[Miningwatchdog Marketplace]

Anti-Money Laundering (AML) Program: 

Compliance and Supervisory Procedures

UPDATED AS OF JUNE 20th, 2023

 This template is provided to assist small firms in fulfilling their responsibilities to establish an Anti-Money Laundering (AML) Program as required by the Bank Secrecy Act (BSA) and its implementing regulations and FINRA Rule 3310 (AML Compliance Program). Nothing in this template creates any new requirements for AML programs. Furthermore, following this template does not guarantee compliance with AML Program requirements or provide a safe harbor from regulatory responsibility. There is no exemption from the AML rules for small broker-dealers.

Your firm’s AML program should be "risk-based.” That means that the program’s AML policies, procedures and internal controls should be designed to address the risk of money laundering specific to your firm. Your firm can identify that risk by looking at the type of customers it serves, where its customers are located, and the types of services it offers. It is a good practice to develop a written analysis of your firm’s money laundering and terrorist financing risk and how your firm’s AML procedures manage that risk. This "risk assessment” will help to ensure that the AML program is the right one for your firm and is a useful tool for demonstrating to your firm’s examiner that the firm used a reasonable approach for designing its AML program.

In addition, where certain AML rules may be inapplicable due to the limited nature of your firm’s business, FINRA expects your firm to have internal controls in place to identify when circumstances change in such a way as to trigger previously inapplicable AML requirements and to amend your AML policies and procedures to accurately reflect all AML requirements that are applicable to your business. For example, a firm with no customer accounts within the definition of the Customer Identification Program (CIP) rule would not be expected to have a CIP. However, the firm must have procedures in place to identify when the firm’s business activities have shifted in such a way as to require compliance with the CIP rule. In addition, notwithstanding the fact that the firm does not have accounts for CIP purposes, the firm is expected to identify and develop procedures for any additional AML requirements that do apply (e.g., suspicious activity monitoring and reporting).

The language in this template is provided only as a helpful starting point to walk you through developing your firm’s program. If any of the language does not adequately address your firm’s business situation in any respect, you will need to prepare your own language. You are responsible for ensuring that the program fits your firm’s risk level and that you implement the program. 

• Miningwatchdog Marketplace is provided to give you sample language that you can modify, as necessary, to fit your firm’s needs in creating your firm’s program. 

The material in italics provides instructions and citations to the relevant rules and other resources that you can use to develop your firm’s program. 

The FINRA AML web page includes important information and links to other websites with useful information. You should also consult the websites maintained by the Financial Crimes Enforcement Network (FinCEN) and the Securities and Exchange Commission (SEC), including the SEC’s AML Source Tool, for additional information and guidance. For historical guidance and background, you may wish to consult NASD Notices to Members (NTM) 02-21, 02-47, 02-50, 02-78, 02-80, 03-34, 06-07, 06-41 and 07-17. Regulatory Notices 07-42, 08-66, 09-05, 12-08, 17-40 18-19, and 19-18 provide additional guidance information about firms’ AML obligations. In order to submit BSA filings, including Suspicious Activity Reports (SARs), to FinCEN, firms must use FinCEN’s BSA E-Filing System.

1.                 Firm Policy

Miningwatchdog Marketplace: It is the policy of the firm to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under the Bank Secrecy Act (BSA) and its implementing regulations.

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages. Cash first enters the financial system at the "placement" stage, where the cash generated from criminal activities is converted into monetary instruments, such as money orders or traveller's checks, or deposited into accounts at financial institutions. At the "layering" stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. At the "integration" stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses. 

Although cash is rarely deposited into securities accounts, the securities industry is unique in that it can be used to launder funds obtained elsewhere and to generate illicit funds within the industry itself through fraudulent activities. Examples of types of fraudulent activities include insider trading, market manipulation, Ponzi schemes, cybercrime and other investment-related fraudulent activity.

Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.

Our AML policies, procedures and internal controls are designed to ensure compliance with all applicable BSA regulations and FINRA rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business.

Rules: 31 C.F.R. § 1023.210; FINRA Rule 3310.

2.   AML Compliance Person Designation and Duties

Designate your firm’s AML Compliance Person and describe his or her duties.

Miningwatchdog Marketplace: The firm has designated [Management] as its Anti-Money Laundering Program Compliance Person (AML Compliance Person), with full responsibility for the firm’s AML program. [Name] has a working knowledge of the BSA and its implementing regulations and is qualified by experience, knowledge and training, including [describe]. The duties of the AML Compliance Person will include monitoring the firm’s compliance with AML obligations, overseeing communication and training for employees, and [add any other duties your firm will assign to the AML Compliance Person; review NASD Rules 1021 and 1031[1] for any applicable registration requirements]. The AML Compliance Person will also ensure that the firm keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports (SARs) are filed with the Financial Crimes Enforcement Network (FinCEN) when appropriate. The AML Compliance Person is vested with full responsibility and authority to enforce the firm’s AML program. 

The firm will provide FINRA with contact information for the AML Compliance Person through the FINRA Contact System (FCS), including (1) name; (2) title; (3) mailing address; (4) email address; (5) telephone number; and (6) facsimile (if any). The firm will promptly notify FINRA of any change in this information through FCS. It will review, and if necessary update, this information within 17 business days after the end of each calendar year. The annual review of FCS information will be conducted by [Name] and will be completed with all necessary updates provided by 17 business days following the end of each calendar year. In addition, if there is any change to the information, [Name] will update the information promptly, but in any event, by 30 days following the change.

Rules: 31 C.F.R. § 1023.210; FINRA Rule 3310; FINRA Rule 4517.

Resources: Regulatory Notice 07-42; NTM 06-07; NTM 02-78. Firms can submit their AML Compliance Person information through FINRA's FCS web page.

3.   Giving AML Information to Federal Law Enforcement Agencies and Other Financial Institutions

a.     FinCEN Requests Under USA PATRIOT Act Section 314(a)

Pursuant to the BSA and its implementing regulations, financial institutions are required to make certain searches of their records upon receiving an information request from FinCEN. Describe your firm’s procedures for FinCEN requests for information on money laundering or terrorist activity.

In order for a firm to obtain information requests from FinCEN, the firm must first designate an AML Contact Person in FCS. You should be aware that if you want to change the person who receives FinCEN requests, you must change the AML contact information in FCS. When you are faced with a change in personnel who will receive this information, you should be aware that FinCEN receives a data feed of this revised information from FCS every other week and that it may take several weeks for a firm’s new AML contact person to receive information from FinCEN. Therefore, it is advisable for a firm that is aware that a person who has been receiving FinCEN requests is leaving the firm to change the information on FCS as soon as practical to ensure continuity of receiving FinCEN information.  

 Miningwatchdog Marketplace: We will respond to a Financial Crimes Enforcement Network (FinCEN) request concerning accounts and transactions (a 314(a) Request) by immediately searching our records to determine whether we maintain or have maintained any account for, or have engaged in any transaction with, each individual, entity or organization named in the 314(a) Request as outlined in the Frequently Asked Questions (FAQ) located on FinCEN’s secure website. We understand that we have 14 days (unless otherwise specified by FinCEN) from the transmission date of the request to respond to a 314(a) Request. We will designate through the FINRA Contact System (FCS) one or more persons to be the point of contact (POC) for 314(a) Requests and will promptly update the POC information following any change in such information. (See also Section 2 above regarding updating of contact information for the AML Compliance Person.) Unless otherwise stated in the 314(a) Request or specified by FinCEN, we are required to search those documents outlined in FinCEN’s FAQ. If we find a match, [Name] will report it to FinCEN via FinCEN’s Web-based 314(a) Secure Information Sharing System within 14 days or within the time requested by FinCEN in the request. If the search parameters differ from those mentioned above (for example, if FinCEN limits the search to a geographic location), [Name] will structure our search accordingly.

If [Name] searches our records and does not find a matching account or transaction, then [Name] will not reply to the 314(a) Request. We will maintain documentation that we have performed the required search by [add the details on how your firm will document its searches here. For example, printing a search self-verification document from FinCEN’s 314(a) Secure Information Sharing System confirming that your firm has searched the 314(a) subject information against your records OR maintaining a log showing the date of the request, the number of accounts searched, the name of the individual conducting the search and a notation of whether or not a match was found].

We will not disclose the fact that FinCEN has requested or obtained information from us, except to the extent necessary to comply with the information request. [Name] will review, maintain and implement procedures to protect the security and confidentiality of requests from FinCEN similar to those procedures established to satisfy the requirements of Section 501 of the Gramm-Leach-Bliley Act with regard to the protection of customers’ nonpublic information. 

We will direct any questions we have about the 314(a) Request to the requesting federal law enforcement agency as designated in the request.

 Unless otherwise stated in the 314(a) Request, we will not be required to treat the information request as continuing in nature, and we will not be required to treat the periodic 314(a) Requests as a government-provided list of suspected terrorists for purposes of the customer identification and verification requirements.

 Rule: 31 C.F.R. § 1010.520.

Resources: FinCEN’s 314(a) web page; NTM 02-80;. FinCEN also provides financial institutions with General Instructions and Frequently Asked Questions relating to 314(a) requests through the