CDD best practices for broker-dealers

Between 2016 and 2022, broker-dealers suffered significant penalties – some in the millions – for customer due diligence failures. These fines have made it clear that firms dealing in securities are not exempt from global anti-money laundering (AML) regulators’ scrutiny. Even if a firm believes it is carrying out its AML program diligently and regulators have performed their annual review, enforcement action can be taken if a further inspection reveals deficiencies. 

With a volatile global economic and sanctions environment piling further pressure on compliance teams, this article explores risks, regulatory guidance, and customer due diligence (CDD) best practices for broker-dealers.

Broker-dealer regulation: Compliance enforcement trends

Enforcement actions against broker-dealer firms have been trending as regulators worldwide refine their requirements and emphasize the importance of enforcement. In December 2022 alone, Financial Industry Regulatory Authority (FINRA) penalties against firms amounted to over $7 million. $4.5 million of this total is attributable to several large financial institutions for compliance deficiencies spanning more than five years. 

These enforcement actions addressed a variety of infractions, but firms regularly face fines for inadequate CDD practices. With these regulatory trends in mind, broker-dealers should take a close look at their current CDD processes and optimize them according to up-to-date risk assessments.

Broker-dealer best practices: Customer due diligence 

The first step in creating a risk-based CDD framework should be to establish a quantitative customer risk ranking system. Every customer risk assessment should cover categories tailored to the broker-dealer’s unique risk appetite. Firms should be sure their system considers financial information, source of wealth, occupation, banking information, and the length of the relationship, as well as: 

• The type of account – Account type categories should consider the possibility of higher risk in accounts with more opaque ownership and control structures. For example, all else being equal, individual and joint accounts are generally assigned a lower risk score than a legal entity account in an offshore location – or an entity registered in one country but located in another. 
• Geographical factors – This includes legal residence, current residence, and whether the country of citizenship is in a prohibited, high-risk, medium-risk, or low-risk location. Although geographical factors do indicate the level of risk, they may also affect other risk factors. For example, a high-risk geographic location may increase risks related to banking .
• Publicly available information – This includes public beneficial ownership registers alongside negative news/adverse media.

Firms will likely include other factors based on their situation and jurisdiction. 

Risk scores help teams identify customers needing enhanced due diligence (EDD). For example, a customer’s occupation might designate them as a politically exposed person (PEP). These individuals may present a higher risk of receiving the proceeds of corruption or other illegal activity. But the level of risk associated with PEPs varies, so teams should base their decision on all risk factors taken together in context. EDD can, in turn, be used to inform a more nuanced and dynamic customer due diligence framework and an improved ability to detect suspicious activity.

Regulatory guidance on CDD

CDD guidance varies jurisdictionally but still overlaps significantly. Both FinCEN and FINRA align their requirements with Financial Action Task Force (FATF) guidance. All three emphasize establishing the nature and purpose of customer relationships – and ultimate beneficial ownership for legal entities. They also emphasize ongoing monitoring as an integral part of robust due diligence. FinCEN’s CDD rule defines a “beneficial owner” as either of the following: 

• Each individual who directly or indirectly owns 25% or more of the equity interests of a legal entity customer. 
• A single individual with significant responsibility to control, manage or direct a legal entity customer, including an executive officer or senior manager or any other individual who regularly performs similar functions.

And the FATF further clarifies: “Only a natural person can be an ultimate beneficial owner, and more than one natural person can be the ultimate beneficial owner of a given legal person or arrangement.” This means that when tracing ultimate beneficial ownership, firms cannot stop when they find company stakeholders owning 25% or more. Since only individuals count as beneficial owners, a firm’s due diligence would not be complete until they had followed the trail of 25% or greater ownership all the way back to individual stakeholders. Broker-dealers can consult the full report for additional guidance on this and other AML measure recommendations.

Key takeaways

To mitigate the risk of enforcement action, firms should ensure that their current CDD framework covers recommended best practices, consulting local and international regulators for guidance.

After ensuring their risk assessments are up-to-date, firms should implement procedures that thoroughly assess ultimate beneficial ownership (UBO) and politically exposed persons (PEPs). These procedures should follow established recommendations, such as verifying sources of wealth, adverse media, and geopolitical concerns such as global sanctions. Firms should also ensure they have strong enhanced due diligence (EDD) processes in place. By implementing robust CDD measures at onboarding, firms can maximize their ability to proactively curb financial crime risk.