July 13, 2009
July 13, 2009
Ms. Florence Harmon
Deputy Secretary
Securities and Exchange Commission
100 F Street, NE
Washington, DC 20549-1090
RE: File Number SR-FINRA-2009-039
Dear Ms. Harmon:
To follow you will find my comments on the proposed rule change regarding adoption of FINRA Rule 3310 (Anti-Money Laundering Compliance Program). I am the Chief Compliance Officer of a small firm and understand the limitations placed on such firms when meeting regulations of this nature.
The requirements to initiate and maintain a compliant AML program are well worth the costs associated, but can be draining on the resources of a small firm. The process of implementation and training of staff while necessary can be very costly as currently written, but to now take away the independent testing exception could have disastrous impact on a vast number of small firms.
The current rule requires annual independent testing for compliance to be conducted by member personnel or qualified outside parties. The person conducting the testing must have a working knowledge of applicable requirements under the Bank Secrecy Act (BSA). Additionally, the testing cannot be conducted by the AML Compliance person(s) or any person performing functions being tested – or by any person that reports to any of these persons. The proposed rule removes the current exception that allows small firms the ability to continue to use someone internal in their organization that can otherwise meet the requirements, but due to their limited size would not have an employee that could conduct the testing who was senior to the AML officer. The current exception allows many small firms to utilize properly qualified, internal employees to perform the testing independently – even though they may report to the AML officer – as long as there is someone senior to the AML officer where they can report the results of the AML audit.
As stated by FINRAs proposed rule filing, The Financial Crimes Enforcement Network has concluded that this exception does not comply with the independent testing provision of the BSA, which precludes AML program testing by personnel with an interest in the outcome of the testing. I would like clarification of this language, I disagree that hiring an independent outside auditor or AML compliance testing service satisfy this measure. An independent service would have "an interest in the outcome" of the testing as a "deficient" audit might lead to additional consulting services and fees for the broker-dealer to address any AML shortcomings. In short, the objectivity of the independent audit could be suspect.
While FINCENs position does not guarantee objectivity, neither should it assume that a Broker-Dealer employee doing the same testing under the exception would generate a faulty report. Knowing that ignoring AML red flags is serious enough to effect their own employment should the firm to be at risk would mean that they would certainly have a vested interest in the outcome – but in a way that would lead to pointing these deficiencies out for improvement going forward, not hiding them.
Please reconsider the removal of this important exception available to small firms.
Thank you for allowing me the opportunity to express my concerns.
Sincerely,
Terri F. Rumans
Chief Compliance Officer
Sage Rutty Co., Inc.