On November 21, the Financial Industry Regulatory Authority (FINRA) published additional guidance regarding member firms’ obligations under FINRA Rule 3310, which requires adoption of an anti-money laundering (AML) program. The guidance provided in Regulatory Notice 17-40 follows the Financial Crime Enforcement Network’s (FinCEN) 2016 adoption of a final rule on customer due diligence requirements for financial institutions (CDD Rule). Under the CDD Rule, member firms must now comply with a “fifth pillar,” which requires them to “identify and verify the identity of the beneficial owners of all legal entity customers” at the time when a new account is opened, subject to certain exclusions and exemptions. Additionally, the “fifth pillar” requires member firms to understand the nature and purpose of customer relationships, conduct ongoing monitoring to report suspicious activities and transactions, and maintain and update customer information “on a risk basis.”

The “fifth pillar” supplements the previously established Bank Secrecy Act AML program requirements, coined the “four pillars,” which require member firms to (i) establish policies and procedures to “achieve compliance”; (ii) conduct independent compliance testing; (iii) designate responsible individuals to implement and monitor AML compliance; and (iv) provide ongoing training.

The CDD Rule became effective on July 11, 2016, and member firms must comply by May 11, 2018. FINRA advises members firms to consult the CDD Rule, along with FinCEN's related FAQs, to ensure AML program compliance.