SEC Approves Amendments to Anti-Money Laundering Compliance Program Rule and Adoption of Interpretive Material

GUIDANCE

Anti-Money Laundering Compliance Programs

Executive Summary

On December 28, 2005, the Securities and Exchange Commission (SEC) approved amendments to NASD Rule 3011 and the adoption of IM-3011-1 and IM-3011-2.¹ The amendments and new interpretive material require a firm to conduct an independent test of its anti-money laundering (AML) compliance program on an annual basis (with the exception of certain types of firms), clarify the persons not considered to be independent for purposes of the independent testing requirement, and require a firm, on a quarterly basis, to review and, if necessary, update the information regarding the firm's AML compliance person. The new rule text and interpretive material are contained in Attachment A and are effective on March 6, 2006.

Questions/Further Information

Questions concerning this Notice may be directed to Brant K. Brown, Counsel, Office of General Counsel, Regulatory Policy and Oversight, at (202) 728-6927.

Discussion

NASD Rule 3011 requires every NASD member firm to develop and implement a written AML program reasonably designed to achieve and monitor the firm's compliance with the requirements of the Bank Secrecy Act² and the implementing regulations promulgated thereunder by the Department of Treasury. Among other things, Rule 3011 requires that a firm's AML program provide for independent testing for compliance with the AML program. Firms also are required to designate and identify to NASD an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the firm's AML program and to update this information as appropriate. The purposes of the amendments to Rule 3011 and the interpretive material are to clarify and provide guidance on certain aspects of these two requirements.

Independent Testing

As originally adopted, Rule 3011(c) required that a firm's AML program "provide for independent testing for compliance to be conducted by member personnel or by a qualified outside party." The amendments and IM-3011-1 provide further guidance on this requirement in two ways. First, the amended rule language establishes an expectation that, for most firms, the independent test should be performed at least once each calendar year. The new rule language, however, allows firms that do not execute transactions for customers or otherwise hold customer accounts or act as an introducing broker with respect to customer accounts to test once every two years (on a calendar-year basis) rather than on an annual basis.³

Second, IM-3011-1 clarifies certain types of individuals who NASD would not consider to be "independent," and, hence, not eligible to perform the required independent testing. As an initial matter, IM-3011-1(b) clarifies that the person conducting the independent test must have a working knowledge of applicable requirements under the Bank Secrecy Act and its implementing regulations. IM-3011-1(c) further clarifies that, to ensure sufficient separation of functions for independence purposes, the testing cannot be conducted by the AML compliance person(s) designated in Rule 3011, by any person who performs the AML functions being tested or by any person who reports to any of these persons. NASD, however, recognized that these limitations may effectively prevent certain small firms from using appropriate internal personnel to conduct the tests. Consequently, IM-3011-1(c) allows tests to be conducted by persons who report to either the AML compliance person or persons performing AML functions if (1) the firm has no other qualified personnel to conduct the test; (2) the firm establishes written policies and procedures to address potential conflicts that can arise from allowing the test to be conducted by a person in the reporting chain (e.g., antiretaliation procedures); (3) to the extent possible, the results of the test are reported to someone senior to the person to whom the test conductor reports; and (4) the firm documents its rationale, which must be reasonable, for determining that it has no other alternative than to comply in this manner.⁴ In addition, if the person does not report the results to a person senior to the AML compliance person or persons performing AML functions, the member must document a reasonable explanation for not doing so.

AML Compliance Person

The amendment to Rule 3011(d) and IM-3011-2 each provide guidance concerning the requirement that firms designate and identify to NASD an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the firm's AML program. The amendment to Rule 3011(d) clarifies that the AML compliance person is an "associated person" of the member firm. As the SEC noted in approving the amendment, "NASD considers designated AML compliance persons to be associated persons for purposes of their activities on behalf of the member." ⁵

IM-3011-2 requires firms to review and, if necessary, update the information regarding its AML compliance person within 17 business days after the end of each calendar quarter. This time period is consistent with a member firm's FOCUS reporting schedule and the requirements that a member firm review and update its Executive Representative designation and contact information⁶ as well as its emergency contact information.⁷ When firms file their FOCUS reports each quarter, they are reminded of the need to review and update this information on the NASD Contact System.

¹ Exchange Act Rel. No. 53030 (Dec. 28, 2005), 71 FR 632 (Jan. 5, 2006) (SR-NASD-2005-066).

² 31 U.S.C. 5311, et seq.

3 Regardless of which category a firm falls into, any firm must test its AML program more frequently if circumstances warrant. See IM-3011-1(a).

⁴ Consistent with SEC and NASD recordkeeping requirements, the firm must retain a copy of the documented rationale, which will be reviewed by NASD examiners to assess whether the firm's rationale reasonably supported its determination.

⁵See Exchange Act Rel. No. 53030, at 3; 71 FR at 634. See also NASD Response to Comments (Dec. 15, 2005), available at www.sec.gov/rules/ sro/nasd/nasd2005066/nasd121505.pdf. This view confirms NASD's previous guidance that AML compliance persons are associated persons of the firm but are not required to register with NASD solely because they serve in that capacity. See Notice to Members 02-80, at n.5 (Dec. 2002).

⁶See NASD Rule 1150.

⁷See NASD Rule 3520(b)

ATTACHMENT A

New language is underlined; deletions are in brackets.

3011. Anti-Money Laundering Compliance Program

On or before April 24, 2002, each member shall develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the member's compliance with the requirements of the Bank Secrecy Act (31 U.S.C. 5311, et seq.), and the implementing regulations promulgated thereunder by the Department of the Treasury. Each [member organization's] member's anti-money laundering program must be approved, in writing, by a member of senior management. The anti-money laundering programs required by this Rule shall, at a minimum,

IM-3011-1. Independent Testing Requirements

IM-3011-2. Review of Anti-Money Laundering Compliance Person Information

Each member must review and, if necessary, update the information regarding its anti-money laundering compliance person designated pursuant to Rule 3011(d) within 17 business days after the end of each calendar quarter to ensure the information's accuracy.