Dirty Money Audits: SDDCO Shares Guidance on AML Testing Compliance

Share Article

S.D. Daniels & Co., LLC ("SDDCO-LLC") lends guidance to broker-dealers on the mandatory testing of their anti-money laundering programs. Overview includes the timing and requirements of AML testing, the minimum standards of AML compliance, the scope and process of the AML audit, and the contents of the final report.

News Image

Money laundering—the act of using a legitimate financial system to mask ill-gotten gains—makes dirty money appear clean. To support the ongoing war on financial crime, broker-dealers are required to adopt and update anti-money laundering (“AML”) programs and periodically test them.

Uncovering dirty money is taken seriously by regulators. S.D. Daniels & Co., LLC ("SDDCO-LLC"), an independent provider of broker-dealer AML testing services, presents brass-tacks guidance on testing AML compliance.

What’s an AML Test?

An AML test should be an independent, in-depth review of a broker-dealer’s AML compliance program. It should audit a firm’s conformity with pertinent anti-fraud laws established to trace, record, and report suspected money laundering. Rules and regulations include the Bank Secrecy Act (“BSA”) and the USA Patriot Act of 2001 (“Patriot Act”); and regulations adopted by governmental administrators, such as the Securities and Exchange Commission (“SEC”), the Financial Crimes Enforcement Network (“FinCEN”), the Office of Foreign Assets Control (“OFAC”); and the Financial Industry Regulatory Authority ("FINRA").

What are the Minimum AML Standards?

In keeping with BSA (which applies to all broker-dealers) and other AML regulations, FINRA Rule 3310 and its amendments (“Rule 3310”) instruct broker-dealers to observe, at a minimum, the following AML standards:
1. Maintain an AML compliance program with risk-based, AML policies and procedures, internal controls to address risks specific to the firm, and processes for reporting suspicious transactions.
2. Designate an AML compliance officer (“AML-CO”) to monitor AML compliance; develop and manage employee training; address red flag issues; and enforce suspicious activity reporting.
3. Conduct adequate, independent testing of the effectiveness of a firm’s AML compliance program.

Who May Conduct an AML Test?

AML tests—pursuant to Rule 3310 and supplemental material—must be performed by a knowledgeable, independent person (in-house or sourced off-site). Knowledge: AML tester must have a working knowledge of the applicable requirements of BSA and its implementing regulations. Independence: AML test may not be conducted by any person who performs the functions being tested, such as the designated AML compliance person, a member of the AML compliance team, or by anyone reporting to either.

Under NASD testing requirements (IM-3011-1), an associated employee—one taking part in implementing the AML compliance policies—could, if conditions were met, review and report on the firm's program. Since 2010, however, FINRA disallowed those exceptions for insider testing deciding no one with “interest in the outcome” may conduct a firm’s AML audit.

What’s the Goal of the AML Test?

The goal is to determine if a firm is upholding AML policies and procedures that:

  • Address regulatory requirements applicable to its particular business;
  • Have been updated to incorporate new and amended rules and regulations;
  • Have been properly authorized by senior management; and
  • Have been distributed to, and acknowledged by, all associated persons.

What’s the Proper Timing of AML Testing?

One-Year Cycle: Most FINRA member firms are required to conduct independent testing of their AML compliance programs annually, on a calendar year basis.

Two-Year Cycle: FINRA member firms may conduct testing every two years if they:

  • Do NOT execute transactions with customers; or
  • Do NOT otherwise hold customer accounts; or
  • Do NOT act as an introducing broker with respect to customer accounts (such as

only engaging in proprietary trading or only conducting business with other broker-dealers).

What’s the Scope of AML Testing?

The test should emphasize the AML rules most relevant to the firm’s business operations and assess AML compliance and business practices that pose the highest degree of risk. Review categories include Review & Analysis of Business Operations; Review & Analysis of AML Supervision and Management; Review & Analysis of Records.

What’s the AML Testing Process?

SDDCO-LLC Certified AML Specialists (“CAMS”), members of the Association of Certified Anti-Money Laundering Specialists ("ACAMS"), explain the steps of their independent audit process:

Before the AML testing visit:

  • Prepare a preliminary Firm Profile;
  • Compile/send a custom Records Request List;
  • Prepare a custom checklist of AML related activities; and
  • Schedule an onsite visit with the AML-CO or designated AML compliance staff.

During the AML testing visit:

  • Interview AML staff to finalize profile and complete audit;
  • Review all requested records;
  • Review client files with heightened focus on foreign clients;
  • Review and assess if the written supervisory procedures (“WSP”) address all relevant AML requirements;
  • Review and asses WSP to identify required AML program elements, including a written customer identification program (“CIP”), suspicious activity reporting (“SAR”), and adequate training of staff; and
  • Review random samples of other key documents to evaluate compliance with AML recordkeeping rules.

After the AML testing visit:

  • Prepare an attestation of independent AML testing; and
  • Prepare an AML Testing Report for the firm.

What’s in an AML Report?

The written report should contain the methodology of testing and an assessment of the firm's compliance with its AML WSP and supervisory systems. A summary should cover the gaps discovered and identify changes a broker-dealer has made or needs to make to enhance the effectiveness of its AML program. The broker-dealer should immediately address any deficiencies discovered and/or establish a corrective action plan to resolve them.

About S.D. Daniels & Co., LLC

SDDCO-LLC, a member of The SDDCO Group, performs independent testing of the AML compliance programs of FINRA member broker/dealers. Formed 1952, The SDDCO Group delivers expert outsourced support to financial services clients including broker/dealers, investment advisers, FCMs, privately held funds, and the U.S. arms of foreign banks. Services also include accounting and tax work…FINRA, SEC, NFA and CFTC registrations…CCO, CFO, and FinOp roles…brokerage advising…and ongoing regulatory compliance support.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Teri Daniels, Manager
Follow us on
Visit website