SEC risk alert flags staffing, policy weaknesses in AML compliance exams

The SEC’s Division of Examinations released a risk alert Monday in which it said it found some registrants “did not appear to devote sufficient resources, including staffing, to AML compliance given the volume and risks of their business.” The division cited increasing sanctions being imposed by the Treasury Department’s Office of Foreign Assets Control (OFAC) as a growing risk that could exacerbate deficiencies, most notably at firms where the same personnel perform AML and sanctions compliance functions.

The risk alert also noted implementation deficiencies regarding AML policies, procedures, and internal controls.

The SEC’s exams focused on firms’ independent testing of their AML programs, training of their personnel, and identification and verification of customers and their beneficial owners. Weaknesses observed included the following:

• Testing not being conducted in a timely manner or not covering aspects of the firm’s business or AML program;
• Personnel conducting testing despite not having appropriate knowledge regarding the requirements of the Bank Secrecy Act;
• Training materials not updated based on policy changes, such as the implementation of the SEC’s customer due diligence (CDD) rule in 2016;
• Improper data collection in line with the customer identification program rule; and
• Issues obtaining documentation and information necessary to verify the identity of beneficial owners of legal entity customers, as required by the CDD rule.

The SEC’s exams division advised registrants to “review and strengthen the policies, procedures, and internal controls of their AML programs to further their compliance with federal AML rules and regulations,” including the ongoing implementation of the Corporate Transparency Act by the Treasury’s Financial Crimes Enforcement Network.