FINRA recently issued its first Report of Examination Findings to assist firms in strengthening their compliance with securities laws and regulations. One of the focuses of the report was anti-money laundering (“AML”) program deficiencies. FINRA’s observations as to frequently occurring AML program deficiencies are summarized below.
Policy and Procedure Deficiencies
Firms failed to establish or update risk-based policies to detect and report suspicious transactions. This occurred when firms’ policies and procedures did not keep up with growth and evolution of the firms’ business. For example, in certain instances a firm’s business growth far outpaced its AML program, a portion of the firm offered high risk products or the firm’s business evolved over time, but AML policies and procedures were not updated to address the current risks. An important takeaway here is for firms to periodically assess whether their AML programs are keeping pace with changes in their business.
AML Monitoring Deficiencies:
There were deficiencies relating to monitoring processes in connection with firms delegating AML functions to non-AML staff. Non-AML staff failed to appropriately escalate activity to AML staff because they did not have a common understanding regarding what activity merited escalation. Those deficiencies typically resulted from firms failing to: (1) clearly define the delegated activities; (2) articulate delegations and related surveillance responsibilities in WSPs; and (3) adequately train non-AML staff on AML surveillance policies and procedures. Firms should be especially attentive to these issues in the context of trade surveillance personnel having responsibilities to escalate certain types of issues to AML.
In addition, FINRA found gaps in data in monitoring system feeds which resulted in weaker monitoring of high risk transactions. FINRA identified as an example the use of “suspense accounts” for foreign currency movement and conversion and other operations accounts which sometimes obscured the source of funds from surveillance. Firms also made proactive decisions to remove certain customer accounts from monitoring but failed to appropriately document the reason for the change or the risk-based rationale for the decision.
Some firms did not allocate adequate resources to AML monitoring. This occurred when firms experienced significant growth but failed to grow their AML programs proportionately. Failure to allocate sufficient resources can lead to deficient monitoring or inadequate investigations of suspicious activity.
Annual Independent Testing of the AML Program
FINRA also identified deficiencies relating to the annual independent testing requirement related to firms failing to ensure a review of the AML programs implementation as required under FINRA Rule 3310(c). In some instances, the tests were performed by a party without sufficient independence and in other cases, they were not performed annually.