Anti-Money Laundering (AML) Testing

By Mary Catherine Wilck-Pond and Mark Norman

Anti money laundering - Abstract geometric interior structure,

Unlock The Power Of Outsourcing Your Anti-Money Laundering (AML) Testing

The financial and reputational cost of an inadequate anti-money laundering (AML) program can be high, and regulators have not been shy about sharing disclosures, fines and suspensions related to poorly run AML programs. Anti-money laundering testing is a key component to a successful program.

FINRA’s 2023 priorities note the following common findings:

  • Failure to conduct initial and ongoing risk-based customer due diligence in order to understand the nature and purpose of customer relationships in order to develop a customer risk profile
  • Failure to establish and implement written AML procedures that can reasonably be expected to detect, and allow for, the reporting of suspicious activity
  • Failure to notify the AML department of events that may require (Suspicious Activity Reporting) SAR reporting, including cybersecurity events, account compromise/takeover and fraudulent wire or ACH activity
  • Failure to timely review and respond to Financial Crimes Enforcement Network (FinCEN) information requests
  • Failure to conduct adequate independent testing, including testing critical aspects of the program where firms have taken on new products, services or customers

Regularly reviewing and updating your firm’s written AML policies, procedures and controls is vital to reducing the exposure your firm has to these potential penalties. Testing your Customer Identification Program as well as your trade and activity surveillance systems should occur in conjunction with any AML program changes to ensure processes are occurring as defined in policies and procedures.

What’s Required?

The Bank Secrecy Act (“BSA”) requires financial institutions, including all broker-dealers, to develop and implement AML compliance programs, which are also governed by FINRA’s Rule 3310.  Rule 3310 spells out the minimum requirements of an AML program and notes that the program (and subsequent changes) must be approved in writing by a member of senior management.  AML programs should be reviewed annually to ensure they are up to date with any changes to rules and requirements.

One of the minimum requirements of an AML program is that it be independently tested annually.  A firm may test its own program (with qualified personnel independent of the staff that oversees and enforces the program) or outsource the testing to a qualified third party.  An exception to annual testing is for firms who do not hold customer accounts or execute customer transactions or act as an introducing broker for customers.  In these cases, independent testing is required every two years.

The most common areas tested during an annual review include:

  • Results from prior testing and remediation efforts, where applicable
  • Customer Identification Program (“CIP”)
  • Beneficial Ownership of Legal Entity Accounts
  • Office of Foreign Assets Control (“OFAC”)
  • Enhanced Due Diligence (“EDD”)
  • BSA Compliance
  • Financial Crimes Enforcement Network (“FinCEN”) Information Requests and Sharing
  • Suspicious Activity Monitoring and Reporting (“SARs”)
  • AML Training

Consider Outsourcing Your AML Testing

As firms plan for their annual testing, the benefits of outsourcing should be considered. Does your firm have a qualified internal, independent employee with the necessary AML expertise and capacity to devote to an AML review?

While your firm may have the requisite expertise to conduct AML testing, not all firms have the capacity or independence to call upon internal resources who are already engaged in performing day-to-day responsibilities. Outsourcing your AML testing can provide a fresh perspective on AML rules and processes that your firm may not have considered.  An outside perspective can also help identify inefficiencies and potential cost savings.

From self-clearing firms to firms that specialize in private placements, Oyster consultants have experience with clients of all sizes and complexities.  Oyster brings to each of its AML testing engagements not only the required independence, but the experience and expertise broker-dealers need.  

About The Authors
Photo of Mark Norman

Mark Norman

Mark Norman is a securities compliance professional with nearly 20 years of regulatory/compliance experience. He has worked with broker-dealers of all sizes and complexities. During his 20 years in the industry, Mark has held multiple roles within FINRA including cycle examiner, cause examiner, cause intake examiner and coordinator. During his tenure at FINRA he acquired and advanced understanding of firm business models, business lines, customer bases, products and services.

More About Mark

Photo of Mary Catherine Wilk-Pond

Mary Catherine Wilck-Pond

Mary Catherine brings almost 30 years of brokerage operations management experience to her role as a Director at Oyster Consulting. Mary Catherine has worked with many of Oyster’s clients, varying in size from regional to national firms. Her engagement experience has included reviews and recommendations for operational process improvements, managing enhanced due diligence/know your customer Anti-Money Laundering (AML) teams and performing Rule 3120/3130 and independent AML program testing.

More About Mary

Related Content

Night building represents AML/CFT compliance

Blog

Outsourcing AML/CFT Functions: What RIAs Can—and Can’t—Outsource

FinCEN recently enacted AML compliance requirements for most registered investment advisors by designating them as Financial Institutions under the Bank Secrecy Act (BSA). By doing so, FinCEN prescribed minimum standards for anti-money laundering/countering the financing of terrorism (AML/CFT) for those investment advisors. Delegation vs. Responsibility: What the Rule Allows A question that comes up frequently […]

Learn More
Colored pegs stacked represents building an effective compliance calendar

Blog

How to Build an Effective Compliance Calendar

The Foundation: Rules and Risk Assessments In the dynamic world of regulatory compliance for wealth management firms, having a well-structured compliance calendar is not just a best practice—it’s essential. A strong, tailored compliance calendar ensures that your tasks, reviews, and compliance filings are executed on time, minimizing risks and keeping your firm in line with […]

Learn More
Blue trapazoid brige arch represents technology investment

Podcast

Technology Investments That Work: Aligning Strategy, Data, and ROI

Don’t just invest in technology—invest in results. In this episode of the Oyster Stew Podcast, experts Dan Garrett and Jay Donlin break down the critical—but often overlooked—factors that determine whether your technology investments will actually move the needle for your firm. From setting business-driven goals to avoiding the allure of flashy tools with limited value, […]

Learn More
Get In Touch Scroll Up