Atkins Discusses FinCEN CDD Rule on FINRA AML Panel

Don’t miss the the AML Challenges panel at the 2018 FINRA Annual Conference on May 23, 2018 in Washington DC. FirstMark’s founder, Mitch Atkins, will present as a panelist. One of the key topics to be discussed is the FinCEN CDD Rule. The rule became fully effective May 11, 2018. If you’re ready, or even if you’re not, implementation questions still abound. As recently as April 2018. FinCEN issued additional guidance in the form of FAQs. This was the second round of FAQs issued on the FinCEN CDD Rule. The first round can be found here. Many firms have experienced challenges in understanding the nuances involved with the beneficial ownership requirements, including the ownership and control prong. There are numerous exceptions and interpretations to both. Also, perhaps more challenging has been the so-called “fifth pillar” requirements that involving ongoing monitoring to detect potential suspicious activity. The FinCEN CDD Rule codifies, for the first time, the requirement to conduct ongoing monitoring and to update customer information if there are red flags noted. Some AMLCOs have struggled with the concept of the fifth pillar, particularly with regard to the ongoing monitoring requirements. Questions have arisen as to whether the FinCEN CDD Rule requires that small firms implement an automated surveillance system. Guidance issued by Treasury on the FinCEN CDD Rule provides that this is not true – there is no new requirement to install a trade surveillance system. Instead, the FAQs explain that the monitoring can be done on a risk basis. However, during the course of the normal risk monitoring, if a red flag of potentially suspicious activity is noted, the customer profile that was developed based on the FinCEN CDD Rule “nature and purpose” provision should be revisited and if necessary updated. All of these issues will be addressed on the AML Challenges panel at the 2018 FINRA Annual Conference in Washington DC. If you haven’t signed up and were considering doing so, you can at this link. Also, you can view the conference video

Click on the image below to view the conference brochure:

FinCEN CDD Rule Atkins


Click on the image below to view FirstMark’s presentation materials (a practical quick reference guide to the FinCEN CDD Rule).

FinCEN CDD Rule Atkins

FirstMark Regulatory Solutions, Inc. is a compliance consulting organization based in Boca Raton, Florida. Mitch Atkins is FirstMark’s founder and principal. He focuses on broker-dealer compliance matters, including anti-money laundering independent testing, FINRA new member applications, FINRA CMAs, FINRA Enforcement litigation support, and supervisory controls testing.




AML Surveillance – Major FINRA AML Case

Yesterday FINRA settled yet another major case involving AML surveillance system deficiencies. This is one more in a series of cases in which FINRA has found that a broker-dealer’s electronic surveillance systems were insufficient to detect potentially suspicious transactions. In this case, FINRA fined the firm $13 million (which was duplicated by the SEC bringing the total sanction to $26 million) for failures related to an automated system the firm used for monitoring transactions for potentially suspicious activity. In 2010, firm connected the system to a larger, enterprise-wide system that risk-scored the results in such a way that limited the reviews of alerts from the original system. This means that, according to the settlement document, for a four-month period, the firm did not investigate suspicious activity detected by the original system. It appears from the settlement language that the firm believed its system was generating too many “false positives” and during a transition period simply determined not to investigate those items. All in all, it seems that the firm failed to investigate 1,015 instances of potentially suspicious activity.  The firm designed the system parameters such that it also excluded multiple occurrences of potentially suspicious money movements that involved high-risk counterparties and entities only once. Thus, because there was no linkage between related accounts, it did not consistently identify or monitor these customers, which apparently included some in high-risk jurisdictions and who were senior foreign political figures (PEPs). Also, quite interestingly, the settlement states that millions of accounts were excluded from the firm’s automated monitoring system.

This case is an obvious demonstration of FINRA’s increasing ability to conduct highly sophisticated AML investigations. FINRA’s last several major AML actions have sought progressively higher fine amounts for failures to adequately implement AML surveillance technology. No doubt, the investment in staffing and technology to address this issue proactively would have cost less than $26 million. But of course, hindsight is always 20/20. That said, the message is abundantly clear. It is time to invest in top-notch AML surveillance systems. And, such an investment is not simply the installation, but the ongoing periodic maintenance, which in the industry is often called tuning. It is also important that firms utilizing AML surveillance systems employ experts in FINRA AML requirements to ensure that the systems are tested and tuned in a manner similar to that which is performed by FINRA.

Finally, I have previously explained that while tuning is an important aspect of the maintenance of AML surveillance systems, it is important to take a measured approach to managing false positives generated by these systems. On one hand, false positives are a fact of life with AML surveillance systems. However, changes to rules and thresholds that are not validated or tested by experts against prior results can end up causing costly mistakes. I’m a firm believer in eliminating as many false positives as possible, because by their nature a good percentage of them are just noise and interfere with proper AML surveillance and detecting potentially suspicious activity. I’ve written about this before.  However, I worry that FINRA actions such as this will have a chilling effect on those firms wishing to fine tune these systems. I fully support modification of thresholds and rules to result in the maximum efficiency of the AML surveillance system overall. Also, it often makes sense to implement enterprise-wide surveillance. As with many things, however, this case illustrates that the devil is in the details.

Mitch Atkins, CRCP is the founder and principal of FirstMark Regulatory Solutions, a compliance consulting organization based in Boca Raton, Florida that specializes in AML compliance.


Mitch Atkins Presenting at FINRA South Region Conference

Mitch Atkins, founder and principal of FirstMark Regulatory Solutions, will present at the FINRA South Region Compliance Seminar in Fort Lauderdale, Florida on December 6, 2017.  Mitch Atkins will present as a panelist on FINRA’s panel entitled Writing and Maintaining Written Supervisory Procedures. The panel will discuss the FINRA’s Supervision Rule (Rule 3110), and in particular, best practices for developing effective supervisory and compliance procedures. As a panelist, Atkins will discuss the regulatory requirements for procedures, and will provide take-away resource materials to attendees that will serve as a guide for developing procedures, including procedures for FINRA’s new Rule 2165 on financial exploitation of seniors/specified adults.

One of the most commonly cited violations on FINRA examinations is the failure to develop and implement adequate written supervisory procedures (“WSPs”). Beyond simply satisfying regulatory requirements, effective WSPs are a compliance tool that broker-dealers utilize to delegate responsibilities for compliance with FINRA and SEC rules. Additionally, effective WSPs do more than simply state the requirements of a particular rule, rather, they serve as a blueprint of the firm’s supervisory system. A supervisory system collectively includes the processes, technology, personnel and related documentation. Before engaging in the development of WSPs a firm should first carefully consider all aspects of an overall supervisory system. Lastly, an effective supervisory system includes clear lines of authority. There have been numerous regulatory enforcement actions which cited firms for failure to designate authority, or worse, in which a problem arose, but the lines of authority were blurred such that nothing was done to correct the problem. In some of these cases, the identification of the problem was not the issue so much as who was responsible for the resolution of the issue. These issues will be covered by the panel, which includes industry and regulator participation. The FINRA South Region Conference is a cost-effective way to gain additional knowledge in this and many other areas.

To register, please visit 

FirstMark offers a broad range of compliance consulting services, including AML independent testing, Rule 3120 supervisory controls testing, SRO relationship management, FINRA membership applications, training, and more. Mitch Atkins founded FirstMark in 2013.

For more information and to view the seminar brochure and agenda, simply click the image below.

mitch atkins finra

Update: To view the session materials, click the image below:

Epic BD AML Compliance Failure Yields Another Record Fine

On Monday, December 5, 2016, FINRA announced yet another record fine against a broker-dealer for AML compliance failure. This action follows another just seven months ago in which FINRA fined a broker-dealer complex $17 million for AML compliance failure. There are numerous messages here which you can read about in my LinkedIn article that analyzes the new case. The bottom line here is to remember that the days of a slap on the wrist for a firm with a serious AML compliance failure are over. FINRA has demonstrated that it will not hesitate to slap a broker-dealer with a significant sanction, and even to name individual AML compliance officers if violations are serious. There are parallels between this case and FINRA’s May 2016 action against a Florida BD complex. Read my summary of that case here.

The case involved several significant areas of compliance breakdowns. The firm utilized and automated surveillance system, but according to the FINRA settlement document, the data feeding into the system was inaccurate and/or missing information critical to its proper functioning. FINRA also found that the system did not utilize scenarios to detect specific types of activity that it believed the firm systems should have covered.

Another AML compliance failure was that there were deficiencies in the manner in which the firm determined ownership and saleability of microcap securities. FINRA noted that the firm was involved in the liquidation of over 3.7 billion shares of microcap issuers during its review period and earned $10.4 million in commissions from same. Because the system for determining whether the shares could be properly liquidated was inadequate, FINRA found that the firm violated NASD Rule 3010, FINRA Rule 3110, and FINRA Rule 2010.

The AML compliance failure also involved inadequate procedures covering suspicious activity reporting, and failure to conduct adequate due diligence on foreign financial institutions that were also firm affiliates.

FINRA Tolerance for AML Compliance Failures Fading

AML compliance failures are starting to get the “zero tolerance” message from FINRA. It recently announced its largest fine ever against two firms for AML compliance failures, including the suspension of the AML compliance officer. Mitch Atkins, a former FINRA official breaks down this action in a LinkedIn article. In reality, these sanctions are not too different in scope than that which was levied on Brown Brothers Harriman in 2014. The difference is there are two firms involved in this sanction. Also, the failures in the Brown Brothers case appear to be more limited to the area of low-priced securities and while that is an element of the recent action, it seems broader in scope as to the nature of the compliance failures.

At the recent FINRA Annual Conference in Washington, D.C., FINRA’s head of Enforcement, Brad Bennett, indicated in his comments during a panel discussion that there were more enforcement cases to come in the AML compliance space. Bennett stated that FINRA noted a signficant number of red flags in the recent case, but he suggested that future cases may involve actual money laundering rather than just compliance failures. I suspect these cases will be as significant or more significant given the apparent escalation of sanctions of late.

AML Compliance Failures Don’t Necessarily Mean AMLCOs will be Named

The good news is that Bennett reassured the attendees that the action against the AMLCO in this case was an exception and that FINRA is not out to get compliance officers. He insisted that FINRA carefully considers naming compliance officers and would rather not do it at all. FINRA has long stated that compliance officers who are doing their jobs and who take reasonable steps to address compliance issues will not be named in disciplinary actions. Bennett warned, however, that should senior executives ignore the calls of compliance officers for additional resources and compliance failures were the result of such decisions, FINRA would not hesitate to name them in an action.

Mitch Atkins is a consultant to broker-dealers, investment advisers and financial firms. He has over 23 years experience in the securities industry and is the founder and principal of FirstMark Regulatory Solutions based in Boca Raton, Florida.

Atkins in Forbes: Email and Social Media Compliance

Last month in New York, I was invited to speak with a group of broker-dealer compliance staff at an event about email and social media compliance. More specifically, and to be technically correct, we call this “supervision of electronic communications” and you can read all about it in FINRA Rule 3110(b)(4). There, I had the opportunity to speak with Forbes contributor, Joanna Belbey. Before the event, we had a good discussion on the FINRA 2016 examination priorities and more specifically, how they relate to email and social media compliance. You can read the interview by clicking here: Mitch Atkins Forbes. See the follow-up piece to this (Don’t ‘Set it and Forget it’) by clicking here: Mitch Atkins Forbes Part II.

Email and Social Media Compliance Decrypted

After having worked in regulation for nearly 20 years, working as a consultant to broker-dealers and investment advisers has been truly enlightening, particularly in understanding the perspective of the chief compliance officer. I have had the opportunity to help design, audit and improve systems of supervision for electronic communications. What has become evident in my recent work with consulting clients is that FINRA has been very active in its email and social media compliance reviews. Today, more than ever, the term electronic communications includes far more than email. In the past, firms could be relatively confident if they had a decent email compliance system and banned the use of social media. But today, if talented advisors are not permitted to use popular communication channels, they may work elsewhere – read: competitors.

For these reasons more employers are ensuring that they have top-notch supervisory controls in place to allow the use of communication channels advisors want. To that end, firms wanting to beef up compliance might consider the following:

  1. procedures – development of clear policies and procedures covering communications;
  2. technology – implementation of a cutting edge email and social media compliance platform (but be careful and remember that simply buying the system isn’t enough – FINRA recently published an AWC in which a Chief Compliance Officer was suspended for failing to implement such a system – see FINRA Case 2014039194102 – Feb. 23, 2016);
  3. personnel – ensuring that persons tasked with conducting email and social media compliance reviews are adequately trained and that adequate resources are devoted to conducting reviews;
  4. controls requiring annual compliance questionnaires in which advisors certify their compliance with policy and disclose all communication channels they use;
  5. testing – some firms are hiring summer interns to search advisor names against social media sites (and who is better at social media?).

And finally, your keyword flagging database is the key (no pun intended) to the effectiveness of your supervisory system. Make sure that the database is reviewed frequently, that it is dynamic and evolves with both the business of the firm and the changing times. See my LinkedIn article about that for more details.

Mitch Atkins is Founder and Principal of FirstMark Regulatory Solutions, a broker-dealer and investment advisor compliance consulting practice in Boca Raton, Florida. Contact Mitch at 561-948-6511.


Electronic Communication “Let’s Talk Supervision”

Compliance risks exist in your electronic communication. How will you effectively manage these risks? With the volume and velocity of information flowing through electronic communications channels, supervision has become a real challenge. Mitch Atkins presented at the Actiance Executive Briefing Series in New York on April 7, 2016 on how organizations can leverage their electronic communications applications to comply with regulatory requirements. Entitled, “Let’s Talk Supervision: Freedom with Responsibility” the talk took place at the Viceroy hotel in Midtown Manhattan. Among the topics discussed were:

  • FINRA 2016 examination priorities
  • Electronic communications requirements
  • Managing volume in supervisory reviews
  • Common challenges in managing reviews
  • Supervision of non-email content

Atkins discussed recent FINRA disciplinary actions that involved electronic communications rules violations, including two from the 1st quarter of 2016 in which FINRA named individuals, including a Chief Compliance Officer. CCOs are faced with many challenges from day to day and some of those include managing the review of electronic communications. During the presentation, Atkins stated that excessive volume, low value keywords, lack of training for reviewers and representatives, and insufficient internal controls contribute to failures in thia area. He emphasized that electronic communication channels are dynamic as is the language that is used through these channels. As such, supervisory systems related to electronic communications must also be dynamic. Keyword flagging databases must be updated frequently and should be developed with the input of the supervisors of the departments for which electronic communications are being monitored. Additionally, broker-dealers must develop and document that training has been conducted for associated persons who use electronic communications. He advised that systems of supervisory controls such as annual attestations by associated persons as to the electronic communications channels they use and that they understand the prohibition of using outside email or non-email channels for business communications. He recommended periodic testing of electronic communication channels to ensure that all are being captured in supervisory systems. He also queried the audience whether, in light of FINRA’s recent emphasis on culture of compliance, they know what culture is appearing in their electronic communications.

Electronic Communication Live Webinar

Additionally, Mitch Atkins was a featured presenter at the Actiance “From Supervision to Surveillance” webinar on April 12, 2016. This session also cover challenges in surveillance of electronic communication. View more information about the live webinar here. Another session will occur on May 5, 2016, and it is not too late to register.

Email Flagging Keywords Out of Date?

Do you Update your Email Flagging Keywords?

It is important to remember to periodically update your email flagging keywords if you use a monitoring system for electronic communications. Those systems, while powerful, are only as good as the dictionary of email flagging keywords used to call out a communication for review. Broker-dealers are required to supervise all communications relating to their investment banking or securities business, so says FINRA Rule 3110. Systems provided by Global Relay and SMARSH have the ability to call out electronic communications for review based on the parameters set by the system administrator. And a key element of an adequate supervisory system for reviewing communications is a robust set of email flagging keywords. Knowing the fine line about how much is too much is also important. Because a list that is too long and doesn’t use carefully thought-out lists of email flagging keywords will call out too many “false positives” for review, thus making the process ineffective.

To develop an effective list, consider conducting a thorough analysis of: 1) business lines and relevant keywords, 2) languages spoken by clients and employees, and 3) latest industry intelligence on terminology being used. It is important to understand that the manner in which we communicate, even in business, is constantly changing. For this reason, we must ensure that the supervisory systems and processes we use are updated in such a way as to remain relevant tools. The email flagging keywords list should be dynamic and should be the product of careful scrutiny and analysis.

FirstMark Regulatory Solutions is a broker-dealer and investment adviser compliance consulting firm based in Fort Lauderdale, Florida. FirstMark founder, Mitch Atkins, has written an article on LinkedIn, about email flagging keywords and some of the terms prosecutors and defense attorneys are using according to a September 2, 2015 article in Bloomberg Business. For more information or for help preparing your email flagging keyword list, contact Mitch Atkins at (561) 948-6511.