Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

AML Enforcement: SEC Risk Alert & FFIEC Exam Manual Updates

Increasing intensity to AML programs, customer identification programs, CDD, and beneficial ownership obligations

Download PDF
Share

KPMG Regulatory Insight

  • SEC and FINRA have each identified BSA/AML compliance, customer due diligence, and beneficial ownership as key areas of examination focus (see KPMG Regulatory Alert here and here); they state the importance of AML program examinations has been elevated due to the geopolitical environment and the increased imposition of sanctions.
  • Regulatory focus on financial institutions’ compliance with the CDD Rule and beneficial ownership obligations, coupled with the pending Corporate Transparency Act, further raise the stakes.  
  • Supervision/enforcement in this area is gaining in intensity and may also include a higher focus on data traceability, transaction monitoring, suspicious activity reporting, independent reviews, and employee training. 

August 2023

SEC Risk Alert

The SEC Division of Examinations (Exams) issued a Risk Alert presenting observations about key anti-money laundering (AML) requirements based on recent examinations across the broker-dealer industry (BDs).

In particular, the Risk Alert covers:

  1. AML Programs, with a focus on Independent Testing and Training  
  2. Customer Identification Program (CIP) Rule
  3. Customer Due Diligence (CDD) and Beneficial Ownership Requirements
  4. General Observations

AML Programs, Independent Testing, and Training

The Risk Alert notes that BDs are required to implement and maintain a written AML program, approved in writing by senior management. Deficiencies observed in examinations include:

Observations on Programs

Independent Testing

  • Failure to conduct testing in a timely manner, or to demonstrate (via report, results, or other documentation) that testing had been conducted.
  • Failure to address, or to have procedures for addressing, issues identified by independent testing in a timely manner.
  • Independent tests that appeared to be ineffective due to:
    • Failure to cover aspects of the business or AML program.
    • Testing conducted by personnel that were not independent or did not have the appropriate level of knowledge or expertise.
    • Testing conducted under requirements not applicable to the securities industry.

Employee Training

  • Failure to update training materials based on changes in the law.
  • Failure to tailor training materials to the risks, products and services, and business activities of the BD.
  • Failure to demonstrate that all appropriate personnel attended ongoing training, as well as inadequate procedures for following up with personnel who did not complete required training.


Customer Identification Program (CIP) Rule

The CIP Rule requires BDs to “establish, document, and maintain a written CIP appropriate for its size and business.” Exams uncovered BDs “whose CIPs appeared not to be properly designed to enable the firm to form a reasonable belief that it knows the true identity of customers.”  Examples include:

Observations on CIPs

Inadequate CIPs, including failures to:

  • Perform any CIP procedures as to investors in a private placement, where customer relationships established with BDs appeared to be formal relationships for purposes of the CIP Rule.
  • Collect customers’ dates of birth, identification numbers, or addresses.
  • Verify the identity of customers, including instances in which files indicated that verification was complete but required information was missing, incomplete, or invalid.
  • Use exception reports to alert when a customer’s identity is not adequately verified in accordance with the CIP Rule.
  • Accurately document aspects of CIP regarding review of alerts generated by third-party vendors to monitor for missing, inconsistent, or inaccurate information.
  • Follow procedures of BDs’ own CIP, which included reviewing and documenting the resolution of discrepancies in customer information and conducting searches through third-party vendors.


Customer Due Diligence and Beneficial Ownership Requirements

The 2016 CDD Rule requires BDs’ AML programs to contain written procedures that are reasonably designed to identify and verify the identity of beneficial owners of “legal entity customers”. Exams found:

Observations on CDD Procedures

  • Failure to update AML programs or procedures to align with the CDD Rule
  • Procedures that, in violation of the CDD Rule, permitted an entity to be listed as a beneficial owner without a corresponding requirement to obtain adequate information about beneficial owners of the entity.
  • The opening of new accounts for legal entity customers without identifying all the legal entity’s beneficial owners, including where no beneficial ownership information was obtained, required information was missing, or no control person was identified.
  • Failure to obtain documentation necessary to verify the identity of beneficial owners of legal entity customers, including by accepting expired government issued identification, or otherwise not performing such verification, or not documenting the resolution of discrepancies noted by firm personnel or a firm’s third-party identity verification vendor.
  • Failure to follow internal procedures that required obtaining information about certain underlying parties acting through omnibus accounts.


General Observations

In addition to the specific observations, Exams highlighted two general observations:

  • Some registrants did not appear to devote sufficient resources, including staffing, to AML compliance given the volume and risks of their business. 
  • The effectiveness of policies, procedures, and internal controls was reduced when firms did not implement those measures consistently.

FFIEC’s BSA/AML Examination Manual Updates

Separately, the members of the Federal Financial Institutions Examination Council (FFIEC – including the Federal Reserve, OCC, and FDIC) issued updates to six sections of its BSA/AML Examination Manual. These updated sections include:

  • Special Information Sharing Procedures to Deter Money Laundering and Terrorist Activity
  • Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions
  • Due Diligence Programs for Private Banking Accounts
  • Prohibition on Correspondent Accounts for Foreign Shell Banks; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
  • Summons or Subpoena of Foreign Bank Records; Termination of Correspondent Relationship; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
  • Reporting Obligations on Foreign Bank Relationships with Iranian-Linked Financial Institutions

Dive into our thinking:

AML Enforcement: SEC Risk Alert & FFIEC Exam Manual Updates

Download PDF

Explore more

Meet our team

Image of Amy S. Matsuo
Amy S. Matsuo
Principal, Growth & Strategy, Regulatory Insights, KPMG LLP
Read bio
Image of John Caruso
John Caruso
Principal, Forensic, KPMG US
Read bio
Image of Thomas P. Keegan
Thomas P. Keegan
Principal, Advisory, Managed Services, KPMG US
Read bio
Image of Amy S. Matsuo
Amy S. Matsuo
Principal, Growth & Strategy, Regulatory Insights, KPMG LLP
Read bio
Image of John Caruso
John Caruso
Principal, Forensic, KPMG US
Read bio
Image of Thomas P. Keegan
Thomas P. Keegan
Principal, Advisory, Managed Services, KPMG US
Read bio

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline