The Financial Industry Regulatory Authority (FINRA) issued a regulatory notice on Oct. 8, 2021, encouraging its broker-dealer members to review and prepare to incorporate into their own compliance programs the national priorities for anti-money laundering (AML) and countering the financing of terrorism (CFT) policy (the Priorities) established by the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) in June 2021, as required by the Anti-Money Laundering Act of 2020 (AMLA 2020). As regulations implementing the Priorities are expected later this year, the FINRA notice, in conjunction with recent enforcement actions by FINRA, demonstrate the need for broker-dealers to ensure their compliance programs are robust and align with the newly issued Priorities.
On June 30, 2021, FinCEN issued government-wide priorities for AML and CFT policy, as required by AMLA 2020.1 The AML/CFT Priorities are intended to help broker-dealers and other covered financial institutions satisfy their AML/CFT compliance requirements. The Priorities focus on threats to national security and the U.S. financial system and include the following categories: 1) corruption, 2) cybercrime, including relevant cybersecurity and virtual currency considerations, 3) foreign and domestic terrorist financing, 4) fraud, 5) transnational criminal organization activity, 6) drug trafficking organization activity, 7) human trafficking and human smuggling and 8) proliferation financing.
The same day, FinCEN, in coordination with relevant federal and state regulators, issued a statement to broker-dealers (and other non-bank financial institutions, or NBFI) providing further guidance on application of the Priorities, as implementing regulations relating to the Priorities are not likely to be issued until the end of this year. The statement emphasized that although covered NBFIs are not yet required to make changes to their risk-based AML programs in response to the Priorities, they should begin evaluating how to incorporate the Priorities into their respective AML compliance programs.
In its Oct. 8 notice, FINRA encouraged its member firms to prepare to incorporate and document the Priorities into their AML compliance programs. FINRA Rule 3310 requires every member firm to "develop and implement a written [AML] program reasonably designed to achieve and monitor for compliance with the requirements" of the Bank Secrecy Act (BSA) and the implementing regulations promulgated by the Treasury Department. In its notice, FINRA made clear that, while the Priorities do not effect an immediate change to BSA requirements, its members should begin to assess their own AML compliance programs and, upon the effective date of the final regulations addressing the Priorities, "be in a position to review and incorporate, as appropriate, the AML/CFT Priorities into their risk-based AML programs." Among other things, FINRA noted that broker-dealers "may wish" to update their compliance programs by updating "red flags" incorporated into their AML compliance programs in light of their business activities, size, geographic location and considering "potential technological changes" to their programs, including "changes to the technology that they use to monitor and investigate suspicious activity."
The Oct. 8 notice is just the most recent example of FINRA's focus on AML compliance.
Other notices and pronouncements have urged members to assess certain scenarios or red flags in areas now being emphasized in the Priorities.2 For example, in a recent podcast focusing on the connection between cybersecurity and AML, Jason Foye, a director of FINRA's Anti-Money Laundering Investigative Unit, noted that "cyber events are reportable under Suspicious Activity Reports, or SARs" and discussed, in detail, the ways that cyber- and cyber-enabled crime connects to money laundering.3 The inclusion of cybersecurity consideration in the Priorities suggests that FINRA's focus on cybersecurity issues will continue.
Moreover, recent FINRA enforcement actions, which have resulted in significant fines and suspensions for Rule 3310 violations, also indicate that FINRA will embrace the Priorities in overseeing member firms' AML compliance. In the last 12 months, there have been at least 20 FINRA enforcement actions against member firms and/or individuals in which sanctions were imposed for violations of Rule 3310 involving failure to comply with the BSA/AML obligations. Several cases focused, in particular, on the failure to embrace technological solutions needed to identify and adequately monitor red flags and suspicious activity. And notably, in at least 13 instances, FINRA enforcement sanctions have targeted individuals, including firm principals and compliance officers, who faced fines and suspensions.
In light of these recent regulatory announcements and enforcement actions, broker-dealers should expect regulatory examinations by FINRA to continue to focus on AML compliance, which will soon include examination for incorporation of the Priorities into those programs. FINRA's Oct. 8 notice makes clear that broker-dealers must review and assess how AML compliance programs can be tailored to and aligned with the Priorities in anticipation of the final regulations that will likely be published at the end of 2021. More generally, broker-dealers must continue to carefully assess their approach and commitment to the organization's overall compliance function, ensuring that sufficient financial and staffing resources are allocated to compliance, and that compliance professionals are sufficiently empowered to act and communicate throughout the enterprise and up through senior leadership and board oversight.
1. For a more in-depth overview of the Priorities, see the Holland & Knight-authored article, "FinCEN Announces National AML/CFT Policy Priorities and also Proposes Rulemaking to Establish 'No-Action Letter' Process," The Banking Law Journal, October 2021