Anti-Money Laundering (AML) Source Tool for Broker-Dealers

This guide was last updated on August 8, 2025.

This research guide, or “source tool,” is a compilation of key AML laws, rules, orders, and guidance applicable to broker-dealers. Several statutory and regulatory provisions, and related rules of the securities self-regulatory organizations (SROs), impose AML obligations on broker-dealers. A wealth of related AML guidance material is also available. To aid research efforts into AML requirements and to assist broker-dealers with AML compliance, this source tool organizes key AML compliance materials and provides related source information.

When using this research tool, you should keep the following in mind:

First, all broker-dealers are responsible for complying with all AML requirements to which they are subject. Although this research guide summarizes some of the key AML obligations that are applicable to broker-dealers, it is not comprehensive. You should not rely solely on the summary information provided, but also refer to the relevant statutes, rules, orders, and interpretations.

Second, AML laws, rules, and orders are subject to change and may change quickly.  Statutes that include AML-related provisions may be amended from time to time, and new statutes may be enacted which include AML-related provisions. For example, the Anti-Money Laundering Act of 2020 (AMLA) tasked the Secretary of the Treasury, in consultation with specified regulators and law enforcement, with undertaking a review of BSA regulations and guidance and directed the Secretary to make appropriate changes to improve the efficiency of the regulations and guidance.[1] Other provisions of the AMLA, including the Corporate Transparency Act, required the Secretary to revise the AML program rules and beneficial ownership rule.[2] You should be mindful of any new AML laws, rules and orders implementing these and other statutes.

Finally, this source tool represents the views of the staff of the Division of Examinations. It is not a rule, regulation, or statement of the Securities and Exchange Commission (Commission). The Commission has neither approved nor disapproved its content.  This source tool, like all staff guidance, has no legal force or effect: it does not alter or amend applicable law, and it creates no new or additional obligations for any person.

The Division of Examinations regularly publishes Risk Alerts on its webpage, www.sec.gov/exams, some of which deal with AML topics, and also maintains a source tool regarding the AML obligations of mutual funds. You will find a list of telephone numbers and useful websites at the end of this guide.

TABLE OF CONTENTS

The following topics are addressed in this guide:

1. The Bank Secrecy Act
2. The USA PATRIOT Act
3. AML Programs
4. Customer Identification Programs
5. Beneficial Ownership
6. Correspondent Accounts: Prohibition on Foreign Shell Banks and Due Diligence Programs
7. Due Diligence Programs for Private Banking Accounts
8. Suspicious Activity Monitoring and Reporting
9. Other BSA Reports
10. Records of Funds Transfers
11. Information Sharing With Law Enforcement and Financial Institutions
12. Special Measures Imposed by the Secretary of the Treasury
13. Office of Foreign Asset Control (OFAC) Sanctions Programs and Other Lists
14. Selected Additional AML Resources
15. Useful Contact Information

1. The Bank Secrecy Act

The Bank Secrecy Act (BSA), initially adopted in 1970, establishes the basic framework for AML obligations imposed on financial institutions. Among other things, it authorizes the Secretary of the Treasury to issue regulations requiring financial institutions (including broker-dealers) to keep records and file reports on financial transactions that may be useful in investigating and prosecuting money laundering and other financial crimes. The Financial Crimes Enforcement Network (FinCEN), a bureau within Treasury, has regulatory responsibilities for administering the BSA.

Rule 17a-8 under the Securities Exchange Act of 1934 (Exchange Act) requires broker-dealers to comply with the reporting, recordkeeping, and record retention rules adopted under the BSA.

Source Documents:

• Bank Secrecy Act: The Bank Secrecy Act is codified at 31 U.S.C. §§ 5311 et seq.
• Bank Secrecy Act Rules: The rules adopted by FinCEN implementing the BSA are located at 31 C.F.R. Chapter X. 31 C.F.R. Chapter X is comprised of a “General Provisions Part” and separate financial-institution-specific parts for those financial institutions subject to FinCEN regulations. The General Provisions Part (Part 1010) contains regulatory requirements that apply to more than one type of financial institution, and in some cases, individuals. The financial-institution-specific parts contain regulatory requirements specific to a particular type of financial institution. Part 1023 pertains to broker-dealers (31 C.F.R. §§ 1023.100 et seq.).
• Exchange Act Rule 17a-8: 17 C.F.R. § 240.17a-8.

2. The USA PATRIOT Act

The USA PATRIOT Act was enacted by Congress in 2001 in response to the terrorist attacks on September 11, 2001. Among other things, the USA PATRIOT Act amended and strengthened the BSA. It imposed a number of AML obligations directly on broker-dealers, including:

• establishing AML compliance programs;
• establishing customer identification programs (CIP);
• obtaining beneficial ownership information and customer due diligence;
• monitoring, detecting, and filing reports of suspicious activity;
• conducting due diligence on foreign correspondent accounts, including prohibitions on transactions with foreign shell banks;
• conducting due diligence on private banking accounts;
• participating in mandatory information-sharing (in response to requests by federal law enforcement); and
• complying with “special measures” imposed by the Secretary of the Treasury to address particular AML concerns.

Source Document:

• USA PATRIOT Act: Title 3 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. No. 107-56, 115 Stat. 296 (2001).

3. AML Programs

Section 352 of the USA PATRIOT ACT amended the BSA to require financial institutions, including broker-dealers, to establish AML programs. Broker-dealers can satisfy this requirement by implementing and maintaining an AML program that complies with SRO rule requirements.

An AML program must be in writing and include, at a minimum:

• policies, procedures, and internal controls reasonably designed to achieve compliance with the BSA and its implementing rules;
• policies and procedures that can be reasonably expected to detect and cause the reporting of transactions under 31 U.S.C. 5318(g) and the implementing regulations thereunder;
• the designation of an AML compliance officer (AML Officer), including notification to the SROs;
• ongoing AML employee training;
• an independent test of the firm’s AML program, annually for most firms; and
• risk based procedures for conducting ongoing customer due diligence. These should include, but not be limited to procedures to: (1) identify and verify the identity of customers, (2) understand the nature and purpose of customer relationships to be able to develop a risk profile, and (3) conduct ongoing monitoring to identify and report suspicious transactions as well as maintain and update customer information, including beneficial ownership information for legal entity customers. 

Source Documents:

• AML Program Rule: 31 C.F.R. § 1023.210.
• Adopting Releases: Customer Due Diligence Requirements for Financial Institutions, 81 Fed. Reg. 29398 (May 11, 2016); Anti-Money Laundering Programs for Financial Institutions, 67 Fed. Reg. 21110 (Apr. 29, 2002).
• SEC Order Approving FINRA AML Compliance Program Rule: Exchange Act Release No. 60645 (Sept. 10, 2009); see also 74 Fed. Reg. 47630 (Sept. 16, 2009).
• FINRA AML Compliance Rule and Related Guidance:
  • FINRA Rule 3310: Anti-Money Laundering Compliance Program
  • Supplementary Material 3310.01: Independent Testing Requirements
  • Supplementary Material 3310.02: Review of Anti-Money Laundering Compliance Person Information
  • Notice to Members 02-21: NASD Provides Guidance to Member Firms Concerning Anti-Money Laundering Compliance Programs Required by Federal Law (Apr. 10, 2002).[3]
  • Regulatory Notice 17-40: FinCEN’s Customer Due Diligence Requirements for Financial Institutions and FINRA Rule 3310 – FINRA Provides Guidance to Firms Regarding Anti-Money Laundering Program Requirements Under FINRA Rule 3310 Following Adoption of FinCEN’s Final Rule to Enhance Customer Due Diligence Requirements for Financial Institutions Effective Date (Nov. 21, 2017).
  • Regulatory Notice 18-19: Anti-Money Laundering Compliance Program – FINRA Amends Rule 3310 to Conform to FinCEN’s Final Rule on Customer Due Diligence Requirements for Financial Institutions (May 3, 2018).
  • Regulatory Notice 18-25: Alternative Trading System (ATS) Supervision Obligations (Aug. 13, 2018) (reminding ATSs of their obligations to supervise activity on their platforms).
  • Regulatory Notice 21-36: Anti-Money Laundering and Countering the Financing of Terrorism (Oct. 8, 2021) (FINRA encouraging firms to consider how to incorporate the government-wide Anti-Money Laundering and Countering the Financing of Terrorism Priorities into their AML programs).
  • FINRA Small Firm Template: The template provides model language for AML program compliance and supervisory procedures.
  • FINRA AML Frequently Asked Questions.

4. Customer Identification Programs

Section 326 of the USA PATRIOT Act amended the BSA to require financial institutions, including broker-dealers, to establish written CIP. The FinCEN-SEC joint implementing rule requires a broker-dealer’s CIP to include, at a minimum, procedures for:

• obtaining customer identifying information from each customer prior to account opening;
• verifying the identity of each customer, to the extent reasonable and practicable, within a reasonable time before or after account opening;
• making and maintaining a record of information obtained relating to identity verification;
• determining within a reasonable time after account opening or earlier whether a customer appears on any list of known or suspected terrorist organizations designated by Treasury;[4] and
• providing each customer with adequate notice, prior to opening an account, that information is being requested to verify the customer’s identity.

The CIP rule provides that, under certain defined circumstances, broker-dealers may rely on another financial institution to fulfill some or all of the requirements of the broker-dealer’s CIP. For a broker-dealer to rely on another financial institution the reliance must be reasonable. The other financial institution also must be subject to an AML compliance program rule and be regulated by a federal functional regulator. The broker-dealer and other financial institution must enter into a contract and the other financial institution must certify annually to the broker-dealer that it has implemented an AML program. The other financial institution must also certify to the broker-dealer that the financial institution will perform the specified requirements of the broker-dealer’s CIP.[5]

Source Documents:

• Customer Identification Program Rule: 31 C.F.R. § 1023.220.
• Adopting Releases: Exchange Act Release No. 47752 (Apr. 29, 2003). See also 68 Fed. Reg. 25113 (May 9, 2003).
• Other Rulemaking Documents:
  • Proposed Rule: Exchange Act Release No. 46192 (July 12, 2002). See also 67 Fed. Reg. 48306 (July 23, 2002).
• FinCEN Guidance:
  • FIN-2008-G002: Guidance: Customer Identification Program Rule No-Action Position Respecting Broker-Dealers Operating Under Fully Disclosed Clearing Agreements According to Certain Functional Allocations (Mar. 4, 2008).
  • FIN-2008-R008: Ruling: Bank Secrecy Act Obligations of a U.S. Clearing Broker-Dealer Establishing a Fully Disclosed Clearing Relationship with a Foreign Financial Institution (June 3, 2008).
• SEC Staff Views:
  • Staff Q&A Regarding the Broker-Dealer Customer Identification Program Rule (Oct. 1, 2003). (The Q&A provides the views of staff regarding when a broker-dealer maintaining an “omnibus account” for a financial intermediary may treat the financial intermediary as the “customer” for CIP purposes.)
  • No-Action Letters to the Securities Industry and Financial Markets Association (SIFMA) (formerly the Securities Industry Association) (Feb. 12, 2004; Feb. 10, 2005; July 11, 2006; Jan. 10, 2008; Jan. 11, 2010; Jan. 11, 2011; Jan. 9, 2015; Dec. 12, 2016; Dec. 12, 2018; Dec. 9, 2020; Dec. 9, 2022; and Dec. 5, 2024). (The letters provide staff no-action statements regarding broker-dealers relying on investment advisers to conduct the required elements of the CIP rule. Among other things, the 2015 letter addresses the reasonableness of a broker-dealer’s reliance on an investment adviser and the investment adviser’s prompt reporting to the broker-dealer of potentially suspicious or unusual activity detected as part of the CIP being performed on the broker-dealer’s behalf. The 2022 letter extended the relief to the portion of the customer due diligence rule regarding beneficial ownership requirements for legal entity customers, which requirements are discussed in the following section.)
  • Staff Q&A Regarding Broker-Dealer CIP Rule Responsibilities under the Agency Lending Disclosure Initiative (Apr. 26, 2006).
  • Master/Sub-accounts, National Exam Risk Alert, Vol. I, Issue 1 (Sept. 29, 2011).
• FINRA Guidance:
  • NASD Comparison of the AML Customer Identification Rule and the SEC’s Books & Records Customer Account Records Rule (2003).
  • Regulatory Notice 10-18: Master Accounts and Sub-Accounts (Apr. 2010).

5. Beneficial Ownership

Covered financial institutions are required to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers and to include such procedures in their AML compliance program required under 31 U.S.C. 5318(h) and its implementing regulations.

Legal entity customer means an account holder that is corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction.

Beneficial owner means each of the following:

1. Each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a legal entity customer; and
2. A single individual with significant responsibility to control, manage, or direct a legal entity customer, including:
   1. An executive officer or senior manager (e.g., a chief executive officer, chief financial officer, chief operating officer, managing member, general partner, president, vice president or treasurer); or
   2. Any other individual who regularly performs similar functions.
3. If a trust owns, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner shall mean the trustee. If an entity that is excluded from the definition of “legal entity customer” owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, no individual need be identified with respect to that entity’s interests.

Source Documents:

• Beneficial Ownership Requirements for Legal Entity Customers: 31 C.F.R. § 1010.230.
• Adopting Release: 81 Fed. Reg. 29398 (May 11, 2016).
• Joint Guidance Issued by FinCEN, SEC, and other Federal Regulators: Guidance on Obtaining and Retaining Beneficial Ownership Information (Mar. 2010).
• FinCEN Guidance:
  • FAQs Regarding Customer Due Diligence Requirements for Financial Institutions (July 19, 2016).
  • FAQs Regarding Customer Due Diligence Requirements for Financial Institutions (Apr. 3, 2018).
  • FAQs Regarding Customer Due Diligence Requirements for Financial Institutions (Aug. 3, 2020).
• FINRA Guidance:
  • Notice to Members 17-40: FINRA Provides Guidance to Firms Regarding Anti-Money Laundering Program Requirements Under FINRA Rule 3310 Following Adoption of FinCEN’s Final Rule to Enhance Customer Due Diligence Requirements for Financial Institutions Effective Date.

6. Correspondent Accounts: Prohibition on Foreign Shell Banks and Due Diligence Programs

Overview: Sections 312, 313, and 319 of the USA PATRIOT Act, which amended the BSA, are inter-related provisions involving “correspondent accounts.” These provisions include prohibitions on correspondent accounts that are maintained for foreign “shell” banks, as well as requirements for risk-based due diligence of foreign correspondent accounts more generally.

A correspondent account is defined as an account established for a foreign financial institution to receive deposits from, or to make payments or other disbursements on behalf of, the foreign financial institution, or to handle other financial transactions related to such foreign financial institution.

A foreign financial institution includes: (i) a foreign bank (including a foreign branch or office of a U.S. bank); (ii) a foreign branch or office of a securities broker-dealer, futures commission merchant, introducing broker in commodities, or mutual fund; (iii) a business organized under foreign law (other than a branch or office of such business in the U.S.) that if it were located in the U.S. would be a securities broker-dealer, futures commission merchant, introducing broker in commodities, or a mutual fund; and (iv) a money transmitter or currency exchange organized under foreign law (other than a branch or office of such entity in the U.S.).

In addition, FinCEN has clarified that, for a broker-dealer, a “correspondent account” includes:

• accounts to purchase, sell, lend, or otherwise hold securities, including securities repurchase arrangements;
• prime brokerage accounts that clear and settle securities transactions for clients;
• accounts for trading foreign currency;
• custody accounts for holding securities or other assets in connection with securities transactions as collateral; and
• over-the-counter derivatives contracts.

Prohibitions on Foreign Shell Banks: A broker-dealer is prohibited from establishing, maintaining, administering, or managing “correspondent accounts” in the United States for, or on behalf of, foreign “shell” banks (i.e., foreign banks with no physical presence in any country). Broker-dealers also must take steps to ensure that they are not indirectly providing correspondent banking services to foreign shell banks through foreign banks with which they maintain correspondent relationships. To assist institutions in complying with the prohibitions on providing correspondent accounts to foreign shell banks, FinCEN has provided a model certification that can be used to obtain information from foreign bank correspondents. In addition, broker-dealers must obtain records in the United States of foreign bank owners and agents for service of process (Sections 313 and 319 of the USA PATRIOT Act).

Source Documents:

• Shell Bank Prohibition: 31 C.F.R. § 1010.630. See also 31 C.F.R. § 1010.605 (definitions).
• Adopting Release: 67 Fed. Reg. 60562 (Sept. 26, 2002).
• Other Rulemaking Documents:
  • Interim Guidance: 66 Fed. Reg. 59342 (Nov. 27, 2001).
  • Proposed Rule: 66 Fed. Reg. 67460 (Dec. 28, 2001).
• FinCEN Guidance:
  • FIN-2006-G003: Frequently Asked Questions: Foreign Bank Recertifications under 31 C.F.R. § 103.177 (Feb. 3, 2006).
  • FIN-2008-G001: Application of Correspondent Account Rules to the Presentation of Negotiable Instruments Received by a Covered Financial Institution for Payment (Jan. 30, 2008).
  • FIN-2008-R008: Ruling: Bank Secrecy Act Obligations of a U.S. Clearing Broker-Dealer Establishing a Fully Disclosed Clearing Relationship with a Foreign Financial Institution (June 3, 2008).

Due Diligence Regarding Foreign Correspondent Accounts: A broker-dealer is required to establish a risk-based due diligence program (as part of its overall AML compliance program) for any “correspondent accounts” maintained for foreign financial institutions. The due diligence program must include appropriate, specific, and risk-based policies, procedures, and controls reasonably designed to enable the broker-dealer to detect and report, on an ongoing basis, any known or suspected money laundering conducted through or involving any foreign correspondent account (Section 312 of the PATRIOT Act). A related rule covers when enhanced due diligence on foreign financial institutions is required.

Source Documents:

• Correspondent Account Due Diligence Rule: 31 C.F.R. § 1010.610. See also 31 C.F.R. § 1010.605 (definitions).
• Adopting Releases: 71 Fed. Reg. 496 (Jan. 4, 2006); 72 Fed. Reg. 44768 (Aug. 9, 2007) (enhanced due diligence).
• Other Rulemaking Documents:
  • Enhanced Due Diligence Re-Proposed Rule: 71 Fed. Reg. 516 (Jan. 4, 2006).
  • Proposed Rule: 67 Fed. Reg. 37736 (May 30, 2002).
  • Interim Final Rule: 67 Fed. Reg. 48348 (July 23, 2002).
• SEC Staff Views: Staff Bulletin: Risks Associated with Omnibus Accounts Transacting in Low-Priced Securities (Nov. 12, 2020)
• FinCEN Guidance:
  • Fact Sheet: Section 312 of the USA PATRIOT Act (Dec. 2005).
  • FIN-2006-G009: Application of the Regulations Requiring Special Due Diligence Programs for Certain Foreign Accounts to the Securities and Futures Industries (May 10, 2006).
• FFIEC AML Examination Manual (This examination manual, issued by the federal banking regulators regarding the AML requirements applicable to banks, contains guidance that may be of interest to securities firms.)

7. Due Diligence Programs for Private Banking Accounts

Section 312 of the USA PATRIOT Act amended the BSA to, among other things, impose special due diligence requirements on financial institutions, including broker-dealers that establish, maintain, administer, or manage a private banking account in the United States for a “non-United States person.” FinCEN regulations provide that a “covered financial institution” is required to maintain a due diligence program that includes policies, procedures, and controls that are reasonably designed to detect and report any known or suspected money laundering or suspicious activity conducted through or involving a “private banking account” that is established, maintained, administered, or managed in the United States by the financial institution. In addition, the regulations set forth certain minimum requirements for the required due diligence program with respect to private banking accounts and require enhanced scrutiny of any such accounts where the nominal or beneficial owner is a “senior foreign political figure.”

The regulations define a “private banking account” as an account that: (a) requires a minimum deposit of assets of at least $1,000,000; (b) is established or maintained on behalf of one or more non-U.S. persons who are direct or beneficial owners of the account; and (c) has an employee assigned to the account who is a liaison between the broker-dealer and the non-U.S. person.

The definition of “senior foreign political figure” extends to any member of the political figure’s immediate family, to any person widely and publicly known to be a close associate of the foreign political figure, and to any entities formed for the benefit of such persons (collectively, such persons are commonly referred to as PEPs, or Politically Exposed Persons).

Broker-dealers providing private banking accounts must take reasonable steps to:

• determine the identity of all nominal and beneficial owners of the private banking accounts;
• determine whether any such owner is a “senior foreign political figure” and therefore subject to enhanced scrutiny that is reasonably designed to detect transactions that may involve the proceeds of foreign corruption;
• determine the source of funds deposited into the private banking account and the purpose and use of such account;
• review the activity of the account as needed to guard against money laundering; and
• report any suspicious activity, including transactions involving senior foreign political figures that may involve proceeds of foreign corruption.

Source Documents:

• Private Banking Due Diligence Rule: 31 C.F.R. § 1010.620. See also: 31 C.F.R. § 1010.605 (definitions).
• Adopting Release: 71 Fed. Reg. 496 (Jan. 4, 2006).
• Other Rulemaking Documents:
  • Proposed Rule: 67 Fed. Reg. 37736 (May 30, 2002).
  • Interim Final Rule: 67 Fed. Reg. 48348 (July 23, 2002).
• Joint Guidance Issued by FinCEN, SEC, and other Federal Regulators:
  Guidance on Obtaining and Retaining Beneficial Ownership Information (Mar. 2010).
• FinCEN Guidance:
  • Fact Sheet: Section 312 of the USA PATRIOT Act (Dec. 2005).
  • FIN-2006-G009: Application of the Regulations Requiring Special Due Diligence Programs for Certain Foreign Accounts to the Securities and Futures Industries (May 10, 2006).
• FFIEC AML Examination Manual

8. Suspicious Activity Monitoring and Reporting

Section 356 of the USA PATRIOT Act amended the BSA to require broker-dealers to monitor for suspicious activity and file suspicious activity reports (SARs).

Under FinCEN’s SAR rule, a broker-dealer is required to file a suspicious activity report if: (i) a transaction is conducted or attempted to be conducted by, at, or through a broker-dealer; (ii) the transaction involves or aggregates funds or other assets of at least $5,000; and (iii) the broker-dealer knows, suspects, or has reason to suspect that the transaction:

1. involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade any federal law or regulation;
2. is designed to evade any requirements set forth in regulations implementing the BSA;
3. has no business purpose or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the broker-dealer knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or
4. involves use of the broker-dealer to facilitate criminal activity. 

Broker-dealers must report the suspicious activity using FinCEN SAR Form 111, which is confidential. FinCEN maintains instructions for filing the form, which detail, among other things, the minimum information requirements for the form.

Broker-dealers must maintain a copy of any SAR filed and supporting documentation for a period of five years from the date of filing the SAR.

In situations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, broker-dealers should immediately notify law enforcement in addition to filing a SAR. If a firm wishes to report suspicious transactions that may relate to terrorist activity, in addition to filing a SAR, the firm may call FinCEN’s Hotline at 1-866-556-3974.[6]

Source Documents:

• SAR Rule: 31 C.F.R. § 1023.320.
• Adopting Release: 67 Fed. Reg. 44048 (July 1, 2002).
• Other Rulemaking Documents:
  • Proposing Release: 66 Fed. Reg. 67670 (Dec. 31, 2001).
  • Adopting Release for Rules for Confidentiality of Suspicious Activity Reports, 75 Fed. Reg. 75593 (Dec. 3, 2010).
  • Technical Amendment moving the SAR Confidentiality Rule from 31 C.F.R. 103 to the 31 C.F.R. Chapter X.
• BSA E-Filing System and BSA Forms and Filing Requirements.
• SEC Risk Alerts:
  • Division of Examinations, Risk Alert: Compliance Issues Related to Suspicious Activity Monitoring and Reporting at Broker-Dealers (March 29, 2021).
  • Examinations/NEP Risk Alert: Broker-Dealer Controls Regarding Customer Sales of Microcap Securities (Oct. 9, 2014).
• FinCEN Guidance:
  • Interpretative Release No. 2004-02 — Unitary Filing of Suspicious Activity and Blocking Reports, 69 Fed. Reg. 76847 (Dec. 23, 2004).
  • FIN-2006-G014: Potential Money Laundering Risks Related to Shell Companies (Nov. 9, 2006).
  • Guidance on Sharing of Suspicious Activity Reports by Securities Broker-Dealers, Futures Commission Merchants, and Introducing Brokers in Commodities (Jan. 20, 2006).[7]
  • FIN-2007-G003: Suspicious Activity Report Supporting Documentation (June 13, 2007).
  • FIN-2007-G002: Requests by Law Enforcement for Financial Institutions to Maintain Accounts (June 13, 2007).
  • Suggestions for Addressing Common Errors Noted in Suspicious Activity Reporting (Oct. 10, 2007).
  • Guidance to Financial Institutions on Filing Suspicious Activity Reports regarding the Proceeds of Foreign Corruption (Apr. 17, 2008).
  • Sharing Suspicious Activity Reports by Securities Broker-Dealers, Mutual Funds, Futures Commission Merchants, and Introducing Brokers in Commodities with Certain U.S. Affiliates (Nov. 23, 2010).
  • Sharing Suspicious Activity Reports by Depository Institutions with Certain U.S. Affiliates (Nov. 23, 2010).
  • FIN-2016-A005: Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime.
  • FIN-2014-G001: BSA Expectations Regarding Marijuana-Related Businesses (Feb. 14, 2014).
  • FinCEN Ruling 2005-6: Suspicious Activity Reporting (Structuring) (July 15, 2005).
  • SAR Activity Reviews: These are available on FinCEN’s website at: https://www.fincen.gov/sar-activity-review-trends-tips-issues.[8]
• FINRA Guidance:
  • Notice to Members 02-21: NASD Provides Guidance to Member Firms Concerning Anti-Money Laundering Compliance Programs Required by Federal Law (Apr. 2002).
  • Regulatory Notice 09-05: Unregistered Resales of Restricted Securities (Jan. 2009). (Providing additional “red flags” and reminding firms of their duty to determine whether restricted securities are eligible for public sale).
  • Regulatory Notice 19-18: Guidance to Firms regarding Suspicious Activity Monitoring and Reporting Obligations (May 6, 2019). (This includes a list of “red flags”, including those previously identified in Notice to Members 02-21, which may be useful in identifying possible money laundering.)
  • Regulatory Notice 21-03: FINRA Urges Firms to Review Their Policies and Procedures Relating to Red Flags of Potential Securities Fraud Involving Low-Priced Securities (Feb. 10, 2021).

9. Other BSA Reports

Broker-dealers have other reporting obligations imposed by the BSA. They include:

Currency Transaction Reports (CTRs): Broker-dealers are required to file with FinCEN a CTR (Form 112, formerly IRS Form 4789) for any transaction over $10,000 in currency, including multiple transactions occurring during the course of the same day. A broker-dealer must treat multiple transactions as a single transaction if the broker-dealer has knowledge that the transactions are conducted by or on behalf of the same person and result in either cash in or cash out totaling more than $10,000 during any one business day.

Reports of Foreign Bank and Financial Accounts (FBARs): Broker-dealers are required to file reports of foreign bank and financial accounts if the aggregate value of the accounts exceeds $10,000. FBARs are filed using Form 114.

Reports of Currency or Monetary Instruments (CMIRs): Broker-dealers must report any transportation of more than $10,000 in currency or monetary instruments into or outside of the U.S. on a Report of International Transportation of Currency or Monetary Instruments, FinCEN Form 105 (formerly Customs Form 4790). CMIRs are filed with the Bureau of Customs and Border Protection.

Source Documents:

• CTR: 31 C.F.R. §§ 1010.311, 1010.306, 1010.312.
• FBAR: 31 C.F.R. §§ 1010.350, 1010.306, 1010.420.
• Adopting Release: 76 Fed. Reg. 10234 (Feb. 24, 2011).
• CMIR: 31 C.F.R. §§ 1010.340, 1010.306.
• BSA E-Filing System and BSA Forms and Filing Requirements.
• FinCEN Guidance:
  • FinCEN Ruling 2003-1: Regarding the Aggregation of Currency Transactions Pursuant to 31 CFR Section 103.22 (Oct. 3, 2002).
  • Guidance on Interpreting Financial Institution Policies in Relation to Recordkeeping Requirements under 31 C.F.R. 103.29 (Nov. 2002).
  • FinCEN Ruling 2005-6: Suspicious Activity Reporting (Structuring) (July 15, 2005).

10. Records of Funds Transfers

Under the “joint rule” and “travel rule,” broker-dealers must keep records of funds transfers of $3,000 or more (such as wire transfers), including certain related information (such as name, address, account number of client, date and amount of wire, payment instructions, name of recipient institution, and name and account information of wire payment recipient). The “travel rule” also requires that certain information obtained or retained by the transmittor’s financial institution “travel” with the transmittal order through the payment chain.

Source Documents:

• Joint Rule: 31 C.F.R. § 1010.410(e).
• Travel Rule: 31 C.F.R. § 1010.410(f).
• FinCEN Guidance:
  • FinCEN Advisory: Funds Transfers: Questions & Answers (June 1996).[9]
  • FinCEN Advisory: Funds “Travel” Regulations: Questions & Answers (Nov. 2010).

11. Information Sharing with Law Enforcement and Financial Institutions

The USA PATRIOT Act added two provisions relating to information sharing to the BSA. One provision requires broker-dealers to respond to mandatory requests for information made by FinCEN on behalf of federal law enforcement agencies. The other provides a safe harbor to permit and facilitate voluntary information sharing among financial institutions.

Mandatory Information Sharing: Section 314(a) Requests: FinCEN’s BSA information sharing rules, under Section 314(a), authorize law enforcement agencies with criminal investigative authority to request that FinCEN solicit, on the agency’s behalf, certain information from a financial institution, including a broker-dealer. These requests are often referred to as “Section 314(a) information requests.” Upon receiving a Section 314(a) request, a broker-dealer is required to search its records to determine whether it has accounts for, or has engaged in transactions with, any specified individual, entity, or organization. If the broker-dealer identifies an account or transaction identified with any individual, entity, or organization named in the request, it must report certain relevant information to FinCEN. Broker-dealers also must designate a contact person (typically the firm’s AML compliance officer) to receive the requests and maintain the confidentiality of any request and any responsive reports to FinCEN.

Source Documents:

• Section 314(a) Rule: 31 C.F.R. § 1010.520.
• Adopting Release: 67 Fed. Reg. 60579 (Sept. 26, 2002).
• Proposed Rule Release: 74 Fed. Reg. 58926 (Nov. 16, 2009).
• Broadening Access to the 314(a) program: 75 Fed. Reg. 6560 (Feb. 10, 2010).
• FinCEN Guidance:
  • Changing your Point of Contact for 314(a) (Nov. 2019).
  • FinCEN 314(a) Fact Sheet (June 30, 2020).

Voluntary Information Sharing Among Financial Institutions: Section 314(b): A separate safe harbor provision encourages and facilitates voluntary information sharing among participating financial institutions. The safe harbor provision, added to the BSA by Section 314(b) of the USA PATRIOT Act, protects financial institutions, including broker-dealers, from certain liabilities in connection with sharing certain AML-related information with other financial institutions for the purposes of identifying and reporting activities that may involve terrorist acts or money laundering activities. FinCEN’s implementing regulations require that a financial institution or association of financial institutions that intends to share information pursuant to the regulations file an annual notice with FinCEN, maintain procedures to protect the security and confidentiality of the information, and take reasonable steps to verify that the financial institution or association of financial institutions with which it intends to share the information has filed the required notice with FinCEN. This may be done by checking a list that FinCEN makes available. FinCEN’s website contains an online registration system for section 314(b) notifications.

Source Documents:

• Section 314(b) Rule: 31 C.F.R. § 1010.540.
• Adopting Release: 67 Fed. Reg. 60579 (Sept. 26, 2002).
• Other Rulemaking Documents: Interim Final Rule: 67 Fed. Reg. 9874 (Mar. 4, 2002).
• FinCEN 314(b) Webpage (provides information on section 314(b) and an online registration system).

12. Special Measures Imposed by the Secretary of the Treasury

Section 311 of the USA PATRIOT Act amended the BSA to authorize the Secretary of the Treasury to require broker-dealers to take “special measures” to address particular money laundering concerns. The Secretary of the Treasury may impose special measures on foreign jurisdictions, financial institutions, or transactions or types of accounts found to be of “primary money laundering concern.” Other provisions of law also permit the Secretary of the Treasury to impose special measures based upon certain findings. See 21 U.S.C. 2313a (illicit opioid trafficking); Section 9714(a) of the Combating Russian Money Laundering Act (Russian illicit finance). One of the special measures prohibits U.S. financial institutions from opening or maintaining certain correspondent accounts.

Source Documents:

• FinCEN Special Measures.

13. OFAC Sanctions Programs and Other Lists

OFAC is an office within Treasury that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries, terrorism-sponsoring organizations, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction. OFAC acts under presidential wartime and national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze foreign assets under U.S. jurisdiction.

OFAC’s sanctions programs are separate and distinct from, and in addition to, the AML requirements imposed on broker-dealers under the BSA.

As a tool in administering sanctions, OFAC publishes lists of sanctioned countries and persons that are continually being updated. Its list of Specially Designated Nationals and Blocked Persons (SDNs) lists individuals and entities from all over the world whose property is subject to blocking and with whom U.S. persons cannot conduct business. OFAC also administers country-based sanctions that are broader in scope than the “list-based” programs.

In general, OFAC regulations require broker-dealers to:

• block accounts and other property of specified countries, entities, and individuals; and
• prohibit or reject unlicensed trade and financial transactions with specified countries, entities, and individuals.

Broker-dealers must report all blockings and rejections of prohibited transactions to OFAC within 10 days of their being identified and annually. In addition to the blocking sanctions described above, OFAC maintains several sanctions programs that prohibit U.S. persons, including broker-dealers, from dealings in equity and debt of, and extension of credit to, certain sanctions targets. OFAC has the authority to impose substantial civil penalties administratively. To guard against engaging in OFAC prohibited transactions, one best practice that has emerged entails “screening against the OFAC list.” OFAC has stated that it will take into account the adequacy of a firm’s OFAC compliance program when it evaluates whether to impose a penalty if an OFAC violation has occurred.

Firms should be aware of other lists. These include publications by the Financial Action Task Force (FATF) – the global AML/CFT standard-setting body – that identify “high risk and other monitored jurisdictions,” which are countries with weak measures to combat money laundering and terrorist financing. If transactions originate from or are routed to any countries identified as high risk by FATF, it might be an indication of suspicious activity.[10]

Source Documents:

• OFAC Regulations:
  • 31 C.F.R. §§ 501 et seq.
• OFAC Guidance:
  • Program information, including the SDN list and countries subject to OFAC sanctions, is available on the OFAC website at: www.treas.gov/ofac.
  • OFAC Resource Center.
  • Adopting Release, Economic Sanctions Enforcement Guidelines, 74 Fed. Reg. 57593 (Nov. 9, 2009).
  • Interim Final Rule, Economic Sanctions Enforcement Guidelines, 73 Fed. Reg. 51933 (Sept. 2, 2008).
  • Opening Securities and Futures Accounts from an OFAC Perspective (Nov. 5, 2008).
  • Risk Factors for OFAC Compliance in the Securities Industry (Nov. 5, 2008).
  • OFAC Frequently Asked Questions.
• FinCEN Guidance:
  • Interpretive Release No. 2004-02 - Unitary Filing of Suspicious Activity and Blocking Reports, 69 Fed. Reg. 76847 (Dec. 23, 2004).
• Other lists of countries supporting international terrorism may be available at:
  • U.S. State Dept.: https://www.state.gov/country-reports-on-terrorism/.
  • FATF: www.fatf-gafi.org.
  • FinCEN High Intensity Financial Crimes Areas Designation: https://www.fincen.gov/‌hifca.

14. Selected Additional AML Resources

SEC Staff Materials:

• Division of Examinations, Risk Alert: Observations from Anti-Money Laundering Compliance Examinations of Broker-Dealers (July 31, 2023).
• Division of Examinations, Risk Alert: Compliance Issues Related to Suspicious Activity Monitoring and Reporting at Broker-Dealers (March 29, 2021).
• Leaders of CFTC, FinCEN, and SEC Issue Joint Statement on Activities Involving Digital Assets (Oct. 11, 2019).
• Driscoll, Peter, “Staying Vigilant to Protect Investors,” Remarks at the SIFMA Operations Conference & Exhibition (May 8, 2019).
• Kevin Goodman, "Anti-Money Laundering: An Often-Overlooked Cornerstone of Effective Compliance" (June 18, 2015).
• Examinations/NEP Risk Alert: Broker-Dealer Controls Regarding Customer Sales of Microcap Securities (Oct. 9, 2014).
• David W. Blass, Broker-Dealer Anti-Money Laundering Compliance — Learning Lessons from the Past and Looking to the Future” (Feb. 29, 2012).

FinCEN Materials:

• FinCEN Advisories/Bulletins/Fact Sheets.
• 2024 National Money Laundering Risk Assessment (NMLRA)
• 2024 National Terrorist Financing Risk Assessment (NTFRA)
• 2024 National Proliferation Financing Risk Assessment (NPFRA)
• 2024 National Strategy for Combating Terrorist and Other Illicit Financing
• FinCEN Alert on Fraud Schemes Involving Deepfake Media Targeting Financial Institutions (Nov. 13, 2024).
• Prepared Remarks of FinCEN Director Andrea Gacki During the SIFMA AML Conference (May 6, 2024).
• Statement on the Issuance of the Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) National Priorities (June 30, 2021).

FATF Materials:

• FATF Report: Money Laundering and Terrorist Financing in the Securities Sector (Oct. 2009).
• Anti-money Laundering and Counter-Terrorist Financing Measures: Mutual Evaluation of the United States (Dec. 2016).
• Risk Based Approach Guidance for the Securities Sector, FATF (2018).
• FATF: Guidance for a Risk-Based Approach—Virtual Assets and Virtual Asset Service Providers (June 2019).
• FATF: International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation—The FATF Recommendations (last updated Feb. 2025).

FFIEC AML Examination Manual (This examination manual, issued by the Federal Financial Institutions Examination Council regarding the AML requirements applicable to banks, contains guidance that may be of interest to securities firms.)

Selected AML Enforcement Cases:

• SEC (settled administrative proceeding unless otherwise indicated)
  • LPL Financial LLC, Exchange Act Release No. 102224 (Jan. 17, 2025) (longstanding failures in firm’s CIP, including a failure to timely close accounts for which it had not properly verified the customer’s identity, and failure to close or restrict thousands of high-risk accounts, such as cannabis-related and foreign accounts, that were prohibited under firm’s AML policies).
  • Robinhood Financial LLC and Robinhood Securities, LLC, Exchange Act Release No. 102170 (Jan. 13, 2025) (for over two years, firm failed to timely investigate suspicious transactions, resulting in systematic failures to timely file SARs).
  • Deutsche Bank Securities Inc., Exchange Act Release No. 102011 (Dec. 20, 2024) (firm received requests in connection with law enforcement or regulatory investigations or litigation that prompted it to conduct SARs investigations, but in certain instances failed to conduct or complete the investigations within a reasonable period of time, leading to SARs being filed late).
  • David Chong Kyi, Exchange Act Release No. 101937 (Dec. 17, 2024) (SogoTrade, Inc.’s AML compliance officer, who was primarily responsible for the design and implementation of the firm’s AML program, aided and abetted and caused the firm’s failure to file SARs by failing to investigate suspicious activity and file SARs concerning suspicious activity that broker-dealer systems or personnel, or employees of the broker-dealer's clearing firm, brought to his attention; Kyi also had a practice of alerting customers that the broker-dealer’s surveillance reports had identified their suspicious trading activity and would advise or direct employees to advise customers to keep their trading activities below the average daily volume threshold to avoid triggering firm review ).
  • SogoTrade, Inc., Exchange Act Release No. 101936 (Dec. 17, 2024) (broker-dealer provided an online discount brokerage platform to primarily retail customers that, due to alleged deficiencies in the firm’s design and implementation of its AML policies and procedures, failed to investigate its customers' engagement in suspicious activity and to file SARs when required).
  • Lightspeed Financial Services Group, LLC, Exchange Act Release No. 101705 (Nov. 22, 2024); Paulson Investment Company LLC, Exchange Act Release No. 101706 (Nov. 22, 2024); Webull Financial LLC, Exchange Act Release No. 101707 (Nov. 22, 2024) (firms filed multiple SARs with narratives that omitted key facts about the suspicious activity being reported).
  • OTC Link LLC, Exchange Act Release No. 100692 (Aug. 12, 2024) (firm failed to adopt or implement reasonably designed AML policies and procedures to surveil transactions conducted through its ATSs for possible red flags of suspicious activity, which resulted in the firm’s failure to file SARs).
  • Archipelago Trading Services, Inc., Exchange Act Release No. 98234 (Aug. 29, 2023) (broker-dealer that operates an ATS failed to adopt or implement reasonably designed AML policies and procedures to surveil transactions executed on behalf of its broker-dealer “subscribers” in over-the-counter securities, many of which are considered microcap or penny stock securities, resulting in the firm’s failure to file SARs).
  • Merrill Lynch, Pierce, Fenner & Smith Inc. and BAC North America Holding Co., Exchange Act Release No. 97872 (July 11, 2023) (failure to file SARs resulting from using an inappropriate dollar threshold).
  • Wells Fargo Clearing Services, LLC, Exchange Act Release No. 94955, Investment Advisers Act Release No. 6031 (May 20, 2022) (due to the firm’s deficient implementation and failure to test a new version of its internal AML transaction monitoring and alert system, the firm did not timely file at least 25 SARs related to suspicious transactions in its customers’ brokerage accounts involving wire transfers to or from foreign countries that it determined to be at a high or moderate risk for money laundering, terrorist financing, or other illegal money movements; the firm also failed to timely file at least nine additional SARs due to a failure to appropriately process wire transfer data into its AML transaction monitoring system).
  • LPL Financial LLC, Exchange Act Release No. 93201 (Sept. 30, 2021) (in violation of its CIP procedures, the firm did not verify certain identification documents before opening an account that a person allegedly used to defraud his advisory client; because the firm did not verify the purported customer address, the firm could not comply with its obligation to accurately document its CIP procedures).
  • GWFS Equities, Inc., Exchange Act Release No 91853 (May 12, 2021) (the firm failed to file approximately 130 SARs, including in cases when it had detected external bad actors gaining, or attempting to gain, access to accounts it serviced; additionally, for nearly 300 SARs the firm filed, the SAR narratives did not include the “five essential elements” of required SAR information, including cyber-related data such as URL addresses and IP addresses).
  • SEC v. Alpine Securities Corp., No. 19-3272 (2d Cir. Dec. 4, 2020) (litigated matter) (affirming the district court’s summary judgment in SEC v. Alpine Securities Corporation, No. 7:17-cv-4179 (S.D.N.Y.) (Complaint), Litigation Release No. 23853 (June 5, 2017)) (failure to file SARs, including on transactions that were flagged as suspicious, as well as omitting information in SARs that were filed).
  • Interactive Brokers LLC, Exchange Act Release No. 89510 (Aug. 10, 2020) (failure to adopt reasonably designed AML policies and procedures, resulting in a failure to file more than 150 SARs involving suspicious microcap securities transactions).
  • Celadon Financial Group LLC, Exchange Act Release No. 89404 (July 27, 2020) (failure to adequately implement AML policies and procedures resulting in the firm’s failure to file SARs, relating to its business of facilitating order flow from other broker-dealers engaged in high volume liquidations of low-priced and often thinly-traded OTC stocks).
  • Biltmore International Corp., Exchange Act Release No. 88744 (Apr. 24, 2020) (failure to adequately implement AML policies and procedures resulting in the firm’s failure to file SARs, including failure to monitor its broker-dealer customers' high-volume trading in low priced and often thinly-traded over-the-counter stock and failure to identify “risk indicators” or “red flags” as specified in its policies and procedures).
  • Vandham Securities Corp., Exchange Act Release No. 86970 (Sept. 16, 2019) (failure to adequately implement AML policies and procedures resulting in the firm’s failure to file SARs, relating to its business of facilitating high-volume liquidations of low-priced and often thinly-traded OTC stocks for its broker-dealer customers).
  • Central States Capital Markets, LLC, Exchange Act Release No. 84851 (Dec. 19, 2018) (failure to file SARs in connection with a series of transactions that the firm knew, suspected, or had reason to suspect were related to an alleged “rent-a-tribe” fraud scheme; failure to accurately document the procedures set forth in its CIP as the firm did not obtain written verification that the perpetrator of the scheme was actually authorized to represent certain corporations, as required by its CIP).
  • UBS Financial Services Inc., Exchange Act Release No. 84828 (Dec. 17, 2018) (failure to adopt reasonably designed AML program to account for risks associated with part of the firm’s business of offering services such as wires, internal transfers between accounts (“journals”), check writing, ATM withdrawals, cash advances, and ACH transfers, resulting in a failure to file SARs).
  • TD Ameritrade, Inc., Exchange Act Release No. 84269 (Sept. 24, 2018) (failure to file SARs on suspicious transactions of a number of independent investment advisers with whom the firm terminated its business relationship).
  • SEC v. Charles Schwab & Co., No. 18-cv-3942 (N.D. Cal.), Litigation Release No. 24189 (July 9, 2018) (failure to file SARs on suspicious transactions of independent investment advisers that it terminated from using Schwab to custody their client accounts).
  • Chardan Capital Markets LLC, Industrial & Commercial Bank of China Financial Services LLC, and Jerard Basmagy, Exchange Act Release Nos. 83251-53 (May 16, 2018) (failure to file SARs on liquidation of penny stock shares that raised red flags set forth in the firm’s AML policies and procedures; AML officer’s failure to investigate red flags or file SARs related to customers’ suspicious penny stock transactions, as required by the firm’s AML policies and procedures, resulting in aiding and abetting and causing the firm’s violations).
  • Aegis Capital Corporation, Kevin McKenna, Robert Eide, Exchange Act Release Nos. 82956-57 (Mar. 28, 2018), and Eugene Terracciano, Exchange Act Release No.  83604 (July 6, 2018) (settled as to liability) (failure to file SARs on suspicious transactions that raised red flags of potential market manipulation, including high trading volume in companies with little or no business activity; despite these red flags, the firm’s AML CO neither filed SARs on these transactions nor created written records indicating that the firm considered filing SARs; the firm’s CEO failed to take adequate steps to ensure that the firm was filing SARs even after being alerted to the suspicious activity).

• FINRA
  • BTG Pactual US Capital, LLC, AWC No. 2020065115301 (May 14, 2025) (firm's policies and procedures did not reasonably address how the firm's AML monitoring of customers' wire transfer requests, both pre- and post-approval, would be performed and documented).
  • Sanctuary Securities, Inc., AWC No. 2023077024501 (Mar. 11, 2025) (firm failed to adopt appropriate risk-based procedures for developing a customer risk profile and conducting ongoing due diligence for potentially high-risk accounts; firm’s independent test failed to address material aspects of firm’s AML program).
  • Redbridge Securities LLC, AWC No. 2020068737101 (Mar. 6, 2025) (majority of firm’s customers were retail customers located in high-risk money laundering jurisdictions, many of whom regularly traded in low-priced securities, yet firm failed to establish an AML program that could reasonably be expected to detect and cause the reporting of suspicious activity in light of its business model and customer base; firm’s CIP failed to reasonably assess the identity verification risks posed by opening accounts for customers domiciled in China, many of whom had known connections to the issuers in whose securities they traded; CIP procedures did not describe how the firm should investigate red flags of identity theft during the account opening process).
  • Robinhood Financial LLC, AWC No. 2019060756501 (Mar. 6, 2025) (firm failed to establish and implement reasonable AML programs, which caused the firms to fail to detect, investigate, or report a wide variety of suspicious activity, including manipulative trading, suspicious money movements, and instances where customers’ accounts were taken over by third-party hackers; firm also failed to establish a CIP appropriate for its size and business).
  • Network 1 Financial Securities Inc. and Michael Molinaro, AWC No. 2022076211301 (Mar. 4, 2025) (firm’s CIP was not reasonably designed to verify the identity of foreign customers opening accounts at Network 1 who did not appear in person at the firm or to reasonably verify the identity of many customers who opened accounts to invest in initial public offerings for small-cap issuers).
  • Newbridge Securities Corp., AWC No. 2020067800801 (Sept. 5, 2024) (firm failed to develop and implement a CIP and CDD procedures for new customers, including individuals and entities based in China, who were referred to the firm by a small-cap China-based issuer for which firm was engaged to serve as lead underwriter for its IPO on a U.S. exchange).
  • Spencer Edwards, Inc., Complaint No. 2013035865303 (NAC Decision Dec. 10, 2019) (failure to adequately implement AML policies and procedures to detect and cause the reporting of suspicious transactions related to its microcap securities liquidation business).
  • C.L. King & Associates, Complaint No. 2014040476901 (NAC Decision Oct. 2, 2019) (firm and registered principal failed to establish and implement an AML program reasonably designed to cause the detection and reporting of suspicious transactions; also failed to conduct adequate due diligence and respond to red flags indicative of potential money laundering).
  • BNP Paribas Securities Corp., AWC No. 2016051105201 (Oct. 1, 2019) (failure to develop and implement a written AML program, including policies and procedures, that could reasonably be expected to detect and cause the reporting of potentially suspicious activity, as well as failure to conduct reasonable surveillance of wire and foreign currency transfers and failure to reasonably respond to concerns identified by firm personnel or devote sufficient resources to its AML program.
  • Morgan Stanley Smith Barney LLC, AWC No. 2014041196601 (Dec. 26, 2018) (failure to establish and implement policies and procedures that were reasonably expected to detect and cause the reporting of potentially suspicious activity, including by:  failing to transmit certain wire information to the firm’s AML surveillance system, thereby undermining the firm’s AML surveillance; failing to devote sufficient resources to review automated AML alerts; and failing to reasonably monitor customers’ deposits and trades of low-priced securities).
  • Meyers Associates, Complaint No. 2013035533701 (NAC Decision Dec. 22, 2017) (failure to establish and implement an adequate AML program because the firm’s AML manual did not describe in sufficient detail the policies and procedures that the firm should follow to monitor accounts for suspicious activity; firm also failed to provide AML exception reports to a supervisor, and no one at the firm used AML exception reports for at least eight months in 2012).
  • Merrimac Corporate Securities Inc., Complaint No. 2011027666902 (NAC Decision May 26, 2017) (failed to establish and implement adequate AML policies and procedures, including by failing to tailor procedures to monitor penny stock transactions or otherwise reflect the firm’s business model).
  • Lek Securities Corp., Complaint No. 2009020941801 (NAC Decision Oct. 11, 2016) (failure to establish and implement AML policies, procedures, and internal controls that could be reasonably expected to detect and cause the reporting of suspicious transactions and that were reasonably designed to achieve compliance with the BSA).

15. Useful Contact Information

SEC Staff
Division of Trading and Markets Office of Interpretation and Guidance	202-551-5777
Division of Investment Management Chief Counsel’s Office	202-551-6825
Division of Examinations, Hotline for SEC-Registered Entities	202-551-EXAM (3926)
SEC SAR Alert Message Line	202-551-SARS (7277)
SEC website	www.sec.gov
FinCEN
Financial Institutions Hotline:	1-866-556-3974
Regulatory Helpline:	1-800-949-2732
Office of Public Affairs:	703-905-3770
General Information:	703-905-3591
FinCEN website:	www.fincen.gov
Securities and Futures:	https://www.fincen.gov/resources/financial-institutions/securities-futures
FINRA Please contact your local FINRA Coordinator directly with any questions relating to AML requirements. If you have not received notification of your assigned Coordinator, contact your FINRA District Office for more details. Contact information is available at the following link: https://www.finra.org/contact-finra.
FINRA website:	http://www.finra.org/
OFAC
Hotline:	1-800-540-6322
OFAC website:	www.treas.gov/ofac

[1] William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. No. 116-283, § 6216, 134 Stat. 3388, 4582-83 (2021).

[2] Id. §§ 6101(b), 6403(d).

[3] Note that, since Notice to Members 02-21 was issued, there have been a number of changes to AML requirements. For example, FINRA revised its AML program rule. See FINRA Regulatory Notice 18-19. FinCEN also adopted a number of AML requirements, including the requirement to obtain beneficial ownership information. See 81 Fed. Reg. 29398 (May 11, 2016).

[4] As of the date of this guide, there are no designated government lists to verify specifically for CIP purposes. Customer comparisons to lists issued by OFAC involve separate and distinct requirements.

[5] FinCEN and the federal banking agencies have issued guidance applicable to banks regarding the CIP rule that may be of interest to securities firms. See Interagency Interpretive Guidance on Customer Identification Program Requirements under Section 326 of the USA PATRIOT Act (Apr. 28, 2005).

[6] Broker-dealers may also, but are not required to, contact the SEC to report situations that may require immediate attention by the SEC. The SEC SAR Alert Message Line number [202-551-SARS (7277)] should only be used in cases where a broker-dealer has filed a SAR that may require immediate attention by the SEC and wants to alert the SEC about the filing. Calling the SEC SAR Alert Message Line does not alleviate the broker-dealer’s obligation to file a SAR or notify an appropriate law enforcement authority.

[7] The federal banking agencies have issued guidance applicable to banks regarding SAR reporting that may be of interest to securities firms. See Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies (Jan. 20, 2006) and Answers to Frequently Asked Questions Regarding Suspicious Activity Reporting and Other Anti-Money Laundering Considerations, Federal Reserve Board (Jan. 19, 2021).

[8] SAR Activity Reviews include two separate publications: SAR Activity Review Trends, Tips & Issues and SAR Activity Review by the Numbers. They were published under the auspices of the Bank Secrecy Act Advisory Group. These publications include: statistics regarding SAR filings and trends; an industry forum highlighting compliance issues and practices prepared by private sector members of the Advisory Group; and guidance regarding practical issues relevant to SAR filing and reporting.

[9] FinCEN staff have indicated that the responses to Questions 17 and 18 in this Advisory are no longer completely accurate due to the expiration on July 1, 2004, of an exception relating to coded names and pseudonyms, at which time FinCEN confirmed the prohibition of the use of coded names and pseudonyms, but determined that the Travel Rule should be read to allow the use of mailing addresses. See 68 Fed. Reg. 66708 (Nov. 28, 2003).

[10] As of the date of this guide, FATF has identified Iran, Myanmar, and North Korea as high-risk jurisdictions. Twenty-four other countries are also “monitored jurisdictions.” See https://www.fatf-gafi.org/en/countries/black-and-grey-lists.html.