May 26, 2026
FinCEN’s imposition of large civil penalties, combined with clear, sharp language in its consent order, highlights an expectation that firms invest in their anti-money-laundering programs
By Christina K. McGlosson
The U.S. Treasury Department’s Financial Crimes Enforcement Network in March announced historic civil penalties of $80 million against Securities and Exchange Commission-registered broker-dealer and OTC market maker Canaccord Genuity for “willful violations” of the Bank Secrecy Act.
FinCEN’s Consent Order Imposing Civil Penalties notes that FinCEN is imposing a Civil Monetary Penalty of $80 million in this matter, and that FinCEN has agreed to credit against its $80 Million Civil Monetary Penalties Canaccord’s $20 million in civil penalties to the SEC, and $20 million to the Financial Industry Regulatory Authority.
The laundry list of federal violations is alarming—anti-money-laundering compliance program failures, failure to detect red flags indicating money laundering, customer due diligence failures, lack of system and personnel resources, lack of training in AML policies for those in charge of monitoring for possible money laundering activities—and to top it off, failing to report close to more than 160 suspicious activities to federal regulators. Moreover, Finra’s examinations, beginning in 2013, and continuing periodically through 2021, repeatedly discovered deficiencies in AML surveillance and compliance that remained unremediated, despite Canaccord’s agreement to remediate.
The BSA requires broker-dealers and certain other financial institutions to develop and implement AML compliance programs. A key ingredient of this compliance program is surveillance requirements. Anomalous trading must be flagged and investigated to identify any tangential criminal activity or intention to evade the BSA and the broker-dealer’s AML surveillance program. And, in each case, as required by the SEC and FinCEN, broker-dealers must file a suspicious activity report in a timely manner detailing the suspicious transaction (or pattern of transactions of which the transaction is a part) aggregating to at least $5,000 in funds.
Yet for three years, Canaccord failed to maintain an AML surveillance program that was “reasonably designed to detect, investigate, and report suspicious activity within its equity trading business.”
Unfortunately, Canaccord isn’t alone. Last year, the SEC issued a cease-and-desist and$500,000 penalty against Velox Clearing, which specializes in clearing services for foreign financial broker-dealers, for egregious breaches of the SEC’s and Finra’s BSA requirements.
These BSA compliance failures are especially concerning given that broker-dealers are gatekeepers to the U.S. financial system and yet highly susceptible to money laundering due to the speed, volume and international scope of broker-dealers’ securities transactions. These failures and the subsequent enforcement actions should be a wake-up call to not only broker-dealers, but to all entities required to maintain an AML program to comply with the BSA.
Background on the Bank Secrecy Act and anti-money-laundering provisions
Money laundering is one of the most pervasive criminal activities globally, according to Anti-Money Laundering Network. The Federal Bureau of Investigation estimates that around $300billion is laundered into the U.S. every year, while laundered money constitutes approximately $1 trillion to $2 trillion of the global gross domestic product annually. New technologies and unregulated financial digital currencies only make money laundering faster and easier.
The BSA, originally named the Currency and Foreign Transactions Reporting Act of 1970, was specifically enacted by Congress to detect and prevent money laundering. Although it has been amended multiple times over the past 50 years, the BSA remains one of the most comprehensive anti-money-laundering laws in the world.
Essentially, the BSA authorizes the U.S. Treasury Department through its bureau, FinCEN, to require U.S. financial institutions such as banks, broker-dealers, credit unions as well as other money-service businesses, such as casinos, to detect and report suspicious transactions that may involve money laundering, tax evasion and other financial crimes.
The BSA was designed to help financial institutions and money-service businesses identify the source, volume and movement of currency and other financial instruments transmitted into or out of the U.S. Accordingly, it requires these businesses to report cash transactions exceeding $10,000 and report suspicious activity, identify people involved and maintain a record-keeping paper trail of financial transactions. It also requires the establishment of robust internal AML programs—commensurate with the scope and risk exposure of that business—to ensure that proactive detection, monitoring, policies, procedures and people are in place.
As gatekeepers of the U.S. financial system, banks, broker-dealers and money-service businesses are required to be responsive to the BSA under not only FinCEN, but their respective regulatory agencies.
What are the BSA/AML compliance obligations of broker-dealers?
The SEC incorporated the BSA into the Securities Exchange Act of 1934 (Exchange Act) under Rule 17a-8 in 1981. And while the statute originally targeted banks, the USA Patriot Act of 2001 amended the BSA to extend specifically to broker-dealers, requiring them to establish comprehensive compliance programs to help broker-dealers anticipate, flag and mitigate suspicious activity and money laundering at every step of a customer relationship and transaction.
- Dynamic AML programs, which must include internal policies, procedures and controls, a compliance officer, an independent audit function and ongoing employee training
- Customer identification programs, including determining whether a customer appears on any list of known or suspected terrorist organizations
- Due diligence of foreign correspondent accounts, to assess the risk of such accounts and to ensure they are not prohibited foreign “shell” banks
- File SARs for transactions of at least $5,000, including suspicious transactions involving money used in illegal activity, designed to evade BSA, or having no apparent lawful purpose—within 30 days of detecting the activity
These programs are so mission critical, the SEC maintains a BSA/AML requirements and resources portal specifically for broker-dealers.
This is why the violations of Canaccord and Velox were so egregious. As noted by the SEC in the cease-and-desist orders in both cases, the actions by the broker-dealers were willful violations of the BSA under Exchange Act Section 17(a) and Rule 17a-8.
Canaccord Genuity
In March 2026, the SEC settled an administrative proceeding against Canaccord, one of the most active market makers in the over-the-counter market, for willful violations of the BSA for, among other things, its failure to file more than 160 SARs over a three-year period (February 2019-March 2022).
According to the SEC, Canaccord’s AML surveillance program relied on exception reports designed to flag potentially manipulative trading activity. However, those reports were deficient in design and went unreviewed for extended periods. For example, Canaccord’s Low Volume report intended to capture instances where its trading represented a significant percentage of total market volume in each security, went entirely unreviewed for 34consecutive months, leaving thousands of flagged trades uninvestigated.
Furthermore, in 2021, the firm discovered that compliance employees had falsified documentation of their purported reviews and produced those fabricated records in response to multiple Finra examinations.
The SEC imposed a $20 million civil money penalty, a censure, and a cease-and-desist order. The $20 million SEC penalty represents one of the largest recent SAR-filing enforcement actions against a broker-dealer under Rule 17a-8, and it arrived as part of a coordinated resolution with FinCEN and Finra totaling $80 million, the largest BSA penalty FinCEN has ever assessed against a broker-dealer.
According to FinCEN, Canaccord was well-positioned to detect and investigate red flags of suspicious trading but failed due to a severely under-resourced AML program that didn’t match its risk profile, thereby hindering its ability to identify and report suspicious transactions.
Read The Risk of Noncompliance: Lessons from Canaccord’s $80 Million in BSA/AML Penalties.