Another instructive AML disciplinary action reveals more of FINRA’s expectations for the independent testing process for AML compliance programs (“AMLCP”).

Recently, FINRA censured and fined a firm and its Chief Compliance Officer, jointly and severally, $15,000 for certain failures in its AML Program and Independent Testing. As this was an identical disciplinary action toward the same firm in 2 years, the firm must provide FINRA copies of the annual independent testing reports for this year and the previous 2 years. The fine this time around was increased by a factor of 3. All totaled, this firm has shelled out $20,000 in fines for essentially identical violations.

In the first disciplinary action, the firm was censured and fined because it failed to conduct and evidence an independent test of its AMLCP for calendar year 2008. In the second instance, FINRA found that the firm did not conduct and evidence an adequate independent test of its AMLCP.

In this second go-around, the firm delegated the “independent testing” to the Public Finance Co-Manager. Given the findings, however, it appeared that the person chosen for the independent testing did not have a working knowledge of the applicable requirements and implementing regulations under the Bank Secrecy Act, which is a pre-requisite of anyone who undertakes to conduct such testing. FINRA chose not to sanction that person in this case and limited the individual action to the firm’s CCO, who was also the AML Compliance Officer responsible for administering the program and ensuring the adequacy of the independent testing.

FINRA’s findings in this disciplinary action are instructive and, frankly, astonishing. The inadequacies in the testing were as follows:

The review was limited to only one branch office instead of sampling transactions at all branch locations.

1. Transaction sampling at the branch was limited to deposit slips.
2. The testing did not review or test the firm’s AML procedures or make an assessment of the AMLCP’s adequacy for the firm.
3. The Customer Identification Program (“CIP”) was likewise not reviewed or assessed, nor did the testing review whether the firm’s registered representatives were complying with its CIP.
4. The testing did not include any review of the AML training program, its adequacy, and whether the firm’s registered representatives complied with the annual training program.
5. The firm did not review samples from all of its business lines.
6. The test failed to review for the movement of funds that were previously deposited in accounts.

Take this case and use it to assess your independent testing process and be sure you’re doing adequate sampling and comprehensive assessment of your AMLCP. FINRA expects firms to have a robust and well-tailored program to fit the firm’s businesses. Gone are the days of reviewing the AML policy against the FINRA template to ensure completeness and writing up a report. FINRA expects robust testing of transactions and procedures by a well-qualified independent party. Please feel free to contact me at ddawe@wnj.com, or any other member of our group, if you have any additional questions or if you think you might need to review your independent testing process at your firm.