Firm’s IT System Resulted in AML Failures and $1.5 Million Fine
A large broker-dealer agreed to pay a $1.5 Million fine for failing to conduct required customer identification over a 9-year period as a result of a flaw in its technology platform. According to FINRA, the firm’s system recycled client identifiers, which the system identified as clients for whom the firm had already conducted the required AML due diligence. As a result, the firm failed to conduct customer-identity verification for nearly 220,000 accounts. The firm’s compliance testing caught the problem. Brad Bennett, FINRA’s Executive Vice President and Chief of Enforcement, said, “Firms must be vigorous in the testing of their electronic systems to ensure they are operating correctly, including those designed to ensure compliance with critical aspects of the AML rules. While the firms eventually discovered the flaw in their own systems, it took far too long, resulting in hundreds of thousands of accounts to open and often close without the required identification process ever taking place.”
OUR TAKE: We believe that regulatory risk increases with big firms because of potential disconnections between IT and compliance. Firms should consider hiring an outside consulting firm that can assess the IT regulatory risk or hire somebody with this unique experience.