Proposed Rule

2024 | 2023 | 2022 | 2021 | 2020 | Show more years

PROPOSED AMENDMENTS
(additions are underscored and deletions are stricken through)

INTERPRETIVE NOTICE
NFA COMPLIANCE RULE 2-9:
FCM AND IB ANTI-MONEY LAUNDERING PROGRAM

The International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001, ("Title III"),1 which was signed into law on October 26, 2001, imposesd significant new anti-money laundering requirements on all "financial institutions," as so defined under the Bank Secrecy Act (BSA),2 including FCMs.3 In particular, Section 352 of Title III and NFA Compliance Rule 2-9(c) requires all financial institutions to establish anti-money laundering (AML) programs which, at a minimum, must include internal policies, procedures and controls; a designated compliance officer to oversee day-to-day operations of the program anti-money laundering surveillance; an ongoing training program for employees; and an independent audit function to test the program.

NFA's Board of Directors recently adopted NFA Compliance Rule 2-9(c) to impose these requirements on NFA Member FCMs and IBs.4 NFA recognizes, of course, that the exact form of program adopted by a Member will vary based on a Member's type of business, the size and complexity of its operations, the breadth and scope of its customer base, the number of firm employees, its risks and vulnerabilities to money-laundering and the firm's resources. Nevertheless, the Board believes that certain minimum standards must be a part of any adequate program. The purpose of this interpretive notice (Notice) is to highlight those minimum standards and provide Members with additional guidance on satisfying the requirements of Compliance Rule 2-9(c). Members must be aware, however, that the laws in this area are changing rapidly and that they need to conduct a regular review of their anti-money laundering program to ensure that the program is in compliance with any subsequent changes to the federal law or NFA Rules.

Many of the procedures discussed in the Notice are practices that firms may already employ in their businesses. In particular, bank or bank holding company-owned FCMs or IBs are already required to comply with certain components of the anti-money laundering programs of the banks. FCMs should may also have procedures in place related to deposits of cash or cash-like instruments and procedures to obtain identifying information on customers. FCMs and IBs should use their existing programs and procedures as the building blocks for their anti-money laundering compliance programs. Moreover, FCMs and IBs that are registered as broker-dealers under the federal securities laws are subject to similar anti-money laundering requirements. In most cases, programs that comply with requirements applicable to the securities industry will comply with the requirements of this Notice.

Money laundering occurs when funds from an illegal/criminal unlawful activity are moved through the financial system in such a way as to make it appear that the funds have come from legitimate sources. Money laundering usually follows three stages. First, cash or cash equivalents are placed into the financial system. Second, the money is transferred or moved to other accounts (e.g. futures accounts) through a series of financial transactions designed to obscure the origin of the money (e.g. executing trades with little or no financial risk or transferring account balances to other accounts). Finally, the funds are reintroduced into the economy so that the funds appear to have come from legitimate sources (e.g. closing a futures account and transferring the funds to a bank account). Trading accounts that are carried by FCMs are one vehicle that can be used to launder illicit funds. In particular, a trading account could be used to execute financial transactions that help obscure the origin of the funds. FCMs and IBs need to be aware of potential money laundering abuses that could occur in a customer account and implement a compliance program to, among other things, deter, detect and report potentially suspicious activity.

DEVELOPING POLICIES, PROCEDURES AND INTERNAL CONTROLS

The starting point for an FCM and IB is to adopt a policy statement that clearly outlines the firm's policy against money laundering and its commitment to follow all applicable laws and regulations to ensure that its business is not used to facilitate money laundering. The policy statement should also make clear that all employees of the firm have a responsibility to follow the firm's written anti-money laundering procedures and controls, and to abide by all applicable laws and regulations involving anti-money laundering programs. The policy statement also should discuss the consequences of not following these procedures. The firm's procedures and controls should enable appropriate personnel to form a reasonable belief that they know the true identity of each customer; recognize suspicious customers and transactions; and require personnel them to report suspicious or unusual activity to appropriate supervisory personnel, including senior management, and to FinCEN when appropriate. and The firm's procedures and controls should also ensure that the firm maintains an adequate audit trail to assist law enforcement agencies in any investigation. The key components of these policies, procedures and controls are discussed below.

A. Customer Identification Program and Verification

As part of its AML program, each FCM and IB Member must adopt a written customer identification program (CIP) that meets the requirements of the BSA.5 For purposes of the CIP requirements, a customer includes individuals or entities opening new accounts6 as of October 1, 2003. FCMs and IBs do not have to apply the CIP requirements to existing customers7 opening additional accounts provided the FCM or IB has a reasonable belief that it knows the true identity of the customer.8 In addition, CIP requirements for certain intermediated accounts, where the intermediary is the account holder, should focus on the intermediary, not the underlying participant or beneficiary. For example, in the case of an omnibus account where the intermediary is the account holder, the FCM should treat the intermediary as the customer and does not have to apply its CIP requirements to the underlying beneficiaries. See FIN-2006-G004, Frequently Asked Question Regarding Customer Identification Programs for Futures Commission Merchants and Introducing Brokers (31 CFR 103.123), February 14, 2006. Similarly, if an intermediary opens an account in the name of a collective investment vehicle such as a commodity pool, the FCM or IB is not required to apply its CIP to the pool's underlying participants.

As discussed more fully below, the CIP must include the following elements:

  • Required Identifying Information and Identity Verification Procedures
  • Recordkeeping Procedures
  • Comparison with Government List Procedures
  • Customer Notice Procedures
  • Reliance on Other Financial Institutions Procedures (if applicable)

Required Identifying Information and Identity Verification Procedures - These procedures should be designed to enable the FCM or IB to form a reasonable belief that it knows the true identity of each customer. In designing the procedures, the FCM or IB should consider the various types of accounts it maintains, the various account opening methods it uses, the various types of identifying information available and the firm's size, location and customer base.

Each CIP must specify the identifying information the FCM or IB will require from each customer. Although the type of identifying information a firm may require will vary based on, among other things, the nature of the firm's business and the type of customer, all firms must obtain certain minimum information prior to opening an account. For all customers, a firm must obtain the customer's name. For an individual, the firm must obtain the customer's date of birth and a residential or business address9 and for non-natural persons, the customer's principal place of business, local office or other physical location. For a U.S. person, a firm must obtain the customer's social security number or taxpayer identification number (TIN). For a non-U.S. person, the firm must obtain one or more of the following: a TIN, a passport number and country of issuance, an alien identification card number, or the number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. For a non-U.S., non-natural person, the firm must obtain a government issued identification number.10 A firm may also choose to include procedures that provide for an exception for a person who has applied for a TIN. The CIP must include procedures to confirm that the application was filed before the customer opens the account and to obtain the TIN within a reasonable period of time after the account is opened.

The CIP must also include risk-based procedures to verify the identity of each customer to the extent reasonable and practicable. Verification may occur within a reasonable time before or after the customer's account is opened.11 Accounts may be verified using documentary methods, non-documentary methods or a combination of both. The CIP, however, must describe under what circumstances the firm will use each of these methods. In addition, the CIP must identify situations where the firm will require additional verification based on the FCM's or IB's risk assessment of the new account.

Each firm's CIP should identify the documents that will be used for documentary verification. These documents may vary from firm to firm based on the firm's own risk-based analysis of the types of documents that it believes will enable it to verify customer identity. A firm is encouraged, however, to obtain more than one type of documentary verification to ensure that it has a reasonable belief that it knows its customer's true identity. Documents that would be appropriate for verification include, for an individual, an unexpired government-issued identification that evidences nationality or residence and bears a photograph or similar safeguard (e.g. driver's license or passport); and for a non-individual (e.g. corporation, partnership or trust), documents that show the existence of the entity, such as certified articles of incorporation, a government issued business license, a partnership agreement or a trust instrument. In most instances, once an FCM or IB verifies the identity of a customer through documentary evidence, the FCM or IB does not have to determine whether the document is valid. However, if the document shows an obvious indication of fraud, then the FCM or IB must determine whether the document is sufficient for the firm to form a reasonable belief that it knows the customer's true identity.

In some situations, it may be appropriate to use non-documentary methods in addition to or in lieu of documentary methods. For example, a firm may want to use non-documentary methods in addition to documentary methods when a firm is not familiar with the documentary evidence provided. Non-documentary methods in lieu of documentary methods may be appropriate when the account is opened over the Internet or telephone. If a firm will rely on non-documentary methods, the firm's CIP must describe the non-documentary methods that will be used. These procedures must address situations where an individual is unable to present an unexpired government issued identification document that bears a photograph or similar safeguard; the FCM or IB is not familiar with the documents presented; the account is opened without obtaining documents; the customer opens the account without appearing in person; or where the FCM or IB is otherwise presented with circumstances that increase the risk that the FCM or IB will be unable to verify the identity of a customer through documents. Appropriate non-documentary methods include contacting a customer; independently verifying the customer's identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database or other source; checking references with other financial institutions; or obtaining a financial statement. A firm may also want to examine whether there is a logical consistency between the customer's name, street address, ZIP code, telephone number, date of birth and social security number.

A firm's procedures should also include a mechanism to identify potentially high-risk accounts in the account opening process. Although attempts to launder money or finance terrorism can come from numerous sources, FCMs and IBs should be aware that certain types of entities or entities or individuals from certain geographic locations may pose a greater risk. FCMs and IBs should consult the Financial Action Task Force's (FATF) list of non-cooperative countries and territories (NCCT list)12 to determine whether a customer is from one of those countries or territories. If the customer is from one of the countries/territories identified on the NCCT list, the FCM or IB should determine what, if any additional due diligence is necessary in deciding whether to open the account, and if the account is accepted, what if any additional monitoring of the account activity is appropriate.

Accounts opened in the name of a corporation, partnership or trust that is created or conducts substantial business in a jurisdiction that has been designated by Treasury as a primary money laundering concern or has been designated as non-cooperative by FATF may pose additional risks. An FCM's and IB's CIP must also include additional procedures that address under what circumstances the firm will require, for a customer that is not an individual, information about individuals with authority or control over the account in order to verify the customer's identity. These procedures would be used only in situations where the FCM or IB is unable to adequately verify the customer's identity after using documentary and non-documentary methods.

Finally, there may be situations where an FCM or IB cannot form a reasonable belief that it knows the true identity of the customer. The firm's CIP must include procedures for handling this situation. At a minimum, these procedures should address: (1) when an account should not be opened; (2) the terms under which a customer may conduct transactions while the FCM or IB attempts to verify the customer's identity; (3) when an account should be closed after attempts to verify a customer's identity have failed; and (4) when the FCM or IB should file a Suspicious Activity Report (SAR) in accordance with applicable law and regulation.13

Recordkeeping Procedures - The firm's CIP must also describe the firm's recordkeeping policies regarding information and documents obtained during the identification and verification process. At a minimum, the CIP must require that a record be kept for: (1) all identifying information obtained from a customer; (2) either a copy or a description of any document that was relied on to verify identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date; (3) a description of the non-documentary verification methods or additional verification methods used and the results; and (4) a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. Although firms are required to keep a record of the identifying information, they do not have to maintain copies of the documents used to verify identity. However, if a firm elects to maintain copies of documents, then the copies themselves may serve as records of the identifying information that was relied upon to verify a customer's identity.

The CIP should also outline the firm's procedure for retaining records. FCMs and IBs must maintain a record of the identifying information collected from a customer for five years after the account is closed, and records of the description of the documents used to verify identity, description of the non-documentary methods or additional verification methods used and the results, and the resolution of any discrepancies for five years after the record is made.

Comparison with Government Lists Procedures - The firm's CIP must also include procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury in consultation with the Federal functional regulators. The firm's procedures must require the FCM or IB to make this determination within a reasonable period of time after the account is opened or earlier if required by another Federal law or regulation or Federal directive issued in connection with the applicable list. The CIP must also require the FCM or IB to follow all Federal directives issued in connection with such lists. No lists have yet been designated under the CIP rules.14

Customer Notice Procedures - An FCM's and IB's CIP must also include procedures that require the firm to provide customers with adequate notice that the firm is requesting information to verify their identity. An adequate notice describes the identification requirements of the final rule and provide notice in a manner reasonably designed to ensure that a customer is able to view the notice, or is otherwise given notice, before opening the account. For example, depending on how an account is opened, notice could be provided by the firm posting notice in its office lobby or on its website, including the notice on its account application or using other forms of oral or written notice.15

Reliance on Other Financial Institutions' Procedures - An FCM or IB may share a customer relationship with one or more financial institutions. For example, in the FCM/IB relationship, although the customer is a customer of both the FCM and IB, the IB often has primary contact with the customer. This type of relationship may give rise to circumstances where it would be appropriate for an FCM or IB to reasonably rely on the customer identification and verification procedures of another financial institution that has an account or similar relationship with the customer. If an FCM or IB intends to reasonably rely on another financial institution, it must specify in its CIP when the firm will satisfy its obligations by relying upon another financial institution (including an affiliate).

An FCM or IB may rely on another financial institution if: (1) the reliance is reasonable under the circumstances; (2) the other financial institution is subject to an AML compliance program requirement under the BSA and is regulated by a Federal functional regulator;16 and (3) the other financial institution enters into a contract requiring it to certify annually to the FCM or IB that it has implemented an AML program and that it will perform the specified requirements of its own CIP. If the FCM or IB meets these requirements, it will not be held responsible for the failure of the other financial institution to adequately fulfill the FCM's or IB's CIP obligations.

An FCM or IB may also delegate some or all CIP implementation to a third party service provider or an agent. In those instances, the FCM or IB should have a written agreement with the other entity outlining the other entity's responsibilities. Under these circumstances, however, the FCM or IB remains solely responsible for assuring compliance with the CIP requirements. As a result, if an FCM or IB delegates any of its CIP responsibilities, it should actively monitor the delegation, assure that the procedures are being conducted in an effective manner and ensure that NFA and other appropriate regulatory bodies are able to obtain information and records relating to the CIP.

An effective anti-money laundering compliance program must include "know your customer" procedures that ensure that the firm takes reasonable steps to identify and verify the identity of the owner of an account before transacting any business with the customer.17 Because NFA Compliance Rule 2-9(c) requires both FCMs and IBs to establish and implement anti-money laundering compliance programs, each such Member has an independent customer identification and verification obligation. NFA believes, however, that the interests of business efficiency and anti-money laundering effectiveness may best be served if FCMs and IBs cooperate with each other in order to meet their respective obligations. An FCM and an IB may allocate between themselves certain elements of their customer identification and verification procedures. For example, an IB may agree to use its direct relationship with the customer to obtain certain customer identification information and documentation, while an FCM may agree to use its automated systems to fulfill certain verification functions, such as checking customer names and addresses against government generated lists. Any such allocation agreement, however, must be clearly set forth in writing, and the FCM and IB must have a reasonable basis for believing that the other party is performing its required function. However, Treasury takes the position that any such allocation does not relieve either the FCM or the IB from its independent obligation to comply with applicable customer identification and verification rules or other applicable anti-money laundering rules. IBs and FCMs should also share with each other their customer identification/ verification information, to the extent necessary to meet their obligations.

Although the types of reliable information/documentation a firm should require before opening an account will vary based on, among other things, the nature of the business of the FCM or IB and the type of customer (e.g. corporation, trust, individual, etc.), the ultimate goal in obtaining this information should be to learn the true identify of the customer; the nature of the customer's business; and the intended purpose of the customer'' transactions.

Therefore, a firm should obtain certain minimum information. For all customers, a firm should obtain the customer's name and address and for non-natural persons, the customer's principal place of business. For an account of a U.S. person, a firm should obtain the customer's social security number or taxpayer identification number. For an account of a natural person that is not a U.S. person, a firm should obtain a current passport or other valid government identification document. Firm procedures should require that firm personnel obtain and maintain copies of any documents used to identify and verify the customer's identify and maintain those records in accordance with firm procedures and regulatory requirements.18

A firm's procedures should also include a mechanism to identify potentially high-risk accounts in the account opening process and devote additional resources to monitoring these accounts. Although attempts to launder money can come from numerous sources, FCMs and IBs should be aware that certain types of entities or entities from certain geographic locations are more vulnerable to money laundering. FCMs and/or IBs should consult government generated lists of high risk countries, restricted countries that are subject to sanctions by the Office of Foreign Assets and Control ("OFAC") and non-cooperative jurisdictions to determine whether a customer seeking to open an account is from one of those jurisdictions.19 If the customer is from one of the identified restricted, high risk or non-cooperative jurisdictions, the FCM and/or IB needs to determine what, if any, additional due diligence is necessary in deciding whether to accept the account and if the account is accepted, what, if any, additional monitoring of account activity is appropriate. OFAC also maintains a list of Specially Designated Nationals and Blocked Persons that identifies known or suspected terrorists or terrorist organizations. If the customer's name appears on this list, the firm needs to immediately report this to federal law enforcement.20

An FCM may carry and an IB may introduce accounts for other intermediated accounts, such as omnibus accounts and accounts for commodity pools and other collective investment vehicles. Traditionally, with respect to such intermediated accounts, the FCM or IB will have little or no contact with the underlying participants or beneficiaries. In general, the FCM and IB would be responsible for a risk-based analysis of the money laundering risks posed by the intermediary and the pool or other collective investment vehicle.21 In most instances, this risk-based analysis will result in the FCM or IB not having to conduct due diligence with respect to the underlying participants or beneficiaries.

FCMs may also carry accounts introduced or referred by a regulated intermediary located in a foreign jurisdiction. In those instances, the FCM must make a risk-based determination whether it can rely on the foreign intermediary's due diligence with respect to its customer. Some factors to consider in making this determination include whether the foreign intermediary is located in a FATF member jurisdiction; the FCM's historical experience with the foreign intermediary; and the intermediary's reputation in the investment business.

FCMs also execute transactions on a give-up basis, where the broker executing the trade has little or no contact with the underlying customer. The executing and carrying FCMs would be responsible for conducting a risk-based analysis of the money laundering risks posed by the transactions. In the vast majority of instances, this risk-based analysis will result in the FCM that carries the account being responsible for carrying out the customer identification and verification procedures.

B. Detection and Reporting of Suspicious Activity

Another essential component of an effective anti-money laundering compliance program is a set of systems and procedures designed to detect and require reporting of report suspicious activity. As with most components of a firm's compliance program, the manner in which a firm monitors for suspicious activity will vary based on the firm's size and the nature of its business.

For some firms, appropriate manual monitoring of transactions in excess of a certain dollar amount may constitute acceptable review for suspicious transactions, while other firms may need to implement an automated monitoring process. Although in some instances the carrying FCM may be in the best position to monitor accounts for suspicious transactions, an FCM or IB that is involved in the account opening process or the order flow process should be alert to suspicious transactions and, where appropriate, refuse to open an account or accept a suspicious order and report such suspicious activity to the carrying FCM and its DSRO FinCEN where required.22

Examples of suspicious transactions are those that have no business or apparent lawful purpose, are unusual for the customer, or lack any reasonable explanation. As discussed above, recognizing suspicious transactions requires familiarity with the firm's customers, including the customer's business practices, trading activity and patterns. What constitutes a suspicious transaction will vary depending on factors such as the identity of the customer and the nature of the particular transaction.

Since suspicious transactions may occur at the time an account is opened or at any time throughout the life of an account, FCMs and IBs must train appropriate staff to identify suspicious behavior during the account opening process and monitor cash activity and trading activity in order to detect unusual behavior transactions. Identifying suspicious activity may prove difficult and often requires subjective evaluation because the activity may be consistent with lawful transactions.

One area that firms should give heightened scrutiny is wire transfer activity. Monitoring of this area should include review of unusual wire transfers, including those that involve an unexpected or extensive number of transfers by a particular account customer during a particular period and transfers involving certain countries identified as high risk or non-cooperative.23

Firms should provide employees with examples of behavior or activity that should raise a "red flag" and cause further inquiry. These "red flags" may alert employees to possible suspicious activity. Some examples of "red flags" that could cause further investigation include:24

  • A customer exhibits an unusual level of concern for secrecy, particularly with regard to the customer's identity, type of business or source of assets;
  • A corporate customer lacks general knowledge of its own industry;
  • A customer is unconcerned with risks, commissions or other costs associated with trading;
  • A customer appears to be acting as an agent for another entity or individual but is evasive about the identity of the other entity or individual (except situations involving the identity of ownership interests in a collective investment vehicle);
  • A customer is from, or has accounts in a country identified as, a haven for bank secrecy, money laundering or narcotics production;
  • A customer engages in extensive, sudden or unexplained wire activity (especially wire transfers involving countries with bank secrecy laws);25
  • A customer engages in transactions involving more than $5,000 in currency or cash equivalents (in one transaction or a series of transactions in one or more days and in any number of accounts); and26
  • A customer makes a funds deposit followed by a request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose.

Monitoring accounts for suspicious activities is a fruitless activity without timely and effective follow-up and investigative procedures. Although the internal structure for reporting suspicious activities will vary from firm to firm, each firm's compliance program must require employees to promptly notify identified firm personnel of any potential suspicious activity. Appropriate supervisory personnel must evaluate the activity and decide whether the activity warrants reporting to its DSRO or FinCEN.27 In making this determination, an IB should consult with its carrying FCM.28

For transactions occurring after May 18, 2004, FCMs and IBs29 are required30 to file form SAR-SF31 with FinCEN to report suspicious transactions that are conducted, or attempted by, at, or through an FCM or IB, involve an aggregate of at least $5,000 in funds or other assets (not limited to currency), and the FCM or IB knows, suspects or has reason to suspect that the transaction or pattern of transactions:

  • Involves funds that come from illegal activity or are part of a transaction designed to conceal that the funds are from illegal activity;
  • Is designed, such as through structuring, to evade the reporting requirements of the BSA;
  • Does not appear to serve any business or apparent lawful purpose; or
  • Involves the use of the FCM or IB to facilitate a criminal transaction.32

FCMs and IBs are not required to file form SAR-SF for activity related to a robbery or burglary, provided the activity is reported to the appropriate law enforcement agency. FCMs and IBs are also relieved of the filing requirement for a violation of the Commodity Exchange Act, CFTC Regulations, Exchange or NFA rules that is otherwise required to be reported under the Commodity Exchange Act, CFTC regulations, Exchange or NFA rules committed by the FCM/IB or any of its officers, directors, employees or associated persons, provided that the activity is properly reported to the appropriate regulatory authority. If this activity also involves a violation of the BSA, a firm must file the form SAR-SF with FinCEN regardless of whether it has reported the activity to the CFTC or other appropriate regulator. If more than one FCM and/or IB is involved in a particular situation, firms may satisfy the filing requirement by filing one form, provided that the form contains all relevant information. The two firms involved in the transaction may consult with each other and share information, including the SAR-SF itself, to enable the firms to file a single report.33

Although the BSA and the implementing regulations prohibit an FCM or IB from sharing both the SAR itself and the fact that a SAR has been filed,34 firms may share a SAR with parent entities, both domestic and foreign, for the purpose of the parent entity fulfilling its obligation to review compliance by its subsidiaries in meeting the legal requirements to identify and report suspicious activity. FCMs and IBs, however, must have written confidentiality agreements or other arrangements in place specifying that the parent entity (or entities) must protect the confidentiality of the SARs through appropriate internal controls.35

C. Section 314(a) Information Requests36

FCM Members are also required to develop procedures to access and respond to FinCEN's 314(a) subject lists that are published bi-weekly on FinCEN's secure web-site.37 These lists identify individuals, entities or organizations that are suspected by various law enforcement agencies of engaging in money laundering or terrorist financing. FCMs are required to access FinCEN's secure website to obtain the most recent lists and search their records for any current accounts and accounts maintained by a named subject during the preceding 12 months and for transactions not linked to an account conducted by a named subject during the preceding 6 months. FCMs must report any matches to FinCEN through the web based system within the required time-frames (generally within 14 days of the lists being posted on the secure web-site). For matches involving an introduced account, FCMs should inform FinCEN or the appropriate law enforcement agency that the match involves an introduced account (and identify the IB) during any follow up conducted by FinCEN or the law enforcement agency. FCMs are not required to respond to FinCEN if no matches are found.

FCMs should maintain the following records to verify that they are complying with 314(a) request requirements: a record of the date of the request, the tracking numbers within the request, and the date the request was searched; and for positive matches, the date the match was reported to FinCEN. FCMs should also maintain information concerning the identified accounts and transactions in a positive match in a manner that can be easily accessed when requested by law enforcement.

FCMs are required to designate a point of contact (POC) person(s) for matters involving 314(a) and provide NFA with that information. Any changes to POC information must be immediately reported to NFA.38

D. Foreign Private Banking and Correspondent Accounts

FCMs and IBs are also required to establish due diligence programs for correspondent accounts established or maintained for foreign financial institutions (correspondent account rule) and private banking accounts established or maintained for non-U.S. persons (private banking rule).39

Correspondent Account Rule - As part of its anti-money laundering program, FCMs and IBs must establish a due diligence program that includes appropriate, specific, risk based, and where necessary, enhanced policies, procedures and controls that are reasonably designed to enable the FCM/IB to detect and report, on an ongoing basis, any known or suspected money laundering activity conducted through or involving any correspondent account40 established, maintained, administered or managed by the FCM or IB in the United States for the foreign financial institution. However, an IB that only solicits or accepts orders for the purchase or sale of commodity futures contracts does not establish, maintain or administer a correspondent account for the foreign financial institution and therefore is not subject to the requirements of Section 312. To the extent an IB performs additional services for the account, the IB may be administering or managing the correspondent account and would be subject to Section 312. Similarly, for give-up transactions involving correspondent accounts, the carrying FCM, and not the executing FCM, is subject to compliance with the due diligence provisions of the correspondent account rule.41

In assessing the risk presented by a correspondent account, FCM and IBs should consider a number of factors, as appropriate. These factors include: (1) the nature of the foreign financial institution's business and the markets it serves; (2) the type, purpose and anticipated activity of the correspondent account; (3) the nature and duration of the FCM's or IB's relationship with the foreign financial institution; (4) the anti-money laundering and supervisory regime in which the foreign financial institution is chartered or licensed; and (5) information known or reasonably available to the FCM or IB about the foreign financial institution's anti-money laundering record.42 The due diligence program should also require the FCM or IB to conduct a periodic review of the activity in the correspondent account.

Private Banking Rule - FCMs and IBs must also include in their AML program a due diligence program that includes policies, procedures and controls that are reasonably designed to detect and report any known or suspected money laundering or suspicious activity conducted through or involving any private banking account43 that is established, maintained, administered, or managed in the United States by the financial institution for a non-U.S. person. The due diligence program should ensure that FCMs and IBs take reasonable steps to (1) ascertain the identity of all nominal and beneficial owners of a private banking account; (2) ascertain whether any owner of the account is a senior foreign political figure; (3) ascertain the source(s) of funds deposited into a private banking account and the purpose and expected use of the account; and (4) review the activity of the account to ensure that it is consistent with the information obtained about the client's source of funds and with the stated purpose and expected use of the account.44

An FCM's/IB's due diligence program must include procedures for enhanced scrutiny of a private banking account where a senior foreign political figure is a nominal or beneficial owner. This scrutiny must be reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption.

An FCM's/IB's due diligence program should also include procedures for situations where the FCM/IB cannot perform appropriate due diligence with respect to a private banking account, including when the FCM/IB should refuse to open the account, suspend transaction activity, file a SAR or close the account.

E. Ongoing Compliance Responsibilities

Office of Foreign Asset Control - FCMs and IBs, like other financial institutions, also have obligations under regulations issued by the Office of Foreign Asset Control (OFAC). FCMs and IBs are currently restricted from engaging in certain transactions with individuals or entities located in countries that are under a sanction program administered by OFAC. If the customer is located in one of these countries, the FCM or IB needs to review the sanctioning document or contact OFAC to determine the breadth of the restrictions.45 FCMs and IBs are also required to block funds from individuals or entities identified on OFAC's list of Specially Designated Nationals and Blocked Persons (SDN list).46 If the customer's name appears on this list, the firm should immediately notify OFAC.47 To avoid violating the economic sanctions laws administered by OFAC, FCMs and IBs need to check the OFAC lists for new customers and also recheck their existing customer base against the lists when the lists are updated and new countries or Specially Designated Nationals and Blocked Persons are added to the lists. Otherwise FCMs and IBs risk violating the laws by engaging in prohibited transactions with persons who were not subject to sanction when they became customers, but became subject to sanctions later.

Section 311 Special Measures - Section 311 of the USA Patriot Act gives the Secretary of the Treasury the authority to designate a foreign jurisdiction, institution(s), class(es) of transactions, or type(s) of account(s) as a "primary money laundering concern" and to impose certain "special measures" with respect to such jurisdiction, institution(s), class(es) of transaction, or type(s) of account(s). FCMs and IBs should monitor FinCEN's website (www.fincen.gov) for information on foreign jurisdiction(s), institution(s), class(es) of transactions, or type(s) of account(s) that have been designated as a primary money laundering concern and any special measures that have been imposed.

F. C. Hiring Qualified Staff

It is also important for the firm to ensure that the individuals that staff areas that are susceptible to money-laundering schemes are trained to work in these is areas. A firm may also want to conduct background checks on key employees to screen employees for criminal or disciplinary histories.

G. D. Recordkeeping

An adequate compliance program for money laundering must also include written requirements on the types of records that should be maintained. The program also must specify where the records should be maintained and that, unless the BSA rules otherwise require, the records must be maintained in accordance with CFTC recordkeeping and record retention requirements under Regulation 1.31 (e.g., maintained for five years and be readily accessible for the first two years). The ultimate goal of the recordkeeping requirements is to provide an adequate audit trail for law enforcement officials investigating potential money laundering schemes.

DESIGNATION OF A COMPLIANCE OFFICER

NFA Compliance Rule 2-9(c) also requires that FCMs and IBs designate an individual or individuals to oversee the anti-money laundering program, including the firm's CIP. This person may be the compliance officer that is responsible for other compliance areas of the firm. Although the compliance officer need not be a designated principal or Associate Member, the person should ultimately report to the firm's senior management.

The firm must provide this compliance officer with sufficient authority and resources to effectively implement the firm's anti-money laundering program. Among other duties with respect to the firm's CIP and suspicious activity reporting, this person should:

  • Receive reports of suspicious activity from firm personnel;
  • Gather all relevant business information to evaluate and investigate suspicious activity; and
  • Determine whether the activity warrants reporting to senior management, and, if authorized to do so, the firm's DSRO or FinCEN.

Obviously, the person responsible for overseeing the anti-money laundering procedures should not be the same employee responsible for the functional areas where money-laundering activity may occur.

EMPLOYEE TRAINING PROGRAM

Another important component of NFA Compliance Rule 2-9(c) is the requirement that FCM and IB Members provide ongoing education and training for all appropriate personnel. This training program should include annual training on the firm's policies and procedures, the relevant federal laws and NFA guidance issued in this area. Firms should also maintain records to evidence their compliance with this requirement.

INDEPENDENT AUDIT FUNCTION

NFA Compliance Rule 2-9(c) also requires that FCM and IB Members48 provide for annual independent testing of the adequacy of their its anti-money laundering compliance programs. Most FCMs and IBs must conduct this independent testing annually. FCMs and IBs that engage solely in proprietary trading or are inactive, however, may satisfy this requirement by conducting the independent test every two years. All firms, however, are required to test the adequacy of their AML program more frequently than the minimum requirements if circumstances warrant.

A firm can may satisfy the this independent testing requirement with its own personnel (such as an internal audit staff) or others who do not perform or oversee AML functions that is independent of the personnel working in the areas that are exposed to potential money laundering or by hiring an outside party with experience with this type of auditing.49 In either circumstance, the audit function should test all affected areas to ensure that personnel understand and are complying with the anti-money laundering policies and procedures and that these policies and procedures are adequate. The results of any audit should be documented and reported to the firm's senior management or an internal audit committee or department, and follow up should be done to ensure that any deficiencies in the firm's anti-money laundering program are addressed and corrected.

ALLOCATION OF COMPLIANCE PROGRAM RESPONSIBILITIES50

NFA Compliance Rule 2-9(c) requires all FCMs and IBs to establish and implement anti-money laundering compliance programs. NFA recognizes, however, that given the inter-business relationships between and among some Members, the interests of business efficiency and anti-money laundering effectiveness may be best served if Members cooperate with each other in order to meet their respective obligations. Members may allocate between themselves elements of their anti-money laundering compliance programs. Any allocation agreement, however, must be clearly set forth in writing and any Member allocating anti-money laundering responsibilities to another Member must have a reasonable basis for believing that the other party is properly performing the required functions. Members should keep in mind, however, that Treasury takes the position that these allocation arrangements do not relieve an FCM or IB Member from its independent obligation to comply with anti-money laundering requirements.

CONCLUSION

Money-laundering schemes in the financial services industry lessen the public's faith in the integrity of the system. Therefore, NFA Members must ensure that they take adequate steps to identify and verify the identity of their customers and to detect, deter and report suspicious transactions that could be part of a money-laundering scheme.

The guidelines set forth in this Notice should provide FCMs and IBs with the tools needed to develop an effective anti-money laundering program. Member firms should keep in mind, however, that this is an evolving area and NFA expects to provide further guidance as additional requirements in this area are imposed.


1 Pub. L. 107-56, 115 Stat. 296, 324 (2001). This Act is Title III of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001.

2 31 U.S.C. 5311 et seq.. (2000). Title III amended the BSA, adding certain entities to the definition of financial institution. Regulations implementing the BSA can be found, for the most part, in Part 103 of Title 31 of the Code of Federal Regulations.

3 Title III also defines CPOs and CTAs as "financial institutions" under the BSA; however, the Secretary of the Treasury (Treasury) intends to temporarily deferred temporarily application of these requirements to certain financial institutions, including CTAs and CPOs, pending further review and analysis of the money laundering risks posed by these entities. On September 26, 2002, Treasury issued a proposed regulation that would require certain unregistered investment companies to develop and implement a written anti-money laundering program. Commodity pools are included in the definition of unregistered investment companies. See 67 FR 60617 (September 26, 2002). A final rule has not been issued. In addition, on May 5, 2003, Treasury issued a proposed regulation concerning anti-money laundering programs for certain CTAs. See 68 FR 23640 (May 5, 2003). A final rule has not yet been issued. NFA will issue separate anti-money laundering program guidance for CPOs and CTAs, at such time as they become subject to the requirements of section 352.

4 Although IBs are not explicitly defined as "financial institutions" under the BSA, We understand that Treasury has clarified will clarify that IBs fall are within the BSA's "financial institution" definition, which includes "a broker or dealer in securities or commodities." See 68 FR 25149 n.3 (May 9, 2003) based on its residual authority under 31 U.S.C.  5312 (a)(Y) and (Z). Treasury has requested that NFA include IBs in Rule 2-9(c) and the Notice.

5 See 31 U.S.C. 5318(l) and the implementing regulation jointly promulgated by Treasury and the CFTC at 31 CFR 103.123.

6 See 31 CFR 103.123(a)(1)(i)-(ii) for a definition of what does and does not constitute an account.

7 For purposes of these requirements, a customer with an existing securities account with a dually registered securities broker-dealer and FCM who elects to open a futures account with the dually registered firm may be treated as an existing customer of the firm.

8 See 31 CFR 103.123(a)(5)(i) for the complete definition of who is and who is not a customer. The rule specifically excludes (1) financial institutions regulated by a Federal functional regulator; (2) banks regulated by a state bank regulator; and (3) persons described in 31 CFR 103.123(d)(2)(ii)-(iv) (entities such as governmental agencies and instrumentalities and the domestic operations of a publicly traded company).

9 For an individual that does not have a residential or business street address, an Army Post Office or Fleet Post Office box number, or the residential or business street address of a next of kin or another contact individual should be obtained.

10 In situations where a foreign business or enterprise does not have an identification number, an FCM or IB must request alternative government issued documentation certifying the existence of the business or enterprise.

11 A reasonable amount of time may depend on various factors such as the type of account opened, whether the customer opens the account in person, and the type of identifying information that is available. A firm may choose to place limits on an account, such as restricting the number of transactions or the dollar value of transactions, until a customer's identity is verified. See Customer Identification Program for Futures Commission Merchants and Introducing Brokers, 67 FR 48328, 48333 (July 23, 2002). A firm should also keep in mind the regulations of Treasury's Office of Foreign Assets Control (OFAC) (see 31 CFR Part 500 et.seq.) prohibiting transactions involving designated foreign countries, their nationals, and other specially designated persons. See Customer Identification Programs for Futures Commission Merchants and Introducing Brokers, 68 FR 25149, 25154 (May 9, 2003).

12 FATF is an inter-governmental body whose purpose is the development and promotion of policies, both at national and international levels, to combat money laundering. FATF publishes a list of non-cooperative countries/territories in the fight against money laundering. This list can be found at http://www.fatf-gafi.org.

13 See Section B of this Notice for details regarding SARs.

14 Firms are required to comply with OFAC's list of blocked persons, restricted countries and specially designated nationals, for example, which can be found at www.ustreas.gov/ofac. Firms should also establish policies and procedures for consulting such lists and other publicly available information as part of their anti-money laundering programs. See, e.g., In the Matter of the Federal Branch of Arab Bank PLC, No. 2005-2 at 5,7, available at www.fincen.gov/reg-enforcement.html. However, firms do not have an affirmative duty to seek out the lists of known or suspected terrorists or terrorist organizations issued by the Federal government under the CIP rules. Firms will receive notification by separate guidance regarding the lists they must consult for CIP purposes.

15 If appropriate, an FCM or IB may use the following sample language to provide notice to its customers:

    Important Information About Procedures For Opening a New Account

    To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify and record information that identifies each person who opens an account.

    What this means for you: When you open an account, we will ask you for your name, address, date of birth and other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents.

16 Currently, these financial institutions include banks, broker-dealers, FCMs and IBs. Regulations have been proposed that would require CTAs and IAs to adopt an AML compliance program. FCMs and IBs may rely upon these financial institutions to carry out the CIP pending the issuance of final CTA and IA AML program rules provided that the other reliance requirements noted above are satisfied. (See CFTC No Action Letter 05-50 (March 14, 2005)).

17 Clearly, the focus of these procedures is different from the focus of NFA Compliance Rule 2-30. Rule 2-30's purpose is to gather sufficient information on futures customers who are individuals to ensure that adequate risk disclosure is provided. The procedures under Rule 2-9, by contrast, are focused on learning the true identity of the account owner.

18 Section 326 of Title III requires the Secretary to issue rules jointly with the CFTC that will require "financial institutions," so as defined, to implement customer identification and verification procedures. FCMs and IBs are specifically advised to conduct a regular review of the relevant federal laws, and guidance issued in this area by NFA, to ensure that they are in full compliance with Section 326 and any other customer identification and verification requirements under the BSA.

19 The following organizations circulate lists of high-risk countries or non-cooperative jurisdictions: The Financial Action Task Force ("FATF") http://wwwl/.oecd.org/fatf and U.S. Department of the Treasury's Financial Crimes Enforcement Network ("FinCEN") http://www.ustreas.gov/fincen/.

20 OFAC's list of blocked persons, restricted countries and specially designated nationals can be found at http://www.ustreas.gov/ofac/. Executive Order 13224, (66 F.R. 49079 (Sept. 23, 2001)), prohibits transactions with blocked persons. See, e.g., 66 F.R. 54404 (Oct. 26, 2001).

21 However, Section 356(c)(4) of Title III requires the Secretary to submit a report to Congress by no later than October 26, 2002 containing recommendations on whether certain personal holding companies should be treated as financial institutions and whether such companies also should be required to disclose their beneficial owners when opening accounts or initiating funds transfers at any domestic financial institution.

22 Although dually registered broker-dealer/ FCMs are required to file a Suspicious Activity Report ("SAR") with FinCEN for suspicious activity involving securities accounts and transactions, this Notice does not require broker-dealer/FCMs to file a SAR for suspicious activity involving futures accounts or transactions. However, this Notice does require FCMs and IBs to make reports of suspicious activities to their DSRO, or, in lieu of reporting this information to their DSRO, firms may comply with this requirement by voluntarily filing a SAR with FinCEN. Firms that voluntarily file a SAR with FinCEN are immune from liability for disclosures made in the form SAR-SF. See 31 U.S.C. Section 5318(g)(3). Firms that voluntarily report about a suspicious transaction may not notify the person involved in the transaction that the transaction has been reported. Id. at 5318(g)(2). It should be noted that FCMs and IBs likely will be subject to requirements similar to broker-dealer SAR reporting requirements in the near future, and additional guidance will be provided at that time if necessary. See Title III, Pub. L. 107-56, Section 356(b), 115 Stat. 296, 324 (2001).

23 [Should be fn 17] See supra note 12.

24 [Should be fn 18] Each firm should determine whether it needs to develop additional "red flags" based on the nature of its customers and its business.

25 [Should be fn 19] Although alternative means of funding an account, such as credit cards and non-bank online remittance systems, e.g. PayPal, are not common in the futures industry, firms that accept such forms of payment should determine if their use by a customer, like suspicious wire activity, raises a "red flag" that should cause further inquiry.

26 [Should be fn 20] If a customer engages in a transaction or series of related transactions that involves more than $10,000 in currency or cash equivalents, the firm must report this information to FinCEN and the Internal Revenue Service ("IRS") by filing a Form 8300 with the IRS. A firm may voluntarily file Form 8300 for a transaction that does not exceed $10,000 if it appears that a customer is structuring a transaction to avoid triggering the firm's requirement to file Form 8300 or there is any indication of illegal activity. FinCEN has added FCMs and IBs to the "financial institution" definition in the rules under the BSA, thereby making them subject to the requirement to file currency transaction reports in lieu of Form 8300, See 68 FR 65392 (November 20, 2003). FCMs and IBs are also required to comply with BSA recordkeeping and reporting requirements set forth in 31 CFR 103.33, including the requirements regarding requests by customers for transfers and transmittals of funds in the amount of $3,000 or more.

27 See supra note 10.

28 [Should be fn 21] FCMs and IBs that comply with 31 CFR 103.110, which includes an annual notice filing and verification requirement, are immune from civil liability for sharing information for the purpose of detecting, identifying, or reporting activities involving possible money laundering or terrorist activities. This notice can be accessed at http://www.fincen.gov/fi_infoappb.html.

29 [Should be fn 22] Broker dealers that are notice registered for purposes of offering security futures products are required to comply with the reporting requirements in the securities industry. Dually registered firms may comply with these requirements or the securities industry's requirements. See 67 FR 44048 (July 1, 2002) for these requirements.

30 [Should be fn 23] Firms are encouraged to file form SAR-SF for suspicious activity that is not required to be reported (e.g. a transaction falling below the $5,000 threshold).

31 [Should be fn 24] A copy of form SAR-SF and the filing instructions are available at www.fincen.gov.

32 [Should be fn 25] See 31 CFR 103.17 for a copy of the final regulation.

33 [Should be fn 26] Firms jointly filing a single SAR-SF are immune from liability with respect to such filing as provided at 31 CFR 103.17(f).

34 [Should be fn 27] FCMs and IBs are not prohibited from sharing or disclosing the existence of a SAR to appropriate law enforcement agencies or regulatory agencies, including the CFTC, NFA and other self-regulatory organizations of which they are members.

35 [Should be fn 28] FCMs and IBs may not share SARs with non-parent entity affiliates. FinCEN and the CFTC, however, are expected to issue additional guidance on this matter in the future.

36 [Should be fn 29] Although Section 314(a) applies to IBs, FinCEN currently does not routinely require IBs to conduct 314(a) searches. FinCEN has the authority to require IBs to comply with Section 314(a) in whole or with respect to a particular request. If FinCEN requests IBs to begin conducting 314(a) searches or to comply with a particular request, IBs would be required to conduct the search or searches.

37 [Should be fn 30] If a firm does not have electronic access to FinCEN's secure web-site, FinCEN faxes the subject lists to the firm on a bi-weekly basis. This firm is required to conduct the same searches and report any matches to FinCEN via fax.

38 [Should be fn 31] FCMs are directed to follow the detailed instructions and frequently asked questions concerning these information requests that have been issued directly to them by FinCEN.

39 [Should be fn 32] See 71 Fed. Reg. 496 (January 4, 2006). See also FIN-2006-G009 - Application of the Regulations Requiring Special Due Diligence Programs for Certain Foreign Accounts to Securities and Futures Industries, May 10, 2006.

40 [Should be fn 33] Correspondent accounts include accounts for foreign financial institutions to engage in futures or commodity options transactions, funds transfers, or other financial transactions, whether for the financial institution or principal or for its customers. An account includes any formal relationship established by an FCM to provide regular services, including but not limited to, those established to effect transactions in contracts of sale of a commodity for future delivery, options on a commodity or options on futures. 31 CFR 103.175(d)(2)(iii).

41 [Should be fn 34] See FIN-2206-G011, Application of the Regulations Requiring Special Due Diligence Programs for Certain Foreign Accounts to Certain Introduced Accounts and Give-Up Arrangements in the Futures Industries, June 7, 2006.

42 [Should be fn 35] See 31 CFR 103.176(a)(2).

43 [Should be fn 36] A private banking account is an account (or any combination of accounts) that (1) requires a minimum aggregate deposit of funds or other assets of not less than $1,000,000; (2) is established on behalf of one or more individuals who have a direct or beneficial ownership interest in the account; and (3) is assigned to, or is administered or managed by, in whole or in part, an officer, employee, or agent of a financial institution acting as a liaison between the financial institution and the direct or beneficial owner of the account.

44 [Should be fn 37] See 31 CFR 103.178(b).

45 [Should be fn 38] OFAC administers sanction programs against a number of foreign countries. A list of these countries and the sanctioning documents can be found at http://www.ustreas.gov/offices/enforcement/ofac

46 [Should be fn 39] OFAC's SDN list identifies individuals and entities owned or controlled by, or acting for or on behalf of targeted countries, or known or suspected terrorists or terrorist organizations. This list and information on how to handle matches can be found at http://www.ustreas.gov/offices/enforcement/ofac.

47 [Should be fn 40] In addition, if a customer attempts to wire transfer money to or receive money from a country under a sanction program or an entity or individual on the SDN list, the firm should contact OFAC immediately.

48 [Should be fn 41] Although guarantor FCMs may conduct this audit for any of their guaranteed IBs, the IB's senior management must review the scope of the audit and its findings and take corrective action where necessary.

49 [Should be fn 42] For small firms with limited staff, the audit function can be accomplished by a staff person who is not involved in the anti-money laundering program.

50 [Should be fn 43] This discussion does not apply to reliance arrangements that meet the requirements discussed under the customer identification program section of this interpretive notice.

Subscribe to NFA Email Communications