures for private placements, collect essential customer identifying information, verify customer identities, or follow their own CIP procedures. BDs also faced issues in identifying and verifying beneficial owners of legal entity customers.

d. OFAC Compliance: The alert noted weaknesses in Office of Foreign Assets Control (OFAC) compliance programs, including failures to adopt or implement reasonable, risk-based internal controls for following up on potential matches with sanctions lists, conducting periodic or event-based screening of existing clients or customers, and conducting OFAC searches in a timely manner.

The alert builds upon the SEC’s previous concerns regarding BDs’ AML programs and the need for tailored AML compliance. It reminds BDs of their obligations and signals the SEC’s continued focus on AML compliance through examinations and enforcement actions. In recent years, the SEC has taken enforcement actions against BDs for deficiencies in AML compliance, particularly related to suspicious activity monitoring and reporting.

The SEC’s alert serves as a warning to BDs to strengthen their AML programs, allocate appropriate resources, conduct independent testing, provide ongoing personnel training, and ensure robust customer identification and due diligence procedures. Failure to address these deficiencies may result in regulatory scrutiny and potential enforcement actions.