[Federal Register Volume 83, Number 197 (Thursday, October 11, 2018)]
[Notices]
[Pages 51532-51535]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-22047]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-84363; File No. SR-FINRA-2018-035]


Self-Regulatory Organizations; Financial Industry Regulatory 
Authority, Inc.; Notice of Filing and Immediate Effectiveness of a 
Proposed Rule Change To Amend CAB Rule 331 (Anti-Money Laundering 
Compliance Program) To Conform to FinCEN's Final Rule on Customer Due 
Diligence Requirements for Financial Institutions

October 4, 2018.
    Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 
(``Act'') \1\ and Rule 19b-4 thereunder,\2\ notice is hereby given that 
on September 20, 2018, Financial Industry Regulatory Authority, Inc. 
(``FINRA'') filed with the Securities and Exchange Commission (``SEC'' 
or ``Commission'') the proposed rule change as described in Items I, 
II, and III below, which Items have been prepared by FINRA. FINRA has 
designated the proposed rule change as constituting a ``non-
controversial'' rule change under paragraph (f)(6) of Rule 19b-4 under 
the Act,\3\ which renders the proposal effective upon receipt of this 
filing by the Commission. The Commission is publishing this notice to 
solicit comments on the proposed rule change from interested persons.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 78s(b)(1).
    \2\ 17 CFR 240.19b-4.
    \3\ 17 CFR 240.19b-4(f)(6).
---------------------------------------------------------------------------

I. Self-Regulatory Organization's Statement of the Terms of Substance 
of the Proposed Rule Change

    FINRA is proposing to amend Capital Acquisition Broker (``CAB'') 
Rule 331 (Anti-Money Laundering Compliance Program) to reflect the 
Financial Crimes Enforcement Network's (``FinCEN'') adoption of a final 
rule on Customer Due Diligence Requirements for Financial Institutions 
(``CDD Rule''). Specifically, the proposed amendments would conform CAB 
Rule 331 to the CDD Rule's amendments to the minimum regulatory 
requirements for CABs' anti-money laundering (``AML'') compliance 
programs by requiring such programs to include risk-based procedures 
for conducting ongoing customer due diligence. This ongoing customer 
due diligence element for AML programs includes: (1) Understanding the 
nature and purpose of customer relationships for the purpose of 
developing a customer risk profile; and (2) conducting ongoing 
monitoring to identify and report suspicious transactions and, on a 
risk basis, to maintain and update customer information.
    The text of the proposed rule change is available at the 
Commission's Public Reference Room, on FINRA's website at http://www.finra.org, and at the principal office of FINRA.

II. Self-Regulatory Organization's Statement of the Purpose of, and 
Statutory Basis for, the Proposed Rule Change

    In its filing with the Commission, FINRA included statements 
concerning the purpose of and basis for the proposed rule change and 
discussed any comments it received on the proposed rule change. The 
text of these statements may be examined at the places specified in 
Item IV below. FINRA has prepared summaries, set forth in sections A, 
B, and C below, of the most significant aspects of such statements.

A. Self-Regulatory Organization's Statement of the Purpose of, and 
Statutory Basis for, the Proposed Rule Change

1. Purpose
a. Background
FINRA Capital Acquisition Broker Rules
    On August 18, 2016, the SEC approved \4\ a separate set of FINRA 
rules for firms that meet the definition of a ``capital acquisition 
broker'' and that elect to be governed under this rule set. CABs are 
member firms that engage in a limited range of activities, essentially 
advising companies and private equity funds on capital raising and 
corporate restructuring, and acting as placement agents for sales of 
unregistered securities to institutional investors under limited 
conditions. Member firms that elect to be governed under the CAB rule 
set are not permitted, among other things, to carry or maintain 
customer accounts, handle customers' funds or securities, accept 
customers' trading orders, or engage in proprietary trading or market 
making.
---------------------------------------------------------------------------

    \4\ See Securities Exchange Act Release No. 78617 (August 18, 
2016), 81 FR 57948 (August 24, 2016) (SR-FINRA-2015-054) (Order 
Approving Rule Change as Modified by Amendment Nos. 1 and 2 To Adopt 
FINRA Capital Acquisition Broker Rules).
---------------------------------------------------------------------------

    The CAB Rules became effective on April 14, 2017. In order to 
provide new CAB applicants with lead time to apply for FINRA membership 
and obtain the necessary qualifications and registrations, CAB Rules 
101-125 became effective on January 3, 2017.\5\
---------------------------------------------------------------------------

    \5\ On September 29, 2017, the SEC approved CAB Rule 203 
(Engaging in Distribution and Solicitation Activities with 
Government Entities) and CAB Rule 458 (Books and Records 
Requirements for Government Distribution and Solicitation 
Activities), which applied established ``pay-to-play'' and related 
recordkeeping rules to the activities of CABs. See Securities 
Exchange Act Release No. 81781 (September 29, 2017), 82 FR 46559 
(October 5, 2017) (Order Approving File No. SR-FINRA-2017-027). CAB 
Rules 203 and 458 became effective on December 6, 2017.
---------------------------------------------------------------------------

FinCEN Customer Due Diligence Rule
    The Bank Secrecy Act \6\ (``BSA''), among other things, requires 
financial institutions,\7\ including broker-dealers that have elected 
CAB status, to develop and implement AML programs that, at a minimum, 
meet the statutorily enumerated ``four pillars.'' \8\ These four 
pillars currently require broker-dealers to have written AML programs 
that include, at a minimum:
---------------------------------------------------------------------------

    \6\ 31 U.S.C. 5311 et seq.
    \7\ See 31 U.S.C. 5312(a)(2) (defining ``financial 
institution'').
    \8\ 31 U.S.C. 5318(h)(1).
---------------------------------------------------------------------------

     The establishment and implementation of policies, 
procedures and internal controls reasonably

[[Page 51533]]

designed to achieve compliance with the applicable provisions of the 
BSA and implementing regulations;
     independent testing for compliance by broker-dealer 
personnel or a qualified outside party;
     designation of an individual or individuals responsible 
for implementing and monitoring the operations and internal controls of 
the AML program; and
     ongoing training for appropriate persons.\9\
---------------------------------------------------------------------------

    \9\ 31 CFR 1023.210(b).
---------------------------------------------------------------------------

    On May 11, 2016, FinCEN, the bureau of the Department of the 
Treasury responsible for administering the BSA and its implementing 
regulations, issued the CDD Rule \10\ to clarify and strengthen 
customer due diligence for covered financial institutions,\11\ 
including broker-dealers that have elected CAB status. In its CDD Rule, 
FinCEN identifies four components of customer due diligence: (1) 
Customer identification and verification; (2) beneficial ownership 
identification and verification; (3) understanding the nature and 
purpose of customer relationships; and (4) ongoing monitoring for 
reporting suspicious transactions and, on a risk basis, maintaining and 
updating customer information.\12\ As the first component is already 
required to be part of a CAB's AML program under the BSA, the CDD Rule 
focuses on the other three components.
---------------------------------------------------------------------------

    \10\ FinCEN Customer Due Diligence Requirements for Financial 
Institutions; CDD Rule, 81 FR 29397 (May 11, 2016) (CDD Rule 
Release); 82 FR 45182 (September 28, 2017) (making technical 
correcting amendments to the final CDD Rule published on May 11, 
2016). FinCEN is authorized to impose AML program requirements on 
financial institutions and to require financial institutions to 
maintain procedures to ensure compliance with the BSA and associated 
regulations. 31 U.S.C. 5318(h)(2) and (a)(2). The CDD Rule is the 
result of the rulemaking process FinCEN initiated in March 2012. See 
77 FR 13046 (March 5, 2012) (Advance Notice of Proposed Rulemaking) 
and 79 FR 45151 (August 4, 2014) (Notice of Proposed Rulemaking).
    \11\ See 31 CFR 1010.230(f) (defining ``covered financial 
institution'').
    \12\ See CDD Rule Release at 29398.
---------------------------------------------------------------------------

    Specifically, the CDD Rule focuses particularly on the second 
component by adding a new requirement that covered financial 
institutions identify and verify the identity of the beneficial owners 
of all legal entity customers at the time a new account is opened, 
subject to certain exclusions and exemptions.\13\ The CDD Rule also 
addresses the third and fourth components, which FinCEN states ``are 
already implicitly required for covered financial institutions to 
comply with their suspicious activity reporting requirements,'' by 
amending the existing AML program rules for covered financial 
institutions to explicitly require these components to be included in 
AML programs as a new ``fifth pillar.'' As a result of the CDD Rule, 
CABs should ensure that their AML programs are updated, as necessary, 
to comply with the CDD Rule.
---------------------------------------------------------------------------

    \13\ See 31 CFR 1010.230(d) (defining ``beneficial owner'') and 
31 CFR 1010.230(e) (defining ``legal entity customer'').
---------------------------------------------------------------------------

Amendments to FINRA Rule 3310
    On November 21, 2017, FINRA published Regulatory Notice 17-40 to 
provide guidance to non-CAB member firms regarding their obligations 
under FINRA Rule 3310 (Anti-Money Laundering Compliance Program) in 
light of the adoption of FinCEN's CDD Rule. In addition, the Notice 
summarized the CDD Rule's impact on non-CAB member firms, including the 
addition of the new fifth pillar required for such firms' AML programs.
    On April 20, 2018, FINRA filed for immediate effectiveness 
amendments to FINRA Rule 3310 to reflect FinCEN's adoption of the CDD 
Rule.\14\ On May 3, 2018, FINRA published Regulatory Notice 18-19, 
which announced its amendments to FINRA Rule 3310.\15\
---------------------------------------------------------------------------

    \14\ See Securities Exchange Act Release No. 83154 (May 2, 
2018), 83 FR 20906 (May 8, 2018) (SR-FINRA-2018-016) (Notice of 
Filing and Immediate Effectiveness of a Proposed Rule Change 
Relating to FINRA Rule 3310 to Conform FINRA Rule 3310 to FinCEN's 
Final Rule on Customer Due Diligence Requirements for Financial 
Institutions).
    \15\ See Regulatory Notice 18-19 (May 3, 2018).
---------------------------------------------------------------------------

    For the same reasons that FINRA amended FINRA Rule 3310 to reflect 
FinCEN's adoption of the CDD Rule, FINRA is filing for immediate 
effectiveness similar amendments to CAB Rule 331.
b. CAB Rule 331 and Amendment to Minimum Requirements for CABs' AML 
Programs
    Section 352 of the USA PATRIOT Act of 2001 \16\ amended the BSA to 
require broker-dealers to develop and implement AML programs that 
include the four pillars mentioned above. Consistent with Section 352 
of the PATRIOT Act, and incorporating the four pillars, CAB Rule 331 
requires each CAB to develop and implement a written AML program 
reasonably designed to achieve and monitor the CAB's compliance with 
the BSA and implementing regulations. Among other requirements, CAB 
Rule 331 requires that each CAB, at a minimum: (1) Establish and 
implement policies and procedures that can be reasonably expected to 
detect and cause the reporting of suspicious transactions; (2) 
establish and implement policies, procedures, and internal controls 
reasonably designed to achieve compliance with the BSA and implementing 
regulations; (3) provide for independent testing for compliance, no 
less frequently than every two years, to be conducted by CAB personnel 
or a qualified outside party; (4) designate and identify to FINRA an 
individual or individuals (i.e., AML compliance person(s)) who will be 
responsible for implementing and monitoring the day-to-day operations 
and internal controls of the AML program and provide prompt 
notification to FINRA of any changes to the designation; and (5) 
provide ongoing training for appropriate persons.
---------------------------------------------------------------------------

    \16\ Uniting and Strengthening America by Providing Appropriate 
Tools Required to Intercept and Obstruct Terrorism Act of 2001, 
Public Law 107-56, 115 Stat. 272 (2001).
---------------------------------------------------------------------------

    FinCEN's CDD Rule does not change the requirements of CAB Rule 331 
and CABs must continue to comply with its requirements.\17\ However, 
FinCEN's CDD Rule amends the minimum regulatory requirements for CABs' 
AML programs by explicitly requiring such programs to include risk-
based procedures for conducting ongoing customer due diligence.\18\ 
Accordingly, FINRA is proposing to amend CAB Rule 331 to incorporate 
into the Rule this ongoing customer due diligence element, or ``fifth 
pillar'' required for AML programs. Thus, proposed CAB Rule 331(f) 
would provide that the AML programs required by this Rule shall, at a 
minimum, include appropriate risk-based procedures for conducting 
ongoing customer due diligence, to include, but not be limited to: (1) 
Understanding the nature and purpose of customer relationships for the 
purpose of developing a customer risk profile; and (2) conducting 
ongoing monitoring to identify and report suspicious transactions and, 
on a risk basis, to maintain and update customer information.
---------------------------------------------------------------------------

    \17\ In fact, FinCEN notes that broker-dealers must continue to 
comply with FINRA Rules, notwithstanding differences between the CDD 
Rule and CAB Rule 331. See CDD Rule Release at 29421, n. 85.
    \18\ See CDD Rule Release at 29420; 31 CFR 1023.210.
---------------------------------------------------------------------------

    As stated in the CDD Rule, these provisions are not new and merely 
codify existing expectations for broker-dealers, including CABs, to 
adequately identify and report suspicious transactions as required 
under the BSA and encapsulate practices generally already undertaken by 
securities firms to know and understand their

[[Page 51534]]

customers.\19\ The proposed rule change simply incorporates into CAB 
Rule 331 the ongoing customer due diligence element, or ``fifth 
pillar,'' required for AML programs by the CDD Rule to aid CABs in 
complying with the CDD Rule's requirements. However, to the extent that 
these elements, which are briefly summarized below, are not already 
included in CABs' AML programs, the CDD Rule requires CABs to update 
their AML programs to explicitly incorporate them.
---------------------------------------------------------------------------

    \19\ See CDD Rule Release at 29419.
---------------------------------------------------------------------------

c. Summary of Fifth Pillar's Requirements
Understanding the Nature and Purpose of Customer Relationships
    FinCEN states in the CDD Rule that firms must necessarily have an 
understanding of the nature and purpose of the customer relationship in 
order to determine whether a transaction is potentially suspicious and, 
in turn, to fulfill their SAR obligations.\20\ To that end, the CDD 
Rule requires that firms understand the nature and purpose of the 
customer relationship in order to develop a customer risk profile. The 
customer risk profile refers to information gathered about a customer 
to form the baseline against which customer activity is assessed for 
suspicious transaction reporting.\21\ Information relevant to 
understanding the nature and purpose of the customer relationship may 
be self-evident and, depending on the facts and circumstances, may 
include such information as the type of customer, account or service 
offered, and the customer's income, net worth, domicile, or principal 
occupation or business, as well as, in the case of existing customers, 
the customer's history of activity.\22\ The CDD Rule also does not 
prescribe a particular form of the customer risk profile.\23\ Instead, 
the CDD Rule states that depending on the firm and the nature of its 
business, a customer risk profile may consist of individualized risk 
scoring, placement of customers into risk categories or another means 
of assessing customer risk that allows firms to understand the risk 
posed by the customer and to demonstrate that understanding.\24\
---------------------------------------------------------------------------

    \20\ See id. at 29421.
    \21\ See id. at 29422.
    \22\ See id.
    \23\ See id.
    \24\ See id.
---------------------------------------------------------------------------

    The CDD Rule also addresses the interplay of understanding the 
nature and purpose of customer relationships with the ongoing 
monitoring obligation discussed below. The CDD Rule explains that firms 
are not necessarily required or expected to integrate customer 
information or the customer risk profile into existing transaction 
monitoring systems (for example, to serve as the baseline for 
identifying and assessing suspicious transactions on a contemporaneous 
basis).\25\ Rather, FinCEN expects firms to use the customer 
information and customer risk profile as appropriate during the course 
of complying with their obligations under the BSA in order to determine 
whether a particular flagged transaction is suspicious.\26\
---------------------------------------------------------------------------

    \25\ See id.
    \26\ See id.
---------------------------------------------------------------------------

Conducting Ongoing Monitoring
    As with the requirement to understand the nature and purpose of the 
customer relationship, the requirement to conduct ongoing monitoring to 
identify and report suspicious transactions and, on a risk basis, to 
maintain and update customer information, merely adopts existing 
supervisory and regulatory expectations as explicit minimum standards 
of customer due diligence required for firms' AML programs.\27\ If, in 
the course of its normal monitoring for suspicious activity, the CAB 
detects information that is relevant to assessing the customer's risk 
profile, the CAB must update the customer information, including the 
information regarding the beneficial owners of legal entity 
customers.\28\ However, there is no expectation that the CAB update 
customer information, including beneficial ownership information, on an 
ongoing or continuous basis.\29\
---------------------------------------------------------------------------

    \27\ See id. at 29402.
    \28\ See id. at 29420-21.
    \29\ See id.
---------------------------------------------------------------------------

    FINRA has filed the proposed rule change for immediate 
effectiveness. The implementation date for the proposed changes will be 
no later than 30 days following publication of the Regulatory Notice 
announcing the proposed rule change.
2. Statutory Basis
    FINRA believes that the proposed rule change is consistent with the 
provisions of Section 15A(b)(6) of the Act,\30\ which requires, among 
other things, that FINRA rules must be designed to prevent fraudulent 
and manipulative acts and practices, to promote just and equitable 
principles of trade, and, in general, to protect investors and the 
public interest. FINRA believes the proposed rule change will aid CABs 
in complying with the CDD Rule's requirement that CABs' AML programs 
include risk-based procedures for conducting ongoing customer due 
diligence by also incorporating the requirement into CAB Rule 331.
---------------------------------------------------------------------------

    \30\ 15 U.S.C. 78o-3(b)(6).
---------------------------------------------------------------------------

B. Self-Regulatory Organization's Statement on Burden on Competition

    FINRA does not believe that the proposed rule change will result in 
any burden on competition that is not necessary or appropriate in 
furtherance of the purposes of the Act. The proposed rule change simply 
incorporates into CAB Rule 331 the ongoing customer due diligence 
element, or ``fifth pillar,'' required for AML programs by the CDD 
Rule. The CDD Rule required broker-dealers, including CABs, to update 
their AML programs to explicitly incorporate them by May 11, 2018. In 
addition, as stated in the CDD Rule, these elements are already 
implicitly required for covered financial institutions to comply with 
their suspicious activity reporting requirements. Accordingly, FINRA is 
not imposing any additional direct or indirect burdens on CABs or their 
clients through this proposal.

C. Self-Regulatory Organization's Statement on Comments on the Proposed 
Rule Change Received From Members, Participants, or Others

    Written comments were neither solicited nor received.

III. Date of Effectiveness of the Proposed Rule Change and Timing for 
Commission Action

    Because the foregoing proposed rule change does not: (i) 
Significantly affect the protection of investors or the public 
interest; (ii) impose any significant burden on competition; and (iii) 
become operative for 30 days from the date on which it was filed, or 
such shorter time as the Commission may designate, it has become 
effective pursuant to Section 19(b)(3)(A) of the Act \31\ and Rule 19b-
4(f)(6) thereunder.\32\
---------------------------------------------------------------------------

    \31\ 15 U.S.C. 78s(b)(3)(A).
    \32\ 17 CFR 240.19b-4(f)(6).
---------------------------------------------------------------------------

    At any time within 60 days of the filing of the proposed rule 
change, the Commission summarily may temporarily suspend such rule 
change if it appears to the Commission that such action is necessary or 
appropriate in the public interest, for the protection of investors, or 
otherwise in furtherance of the purposes of the Act. If the Commission 
takes such action, the Commission shall institute proceedings to 
determine whether the proposed rule should be approved or disapproved.

[[Page 51535]]

IV. Solicitation of Comments

    Interested persons are invited to submit written data, views and 
arguments concerning the foregoing, including whether the proposed rule 
change is consistent with the Act. Comments may be submitted by any of 
the following methods:

Electronic Comments

     Use the Commission's internet comment form (http://www.sec.gov/rules/sro.shtml); or
     Send an email to [email protected]. Please include 
File Number SR-FINRA-2018-035 on the subject line.

Paper Comments

     Send paper comments in triplicate to Secretary, Securities 
and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.

All submissions should refer to File Number SR-FINRA-2018-035. This 
file number should be included on the subject line if email is used. To 
help the Commission process and review your comments more efficiently, 
please use only one method. The Commission will post all comments on 
the Commission's internet website (http://www.sec.gov/rules/sro.shtml). 
Copies of the submission, all subsequent amendments, all written 
statements with respect to the proposed rule change that are filed with 
the Commission, and all written communications relating to the proposed 
rule change between the Commission and any person, other than those 
that may be withheld from the public in accordance with the provisions 
of 5 U.S.C. 552, will be available for website viewing and printing in 
the Commission's Public Reference Room, 100 F Street NE, Washington, DC 
20549, on official business days between the hours of 10 a.m. and 3 
p.m. Copies of such filing also will be available for inspection and 
copying at the principal office of FINRA. All comments received will be 
posted without change. Persons submitting comments are cautioned that 
we do not redact or edit personal identifying information from comment 
submissions. You should submit only information that you wish to make 
available publicly.
    All submissions should refer to File Number SR-FINRA-2018-035 and 
should be submitted on or before November 1, 2018.
---------------------------------------------------------------------------

    \33\ 17 CFR 200.30-3(a)(12).

    For the Commission, by the Division of Trading and Markets, 
pursuant to delegated authority.\33\
Eduardo A. Aleman,
Assistant Secretary.
[FR Doc. 2018-22047 Filed 10-10-18; 8:45 am]
 BILLING CODE 8011-01-P