Featured Expert Contributor, White Collar Crime and Corporate Compliance
Gregory A. Brower is Chief Global Compliance Officer for Wynn Resorts. He also serves on WLF’s Legal Policy Advisory Board and is a former U.S. Attorney.
The Securities and Exchange Commission’s Division of Examinations (“the Division”) recently published its latest Risk Alert, this time including key observations from recent examinations of broker-dealers’ compliance with anti-money laundering (“AML”) requirements. Although the focus of this Alert was limited to broker-dealers, all financial institutions, including banks and large casinos, are subject to similar AML compliance requirements under the Bank Secrecy Act (“BSA”) and related regulations and rules. Accordingly, any entity subject to the BSA should take note.
The Alert focuses on several observations identified by the Division that indicate that examinees have not been meeting certain of the SEC’s AML compliance expectations. Key takeaways for any entity subject to the BSA include the following:
The BSA requires that an entity’s AML compliance program be subjected to periodic testing of the program’s effectiveness. Best practices provide that such testing be done every 12-24 months utilizing a team that is both sufficiently knowledgeable and appropriately independent from the entity’s AML compliance function.
The Alert includes the Division’s observations that some independent tests that were evaluated appeared ineffective because they did not cover aspects of the entity’s business or because the testing team was not truly independent or did not have a satisfactory level of knowledge of the requirements of the BSA and applicable regulations/rules.
The BSA also requires that an entity have an effective ongoing AML training program. To be effective, a training program should include appropriate and updated content that is effectively delivered to all relevant employees and is documented with adequate record-keeping.
The Alert notes that the Division’s exam staff observed that in some cases, examinees’ training materials were not updated or were insufficiently tailored to the entity’s specific risks, products, and services. In addition, the Alert indicated that exams revealed that some examinees could not demonstrate that all appropriate personnel had received the training due to inadequate record-keeping.
Customer Identification or “Know Your Customer” Programs
A critical aspect of any AML compliance program is the identification of customers to the extent reasonable and practicable. Moreover, an entity must have a reasonable policy for closing a customer account when attempts to verify a customer’s identity are unsuccessful, and for when a Suspicious Activity Report (“SAR”) should be filed to document such circumstances.
The Alert revealed that staff observed broker-dealers whose customer identification programs were not properly designed to identify customers. These deficiencies included a failure to collect minimum required customer identification information, missing, incomplete, or invalid customer information, and failure to use exception reports to communicate failures to obtain required customer information.
Fundamental to any effective AML compliance program is the allocation of adequate resources, including staffing and technology, to the task. Deploying adequate resources to critical AML functions is fundamental to ensuring that internal controls are working as designed, that requiring external reporting is being done in a timely manner, and that appropriate training is being conducted.
The Alert noted that some entities examined did not appear to devote sufficient resources, including staffing, to AML compliance given the volume and risks of their business. Recent enforcement actions have also emphasized this critical issue.
* * * *
Finally, the Alert concludes with a clear message from the Division that broker-dealers should review and strengthen their AML compliance programs to ensure compliance with applicable requirements and to be on the look out for periodic changes to the law, regulations, rules, and best practices. This message is important beyond the broker-dealer context and should be well-received by covered financial institutions generally as BSA compliance enforcement continues to be a priority for the federal government.