Regulatory Notice 18-19

FINRA Amends Rule 3310 to Conform to FinCEN's Final Rule on Customer Due Diligence Requirements for Financial Institutions

Published Date:

May 03, 2018

Regulatory Notice
Notice Type Rule Amendment	Referenced Rules & Notices Bank Secrecy Act FINRA Rule 3310 Regulatory Notice 17-40
Suggested Routing Compliance Legal Operations Senior Management	Key Topics Anti-Money Laundering Compliance Programs

Summary

FINRA has filed for immediate effectiveness amendments to FINRA Rule 3310 (Anti-Money Laundering Compliance Program) to reflect the Financial Crimes Enforcement Network's (FinCEN) adoption of a final rule on Customer Due Diligence Requirements for Financial Institutions (CDD Rule).¹ The implementation date is May 11, 2018. This implementation date aligns with the compliance date for FinCEN's CDD Rule.

The text of the rule is set forth in Attachment A.

Questions concerning this Notice should be directed to:

• Michael Rufino, Executive Vice President, Head of Member Regulation – Sales Practice, at (202) 728-8381 or by email at [email protected];

• Victoria Crane, Associate General Counsel, Office of General Counsel (OGC), at (202) 728-8104 or by email at [email protected]; or

• Julia Bogolin, Counsel, OGC, at (202) 728-8111 or by email at [email protected].

Background & Discussion

On May 11, 2016, FinCEN, the bureau of the Department of the Treasury responsible for administering the Bank Secrecy Act² (BSA) and its implementing regulations, issued the CDD Rule³ to clarify and strengthen customer due diligence for covered financial institutions,⁴ including broker-dealers. In its CDD Rule, FinCEN identifies four components of customer due diligence: (1) customer identification and verification; (2) beneficial ownership identification and verification; (3) understanding the nature and purpose of customer relationships; and (4) ongoing monitoring for reporting suspicious transactions and, on a risk basis, maintaining and updating customer information.⁵ As the first component is already an AML program requirement, the CDD Rule focuses on the other three components.

Specifically, the CDD Rule focuses particularly on the second component by adding a new requirement that covered financial institutions identify and verify the identity of the beneficial owners of all legal entity customers at the time a new account is opened, subject to certain exclusions and exemptions. The CDD Rule also addresses the third and fourth components by amending the existing AML program rules for covered financial institutions to explicitly require these components to be included in AML programs as a new "fifth pillar."

On November 21, 2017, FINRA published Regulatory Notice 17-40 to provide guidance to member firms regarding their obligations under FINRA Rule 3310 in light of the adoption of FinCEN's CDD Rule.⁶ In addition, the Notice summarized the CDD Rule's impact on member firms, including the ongoing customer due diligence requirement, or "fifth pillar," required for member firms' AML programs.

The recently filed amendments to FINRA Rule 3310 incorporate into the rule this ongoing customer due diligence requirement to conform the rule to the CDD Rule and aid member firms in complying with the CDD Rule's requirements. Specifically, FINRA Rule 3310(f) requires member firms' AML programs to, at a minimum include appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: (1) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (2) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

As stated in the CDD Rule, these provisions are not new and merely codify existing expectations for firms to adequately identify and report suspicious transactions as required under the BSA, and encapsulate practices generally already undertaken by securities firms to know and understand their customers.

Member firms should ensure that their AML programs are updated, as necessary, to comply with the CDD Rule by May 11, 2018.

^1.See Securities Exchange Act Release No. 83154 (May 2, 2018) (Notice of Filing and Immediate Effectiveness File No. SR-FINRA-2018-016).

^2. 31 U.S.C. 5311, et seq.

^3. FinCEN Customer Due Diligence Requirements for Financial Institutions; CDD Rule, 81 FR 29397 (May 11, 2016) (CDD Rule Release); 82 FR 45182 (September 28, 2017) (making technical correcting amendments to the final CDD Rule published on May 11, 2016). FinCEN is authorized to impose AML program requirements on financial institutions and to require financial institutions to maintain procedures to ensure compliance with the BSA and associated regulations. 31 U.S.C. 5318(h)(2) and (a)(2). The CDD Rule is the result of the rulemaking process FinCEN initiated in March 2012. See 77 FR 13046 (March 5, 2012) (Advance Notice of Proposed Rulemaking) and 79 FR 45151 (Aug. 4, 2014) (Notice of Proposed Rulemaking).

^4.See 31 C.F.R. 1010.230(f) (defining "covered financial institution").

^5.See CDD Rule Release at 29398.

^6.See Regulatory Notice 17-40 (November 2017).

ATTACHMENT A

Below is the text of the amended rule text. New language is underlined; deletions are in brackets.

* * * * *

3000. SUPERVISION AND RESPONSIBILITIES RELATING TO ASSOCIATED PERSONS

* * * * *

3300. ANTI-MONEY LAUNDERING

3310. Anti-Money Laundering Compliance Program

Each member shall develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the member's compliance with the requirements of the Bank Secrecy Act (31 U.S.C. 5311, et seq.), and the implementing regulations promulgated thereunder by the Department of the Treasury. Each member's anti-money laundering program must be approved, in writing, by a member of senior management. The anti-money laundering programs required by this Rule shall, at a minimum,

(a) through (c) No change.

(d) Designate and identify to FINRA (by name, title, mailing address, e-mail address, telephone number, and facsimile number) an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the program (such individual or individuals must be an associated person of the member) and provide prompt notification to FINRA regarding any change in such designation(s); [and]

(e) Provide ongoing training for appropriate personnel;[.] and

(f) Include appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:

(i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and

(ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of paragraph (f)(ii), customer information shall include information regarding the beneficial owners of legal entity customers (as defined in 31 CFR 1010.230(e)).