[Federal Register Volume 83, Number 236 (Monday, December 10, 2018)]
[Notices]
[Pages 63549-63552]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-26593]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
[Release No. 34-84714; File No. SR-IEX-2018-22]
Self-Regulatory Organizations; Investors Exchange LLC; Notice of
Filing and Immediate Effectiveness of Proposed Rule Change To Conform
IEX Rule 5.160 to FinCEN's Final Rule on Customer Due Diligence
Requirements for Financial Institutions
December 3, 2018.
Pursuant to Section 19(b)(1) \1\ of the Securities Exchange Act of
1934 \2\ and Rule 19b-4 thereunder,\3\ notice is hereby given that, on
November 20, 2018, the Investors Exchange LLC (``IEX'' or ``Exchange'')
filed with the Securities and Exchange Commission (``Commission'') the
proposed rule change as described in Items I, II, and III below, which
Items have been prepared by the Exchange. The Commission is publishing
this notice to solicit comments on the proposed rule change from
interested persons.
---------------------------------------------------------------------------
\1\ 15 U.S.C. 78s(b)(1).
\2\ 15 U.S.C. 78a.
\3\ 17 CFR 240.19b-4.
---------------------------------------------------------------------------
I. Self-Regulatory Organization's Statement of the Terms of Substance
of the Proposed Rule Change
Pursuant to the provisions of Section 19(b)(1) under the Securities
Exchange Act of 1934 (``Act''),\4\ and Rule 19b-4 thereunder,\5\ IEX is
filing with the Commission a proposed rule change to amend IEX Rule
5.160 (Anti-Money Laundering Compliance Program) to reflect the
Financial Crimes Enforcement Network's (``FinCEN'') adoption of a final
rule on Customer Due Diligence Requirements for Financial Institutions
(``CDD Rule''). Specifically, the proposed amendments would conform IEX
Rule 5.160 to the CDD Rule's amendments to the minimum regulatory
requirements for Member' anti-money laundering (``AML'') compliance
programs by requiring such programs to include risk-based procedures
for conducting ongoing customer due diligence. This ongoing customer
due diligence element for AML programs includes: (1) Understanding the
nature and purpose
[[Page 63550]]
of customer relationships for the purpose of developing a customer risk
profile; and (2) conducting ongoing monitoring to identify and report
suspicious transactions and, on a risk basis, to maintain and update
customer information. The Exchange has designated this rule change as
``non-controversial'' under Section 19(b)(3)(A) of the Act \6\ and
provided the Commission with the notice required by Rule 19b-4(f)(6)
thereunder.\7\ The text of the proposed rule change is available at the
Exchange's website at www.iextrading.com, at the principal office of
the Exchange, and at the Commission's Public Reference Room.
---------------------------------------------------------------------------
\4\ 15 U.S.C. 78s(b)(1).
\5\ 17 CRF 240.19b-4.
\6\ 15 U.S.C. 78s(b)(3)(A).
\7\ 17 CFR 240.19b-4.
---------------------------------------------------------------------------
II. Self-Regulatory Organization's Statement of the Purpose of, and the
Statutory Basis for, the Proposed Rule Change
In its filing with the Commission, the self-regulatory organization
included statements concerning the purpose of and basis for the
proposed rule change and discussed any comments it received on the
proposed rule change. The text of these statement may be examined at
the places specified in Item IV below. The self-regulatory organization
has prepared summaries, set forth in Sections A, B, and C below, of the
most significant aspects of such statements.
A. Self-Regulatory Organization's Statement of the Purpose of, and the
Statutory Basis for, the Proposed Rule Change
1. Purpose
I. Background
The Bank Secrecy Act \8\ (``BSA''), among other things, requires
financial institutions,\9\ including broker-dealers, to develop and
implement AML programs that, at a minimum, meet the statutorily
enumerated ``four pillars.'' \10\ These four pillars currently require
broker-dealers to have written AML programs that include, at a minimum:
---------------------------------------------------------------------------
\8\ 31 U.S.C. 5311 et seq.
\9\ See 31 U.S.C. 5312(a)(2) (defining ``financial
institution'').
\10\ 31 U.S.C. 5318(h)(1).
---------------------------------------------------------------------------
The establishment and implementation of policies,
procedures and internal controls reasonably designed to achieve
compliance with the applicable provisions of the BSA and implementing
regulations;
independent testing for compliance by broker-dealer
personnel or a qualified outside party;
designation of an individual or individuals responsible
for implementing and monitoring the operations and internal controls of
the AML program; and
ongoing training for appropriate persons.\11\
---------------------------------------------------------------------------
\11\ 31 CFR 1023.210(b).
---------------------------------------------------------------------------
In addition to meeting the BSA's requirements with respect to AML
programs, Exchange Members \12\ must also comply with IEX Rule 5.160,
which incorporates the BSA's four pillars, as well as requiring
Members' AML programs to establish and implement policies and
procedures that can be reasonably expected to detect and cause the
reporting of suspicious transactions.
---------------------------------------------------------------------------
\12\ See IEX Rule 1.160(s).
---------------------------------------------------------------------------
Pursuant to Rule 17d-2 under the Act,\13\ the Exchange and the
Financial Industry Regulatory Authority, Inc. (``FINRA'') entered into
an agreement to allocate regulatory responsibility for common rules
(the ``17d-2 Agreement'').\14\ The 17d-2 Agreement covers common
members of the Exchange and FINRA, and allocates to FINRA regulatory
responsibility, with respect to common members for Exchange rules and
certain federal securities laws, rules and regulation that the Exchange
certifies are identical or substantially similar to FINRA rules.\15\
IEX Rule 5.160 is substantially similar to FINRA Rule 3310, and
therefore among the common rules included in the 17d-2 Agreement.
---------------------------------------------------------------------------
\13\ 17 CFR 240.17d-2.
\14\ See, Securities Exchange Act Release No. 78434 (July 28,
2016), 81 FR 51256 (August 3, 2016) (File No. 4-700).
\15\ Pursuant to the 17d-2 Agreement, the Exchange allocated to
FINRA the following: (i) Examination of common members of the
Exchange and FINRA for compliance with certain federal securities
laws, rules and regulations and rules of the Exchange that the
Exchange certifies are identical or substantially similar to FINRA
rules; (ii) investigation of common members of the Exchange and
FINRA for violations of certain federal securities laws, rules and
regulations, or Exchange rules that the Exchange certifies as
identical or substantially identical to a FINRA rule; and (iii)
enforcement of compliance by common members with certain federal
securities laws, rules and regulations, and the rules of the
Exchange that the Exchange certifies as identical or substantially
similar to FINRA rules.
---------------------------------------------------------------------------
On May 11, 2016, FinCEN, the bureau of the Department of the
Treasury responsible for administering the BSA and its implementing
regulations, issued the CDD Rule \16\ to clarify and strengthen
customer due diligence for covered financial institutions,\17\
including broker-dealers. In its CDD Rule, FinCEN identifies four
components of customer due diligence: (1) Customer identification and
verification; (2) beneficial ownership identification and verification;
(3) understanding the nature and purpose of customer relationships; and
(4) ongoing monitoring for reporting suspicious transactions and, on a
risk basis, maintaining and updating customer information.\18\ As the
first component is already required to be part of a broker-dealer's AML
program under the BSA, the CDD Rule focuses on the other three
components.
---------------------------------------------------------------------------
\16\ FinCEN Customer Due Diligence Requirements for Financial
Institutions; CDD Rule, 81 FR 29397 (May 11, 2016) (CDD Rule
Release); 82 FR 45182 (September 28, 2017) (making technical
correcting amendments to the final CDD Rule published on May 11,
2016). FinCEN is authorized to impose AML program requirements on
financial institutions and to require financial institutions to
maintain procedures to ensure compliance with the BSA and associated
regulations. 31 U.S.C. 5318(h)(2) and (a)(2). The CDD Rule is the
result of the rulemaking process FinCEN initiated in March 2012. See
77 FR 13046 (March 5, 2012) (Advance Notice of Proposed Rulemaking)
and 79 FR 45151 (Aug. 4, 2014) (Notice of Proposed Rulemaking).
\17\ See 31 CFR 1010.230(f) (defining ``covered financial
institution'').
\18\ See CDD Rule Release at 29398.
---------------------------------------------------------------------------
Specifically, the CDD Rule focuses particularly on the second
component by adding a new requirement that covered financial
institutions identify and verify the identity of the beneficial owners
of all legal entity customers at the time a new account is opened,
subject to certain exclusions and exemptions.\19\ The CDD Rule also
addresses the third and fourth components, which FinCEN states ``are
already implicitly required for covered financial institutions to
comply with their suspicious activity reporting requirements,'' by
amending the existing AML program rules for covered financial
institutions to explicitly require these components to be included in
AML programs as a new ``fifth pillar.''
---------------------------------------------------------------------------
\19\ See 31 CFR 1010.230(d) (defining ``beneficial owner'') and
31 CFR 1010.230(e) (defining ``legal entity customer'').
---------------------------------------------------------------------------
On November 21, 2017, FINRA published Regulatory Notice 17-40 to
provide guidance to member firms regarding their obligations under
FINRA Rule 3310 in light of the adoption of FinCEN's CDD Rule.\20\ In
addition, the Notice summarized the CDD Rule's impact on member firms,
including the addition of the new fifth pillar required for member
firms' AML programs. FINRA also recently amended FINRA Rule 3310 to
explicitly incorporate the fifth pillar.\21\ This proposed rule change
amends IEX Rule 5.160 to harmonize
[[Page 63551]]
with the FINRA rule change and incorporate the fifth pillar.
---------------------------------------------------------------------------
\20\ As noted above, the Exchange allocated regulatory
responsibility for IEX Rule 5.160 to FINRA pursuant the 17d-2
Agreement. Thus, FINRA's Regulatory Notice 17-40 was applicable to
IEX Members.
\21\ See Securities Exchange Act Release No. 83154 (May 2,
2018), 83 FR 20906 (May 8, 2018) (File No. SR-FINRA-2018-016).
---------------------------------------------------------------------------
II. IEX Rule 5.160 and Amendment to Minimum Requirements for Members'
AML Programs
Section 352 of the USA PATRIOT Act of 2001 \22\ amended the BSA to
require broker-dealers to develop and implement AML programs that
include the four pillars mentioned above. Consistent with Section 352
of the PATRIOT Act, and incorporating the four pillars, IEX Rule 5.160
requires each Member to develop and implement a written AML program
reasonably designed to achieve and monitor the Member's compliance with
the BSA and implementing regulations. Among other requirements, IEX
Rule 5.160 requires that each member firm, at a minimum: (1) Establish
and implement policies and procedures that can be reasonably expected
to detect and cause the reporting of suspicious transactions; (2)
establish and implement policies, procedures, and internal controls
reasonably designed to achieve compliance with the BSA and implementing
regulations; (3) provide for annual (on a calendar-year basis)
independent testing for compliance to be conducted by Member personnel
or a qualified outside party; \23\ (4) designate and identify to IEX an
individual or individuals (i.e., AML compliance person(s)) who will be
responsible for implementing and monitoring the day-to-day operations
and internal controls of the AML program and provide prompt
notification to IEX of any changes to the designation; and (5) provide
ongoing training for appropriate persons.
---------------------------------------------------------------------------
\22\ Uniting and Strengthening America by Providing Appropriate
Tools Required to Intercept and Obstruct Terrorism Act of 2001,
Public Law 107-56, 115 Stat. 272 (2001).
\23\ If a Member does not execute transactions for customers or
otherwise hold customer accounts or act as an introducing broker
with respect to customer accounts (e.g., engages solely in
proprietary trading or conducts business only with other broker-
dealers), then ``independent testing'' is required every two years.
See IEX Rule 5.160(c). However, a Member should conduct more
frequent testing than required if circumstances warrant. See
Supplementary Material .01(a).
---------------------------------------------------------------------------
FinCEN's CDD Rule does not change the requirements of IEX Rule
5.160 and Members must continue to comply with its requirements.\24\
However, FinCEN's CDD Rule amends the minimum regulatory requirements
for broker-dealers' AML programs by explicitly requiring such programs
to include risk-based procedures for conducting ongoing customer due
diligence.\25\ Accordingly, IEX is proposing to amend IEX Rule 5.160 to
incorporate this ongoing customer due diligence element, or ``fifth
pillar'' required for AML programs. Thus, proposed Rule 5.160(f) would
provide that the AML programs required by this Rule shall, at a minimum
include appropriate risk-based procedures for conducting ongoing
customer due diligence, to include, but not be limited to: (1)
Understanding the nature and purpose of customer relationships for the
purpose of developing a customer risk profile; and (2) conducting
ongoing monitoring to identify and report suspicious transactions and,
on a risk basis, to maintain and update customer information.
---------------------------------------------------------------------------
\24\ FinCEN notes that broker-dealers must continue to comply
with FINRA Rules, notwithstanding differences between the CDD Rule
and FINRA Rule 3310, which is substantially identical to IEX Rule
5.160. See CDD Rule Release 29421, n. 85.
\25\ See CDD Rule Release at 29420; 31 CFR 1023.210.
---------------------------------------------------------------------------
As stated in the CDD Rule, these provisions are not new and merely
codify existing expectations for Members to adequately identify and
report suspicious transactions as required under the BSA and
encapsulate practices generally already undertaken by securities firms
to know and understand their customers.\26\ The proposed rule change
simply incorporates into IEX Rule 5.160 the ongoing customer due
diligence element, or ``fifth pillar,'' required for AML programs by
the CDD Rule to aid Members in complying with the CDD Rule's
requirements. However, to the extent that these elements, which are
briefly summarized below, are not already included in Members' AML
programs, the CDD Rule requires Members to update their AML programs to
explicitly incorporate them.
---------------------------------------------------------------------------
\26\ See id. at 29419.
---------------------------------------------------------------------------
III. Summary of Fifth Pillar's Requirements
Understanding the Nature and Purpose of Customer Relationships
FinCEN states in the CDD Rule that firms must necessarily have an
understanding of the nature and purpose of the customer relationship in
order to determine whether a transaction is potentially suspicious and,
in turn, to fulfill their SAR obligations.\27\ To that end, the CDD
Rule requires that firms understand the nature and purpose of the
customer relationship in order to develop a customer risk profile. The
customer risk profile refers to information gathered about a customer
to form the baseline against which customer activity is assessed for
suspicious transaction reporting.\28\ Information relevant to
understanding the nature and purpose of the customer relationship may
be self-evident and, depending on the facts and circumstances, may
include such information as the type of customer, account or service
offered, and the customer's income, net worth, domicile, or principal
occupation or business, as well as, in the case of existing customers,
the customer's history of activity.\29\ The CDD Rule also does not
prescribe a particular form of the customer risk profile.\30\ Instead,
the CDD Rule states that depending on the firm and the nature of its
business, a customer risk profile may consist of individualized risk
scoring, placement of customers into risk categories or another means
of assessing customer risk that allows firms to understand the risk
posed by the customer and to demonstrate that understanding.\31\
---------------------------------------------------------------------------
\27\ See id. at 29421.
\28\ See id. at 29422.
\29\ See id.
\30\ See id.
\31\ See id.
---------------------------------------------------------------------------
The CDD Rule also addresses the interplay of understanding the
nature and purpose of customer relationships with the ongoing
monitoring obligation discussed below. The CDD Rule explains that firms
are not necessarily required or expected to integrate customer
information or the customer risk profile into existing transaction
monitoring systems (for example, to serve as the baseline for
identifying and assessing suspicious transactions on a contemporaneous
basis).\32\ Rather, FinCEN expects firms to use the customer
information and customer risk profile as appropriate during the course
of complying with their obligations under the BSA in order to determine
whether a particular flagged transaction is suspicious.\33\
---------------------------------------------------------------------------
\32\ See id.
\33\ See id.
---------------------------------------------------------------------------
Conduct Ongoing Monitoring
As with the requirement to understand the nature and purpose of the
customer relationship, the requirement to conduct ongoing monitoring to
identify and report suspicious transactions and, on a risk basis, to
maintain and update customer information, merely adopts existing
supervisory and regulatory expectations as explicit minimum standards
of customer due diligence required for firms' AML programs.\34\ If, in
the course of its normal monitoring for suspicious activity, the Member
detects information that is relevant to assessing
[[Page 63552]]
the customer's risk profile, the Member must update the customer
information, including the information regarding the beneficial owners
of legal entity customers.\35\ However, there is no expectation that
the Member update customer information, including beneficial ownership
information, on an ongoing or continuous basis.\36\
---------------------------------------------------------------------------
\34\ See id. at 29402.
\35\ See id. at 29420-21. See also FINRA Regulatory Notice 17-40
(discussing identifying and verifying the identity of beneficial
owners of legal entity customers).
\36\ See id.
---------------------------------------------------------------------------
2. Statutory Basis
IEX believes that the proposed rule change is consistent with the
provisions of Section 6(b) \37\ of the Act in general, and furthers the
objectives of Section 6(b)(5) of the Act \38\ in particular, in that it
is designed to prevent fraudulent and manipulative acts and practices,
to promote just and equitable principles of trade, to remove
impediments to and perfect the mechanism of a free and open market and
a national market system, and, in general, to protect investors and the
public interest. Specifically, the Exchange believes the proposed rule
change will aid Members in complying with the CDD Rule's requirement
that Members' AML programs include risk-based procedures for conducting
ongoing customer due diligence by also incorporating the requirement
into IEX Rule 5.160.
---------------------------------------------------------------------------
\37\ 15 U.S.C. 78f.
\38\ 15 U.S.C. 78f(b)(5).
---------------------------------------------------------------------------
B. Self-Regulatory Organization's Statement on Burden on Competition
IEX does not believe that the proposed rule change will result in
any burden on competition that is not necessary or appropriate in
furtherance of the purposes of the Act. The proposed rule change simply
incorporates into IEX Rule 5.160 the ongoing customer due diligence
element, or ``fifth pillar,'' required for AML programs by the CDD
Rule. Regardless of the proposed rule change, to the extent that the
elements of the fifth pillar are not already included in Members' AML
programs, the CDD Rule requires Members to update their AML programs to
explicitly incorporate them. In addition, as stated in the CDD Rule,
these elements are already implicitly required for covered financial
institutions to comply with their suspicious activity reporting
requirements. Further, all IEX Members that have customers are required
to be members of FINRA pursuant to Rule 15b9-1 under the Exchange
Act,\39\ and are therefore already subject to the requirements of the
proposed rule change pursuant to FINRA Rule 3310. IEX is not imposing
any additional direct or indirect burdens on member firms or their
customers through this proposal, and as such the proposal imposes no
new burdens on competition.
---------------------------------------------------------------------------
\39\ 17 CFR 240.15b9-1.
---------------------------------------------------------------------------
C. Self-Regulatory Organization's Statement on Comments on the Proposed
Rule Change Received From Members, Participants, or Others
Written comments were neither solicited nor received.
III. Date of Effectiveness of the Proposed Rule Change and Timing for
Commission Action
The Exchange has designated this rule filing as non-controversial
under Section 19(b)(3)(A) \40\ of the Act and Rule 19b-4(f)(6) \41\
thereunder. Because the proposed rule change does not: (i)
Significantly affect the protection of investors or the public
interest; (ii) impose any significant burden on competition; and (iii)
become operative for 30 days from the date on which it was filed, or
such shorter time as the Commission may designate, it has become
effective pursuant to Section 19(b)(3)(A) of the Act and Rule 19-
4(f)(6) thereunder.
---------------------------------------------------------------------------
\40\ 15 U.S.C. 78s(b)(3)(A).
\41\ 17 CFR 240.19b-4(f)(6).
---------------------------------------------------------------------------
At any time within 60 days of the filing of the proposed rule
change, the Commission summarily may temporarily suspend such rule
change if it appears to the Commission that such action is necessary or
appropriate in the public interest, for the protection of investors, or
otherwise in furtherance of the purposes of the Act. If the Commission
takes such action, the Commission shall institute proceedings under
Section 19(b)(2)(B) \42\ of the Act to determine whether the proposed
rule change should be approved or disapproved.
---------------------------------------------------------------------------
\42\ 15 U.S.C. 78s(b)(2)(B).
---------------------------------------------------------------------------
IV. Solicitation of Comments
Interested persons are invited to submit written data, views and
arguments concerning the foregoing, including whether the proposed rule
change is consistent with the Act. Comments may be submitted by any of
the following methods:
Electronic Comments
Use the Commission's internet comment form (http://www.sec.gov/rules/sro.shtml); or
Send an email to [email protected]. Please include
File Number SR-IEX-2018-22 on the subject line.
Paper Comments
Send paper comments in triplicate to Secretary, Securities
and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.
All submissions should refer to File Number SR-IEX-2018-22. This file
number should be included in the subject line if email is used. To help
the Commission process and review your comments more efficiently,
please use only one method. The Commission will post all comments on
the Commission's internet website (http://www.sec.gov/rules/sro.shtml).
Copies of the submission, all subsequent amendments, all written
statements with respect to the proposed rule change that are filed with
the Commission, and all written communications relating to the proposed
rule change between the Commission and any person, other than those
that may be withheld from the public in accordance with the provisions
of 5 U.S.C. 552, will be available for website viewing and printing in
the Commission's Public Reference Section, 100 F Street NE, Washington,
DC 20549, on official business days between the hours of 10:00 a.m. and
3:00 p.m. Copies of the filing will also be available for inspection
and copying at the IEX's principal office and on its internet website
at www.iextrading.com. All comments received will be posted without
change. Persons submitting comments are cautioned that we do not redact
or edit personal identifying information from comment submissions. You
should submit only information that you wish to make available
publicly. All submissions should refer to File Number SR-IEX-2018-22
and should be submitted on or before December 31, 2018. For the
Commission, by the Division of Trading and Markets, pursuant to
delegated authority.\43\
---------------------------------------------------------------------------
\43\ 17 CFR 200.30-3(a)(12).
Eduardo A. Aleman,
Assistant Secretary.
[FR Doc. 2018-26593 Filed 12-7-18; 8:45 am]
BILLING CODE 8011-01-P