Sports Market Group Inc.
Anti-Money Laundering (“AML”) Plan
Compliance and Supervisory Procedures
UPDATED AS OF MARCH 29, 2021
NOTE:
The FINRA AML web page (https://www.finra.org/rules-guidance/key-topics/aml) includes important information and links to other websites with useful information. You should also consult the websites maintained by the Financial Crimes Enforcement Network (FinCEN) (https://www.fincen.gov) and the Securities and Exchange Commission (SEC) (https://www.sec.gov/), including the SEC’s AML Source Tool https://www.sec.gov/about/offices/ocie/amlsourcetool.htm, for additional information and guidance.
For historical guidance and background, you may wish to consult NASD Notices to Members (NTM) 02-21, 02-47, 02-50, 02-78, 02-80, 03-34, 06-07, 06-41 and 07-17. Regulatory Notices 07-42, 08-66, 09-05, 12-08, 17-40 18-19, and 19-18 provide additional guidance information about companies’ AML obligations. To submit BSA filings, including Suspicious Activity Reports (SARs), to FinCEN, companies must use FinCEN’s BSA E-Filing System (https://bsaefiling.fincen.treas.gov/main.html).
1. Sports Market Group Inc. AML Policy
It is the policy of Sports Market Group Inc. (the “Company”) to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under the Bank Secrecy Act (“BSA”) and its regulations.
“Money laundering” is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three (3) stages. Cash first enters the financial system at the "placement" stage, where the cash generated from criminal activities is converted into monetary instruments, such as money orders or traveler's checks, or deposited into accounts at financial institutions. At the "layering" stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. At the "integration" stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses.
“Terrorist financing” may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.
Sports Market Group Inc.’s AML policies, procedures and internal controls are designed to ensure compliance with all applicable BSA regulations and FINRA rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business.
Rules: 31 C.F.R. § 1023.210; FINRA Rule 3310.
2. AML Compliance Person Designation and Duties
The Company has designated [Name] as its Anti-Money Laundering Program Compliance Person (“AML Compliance Person”), with full responsibility for the Company’s AML program. [Name] has a working knowledge of the BSA and its implementing regulations and is qualified by experience, knowledge and training, including [describe]. The duties of the AML Compliance Person will include monitoring the company’s compliance with AML obligations, overseeing communication and training for employees, and any other duties assigned by the Company to the AML Compliance Person.
The AML Compliance Person will also ensure that the Company keeps and maintains all required AML records and will ensure that Suspicious Activity Reports (“SARs”) are filed with the Financial Crimes Enforcement Network (“FinCEN”) when appropriate. The AML Compliance Person is vested with full responsibility and authority to enforce the company’s AML program.
The Company will provide FINRA with contact information for the AML Compliance Person through the FINRA Contact System (FCS), including: (1) name; (2) title; (3) mailing address; (4) email address; (5) telephone number; and (6) fax (if any). The Company will promptly notify FINRA of any change in this information through FCS and will review, and if necessary, update, this information within seventeen (17) business days after the end of each calendar year. The annual review of FCS information will be conducted by [Name] and will be completed with all necessary updates being provided no later than seventeen (17) business days following the end of each calendar year. In addition, if there is any change to the information, [Name] will update the information promptly, but in any event not later than thirty (30) days following the change.
Rules: 31 C.F.R. § 1023.210; FINRA Rule 3310; FINRA Rule 4517.
Resources: Regulatory Notice 07-42; NTM 06-07; NTM 02-78. Companies can submit their AML Compliance Person information through FINRA's FCS web page.
3. Giving AML Information to Federal Law Enforcement Agencies and Other Financial Institutions
a. FinCEN Requests Under USA PATRIOT Act Section 314(a)
Pursuant to the BSA and its implementing regulations, financial institutions are required to make certain searches of their records upon receiving an information request from FinCEN. Describe your company’s procedures for FinCEN requests for information on money laundering or terrorist activity.
In order for a Company to obtain information requests from FinCEN, the Company must first designate an AML Contact Person in FCS. If you want to change the person who receives FinCEN requests, you must change the AML contact information in FCS. When you are faced with a change in personnel who will receive this information, you should be aware that FinCEN receives a data feed of this revised information from FCS every other week and that it may take several weeks for a company’s new AML contact person to receive information from FinCEN. Therefore, it is advisable for a Company that is aware that a person who had been receiving FinCEN requests is leaving the Company to change the information on FCS as soon as practical to ensure continuity of receiving FinCEN information.
We will respond to a Financial Crimes Enforcement Network (FinCEN) request concerning accounts and transactions (a 314(a) Request) by immediately searching our records to determine whether we maintain or have maintained any account for, or have engaged in any transaction with, each person, entity or organization named in the 314(a) Request as outlined in the Frequently Asked Questions (FAQ) located on FinCEN’s secure website. We understand that we have fourteen (14) days (unless otherwise specified by FinCEN) from the transmission date of the request to respond to a 314(a) Request. We will designate through the FINRA Contact System (FCS) one or more persons to be the point of contact (POC) for 314(a) Requests and will promptly update the POC information following any change in such information. Unless otherwise stated in the 314(a) Request or specified by FinCEN, we are required to search those documents outlined in FinCEN’s FAQ. If we find a match, [Name] will report it to FinCEN via FinCEN’s Web-based 314(a) Secure Information Sharing System within fourteen (14) days or within the time requested by FinCEN in the request. If the search parameters differ from those mentioned above (for example, if FinCEN limits the search to a geographic location), [Name] will structure our search accordingly.
If [Name] searches our records and does not find a matching account or transaction, then [Name] will not reply to the 314(a) Request. We will maintain documentation that we have performed the required search by [printing a search self-verification document from FinCEN’s 314(a) Secure Information Sharing System confirming that our Company has searched the 314(a)-subject information against our records and maintaining a log showing the date of the request, the number of accounts searched, the name of the individual conducting the search and a notation of whether a match was found.
We will not disclose the fact that FinCEN has requested or obtained information from us, except to the extent necessary to comply with the information request. [Name] will review, maintain, and implement procedures to protect the security and confidentiality of requests from FinCEN similar to those procedures established to satisfy the requirements of Section 501 of the Gramm-Leach-Bliley Act1, which calls for the protection of customers’ nonpublic personal information.
We will direct any questions we have about the 314(a) Request to the requesting federal law enforcement agency as designated in the request.
Unless otherwise stated in the 314(a) Request, we will not be required to treat the information request as continuing in nature, and we will not be required to treat the periodic 314(a) Requests as a government provided list of suspected terrorists for purposes of the customer identification and verification requirements.
Rule: 31 C.F.R. § 1010.520.
Resources: FinCEN’s 314(a) web page; NTM 02-80;. FinCEN also provides financial institutions with General Instructions and Frequently Asked Questions relating to 314(a) requests through the 314(a) Secured Information Sharing System or by contacting FinCEN’s Regulatory Helpline at (800) 949-2732 or via email at sys314a@fincen.gov.
- National Security Letters
National Security Letters (NSLs) are written investigative demands that may be issued by the local Federal Bureau of Investigation (FBI) and other federal government authorities conducting counterintelligence and counterterrorism investigations to obtain, among other things, financial records of broker-dealers. NSLs are highly confidential. No broker-dealer, officer, employee or agent of the broker-dealer can disclose to any person that a government authority or the FBI has sought or obtained access to records. Companies that receive NSLs must have policies and procedures in place for processing and maintaining the confidentiality of NSLs. If you file a Suspicious Activity Report (SAR) after receiving a NSL, the SAR should not contain any reference to the receipt or existence of the NSL.
We understand that the receipt of a National Security Letter (“NSL”) is highly confidential. We understand that none of our officers, employees or agents may directly or indirectly disclose to any person that the FBI or other federal government authority has sought or obtained access to any of our records. To maintain the confidentiality of any NSL we receive, we will process and maintain the NSL by [describe procedure]. If we file a SAR after receiving an NSL, the SAR will not contain any reference to the receipt or existence of the NSL. The SAR will only contain detailed information about the facts and circumstances of the detected suspicious activity.
- Grand Jury Subpoenas
Grand juries may issue subpoenas as part of their investigative proceedings. The receipt of a grand jury subpoena does not in itself require the filing of a Suspicious Activity Report (SAR). However, broker-dealers should conduct a risk assessment of the customer who is the subject of the grand jury subpoena, as well as review the customer’s account activity. If suspicious activity is uncovered during this review, broker-dealers should consider elevating the risk profile of the customer and file a SAR in accordance with the SAR filing requirements. Grand jury proceedings are confidential, and a broker-dealer that receives a subpoena is prohibited from directly or indirectly notifying the person who is the subject of the investigation about the existence of the grand jury subpoena, its contents or the information used to reply to it. If you file a SAR after receiving a grand jury subpoena, the SAR should not contain any reference to the receipt or existence of it. The SAR should provide detailed information about the facts and circumstances of the detected suspicious activity.
We understand that the receipt of a grand jury subpoena concerning a customer does not in itself require that we file a Suspicious Activity Report (“SAR”). When we receive a grand jury subpoena, we will conduct a risk assessment of the customer subject to the subpoena as well as review the customer’s account activity. If we uncover suspicious activity during our risk assessment and review, we will elevate that customer’s risk assessment and file a SAR in accordance with the SAR filing requirements. We understand that none of our officers, employees or agents may directly or indirectly disclose to the person who is the subject of the subpoena its existence, its contents or the information we used to respond to it. To maintain the confidentiality of any grand jury subpoena we receive, we will process and maintain the subpoena by [describe procedure]. If we file a SAR after receiving a grand jury subpoena, the SAR will not contain any reference to the receipt or existence of the subpoena. The SAR will only contain detailed information about the facts and circumstances of the detected suspicious activity.
d. Voluntary Information Sharing With Other Financial Institutions Under USA PATRIOT Act Section 314(b)
BSA regulations permit financial institutions to share information with other financial institutions under the protection of a safe harbor if certain procedures are followed. If your Company shares or plans to share information with other financial institutions, describe your company's procedures for such sharing.
We will share information with other financial institutions regarding individuals, entities, organizations, and countries for purposes of identifying and, where appropriate, reporting activities that we suspect may involve possible terrorist activity or money laundering. [Name] will ensure that the Company files with FinCEN an initial notice before any sharing occurs and annual notices thereafter. We will use the notice form found at FinCEN’s website (http://www.fincen.gov/). Before we share information with another financial institution, we will take reasonable steps to verify that the other financial institution has submitted the requisite notice to FinCEN, either by obtaining confirmation from the financial institution or by consulting a list of such financial institutions that FinCEN will make available. We understand that this requirement applies even to financial institutions with which we are affiliated, and that we will obtain the requisite notices from affiliates and follow all required procedures.
We will employ strict procedures both to ensure that only relevant information is shared and to protect the security and confidentiality of this information, for example, by segregating it from the company’s other books and records and [describe any other procedures].
We also will employ procedures to ensure that any information received from another financial institution shall not be used for any purpose other than:
- identifying and, where appropriate, reporting on money laundering or terrorist activities;
- determining whether to establish or maintain an account, or to engage in a transaction; or
- assisting the financial institution in complying with performing such activities.
Rules: 31 C.F.R. § 1010.540.
Resources: FinCEN Financial Institution Notification Form; FIN-2009-G002: Guidance on the Scope of Permissible Information Sharing Covered by Section 314(b) Safe Harbor of the USA PATRIOT Act (6/16/2009).
Resources: FinCEN’s BSA E-Filing System.
4. Checking the Office of Foreign Assets Control Listings
Although not part of the BSA and its implementing regulations, the Office of Foreign Assets Control (OFAC) compliance is often performed in conjunction with AML compliance. OFAC is an office of the U.S. Treasury that administers and enforces economic sanctions and embargoes based on U.S. foreign policy and national security goals that target geographic regions and governments (e.g., Cuba, Sudan and Syria), as well as individuals or entities that could be anywhere (e.g., international narcotics traffickers, foreign terrorists and proliferators of weapons of mass destruction). As part of its enforcement efforts, OFAC publishes a list of Specially Designated Nationals and Blocked Persons (SDN list), which includes names of companies and individuals who relate to the sanction’s targets. U.S. persons are prohibited from dealing with SDNs wherever they are located, and all SDN assets must be blocked. Because OFAC's programs are constantly changing, describe how you will check with OFAC to ensure that your SDN list is current and also that you have complete information regarding the listings of economic sanctions and embargoes enforced by OFAC affecting countries and parties before opening an account and for existing accounts.
Before opening an account, and on an ongoing basis, [Name] will check to ensure that a customer does not appear on the Specially Designated Nationals and Blocked Person (“SDN list”) or is not engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by OFAC. [Name] will monitor the OFAC website (http://www.treas.gov/offices/enforcement/ofac/) for the SDN list and listings of current sanctions and embargoes. Because the SDN list and listings of economic sanctions and embargoes are updated frequently, we will consult them on a regular basis and subscribe to receive any available updates when they occur. With respect to the SDN list, we may also access that list through various software programs to ensure speed and accuracy. [Name] will also review existing accounts against the SDN list and listings of current sanctions and embargoes when they are updated and [Name] will document the review.
If we determine that a customer is on the SDN list or is engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by OFAC, we will reject the transaction and/or block the customer's assets and file a blocked assets and/or rejected transaction form with OFAC within ten (10) days. We will also call the OFAC Hotline at (800) 540-6322 immediately.
Our review will include customer accounts, transactions involving customers (including activity that passes through the Company such as wires) and the review of customer transactions that involve physical security certificates or application-based investments (e.g., mutual funds).
Rules: 31 C.F.R. § 501.603; 31 C.F.R. § 501.604.
Resources: SEC AML Source Tool for Broker-Dealers, Item 12; OFAC Lists web page (including links to the SDN List and lists of sanctioned countries); FINRA’s OFAC Search Tool. You can also subscribe to receive updates on the OFAC Subscription web page. See also the following OFAC forms: Report of Blocked Transactions Form; Report of Rejected Transactions Form; Annual Report of Blocked Property Form; and OFAC Guidance Regarding Foreign Assets Control Regulations for the Securities Industry.
5. Customer Identification Program
Companies are required to have and follow reasonable procedures to document and verify the identity of their customers who open new accounts. These procedures must address the types of information the Company will collect from the customer and how it will verify the customer's identity. These procedures must enable the Company to form a reasonable belief that it knows the true identity of its customers. The final rule, which FinCEN and the SEC jointly issued on April 30, 2003, applies to all new accounts opened on or after October 1, 2003.
The company’s customer identification program (CIP) must be in writing and be part of the company’s AML compliance program.
Rule: 31 C.F.R. § 1023.220.
Resources: SEC Staff Q&A Regarding the Broker-Dealer Customer Identification Program Rule (October 1, 2003); NTM 03-34; FIN-2006-G007: Frequently Asked Question: Customer Identification Program Responsibilities under the Agency Lending Disclosure Initiative (4/25/2006).
Describe how you will identify customers and verify their identities.
Resources: FIN-2008-G002: Customer Identification Program Rule No-Action Position Respecting Broker-Dealers Operating Under Fully Disclosed Clearing Agreements According to Certain Functional Allocations (3/4/2008) and FIN-2008-R008: Bank Secrecy Act Obligations of a U.S. Clearing Broker-Dealer Establishing a Fully Disclosed Clearing Relationship with a Foreign Financial Institution (6/3/2008).
In addition to the information, we must collect under FINRA Rules 2090 (Know Your Customer) and 2111 (Suitability) and the 4510 Series (Books and Records Requirements), 17a-3(a)(17) (Customer Accounts) and Regulation Best Interest, we have established, documented, and maintained a written Customer Identification Program (“CIP”). We will collect certain minimum customer identification information from each customer who opens an account; utilize risk-based measures to verify the identity of each customer who opens an account; record customer identification information and the verification methods and results; provide the required adequate CIP notice to customers that we will seek identification information to verify their identities; and compare customer identification information with government-provided lists of suspected terrorists, once such lists have been issued by the government.
Rule: 31 C.F.R. § 1023.220.
Resources: SEC Staff Q&A Regarding the Broker-Dealer Customer Identification Program Rule (10/1/2003); NTM 03-34.
a. Required Customer Information
Before opening an account, [Name of person or category of associated person] will collect the following information for all accounts, for any person that is opening a new account and whose name is on the account:
(1) the name;
(2) date of birth (for an individual);
(3) an address, which will be a residential or business street address (for an individual); and
(4) an identification number, which may be one or more of the following: a taxpayer identification number, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or other similar safeguard (for non-U.S. persons).
If a customer has applied for, but has not received, a taxpayer identification number, we will confirm that the application was filed before the customer opens the account and to obtain the taxpayer identification number within a reasonable period after the account is opened.
Rule: 31 C.F.R. § 1023.220(a)(2)(i).
b. Customers Who Refuse to Provide Information
Describe your company’s policy for customers who do not provide requested information.
If a potential or existing customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, our Company will not open a new account and, after considering the risks involved, consider closing any existing account. In either case, our AML Compliance Person will be notified so that we can determine whether we should report the situation to FinCEN on a SAR.
c. Verifying Information
Describe how you will verify customers’ identities using the information described above. The information you gather may vary according to the risks posed by the type of account. The procedures must enable you to form a reasonable belief that you know the true identity of each customer. Among the risks to consider are the various types of accounts maintained by the company, the various methods the Company uses to open accounts, the various types of identifying information available, and the company’s size, location and customer base. If you believe that some of these risk factors increase the likelihood that you will need more information to know the true identity of your customers, you should determine what additional identifying information might be necessary for a reasonable belief that you know the true identity of your customer and when such additional information should be obtained.
Based on the risk, and to the extent reasonable and practicable, we will ensure that we have a reasonable belief that we know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers. [Name] will analyze the information we obtain to determine whether the information is sufficient to form a reasonable belief that we know the true identity of the customer.
We will verify customer identity through documentary and non-documentary means. We will use documents to verify customer identity when appropriate documents are available. In light of the increased instances of identity fraud, we will supplement the use of documentary evidence by using the non-documentary means described below whenever necessary. We may also use non-documentary means, if we are still uncertain about whether we know the true identity of the customer. In verifying the information, we will consider whether the identifying information that we receive, such as the customer’s name, street address, zip code, telephone number (if provided), date of birth and Social Security number, allow us to determine that we have a reasonable belief that we know the true identity of the customer.
Appropriate documents for verifying the identity of customers include the following:
- An unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport; and
We understand that we are not required to take steps to determine whether the document that the customer has provided to us for identity verification has been validly issued and that we may rely on a government-issued identification as verification of a customer’s identity. If, however, we note that the document shows some obvious form of fraud, we must consider that factor in determining whether we can form a reasonable belief that we know the customer’s true identity.
We will use the following non-documentary methods of verifying identity:
- Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source [identify reporting agency, database, etc.];
- Checking references with other financial institutions; or
- Obtaining a financial statement.
- [other non-documentary methods, if applicable]
We will use non-documentary methods of verification when:
(1) the customer is unable to present an unexpired government-issued identification document with a photograph or other similar safeguard;
(2) the Company is unfamiliar with the documents the customer presents for identification verification;
(3) the customer and Company do not have face-to-face contact; and
(4) there are other circumstances that increase the risk that the Company will be unable to verify the true identity of the customer through documentary means.
We will verify the information within a reasonable time before or after the account is opened. Depending on the nature of the account and requested transactions, we may refuse to complete a transaction before we have verified the information, or in some instances when we need more time, we may, pending verification, restrict the types of transactions or dollar amount of transactions. If we find suspicious information that indicates possible money laundering, terrorist financing activity, or other suspicious activity, we will, after internal consultation with the company's AML Compliance Person, file a SAR in accordance with applicable laws and regulations.
Rule: 31 C.F.R. § 1023.220(a)(2)(ii).
d. Lack of Verification
Describe your procedures for responding to circumstances in which the Company cannot form a reasonable belief that it knows the true identity of a customer.
When we cannot form a reasonable belief that we know the true identity of a customer, we will do the following: (1) not open an account; (2) impose terms under which a customer may conduct transactions while we attempt to verify the customer’s identity; (3) close an account after attempts to verify a customer’s identity fail; and (4) determine whether it is necessary to file a SAR in accordance with applicable laws and regulations.
Rule: 31 C.F.R. § 1023.220(a)(2)(iii).
e. Recordkeeping
Describe your recordkeeping procedures.
We will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process. We will keep records containing a description of any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date. With respect to non-documentary verification, we will retain documents that describe the methods and the results of any measures we took to verify the identity of a customer. We will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. We will retain records of all identification information for five (5) years after the account has been closed; we will retain records made about verification of the customer's identity for five years after the record is made.
Rule: 31 C.F.R. § 1023.220(a)(3).
f. Comparison with Government-Provided Lists of Terrorists
Describe how you will check government lists within a reasonable period of time after opening an account (or earlier, if required by another federal law or regulation or federal directive issued in connection with an applicable list). See NTM 02-21, page 6. There currently are no government-provided lists of suspected terrorists that companies are required to use as part of their CIP.
At such time as we receive notice that a federal government agency has issued a list of known or suspected terrorists and identified the list as a list for CIP purposes, we will, within a reasonable period of time after an account is opened (or earlier, if required by another federal law or regulation or federal directive issued in connection with an applicable list), determine whether a customer appears on any such list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by Treasury in consultation with the federal functional regulators. We will follow all federal directives issued in connection with such lists.
We will continue to comply separately with OFAC rules prohibiting transactions with certain foreign countries or their nationals.
Rule: 31 C.F.R. § 1023.220(a)(4).
Resource: NTM 02-21, page 6, n.24.
g. Notice to Customers
The CIP Rule requires you to provide adequate notice to customers that you are requesting information from them to verify their identities. You may provide such notice by a sign in your lobby, through other oral or written notice, or, for accounts opened online, notice posted on your website. No matter which methods of giving notice you choose, you must give it before an account is opened.
FINRA has produced a Customer Identification Program Notice to assist companies in fulfilling this notification requirement. Please refer to the FINRA AML web page for further details.
We will provide notice to customers that the Company is requesting information from them to verify their identities, as required by federal law. We will use the following method to provide notice to customers via telephone, email, and online, and we will use the following language for notice to be provided to a company’s customers (if appropriate):
Important Information About Procedures for Opening a New Account
To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.
What this means for you: When you open an account, we will ask for your name, address, date of birth and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.
Rule: 31 C.F.R. § 1023.220(a)(5).
h. Reliance on Another Financial Institution for Identity Verification
We may, under the following circumstances, rely on the performance by another financial institution (including an affiliate) of some or all of the elements of our CIP with respect to any customer that is opening an account or has established an account or similar business relationship with the other financial institution to provide or engage in services, dealings or other financial transactions:
- when such reliance is reasonable under the circumstances;
- when the other financial institution is subject to a rule implementing the anti-money laundering compliance program requirements of 31 U.S.C. § 5318(h), and is regulated by a federal functional regulator; and
- when the other financial institution has entered into a contract with our Company requiring it to certify annually to us that it has implemented its anti-money laundering program and that it will perform (or its agent will perform) specified requirements of the customer identification program.
Rule: 31 C.F.R. § 1023.220(a)(6).
Resources: No-Action Letters to the Securities Industry and Financial Markets Association (SIFMA) (February 12, 2004; February 10, 2005; July 11, 2006; January 10, 2008; January 11, 2010; January 11, 2011; January 9, 2015; December 12, 2016; and December 12, 2018)). (The letters provide staff guidance regarding the extent to which a broker-dealer may rely on an investment adviser to conduct the required elements of the CIP rule, prior to such adviser being subject to an AML rule.)
6. Customer Due Diligence Rule
On May 11, 2016, FinCEN adopted a final rule on Customer Due Diligence Requirements for Financial Institutions (CDD Rule) to clarify and strengthen customer due diligence for covered financial institutions, including broker-dealers. The Rule becomes effective on May 11, 2018.
In its CDD Rule, FinCEN identifies four components of customer due diligence: (1) customer identification and verification; (2) beneficial ownership identification and verification; (3) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (4) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. As the first component is already an AML program requirement (under the CIP Rule), the CDD Rule focuses on the other three components.
Specifically, the CDD Rule focuses particularly on the second component by adding a new requirement that covered financial institutions establish and maintain written procedures as part of their AML programs that are reasonably designed to identify and verify the identities of beneficial owners of legal entity customers, subject to certain exclusions and exemptions.
Under the CDD Rule, member companies must obtain from the natural person opening the account on behalf of the legal entity customer, the identity of the beneficial owners of the entity. In addition, that individual must certify, to the best of his or her knowledge, as to the accuracy of the information. FinCEN intends that the legal entity customer identify its ultimate beneficial owner(s) and not “nominees” or “straw men.”
The CDD Rule does not prescribe the form in which member companies must collect the required information, which includes the name, date of birth, address and Social Security number or other government identification number of beneficial owners. Rather, member companies may choose to obtain the information by using FinCEN’s standard certification form in Appendix A of the CDD Rule (at https://www.fincen.gov/resources/filing-information) or by another means, provided that the chosen method satisfies the identification requirements in the CDD Rule. In any case, the CDD Rule requires that member companies maintain records of the beneficial ownership information they obtain.
Once member companies obtain the required beneficial ownership information, the CDD Rule requires that companies verify the identity of the beneficial owner(s) – in other words, that they are who they say they are – and not their status as beneficial owners through risk-based procedures that include, at a minimum, the elements required for CIP procedures for verifying the identity of individual customers. Such verification must be completed within a reasonable time after account opening. Member companies may rely on the beneficial ownership information supplied by the individual opening the account, if they had no knowledge of facts that would reasonably call into question the reliability of that information.
The CDD Rule’s requirements with respect to beneficial owners of legal entity customers applies on a prospective basis, that is, only with respect to legal entity customers that open new accounts from the date of the CDD Rule’s implementation. However, member companies should obtain beneficial ownership information for an existing legal entity customer if, during normal monitoring, it receives information that is needed to assess or reevaluate the risk of the customer.
The required records to be created and maintained must include: (i) for identification, any identifying information obtained by the member Company pursuant to the beneficial ownership identification requirements of the CDD Rule, including without limitation the certification (if obtained); and (ii) for verification, a description of any document relied on (noting the type, any identification number, place of issuance and, if any, date of issuance and expiration), of any non-documentary methods and the results of any measures undertaken, and the resolution of each substantive discrepancy. In addition to complying with existing SEC and FINRA record retention requirements, member companies must maintain the records collected for identification purposes for a minimum of five years after the account is closed, and for verification purposes, for five years after the record is made.
Member companies may rely on the performance by another financial institution (including an affiliate) of the requirements of the CDD Rule with respect to any legal entity customer of the member Company that is opening, or has opened, an account or has established a similar business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions, provided that: (1) such reliance is reasonable under the circumstances; (2) the other financial institution is subject to a rule implementing 31 U.S.C. 5318(h) and is regulated by a Federal functional regulator; and (3) the other financial institution enters into a contract requiring it to certify annually to the member Company that it has implemented its AML program, and that it will perform (or its agent will perform) the specified requirements of the member company’s procedures to comply with the CDD Rule.
The CDD Rule also addresses the third and fourth components, which FinCEN states “are already implicitly required for covered financial institutions to comply with their suspicious activity reporting requirements,” by amending the existing AML program rules for covered financial institutions to explicitly require these components to be included in AML programs as a new “fifth pillar.” These requirements are discussed further below.
Rules: 31 C.F.R. § 1010.230; 31 C.F.R. § 1023.210(b)(5); FINRA Rule 3310.
Resources: 81 Fed. Reg. 29398 (May 11, 2016) (Final Rule: Financial Crimes Enforcement Network; Customer Due Diligence Requirements for Financial Institutions); FIN-2016-G003: Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions (7/19/2016); Regulatory Notice 17-40; FIN-2018-G001: Frequently Asked Questions Regarding Customer Due Diligence
Requirements for Financial Institutions (4/3/2018); Regulatory Notice 18-19.
We do not open or maintain accounts for legal entity customers within the meaning of 31 CFR 1010.230. If in the future the Company elects to open accounts for legal entity