Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

AML Enforcement: SEC Risk Alert & FFIEC Exam Manual Updates

Increasing intensity to AML programs, customer identification programs, CDD, and beneficial ownership obligations


KPMG Regulatory Insight

  • SEC and FINRA have each identified BSA/AML compliance, customer due diligence, and beneficial ownership as key areas of examination focus (see KPMG Regulatory Alert here and here); they state the importance of AML program examinations has been elevated due to the geopolitical environment and the increased imposition of sanctions.
  • Regulatory focus on financial institutions’ compliance with the CDD Rule and beneficial ownership obligations, coupled with the pending Corporate Transparency Act, further raise the stakes.  
  • Supervision/enforcement in this area is gaining in intensity and may also include a higher focus on data traceability, transaction monitoring, suspicious activity reporting, independent reviews, and employee training. 

August 2023

SEC Risk Alert

The SEC Division of Examinations (Exams) issued a Risk Alert presenting observations about key anti-money laundering (AML) requirements based on recent examinations across the broker-dealer industry (BDs).

In particular, the Risk Alert covers:

  1. AML Programs, with a focus on Independent Testing and Training  
  2. Customer Identification Program (CIP) Rule
  3. Customer Due Diligence (CDD) and Beneficial Ownership Requirements
  4. General Observations

AML Programs, Independent Testing, and Training

The Risk Alert notes that BDs are required to implement and maintain a written AML program, approved in writing by senior management. Deficiencies observed in examinations include:

Observations on Programs

Independent Testing

  • Failure to conduct testing in a timely manner, or to demonstrate (via report, results, or other documentation) that testing had been conducted.
  • Failure to address, or to have procedures for addressing, issues identified by independent testing in a timely manner.
  • Independent tests that appeared to be ineffective due to:
    • Failure to cover aspects of the business or AML program.
    • Testing conducted by personnel that were not independent or did not have the appropriate level of knowledge or expertise.
    • Testing conducted under requirements not applicable to the securities industry.

Employee Training

  • Failure to update training materials based on changes in the law.
  • Failure to tailor training materials to the risks, products and services, and business activities of the BD.
  • Failure to demonstrate that all appropriate personnel attended ongoing training, as well as inadequate procedures for following up with personnel who did not complete required training.

Customer Identification Program (CIP) Rule

The CIP Rule requires BDs to “establish, document, and maintain a written CIP appropriate for its size and business.” Exams uncovered BDs “whose CIPs appeared not to be properly designed to enable the firm to form a reasonable belief that it knows the true identity of customers.”  Examples include:

Observations on CIPs

Inadequate CIPs, including failures to:

  • Perform any CIP procedures as to investors in a private placement, where customer relationships established with BDs appeared to be formal relationships for purposes of the CIP Rule.
  • Collect customers’ dates of birth, identification numbers, or addresses.
  • Verify the identity of customers, including instances in which files indicated that verification was complete but required information was missing, incomplete, or invalid.
  • Use exception reports to alert when a customer’s identity is not adequately verified in accordance with the CIP Rule.
  • Accurately document aspects of CIP regarding review of alerts generated by third-party vendors to monitor for missing, inconsistent, or inaccurate information.
  • Follow procedures of BDs’ own CIP, which included reviewing and documenting the resolution of discrepancies in customer information and conducting searches through third-party vendors.

Customer Due Diligence and Beneficial Ownership Requirements

The 2016 CDD Rule requires BDs’ AML programs to contain written procedures that are reasonably designed to identify and verify the identity of beneficial owners of “legal entity customers”. Exams found:

Observations on CDD Procedures

  • Failure to update AML programs or procedures to align with the CDD Rule
  • Procedures that, in violation of the CDD Rule, permitted an entity to be listed as a beneficial owner without a corresponding requirement to obtain adequate information about beneficial owners of the entity.
  • The opening of new accounts for legal entity customers without identifying all the legal entity’s beneficial owners, including where no beneficial ownership information was obtained, required information was missing, or no control person was identified.
  • Failure to obtain documentation necessary to verify the identity of beneficial owners of legal entity customers, including by accepting expired government issued identification, or otherwise not performing such verification, or not documenting the resolution of discrepancies noted by firm personnel or a firm’s third-party identity verification vendor.
  • Failure to follow internal procedures that required obtaining information about certain underlying parties acting through omnibus accounts.

General Observations

In addition to the specific observations, Exams highlighted two general observations:

  • Some registrants did not appear to devote sufficient resources, including staffing, to AML compliance given the volume and risks of their business. 
  • The effectiveness of policies, procedures, and internal controls was reduced when firms did not implement those measures consistently.

FFIEC’s BSA/AML Examination Manual Updates

Separately, the members of the Federal Financial Institutions Examination Council (FFIEC – including the Federal Reserve, OCC, and FDIC) issued updates to six sections of its BSA/AML Examination Manual. These updated sections include:

  • Special Information Sharing Procedures to Deter Money Laundering and Terrorist Activity
  • Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions
  • Due Diligence Programs for Private Banking Accounts
  • Prohibition on Correspondent Accounts for Foreign Shell Banks; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
  • Summons or Subpoena of Foreign Bank Records; Termination of Correspondent Relationship; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
  • Reporting Obligations on Foreign Bank Relationships with Iranian-Linked Financial Institutions

Dive into our thinking:

AML Enforcement: SEC Risk Alert & FFIEC Exam Manual Updates

Download PDF

Explore more

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.