Anti-Money Laundering (AML) Programs FAQs

An anti-money laundering (AML) program is a set of procedures designed to guard against someone using the firm to facilitate money laundering or terrorist financing. The main components that must be included are:

  • Internal policies, procedures, and controls reasonably designed to assure compliance with the Bank Secrecy Act and implementing regulations;
  • Appointment of a designated compliance officer to oversee the program's day-to-day operations;
  • Ongoing training program;
  • Independent audit. 

See NFA Compliance Rule 2-9(c) and Interpretive Notice 9045 for more details.

Each FCM and IB must develop and implement an AML program.

A Member's policies, procedures, and controls should include a customer identification program; procedures to monitor for and report suspicious customers and transactions; procedures to respond to Section 314(a) information requests; due diligence programs for certain correspondent and private banking accounts; and procedures to comply with the Office of Foreign Assets Control's rules and with Section 311 Special Measures. See Interpretive Notice 9045 for more information.

A customer identification program (CIP) is a set of procedures that are designed to enable a Member to have a reasonable belief that it knows the true identity of each of its customers. The CIP must list the identifying information the Member will collect and include procedures that cover:

  • Verifying the identifying information;
  • Recordkeeping;
  • Comparing customer names and information with certain government lists;
  • Customer notices; and
  • Relying on other Members to conduct all or part of the firm's CIP (if applicable).

See Interpretive Notice 9045 for more information.

No, provided the Member has a reasonable belief that it knows the customer’s true identity.

The Treasury Department has not yet issued any lists under the CIP rules. Treasury will notify financial institutions if and when it issues these lists.

The Financial Action Task Force, known as FATF, is an inter-governmental body that develops and promotes policies to combat money-laundering. FATF publishes public statements on jurisdictions with strategic anti-money laundering and combating the financing of terrorism deficiencies (AML/CFT). Members should consult these public statements, located at to determine whether a customer is from one of these jurisdictions and, if so, the Member must determine whether, and what, additional due diligence is necessary for that customer.

The Office of Foreign Assets Control (OFAC) maintains a list of Specially Designated Nationals and Blocked Persons (SDN list), available at Members may not accept funds from individuals or entities on this list. As a result, FCMs, RFEDs and IBs must check new customers against the list and must check existing customers against it whenever it is updated.

OFAC also administers a number of economic sanction and embargo programs that target geographic regions and governments, and this information is available at Members should review new and existing customers to determine if any customers are located in countries under sanction programs and, if so, whether the sanctions affect the Member’s ability to do business with those customers.

FCMs must immediately notify NFA of any changes to their point of contact (POC) information. To change this information, the FCM Member must send an email to with the following information: Member name, NFA ID, POC’s name and title, mailing and email addresses, telephone number, and fax number.

FCMs and IBs must file form SAR to report suspicious transactions that are conducted or attempted by, at, or through the firm and involve an aggregate of at least $5,000 in funds or other assets (not limited to currency). A transaction is suspicious if the Member knows, suspects, or has reason to suspect that the transaction or pattern of transactions:

  • Involves funds that come from illegal activity or are part of a transaction designed to conceal that the funds are from illegal activity
  • Is designed, such as through structuring, to evade the reporting requirements of the Bank Secrecy Act
  • Does not appear to serve any business or apparent lawful purpose
  • Involves the use of the FCM or IB to facilitate a criminal transaction.

In most instances, the SAR is due within 30 days after the firm becomes aware of the suspicious transaction.

SARs must be e-filed through the BSA E-Filing System. Go to to register.

FinCEN encourages firms to file SAR for any suspicious transactions or activities even if filing is not required.

No. Bank Secrecy Act regulations prohibit a firm from sharing a copy of a SAR or disclosing any information that would reveal the existence of a SAR, except under certain limited situations. If you receive a subpoena for a SAR, you should not produce it but should immediately contact FinCEN regarding the matter.

Yes, under certain circumstances. A firm may share a SAR with a parent entity, both domestic and foreign, for the purpose of the parent entity fulfilling its obligation to review for compliance by its subsidiaries with respect to suspicious activity reporting. The firm, however, must have a written confidentiality agreement or other arrangement with the parent specifying that the parent entity must protect the confidentiality of the SAR through appropriate internal controls. Firms may also share a SAR with an affiliate, provided the affiliate is subject to a SAR regulation issued by FinCEN or other regulatory agency.

No. However, the individual must have sufficient authority and resources to effectively implement the AML program and must report to the firm’s senior management.

No. The firm must provide annual training to those employees who work in or oversee areas that are susceptible to money laundering.

Most FCMs and IBs must conduct an audit at least every twelve months. FCMs and IBs that engage solely in proprietary trading or that are inactive may conduct the audit every two years.

A firm may allocate some of its AML responsibilities to another Member as long as the details of the allocation are set forth in writing. The firm must also have a reasonable basis for believing that the other party is properly performing the required functions. If the other firm does not perform the functions properly, however, your firm remains liable for the failure.

A Member may delegate some or all of its CIP duties to a third party service provider as long as there is a written agreement with the third party service provider that outlines its responsibilities. The FCM or IB remains solely responsible for ensuring compliance with CIP requirements, so the firm should actively monitor the delegation to ensure that the CIP procedures are being conducted effectively.

An FCM or IB may also enter into a reliance agreement with another financial institution where the FCM or IB relies upon the other financial institution to conduct some or all of its CIP. The FCM or IB will not be held responsible for the other financial institution’s failure to adequately meet the CIP obligations if:

  • The FCM’s or IB’s reliance is reasonable under the circumstances;
  • The other financial institution is subject to an AML compliance requirement under the Bank Secrecy Act and is regulated by a Federal functional regulator; and
  • The other financial institution enters into a contract with the Member requiring the other institution to certify annually to the Member that it has implemented an AML program and that it will perform the specified requirements of its own CIP.