AML/BSA Programs

The Bank Secrecy Act requires broker-dealers to establish and maintain a written anti-money laundering compliance program reasonably designed to achieve and monitor compliance with the BSA and FinCEN's implementing regulations. For FINRA member firms, FINRA Rule 3310 translates this obligation into four required pillars: a system of internal controls, independent testing, an AML compliance officer with day-to-day operational responsibility, and an ongoing AML training program. The adequacy of each pillar is subject to FINRA examination, and deficiencies in AML programs consistently appear among the most common findings in FINRA examination reports.

Customer Identification Program requirements under 31 CFR §1023.220 require broker-dealers to verify the identity of each customer, maintain records of the identification procedures used, and check customer names against government-provided lists of known or suspected terrorists. FinCEN's Customer Due Diligence rule — implemented in 2018 — added a fifth pillar to the AML program requirements, requiring covered financial institutions to identify and verify the beneficial owners of legal entity customers. For broker-dealers that onboard entity accounts, CDD compliance is a material obligation that requires documented procedures and staff training.

Suspicious Activity Report obligations require broker-dealers to file SARs with FinCEN when they know, suspect, or have reason to suspect that a transaction involves funds derived from illegal activity, is designed to evade BSA requirements, or lacks a lawful purpose. The SAR filing obligation extends to attempted transactions — not just completed ones. Maintaining a defensible SAR process requires documented escalation procedures, a decision-making framework, and records of both filed and not-filed determinations.

OFAC sanctions compliance is technically distinct from AML/BSA compliance but operationally integrated with it. Broker-dealers are prohibited from engaging in transactions with individuals and entities on OFAC's Specially Designated Nationals list and must maintain screening procedures calibrated to the firm's business model and customer base. Independent testing of AML programs — required under FINRA Rule 3310(c) — must encompass OFAC screening adequacy as part of its scope.