Anti-Money Laundering (AML) Testing

By Mary Catherine Wilck-Pond and Mark Norman

Anti money laundering - Abstract geometric interior structure,

Unlock The Power Of Outsourcing Your Anti-Money Laundering (AML) Testing

The financial and reputational cost of an inadequate anti-money laundering (AML) program can be high, and regulators have not been shy about sharing disclosures, fines and suspensions related to poorly run AML programs. Anti-money laundering testing is a key component to a successful program.

FINRA’s 2023 priorities note the following common findings:

  • Failure to conduct initial and ongoing risk-based customer due diligence in order to understand the nature and purpose of customer relationships in order to develop a customer risk profile
  • Failure to establish and implement written AML procedures that can reasonably be expected to detect, and allow for, the reporting of suspicious activity
  • Failure to notify the AML department of events that may require (Suspicious Activity Reporting) SAR reporting, including cybersecurity events, account compromise/takeover and fraudulent wire or ACH activity
  • Failure to timely review and respond to Financial Crimes Enforcement Network (FinCEN) information requests
  • Failure to conduct adequate independent testing, including testing critical aspects of the program where firms have taken on new products, services or customers

Regularly reviewing and updating your firm’s written AML policies, procedures and controls is vital to reducing the exposure your firm has to these potential penalties. Testing your Customer Identification Program as well as your trade and activity surveillance systems should occur in conjunction with any AML program changes to ensure processes are occurring as defined in policies and procedures.

What’s Required?

The Bank Secrecy Act (“BSA”) requires financial institutions, including all broker-dealers, to develop and implement AML compliance programs, which are also governed by FINRA’s Rule 3310.  Rule 3310 spells out the minimum requirements of an AML program and notes that the program (and subsequent changes) must be approved in writing by a member of senior management.  AML programs should be reviewed annually to ensure they are up to date with any changes to rules and requirements.

One of the minimum requirements of an AML program is that it be independently tested annually.  A firm may test its own program (with qualified personnel independent of the staff that oversees and enforces the program) or outsource the testing to a qualified third party.  An exception to annual testing is for firms who do not hold customer accounts or execute customer transactions or act as an introducing broker for customers.  In these cases, independent testing is required every two years.

The most common areas tested during an annual review include:

  • Results from prior testing and remediation efforts, where applicable
  • Customer Identification Program (“CIP”)
  • Beneficial Ownership of Legal Entity Accounts
  • Office of Foreign Assets Control (“OFAC”)
  • Enhanced Due Diligence (“EDD”)
  • BSA Compliance
  • Financial Crimes Enforcement Network (“FinCEN”) Information Requests and Sharing
  • Suspicious Activity Monitoring and Reporting (“SARs”)
  • AML Training

Consider Outsourcing Your AML Testing

As firms plan for their annual testing, the benefits of outsourcing should be considered. Does your firm have a qualified internal, independent employee with the necessary AML expertise and capacity to devote to an AML review?

While your firm may have the requisite expertise to conduct AML testing, not all firms have the capacity or independence to call upon internal resources who are already engaged in performing day-to-day responsibilities. Outsourcing your AML testing can provide a fresh perspective on AML rules and processes that your firm may not have considered.  An outside perspective can also help identify inefficiencies and potential cost savings.

From self-clearing firms to firms that specialize in private placements, Oyster consultants have experience with clients of all sizes and complexities.  Oyster brings to each of its AML testing engagements not only the required independence, but the experience and expertise broker-dealers need.  

About The Authors
Photo of Mark Norman

Mark Norman

Mark Norman is a securities compliance professional with nearly 20 years of regulatory/compliance experience. He has worked with broker-dealers of all sizes and complexities. During his 20 years in the industry, Mark has held multiple roles within FINRA including cycle examiner, cause examiner, cause intake examiner and coordinator. During his tenure at FINRA he acquired and advanced understanding of firm business models, business lines, customer bases, products and services.

More About Mark

Photo of Mary Catherine Wilk-Pond

Mary Catherine Wilck-Pond

Mary Catherine brings almost 30 years of brokerage operations management experience to her role as a Director at Oyster Consulting. Mary Catherine has worked with many of Oyster’s clients, varying in size from regional to national firms. Her engagement experience has included reviews and recommendations for operational process improvements, managing enhanced due diligence/know your customer Anti-Money Laundering (AML) teams and performing Rule 3120/3130 and independent AML program testing.

More About Mary

Related Content

star nebula representing AI in wealth management part 2

Podcast

AI in Wealth Management Podcast Series Part 2

AI’s Role in Transforming Wealth Management Artificial intelligence is increasingly integral to the wealth management sector’s shift towards data-driven, personalized, and secure services. However, as firms embrace AI technology, they also face escalating regulatory demands and risk management hurdles. In Part 1 of our Oyster Stew podcast series on AI and Wealth Management, we shared […]

Learn More
Alert birds on wire representing SEC T+1 Alert

Blog

SEC Issues T+1 Risk Alert

T+1 Risk Alert Highlights Examination Focus The U.S. financial market’s move to a T+1 settlement cycle has taken tremendous resources from industry participants including buy-side and sell-side participants, custodians, and clearing agencies. Not to be left out, regulatory authorities have finalized rule changes governing settlement activities to enforce the T+1 settlement cycle. The SEC Division […]

Learn More
AI Podcast announcement set with backdrop of stars in space

Podcast

AI in Wealth Management Podcast Series Part 1

Artificial Intelligence (AI) in Wealth Management As the use of artificial intelligence (AI) becomes more and more prevalent, the wealth management industry is shifting towards more data-driven, personalized and secure services.  However, regulatory concerns and risk management challenges remain as firms increasingly adopt AI technology.   In this week’s Oyster Stew podcast, Oyster experts Casey Dougherty, […]

Learn More
Get In Touch Scroll Up