Skip to main content
Notice to Members 06-07

SEC Approves Amendments to Anti-Money Laundering Compliance Program Rule and Adoption of Interpretive Material

Published Date:
Effective Date: March 6, 2006

GUIDANCE

Anti-Money Laundering Compliance Programs

SUGGESTED ROUTING

KEY TOPICS

Legal & Compliance
Operations
Registration
Senior Management
Anti-Money Laundering
Compliance Programs
IM-3011-1
IM-3011-2
Rule 3011

Executive Summary

On December 28, 2005, the Securities and Exchange Commission (SEC) approved amendments to NASD Rule 3011 and the adoption of IM-3011-1 and IM-3011-2.1 The amendments and new interpretive material require a firm to conduct an independent test of its anti-money laundering (AML) compliance program on an annual basis (with the exception of certain types of firms), clarify the persons not considered to be independent for purposes of the independent testing requirement, and require a firm, on a quarterly basis, to review and, if necessary, update the information regarding the firm's AML compliance person. The new rule text and interpretive material are contained in Attachment A and are effective on March 6, 2006.

Questions/Further Information

Questions concerning this Notice may be directed to Brant K. Brown, Counsel, Office of General Counsel, Regulatory Policy and Oversight, at (202) 728-6927.

Discussion

NASD Rule 3011 requires every NASD member firm to develop and implement a written AML program reasonably designed to achieve and monitor the firm's compliance with the requirements of the Bank Secrecy Act2 and the implementing regulations promulgated thereunder by the Department of Treasury. Among other things, Rule 3011 requires that a firm's AML program provide for independent testing for compliance with the AML program. Firms also are required to designate and identify to NASD an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the firm's AML program and to update this information as appropriate. The purposes of the amendments to Rule 3011 and the interpretive material are to clarify and provide guidance on certain aspects of these two requirements.

Independent Testing

As originally adopted, Rule 3011(c) required that a firm's AML program "provide for independent testing for compliance to be conducted by member personnel or by a qualified outside party." The amendments and IM-3011-1 provide further guidance on this requirement in two ways. First, the amended rule language establishes an expectation that, for most firms, the independent test should be performed at least once each calendar year. The new rule language, however, allows firms that do not execute transactions for customers or otherwise hold customer accounts or act as an introducing broker with respect to customer accounts to test once every two years (on a calendar-year basis) rather than on an annual basis.3

Second, IM-3011-1 clarifies certain types of individuals who NASD would not consider to be "independent," and, hence, not eligible to perform the required independent testing. As an initial matter, IM-3011-1(b) clarifies that the person conducting the independent test must have a working knowledge of applicable requirements under the Bank Secrecy Act and its implementing regulations. IM-3011-1(c) further clarifies that, to ensure sufficient separation of functions for independence purposes, the testing cannot be conducted by the AML compliance person(s) designated in Rule 3011, by any person who performs the AML functions being tested or by any person who reports to any of these persons. NASD, however, recognized that these limitations may effectively prevent certain small firms from using appropriate internal personnel to conduct the tests. Consequently, IM-3011-1(c) allows tests to be conducted by persons who report to either the AML compliance person or persons performing AML functions if (1) the firm has no other qualified personnel to conduct the test; (2) the firm establishes written policies and procedures to address potential conflicts that can arise from allowing the test to be conducted by a person in the reporting chain (e.g., antiretaliation procedures); (3) to the extent possible, the results of the test are reported to someone senior to the person to whom the test conductor reports; and (4) the firm documents its rationale, which must be reasonable, for determining that it has no other alternative than to comply in this manner.4 In addition, if the person does not report the results to a person senior to the AML compliance person or persons performing AML functions, the member must document a reasonable explanation for not doing so.

AML Compliance Person

The amendment to Rule 3011(d) and IM-3011-2 each provide guidance concerning the requirement that firms designate and identify to NASD an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the firm's AML program. The amendment to Rule 3011(d) clarifies that the AML compliance person is an "associated person" of the member firm. As the SEC noted in approving the amendment, "NASD considers designated AML compliance persons to be associated persons for purposes of their activities on behalf of the member." 5

IM-3011-2 requires firms to review and, if necessary, update the information regarding its AML compliance person within 17 business days after the end of each calendar quarter. This time period is consistent with a member firm's FOCUS reporting schedule and the requirements that a member firm review and update its Executive Representative designation and contact information6 as well as its emergency contact information.7 When firms file their FOCUS reports each quarter, they are reminded of the need to review and update this information on the NASD Contact System.


1 Exchange Act Rel. No. 53030 (Dec. 28, 2005), 71 FR 632 (Jan. 5, 2006) (SR-NASD-2005-066).

2 31 U.S.C. 5311, et seq.

3 Regardless of which category a firm falls into, any firm must test its AML program more frequently if circumstances warrant. See IM-3011-1(a).

4 Consistent with SEC and NASD recordkeeping requirements, the firm must retain a copy of the documented rationale, which will be reviewed by NASD examiners to assess whether the firm's rationale reasonably supported its determination.

5See Exchange Act Rel. No. 53030, at 3; 71 FR at 634. See also NASD Response to Comments (Dec. 15, 2005), available at www.sec.gov/rules/ sro/nasd/nasd2005066/nasd121505.pdf. This view confirms NASD's previous guidance that AML compliance persons are associated persons of the firm but are not required to register with NASD solely because they serve in that capacity. See Notice to Members 02-80, at n.5 (Dec. 2002).

6See NASD Rule 1150.

7See NASD Rule 3520(b)


ATTACHMENT A

New language is underlined; deletions are in brackets.

3011. Anti-Money Laundering Compliance Program

On or before April 24, 2002, each member shall develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the member's compliance with the requirements of the Bank Secrecy Act (31 U.S.C. 5311, et seq.), and the implementing regulations promulgated thereunder by the Department of the Treasury. Each [member organization's] member's anti-money laundering program must be approved, in writing, by a member of senior management. The anti-money laundering programs required by this Rule shall, at a minimum,

(a) Establish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of transactions required under 31 U.S.C. 5318(g) and the implementing regulations thereunder;
(b) Establish and implement policies, procedures, and internal controls reasonably designed to achieve compliance with the Bank Secrecy Act and the implementing regulations thereunder;
(c) Provide for annual (on a calendar-year basis) independent testing for compliance to be conducted by member personnel or by a qualified outside party, unless the member does not execute transactions for customers or otherwise hold customer accounts or act as an introducing broker with respect to customer accounts (e.g., engages solely in proprietary trading or conducts business only with other broker-dealers), in which case such "independent testing" is required every two years (on a calendar-year basis);
(d) Designate[,] and identify to NASD (by name, title, mailing address, e-mail address, telephone number, and facsimile number) an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the program (such individual or individuals must be an associated person of the member) and provide prompt notification to NASD regarding any change in such designation(s); and
(e) Provide ongoing training for appropriate personnel.

IM-3011-1. Independent Testing Requirements

(a) All members should undertake more frequent testing than required if circumstances warrant.
(b) Independent testing, pursuant to Rule 3011(c), must be conducted by a designated person with a working knowledge of applicable requirements under the Bank Secrecy Act and its implementing regulations.
(c) Independent testing may not be conducted by:

(1) a person who performs the functions being tested,
(2) the designated anti-money laundering compliance person, or
(3) a person who reports to a person described in either (1) or (2) above, except that a member may allow the test to be conducted by a person who reports to a person described in (1) or (2) above if all four of the following conditions are met:

(A) the member has no other qualified internal personnel to conduct the test;
(B) the member establishes written policies and procedures to address conflicts that may arise from allowing the test to be conducted by a person who reports to the person(s) whose activities he or she is testing (e.g., anti-retaliation procedures);
(C) to the extent possible, the person conducting the test reports the results of the test to a person at the member who is senior to the persons described in (1) or (2) above; and
(D) the member must document its rationale, which must be reasonable, for determining that it has no other alternative than to comply in the manner set forth in the exception to this paragraph (3). In addition, if the person does not report the results consistent with (C) above, the member must document a reasonable explanation for not doing so.

IM-3011-2. Review of Anti-Money Laundering Compliance Person Information

Each member must review and, if necessary, update the information regarding its anti-money laundering compliance person designated pursuant to Rule 3011(d) within 17 business days after the end of each calendar quarter to ensure the information's accuracy.