Anti-Money Laundering (AML)
Firms must comply with the Bank Secrecy Act and its implementing regulations ("AML rules"). The purpose of the AML rules is to help detect and report suspicious activity including the predicate offenses to money laundering and terrorist financing, such as securities fraud and market manipulation.
FINRA reviews a firm’s compliance with AML rules under FINRA Rule 3310, which sets forth minimum standards for a firm’s written AML compliance program. The basic tenets of an AML compliance program under FINRA 3310 include the following.
The program has to be approved in writing by a senior manager.
It must be reasonably designed to ensure the firm detects and reports suspicious activity.
It must be reasonably designed to achieve compliance with the AML Rules, including, among others, having a risk-based customer identification program (CIP) that enables the firm to form a reasonable belief that it knows the true identity of its customers.
It must be independently tested to ensure proper implementation of the program.
Each FINRA member firm must submit contact information for its AML Compliance Officer through the FINRA Contact System (FCS).
Ongoing training must be provided to appropriate personnel.
The program must include appropriate risk-based procedures for conducting ongoing customer due diligence, including (i) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and, (ii) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information, including information regarding the beneficial owners of legal entity customers.
To receive AML updates by email, please subscribe to our mailing list.
Anti-Money Laundering Template for Small Firms
FINRA provides an Anti-Money Laundering Template to assist Small Firms in establishing the AML compliance program required by the Bank Secrecy Act, its implementing regulations, and FINRA Rule 3310.
Frequently Asked Questions
Find answers to frequently asked questions regarding FINRA Rule 3310 and AML program requirements.
AML Reports and Systems
Suspicious Activity Report (SAR) (must be filed electronically through the BSA E-Filing System)
Currency Transaction Report (CTR) (must be filed electronically through the BSA E-Filing System)
Report of Foreign Bank and Financial Accounts (FBAR) (FinCEN 114) (must be filed electronically through the BSA E-Filing System)
FINRA's Anti-Money Laundering (AML) e-learning courses cover concepts and strategies for detecting and preventing money-laundering activity. Each course presents unique scenarios that illustrate typical money-laundering situations.
FINRA's Office of General Counsel (OGC) staff provides broker-dealers, attorneys, registered representatives, investors and other interested parties with interpretative guidance relating to FINRA’s rules. Please see Interpreting FINRA Rules for more information.
OGC staff contact:
1735 K Street, NW
Washington, DC 20006
FinCEN: The Financial Crimes Enforcement Network (FinCEN) is the primary AML/CFT regulator in the United States and operates under the authority of the United States Treasury Department. FinCEN is responsible for combating money laundering, the financing of terrorism and other financial crimes by monitoring banks, financial institutions and individuals and analyzing suspicious transactions and payments. FinCEN works with state and federal law enforcement agencies, sharing information to assist in the fight against financial crime.
OFAC: In a similar AML/CFT capacity to FinCEN, and under the authority of the US Treasury Department, the Office of Foreign Assets Control (OFAC) is responsible for administering and enforcing the United States’ economic and trade sanctions. OFAC works to prevent sanctions-targeted countries, regimes and individuals from perpetrating financial crimes, such as money laundering or terrorism, and peripheral crimes, such as drug trafficking and weapons proliferation.
The Bank Secrecy Act: Introduced in 1970, the Bank Secrecy Act (BSA) is the United States’ most important anti-money laundering law. The BSA is intended to combat money laundering and ensure that banks and financial institutions do not facilitate or become complicit in it. The BSA imposes a range of compliance obligations on firms operating within US jurisdiction, including a requirement to implement a risk-based AML program with appropriate customer due diligence (CDD) and screening measures and to perform a range of reporting and record-keeping tasks when dealing with suspicious transactions and customers.
USA Patriot Act: The USA Patriot Act was passed in 2001 in the wake of the September 11 terror attacks. This legislation targets financial crimes associated with terrorism and expands the scope of the BSA by giving law enforcement agencies additional surveillance and investigatory powers, introducing new screening and customer due diligence measures and imposing increased penalties on firms or individuals found to be involved in terrorism financing. The USA Patriot Act includes specific provisions and controls for cross-border transactions in order to combat international terrorism and financial crime.
In addition to the BSA and the USA Patriot Act, firms should be familiar with other important US AML/CFT regulations. These include:
Money Laundering Control Act 1986
Money Laundering Suppression Act 1994
Money Laundering and Financial Crimes Strategy Act 1998
Suppression of the Financing of Terrorism Convention Implementation Act 2002
Intelligence Reform and Terrorism Prevention Act 2004
Consequences of Noncompliance With AML Regulations
The potential impact of noncompliance with AML laws and regulations in the US depends on a variety of factors, but in the most serious cases, breaches can result in both criminal and civil penalties, fines and prison terms. Under the BSA, penalties may be imposed on each branch or location found to be violation of AML regulations and for each day that the violation occurs. BSA fines may range from $10,000 per day (for failures to report foreign financial agency transactions) to $100,000 per day (for failures in customer due diligence). Breaches in AML law are also likely to result in the forfeit of assets and funds involved in the criminal activity.
The consequences of noncompliance with AML regulations are not restricted to financial penalties and prison terms. Firms that are found to have broken AML/CFT laws often suffer reputational damage and may have to operate under restrictions imposed by the US Treasury Department.
How To Comply With US AML/CFT Regulations
Under the Bank Secrecy Act and the USA Patriot Act, banks and financial institutions must take a risk-based approach to AML/CFT and implement the following compliance measures:
AML program: Firms must develop and implement an internal AML/CFT program designed to match the risk profile of their customers and business sectors. The program should consist of written policies and procedures detailing the firm’s approach to:
Customer due diligence
Transaction screening and monitoring
Adverse media and PEP screening
Reporting and Record-Keeping: In compliance with the BSA, firms must maintain detailed records on their customers and submit reports to the BSA when their customers engage in certain transactions or financial activities. Amongst these responsibilities is the submission of suspicious activity reports (SARs) for transactions over $5,000 or for transactions that are suspected to be in violation of the BSA.
Compliance Officer: An individual employee should be appointed as chief compliance officer to oversee their firm’s AML program and be responsible for arranging audits. The designated AML officer must have sufficient authority (ideally management level) and professional experience to carry out their duties effectively.
BSA Training: Firms should ensure their employees receive the training they need to fulfill their compliance responsibilities. Firms must also ensure a schedule is in place to deliver ongoing training to employees in line with changes to AML laws.
For firms operating in the US, BSA-AML compliance presents a significant administrative challenge. Performing manual CDD and screening checks requires time and resources and carries the ongoing possibility of costly human error. To overcome that problem, many firms choose to automate their AML program with a range of smart technology tools designed to complement the expertise of their employees. By adding efficiency and accuracy to the process, AML automation not only represents a way to reduce friction for customers but to help US firms continue to deliver the standards of regulatory compliance that FinCEN expects.
What Is Know Your Client (KYC)?
The Know Your Client or Know Your Customer is a standard in the investment industry that ensures investment advisors know detailed information about their clients' risk tolerance, investment knowledge, and financial position. KYC protects both clients and investment advisors. Clients are protected by having their investment advisor know what investments best suit their personal situations. Investment advisors are protected by knowing what they can and cannot include in their client's portfolio. KYC compliance typically involves requirements and policies such as risk management, customer acceptance policies, and transaction monitoring.
Understanding Know Your Client (KYC)
The Know Your Client (KYC) rule is an ethical requirement for those in the securities industry who are dealing with customers during the opening and maintaining of accounts. There are two rules which were implemented in July 2012 that cover this topic together: Financial Industry Regulatory Authority (FINRA) Rule 2090 (Know Your Customer) and FINRA Rule 2111 (Suitability). These rules are in place to protect both the broker-dealer and the customer and so that brokers and firms deal fairly with clients.
The Know Your Customer Rule 2090 essentially states that every broker-dealer should use reasonable effort when opening and maintaining client accounts. It is a requirement to know and keep records on the essential facts of each customer, as well as identify each person who has authority to act on the customer’s behalf.
The KYC rule is important at the beginning of a customer-broker relationship to establish the essential facts of each customer before any recommendations are made. The essential facts are those required to service the customer’s account effectively and to be aware of any special handling instructions for the account. Also, the broker-dealer needs to be familiar with each person who has authority to act on behalf of the customer and needs to comply with all the laws, regulations, and rules of the securities industry.
As found in the FINRA Rules of Fair Practices, Rule 2111 goes in tandem with the KYC rule and covers the topic of making recommendations. The suitability Rule 2111 notes that a broker-dealer must have reasonable grounds when making a recommendation that is suitable for a customer based on the client’s financial situation and needs. This responsibility means that the broker-dealer has done a complete review of the current facts and profile of the customer, including the customer’s other securities before making any purchase, sale, or exchange of a security.
Establishing a Customer Profile
Investment advisors and firms are responsible for knowing each customer's financial situation by exploring and gathering the client's age, other investments, tax status, financial needs, investment experience, investment time horizon, liquidity needs, and risk tolerance. The SEC requires that a new customer provide detailed financial information that includes name, date of birth, address, employment status, annual income, net worth, investment objectives, and identification numbers before opening an account.
Follow Federal & State Legal Requirements and Regulations. Please always consult with a real legal advisor and/or licensed attorney. This is simply a guideline to get you started in the right direction.