Just yesterday I was blathering about the loophole in NASD IM-3011-1, which allows firms to have internal staff do annual testing of their AML programs. This rule lets firms have someone in the AML chain of command do the testing. The way it was written was always a bit curious: as if meant to strictly limit firms, but with a nice rabbit hole to jump into to safely avoid the limitation. Don't get me wrong: I've been a fan of the loophole, since I tend to sympathize with really small firms that have to meet onerous, big-firm requirements....and that's who would have relied on the loophole until now: very small firms with no staff remote enough from the AML staff and supervisor (usually the same person) to be considered independent. Well, thanks to FinCEN, these small firms will henceforth have no choice but to pay up for their annual independent AML testing.
You see, in Notice 09-60 FINRA announced its recent slate of rule consolidation changes. One of those is new FINRA Rule 3310, replacing NASD Rule 3011 and its IM's. The rule essentially stays the same except for the removal of the independence carve-out.
Firms can still appoint an internal staff member to conduct the testing, but that person must absolutely meet the following requirements:
1. The person must not perform the functions being tested,
2. The person may not be the designated AML compliance person, and
3. The person may not report to either anyone performing AML functions or the designated AML compliance person.
So if your firm is big enough such that you have senior staff who do not get involved at all in AML stuff, and you have employees who are well-versed in BSA/other AML requirements who do not do any AML work, you should be able to continue to rely on in-house AML testing.
The reason for the change? FINRA blames it on FinCEN, which stated that "the independent testing provision of the BSA precludes AML program testing by personnel with an interest in the outcome of the testing..." Seems reasonable--if you believe that our current AML rules, regulations and applied guidance have proven useful in fighting terrorism and if you believe that it is the role of the broker and the brokerage firm to police its clientele. Might seem unreasonable if you closely run a very small firm with a local, familiar clientele and have seen the cost of compliance sky-rocket right along with the increase in regulatory expectations, and you now have to pay a third-party to come in and verify the obvious: you're trying hard to follow the rules.
(Oops. I let myself go for a second, there... back to the subject at hand...)
The rule change is effective Jan. 1, 2010. You tiny firms out there will have to find someone to do your independent testing next year. (This is not a sales pitch, by the way--could you tell?)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment