Skip to main content

3310. Anti-Money Laundering Compliance Program

Each member shall develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the member's compliance with the requirements of the Bank Secrecy Act (31 U.S.C. 5311, et seq.), and the implementing regulations promulgated thereunder by the Department of the Treasury. Each member's anti-money laundering program must be approved, in writing, by a member of senior management. The anti-money laundering programs required by this Rule shall, at a minimum,
(a) Establish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of transactions required under 31 U.S.C. 5318(g) and the implementing regulations thereunder;
(b) Establish and implement policies, procedures, and internal controls reasonably designed to achieve compliance with the Bank Secrecy Act and the implementing regulations thereunder;
(c) Provide for annual (on a calendar-year basis) independent testing for compliance to be conducted by member personnel or by a qualified outside party, unless the member does not execute transactions for customers or otherwise hold customer accounts or act as an introducing broker with respect to customer accounts (e.g., engages solely in proprietary trading or conducts business only with other broker-dealers), in which case such "independent testing" is required every two years (on a calendar-year basis);
(d) Designate and identify to FINRA (by name, title, mailing address, e-mail address, telephone number, and facsimile number) an individual or individuals responsible for implementing and monitoring the day-to-day operations and internal controls of the program (such individual or individuals must be an associated person of the member) and provide prompt notification to FINRA regarding any change in such designation(s);
(e) Provide ongoing training for appropriate personnel; and
(f) Include appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:
(i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
(ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of paragraph (f)(ii), customer information shall include information regarding the beneficial owners of legal entity customers (as defined in 31 CFR 1010.230(e)).

• • • Supplementary Material: --------------

.01 Independent Testing Requirements

(a) All members should undertake more frequent testing than required if circumstances warrant.
(b) Independent testing, pursuant to Rule 3310(c), must be conducted by a designated person with a working knowledge of applicable requirements under the Bank Secrecy Act and its implementing regulations.
(c) Independent testing may not be conducted by:
(1) a person who performs the functions being tested,
(2) the designated anti-money laundering compliance person, or
(3) a person who reports to a person described in either subparagraphs (1) or (2) above.

.02 Review of Anti-Money Laundering Compliance Person Information

Each member must identify, review, and, if necessary, update the information regarding its anti-money laundering compliance person designated pursuant to Rule 3310(d) in the manner prescribed by Rule 4517.
Amended by SR-FINRA-2018-016 eff. May 11, 2018.
Amended by SR-FINRA-2015-004 eff. Feb. 12, 2015.
Amended by SR-FINRA-2009-039 eff. Jan. 1, 2010.
Amended by SR-NASD-2007-034 eff. Dec. 31, 2007.
Amended by SR-NASD-2005-066 eff. Mar. 6, 2006.
Amended by SR-NASD-2002-146 eff. Oct. 22, 2002.
Adopted by SR-NASD-2002-24 eff. April 24, 2002.

Selected Notices: 02-21, 02-50, 02-78, 02-80, 03-34, 06-07, 07-42, 09-60, 17-4018-19.