On July 31st, the U.S. Securities and Exchange Commission (SEC) Division of Examinations released a Risk Alert. This document points out specific deficiencies they have observed in Broker-Dealer’s Anti-Money Laundering (AML) compliance programs. Broker-Dealers should consider such an alert as a warning shot. If you're a Broker-Dealer, you should pay attention to this alert. The SEC is basically giving a heads-up that they're concerned about some common compliance issues. They're signaling that during their next examination, they'll be expecting firms to show that they've taken this alert seriously and fixed any problems.
The SEC made two general observations about broker-dealers AML Compliance programs: firms have not dedicated sufficient resources to the implementation of an effective AML program and firms failed to apply their AML procedures consistently. They suggest that these overarching failures have contributed to their three specific deficiency observations, discussed below.
So, is your AML compliance program strong enough to satisfy an SEC exam? Let’s explore the specific issues highlighted in the Risk Alert and what you can do to make sure you don’t get caught in the crosshairs of an SEC exam.
Observation 1: AML Program and a Spotlight on Independent Testing and Training
Broker-dealers are required to implement a comprehensive AML policy that includes a description of all of a firm's AML procedures, the designation of an AML compliance officer, regular employee AML training, and independent testing of the AML program’s effectiveness. Those procedures should specifically reference how the procedures are tailored to the firm’s business model and unique risks.
As part of this general observation over procedures, testing and training, the SEC specifically and explicitly highlighted that firms are expected to have a risk based procedure for conducting “ongoing CDD.” What is ongoing CDD? It is effective Customer Due Diligence that includes ongoing monitoring of a customer’s engagement with the firm as well as ongoing monitoring for any changes to a customer’s level of risk. This includes keeping customer data current and accurate by periodically refreshing information (the frequency of the refresh should be determined on the basis of the level of risk the customer poses and the firm’s own risk appetite and documented in the firm’s procedures).
The SEC also included compliance with OFAC regulations as a component of ongoing CDD. This essentially means continuous monitoring of OFAC sanctions lists in order to readily determine if a broker-dealer customer has been added to the sanctions lists and quick decisioning on any matches.
And of course, in order to perform ongoing CDD in a manner that can later be demonstrated—the monitoring, alerting and decisioning should all be documented in a manner consistent with the SEC’s books and records regulations.
Observation 2: Customer Identification Program (CIP) Rule
The CIP Rule requires broker-dealers to establish a procedure for gathering identification information and documentation from its customers and verifying that information. Broker-dealers typically collect, at a minimum, the name, address, date of birth, and a government issued ID document to satisfy the requirements of the CIP Rule. The expectation is that a firm has a reasonable belief that the true identity of each customer is known and confirmed.
The SEC specifically highlighted procedural failures for firms who failed to collect and validate CIP information for investors in private placements, who accepted P.O. boxes instead of a physical address, and who failed to perform adequate verification processes to confirm the customer’s identity.
Observation 3: Customer Due Diligence and Beneficial Ownership Requirements
In addition to the requirements of the CDD Rule described above, an additional element requires broker-dealers to identify and verify the identity of beneficial owners and control persons of legal entity customers. Under the CDD Rule, the definition of a beneficial owner is a person or entity who directly or indirectly owns 25% or more of the equity interests of the legal entity; a control person is one or more natural persons who control, manage or direct the legal entity (for example, the CEO of a company or the Trustee of a trust).
The SEC noted as part of this observation that some firms were collecting information listing beneficial owners of a legal entity customer but then failed to take further steps to obtain and verify identity information about those beneficial owners. The SEC also observed instances where broker-dealers permitted the opening of an account even where information about all beneficial owners and control persons had not yet been collected or verified and other instances where collected identity documentation had expired or some other discrepancy had been identified but not resolved.
What Should Firms Do to Address this Risk Alert?
Broker-dealers should promptly assess their AML Compliance program in specific reference to the SEC’s observations and take clear steps to identify any procedural or documentation failures that the SEC has described.
In particular you should be asking, does your firm have a strong, secure, consistent, documented process for collecting and verifying customer identity information? Do your procedures include a robust and effective methodology for performing effective KYC and KYB? Do you have gaps in that documentation—especially around gathering and verifying beneficial owner identity data as part of your KYB protocol? For beneficial owners who are themselves legal entities, have you collected information to identify and verify the ultimate (natural person) beneficial owners? Are you performing constant monitoring to make sure you are aware of newly added names to sanctions lists or other developing risk factors such as a regulatory investigation or a change in beneficial ownership? Do you have a simple case management process where decisions are documented and stored according to regulatory record keeping requirements? If you have concerns that your current procedures are not sufficient under the standards described in the Risk Alert, Parallel Markets is here to help.
Parallel Markets is an automated KYC/KYB and institutional onboarding software solution built for financial institutions of all sizes. We specialize in KYB and make it really easy to collect and map out beneficial ownership information—even for complex ownership structures. Parallel offers an end to end full KYC/KYB/CDD solution that ensures all data required for CIP, CDD and beneficial ownership is collected and verified. All output of those verifications is stored in accordance with regulatory recordkeeping requirements and provides a simple and comprehensible method for documenting risk decisions on every one of your customers. Parallel’s proprietary software performs immediate checks to verify a customer’s identity, detect indicators of fraud and fulfill safety checks such as sanctions review, PEP identification, and adverse media hits Additionally, Parallel conducts periodic refreshes of customer data so your customer information will stay current and compliant and Parallel will let you know when an identification document is about to expire. In other words—you can address all three of the SEC’s observations with Parallel’s solution.
The SEC has made it clear that they expect firms to commit resources and apply a consistent procedure for KYC and KYB. Parallel makes this easy and affordable. Let us help you pass your next regulatory exam with flying colors!
Disclaimer The information contained in this article is provided for informational purposes only and should not be construed as legal advice on any subject matter. You should not act or refrain from acting on the basis of any content included in this article without seeking legal or other professional advice.