Generally speaking, the Bank Secrecy Act (“BSA”) requires financial institutions in the United States to assist U.S. government agencies to detect and prevent money laundering. But while anyone can imagine that the BSA and its implementing regulations apply to those entities we typically classify as “financial institutions” such as banks and other depository institutions, it is important to note that the BSA Rules also apply to other entities that we may not traditionally think of as “financial institutions” including securities broker-dealers.
The BSA rules require brokers-dealers to, among other things, develop and implement BSA compliance programs. In accordance with the BSA rules, FINRA Rule 3310 sets forth minimum standards for broker-dealers’ BSA compliance programs. First, the rule requires firms to develop and implement a written BSA compliance program. The program has to be approved in writing by a member of senior management and be reasonably designed to achieve and monitor the firm’s ongoing compliance with the requirements of the BSA Rules. Additionally, and consistent with the BSA Rules, the rule also requires firms, at a minimum, to:
- establish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of suspicious transactions;
- establish and implement policies, procedures, and internal controls reasonably designed to achieve compliance with the BSA and implementing regulations;
- provide for annual (on a calendar-year basis) independent testing for compliance to be conducted by member personnel or by a qualified outside party. If the firm does not execute transactions with customers or otherwise hold customer accounts or act as an introducing broker with respect to customer accounts (e.g. engages solely in proprietary trading or conducts business only with other broker-dealers), the independent testing is required every two years (on a calendar-year basis);
- designate and identify to FINRA (by name, title, mailing address, e-mail address, telephone number, and facsimile number) an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the program. Such individual or individuals are associated persons of the firm with respect to functions undertaken on behalf of the firm. Each member must review and, if necessary, update the information regarding a change to its BSA compliance person within 30 days following the change and verify such information within 17 business days after the end of each calendar year.
Compliance with the BSA Rules is no easy task. To effectively address these rules, a broker-dealer’s BSA compliance program should set forth clear policies and procedures with respect to each applicable BSA Rule requirement, including without limitation, requirements regarding its customer due diligence, currency transaction and suspicious activity reporting, and record-keeping. Importantly, BSA Rules generally apply to all brokers and dealers, but firms should recognize that BSA compliance can and should be tailored to fit their business and risks, considering factors such as size, location, business activities, the types of accounts they maintain, and the types of transactions in which their customers engage.
In the wake of increased enforcement on the part of regulators and law enforcement alike, now, more than ever, is the time for brokers-dealers to review and enhance and their BSA compliance programs to ensure that they comply with legal requirements as well as meet regulator expectations.