Both the SEC and FINRA listed anti-money laundering (“AML”) as an examination priority for 2016. This should not be a surprise to anyone that works for a broker-dealer. Broker-dealers have been subject to ever-increasing scrutiny on this topic since the adoption of the USA PATRIOT Act. Unless you aren’t paying attention, you have certainly seen the headlines and eye-catching fines related to AML activity in microcap securities. But it is time for RIAs to begin paying attention to the regulatory messages around AML, too. If the proposals put forward by FinCEN come to fruition, RIAs may be having to implement a robust AML program in the near future.
Many leaders at broker-dealers have a strong belief, and they are typically right, that there is no money laundering occurring within their firm. Unfortunately, belief alone isn’t enough to satisfy the requirements and expectations of regulators. Solid policies and procedures that are followed and tested based on your overall risk profile and activities are a must.
But what else is required? A little focus on some key sentences in the letter is worth your time, including: “Firms should routinely test systems and verify the accuracy of data sources to ensure that all types of customer accounts and customer activity, particularly high risk accounts and activity, are properly identified in a manner designed to detect and report potentially suspicious activity.”
When was the last time your firm tested its AML system for accuracy all the way back to source data for all types of accounts and customer activity? Can you prove it? This aligns with the regulatory focus on data quality and governance that is in the priorities letter, and with the spirit of Reg SCI. The next sentence in the letter reads:
“In situations where a risk-based decision is made to exclude certain customer transactions from one or more aspects of AML surveillance, the rationale for the decision should be documented and will be checked.”
How well have you a documented the rationale for excluding certain customer transactions from one or more aspects of AML surveillance?
Regulators have given explicit instructions within the exam priorities, and it is in your best interest to make sure your firm listens to what is being said. When you are conducting your AML review, make sure you update those compliance calendars and risk assessments to schedule and document the data governance processes related to AML. Documentation of the rationale for how you set your parameters and decide what activity to exclude from any portion of your surveillance should be clear and available.
Oyster’s employees have been CCOs, Compliance Officers and consultants for RIAs and broker-dealers of all shapes and sizes. We have also developed, implemented, tested and remediated AML programs and served as AML Compliance Officers for financial services companies. We conduct training that is not “check the box,” but specifically targeted to your audience. When you retain the services of one Oyster consultant, you also get the combined knowledge and experience of them all. That is how Oyster creates efficient and effective AML compliance programs. For more information on how Oyster Consulting can assist your firm with the development and maintenance of its AML program, contact us at 804.965.5400 and one of our associates will be happy to help you.