LPL Financial LLC, a dually registered investment adviser and broker-dealer, failed to follow its own anti-money laundering policies and procedures regarding its Customer Identification Program and ongoing customer due diligence obligations. The Securities and Exchange Commission and LPL settled on the charges and the $18 million penalty. What can we learn from the case?
On April 29, 2003, the SEC and the FinCEN jointly issued the Customer Identification Program Rule. The CIP Rule is designed to prevent use of the securities industry for money laundering and terrorist financing and requires broker-dealers to make and keep records related to the identification of its customers. As part of its written CIP policy, a broker-dealer must generally collect, at a minimum, basic information about each of its customers, including each customer’s name, date of birth, address, and identification number.
With the Bank Secrecy Act now applicable to registered investment advisers, with a compliance deadline for January 1, 2026, fund managers and advisers will need to update their anti-money laundering policies and procedures to deal with the new regulatory requirement. This will include the Customer Identification Program and Customer Due Diligence requirements.
Pretty quickly I remembered that we don’t yet have CIP or CDD regulations in place for registered investment advisers. The SEC proposed rules in May 2023. As of yet, they have not been finalized. Now we have a change in administration that is likely going to delay finalizing the regulations.
We may be able to learn some practice tips from the LPL case.
LPL’s process involved collecting a new customer’s information and then using a third party to conduct the screening by confirming the information and noting any red flags. Account restrictions are placed on those with unresolved issues. LPL’s registered representatives call the LPL service team to request that restrictions be removed from an account. This process was in many cases conducted while the LPL service team member was still on the call with the registered representative, lifting the restrictions without the CIP failure being resolved and with little documentation.
That’s a straight-forward compliance failure. If you document a red flag, then you also have to document why you removed the red flag.
Second, was LPL’s record-keeping failure related to its Customer Identification Program. LPL’s AML Policies did not describe what CIP information should be retained or how to retain the screenings performed. The service team did not have a consistent way to track the CIP information when LPL registered representatives contacted them. They used ad hoc methods to record CIP information received from the customers or the reasons why restrictions had been lifted. The notes were not maintained in any back-end system, and there were instances where the notes taken by the service personnel were vague or incomplete.
Like the first issue, investment advisers and fund managers will need to have a consistent process for retaining the CIP information.
Next, LPL failed to close accounts with unresolved CIP issues. LPL policies stated that accounts that failed CIP should be closed. But there was no procedure for how or when the closing should occur. LPL changed the policy to say accounts with failed CIP should be closed after 60 days. But there was still no process for closing the accounts. As October 12, 2022, LPL identified 7,356 accounts that had not passed CIP but were allowed to remain open past 60 days.
Investment advisers and fund managers will need to make sure their policies and procedures dela with what do do and when if CIP fails.
Lastly, LPL’s policies prohibited accounts from some higher-risk areas. LPL prohibited accounts from people of companies involved in cannabis. Unfortunately LPL nevertheless permitted numerous cannabis-related accounts to be opened and remain open for years. As of February 2023, this included approximately 1,400 accounts holding $350 million in assets. LPL also prohibited accounts with customers in foreign countries (except Mexico) unless there was a formal exception granted. LPL had no formal process for granting exceptions. At one point, LPL had over 4000 foreign accounts for customers residing in 84 countries around the world.
Standard compliance solutions needed here. Do what your policies say. Change policies and procedures as needed to make them more effective.
Sources:
