1. What is an Anti-Money Laundering Program?
An anti-money laundering (AML) program is a set of procedures designed to guard against someone using the firm to facilitate money laundering or terrorist financing. The main components that must be included are: 1) internal policies, procedures, and controls reasonably designed to assure compliance with the Bank Secrecy Act and implementing regulations; 2) appointment of a designated compliance officer to oversee the program's day-to-day operations; 3) an ongoing training program; and 4) an independent audit. See NFA Compliance Rule 2-9(c) and the Interpretive Notice 9045 for more details.What is an Anti-Money Laundering Program?
2. What types of Members need to have an AML program?
Each FCM and IB must develop and implement an AML program.What types of Members need to have an AML program?
3. What must a Member's internal policies, procedures, and controls cover?
A Member's policies, procedures, and controls should include a customer identification program; procedures to monitor for and report suspicious customers and transactions; procedures to respond to Section 314(a) information requests; due diligence programs for certain correspondent and private banking accounts; and procedures to comply with the Office of Foreign Assets Control's rules and with Section 311 Special Measures. See the Interpretive Notice 9045 for more information.What must a Member's internal policies, procedures, and controls cover?
4. What is a customer identification program (CIP)?
A customer identification program is a set of procedures that are designed to enable a Member to have a reasonable belief that it knows the true identity of each of its customers. The CIP must list the identifying information the Member will collect and include procedures covering 1) verifying the identifying information; 2) recordkeeping; 3) comparing customer names and information with certain goverment lists; 4) customer notices; and 5) relying on other Members to conduct all or part of the firm's CIP (if applicable). See the Interpretive Notice 9045 for more information.What is a customer identification program (CIP)?
5. Does my firm have to apply the CIP to existing customers that open a new account?
No, provided the Member has a reasonable belief that it knows the customer’s true identity.Does my firm have to apply the CIP to existing customers that open a new account?
6. My firm is also registered as a broker-dealer. If a customer with a securities account decides to open a futures account, must we apply the CIP?
No. The customer may be treated as an existing customer.My firm is also registered as a broker-dealer. If a customer with a securities account decides to open a futures account, must we apply the CIP?
7. Where do I find the government lists of known or suspected terrorists or terrorist organizations?
The Treasury Department has not yet issued any lists under the CIP rules. Treasury will notify financial institutions if and when it issues these lists.Where do I find the government lists of known or suspected terrorists or terrorist organizations?
8. What is FATF and its Public Statement on Jurisdictions with AML/CFT Deficiencies?
The Financial Action Task Force, known as FATF, is an inter-governmental body that develops and promotes policies to combat money-laundering. FATF publishes public statements on jurisdictions with strategic anti-money laundering and combating the financing of terrorism deficiencies (AML/CFT). Members should consult these public statements, located at www.fatf-gafi.org to determine whether a customer is from one of these jurisdictions and, if so, the Member must determine whether, and what, additional due diligence is necessary for that customer.What is FATF and its Public Statement on Jurisdictions with AML/CFT Deficiencies?
9. What are the OFAC lists?
The Office of Foreign Assets Control, known as OFAC, maintains a list of Specially Designated Nationals and Blocked Persons (SDN list), available at www.ustreas.gov/offices/enforcement/ofac/sdn. Members may not accept funds from individuals or entities on this list. As a result, FCMs and IBs must check new customers against the list and must check existing customers against it whenever it is updated.
OFAC also administers a number of economic sanction and embargo programs that target geographic regions and governments, and this information is available at www.ustreas.gov/offices/enforcement/ofac/programs. Members should review new and existing customers to determine if any customers are located in countries under sanction programs and, if so, whether the sanctions affect the Member’s ability to do business with those customers.What are the OFAC lists?
10. How does an FCM update its point of contact ("POC") information for purposes of Section 314(a) information requests?
FCMs must immediately notify NFA of any changes to their POC information. To change this information, the FCM Member must send an email to firstname.lastname@example.org with the following information: Member name, NFA ID#, POC’s name and title, mailing and email addresses, telephone number, and fax number.How does an FCM update its point of contact ("POC") information for purposes of Section 314(a) information requests?
11. When am I required to file a Suspicious Activity Report (SAR)?
FCMs and IBs must file form SAR to report suspicious transactions that are conducted or attempted by, at, or through the firm and involve an aggregate of at least $5,000 in funds or other assets (not limited to currency). A transaction is suspicious if the Member knows, suspects, or has reason to suspect that the transaction or pattern of transactions: 1) involves funds that come from illegal activity or are part of a transaction designed to conceal that the funds are from illegal activity; 2) is designed, such as through structuring, to evade the reporting requirements of the Bank Secrecy Act; 3) does not appear to serve any business or apparent lawful purpose; or 4) involves the use of the FCM or IB to facilitate a criminal transaction. In most instances, the SAR is due within 30 days after the firm becomes aware of the suspicious transaction.When am I required to file a Suspicious Activity Report (SAR)?
12. How do I file form SAR?
SARs must be e-filed through the BSA E-Filing System. Go to http://bsaefiling.fincen.treas.gov/main.html to register.How do I file form SAR?
13. If I uncover a suspicious transaction that involves less than $5,000, should I file a SAR?
FinCEN encourages firms to file SAR for any suspicious transactions or activities even if filing is not required.If I uncover a suspicious transaction that involves less than $5,000, should I file a SAR?
14. If I receive a subpoena to produce a copy of a SAR, should I produce it?
No. Bank Secrecy Act regulations prohibit a firm from sharing a copy of a SAR or disclosing any information that would reveal the existence of a SAR, except under certain limited situations. If you receive a subpoena for a SAR, you should not produce it but should immediately contact FinCEN regarding the matter.If I receive a subpoena to produce a copy of a SAR, should I produce it?
15. May I share a SAR with an affiliate?
Yes, under certain circumstances. A firm may share a SAR with a parent entity, both domestic and foreign, for the purpose of the parent entity fulfilling its oblication to review for compliance by its subsidiaries with respect to suspicious activity reporting. The firm, however, must have a written confidentiality agreement or other arrangement with the parent specifying that the parent entity must protect the confidentiality of the SAR through appropriate internal controls. Firms may also share a SAR with an affiliate, provided the affiliate is subject to a SAR regulation issued by FinCEN or other regulatory agency.May I share a SAR with an affiliate?
16. Does the firm's AML Compliance Officer need to be a designated principal or an Associate Member of the firm?
No. However, the individual must have sufficient authority and resources to effectively implement the AML program and must report to the firm’s senior management.Does the firm's AML Compliance Officer need to be a designated principal or an Associate Member of the firm?
17. Are all employees of the firm required to have AML training?
No. The firm must provide annual training to those employees who work in or oversee areas that are susceptible to money laundering.Are all employees of the firm required to have AML training?
18. Do all FCMs and IBs need an annual audit of the AML program?
Most FCMs and IBs must conduct an audit at least every twelve months. FCMs and IBs that engage solely in proprietary trading or that are inactive may conduct the audit every two years.Do all FCMs and IBs need an annual audit of the AML program?
19. Can another Member perform our AML duties for us?
A firm may allocate some of its AML responsibilities to another Member as long as the details of the allocation are set forth in writing. The firm must also have a reasonable basis for believing that the other party is properly performing the required functions. If the other firm does not perform the functions properly, however, your firm remains liable for the failure.Can another Member perform our AML duties for us?
20. Can we use a non-Member to perform our CIP duties for us?
A Member may delegate some or all of its CIP duties to a third party service provider as long as there is a written agreement with the third party service provider that outlines its responsibilities. The FCM or IB remains solely responsible for ensuring compliance with CIP requirements, so the firm should activily monitor the delegation to ensure that the CIP procedures are being conducted effectively.
An FCM or IB may also enter into a reliance agreement with another financial institution where the FCM or IB relies upon the other financial institution to conduct some or all of its CIP. The FCM or IB will not be held responsible for the other financial institution’s failure to adequately meet the CIP obligations if 1) the FCM’s or IB’s reliance is reasonable under the circumstances; 2) the other financial institution is subject to an AML compliance requirement under the Bank Secrecy Act and is regulated by a Federal functional regulator; and 3) the other financial institution enters into a contract with the Member requiring the other institution to certify annually to the Member that it has implemented an AML program and that it will perform the specified requirements of its own CIP.Can we use a non-Member to perform our CIP duties for us?