Anti-money laundering policies were identified by both FINRA and the SEC as a top priority for examinations of broker-dealers in 2013. In its exam guidance, FINRA noted "an increase in foreign currency conversion transactions." It also stressed that there are no exemptions from the AML requirement for member firms, even if the company holds no customer funds.

What this means for advisors is clear. Although, by statute, an advisor isn't required to have his or her own individual AML policy, all advisors are covered by—and expected to uphold—their firm's AML policy. And FINRA is paying close attention to how well advisors execute the task.

"Anybody who works at a broker-dealer will have an obligation to implement the policies that the firm is under," says Sarah Green, senior director of AML compliance with FINRA's enforcement division. "An employee of a firm cannot ignore their responsibilities under this rule. For a firm to comply, its people have to comply."

Broker-dealers came under the Bank Secrecy Act's AML framework under the provisions of the 2001 Patriot Act aimed at curbing money laundering and terrorist financing. The SEC's authority is limited to firms' reporting and record-keeping, while FINRA has a broader enforcement mandate that covers a complete AML program and generally operates as the lead regulator.

At a minimum, FINRA expects firms to set policies and procedures to detect and report suspicious transactions. They must also conduct independent testing of the program, designate an AML officer and provide advisors, broker-dealers and other personnel with ongoing training.

Although advisors aren't likely to be the focal point of an AML enforcement action by FINRA, it does happen. A recent case involving Raymond James Financial Services suggests that regulators are taking a broader view of money laundering cases and raising their expectations that financial firms establish a culture of vigilance.

The case, which Raymond James settled without admitting guilt, involved an investor who was moving large volumes of funds through his brokerage account and then writing checks for round dollar amounts from a money market account. It was a Ponzi scheme that amounted to losses of $17.8 million for investors, and the account holder received a prison sentence of 20 years.

FINRA cited Raymond James for failing to maintain an adequate AML policy, and while the company's AML officer and legal team were not exempt from blame, some of the sharpest criticism was leveled at staffers in an Ohio branch office. The letter described a string of inquiries from the AML officer asking about suspicious transactions that were not addressed by a registered representative and office manager. At one point late in the game, the investor told branch staffers that he had committed fraud and was headed to jail. No one relayed that information to Raymond James' AML officer.

The key players in the case were independent contractors at the branch office. But the lesson holds for employee advisors at large firms, as well, according to Alma Angotti, a director in the global investigations and compliance practice at Navigant, a global consulting firm.

"It shows you how important the regulator takes the fact that AML compliance is everyone's responsibility," Angotti says. "If you see something, say something."

Know Your Laundry
Experts stress that advisors' obligations under AML policies vary from firm to firm.Each company's policy must be tailored to the nature of the practice, accounting for the risks associated with clients, geographic footprint and business model.

For advisors, much of the risk involved with money laundering sits at the front end, in the process of onboarding new clients. Advisors must adhere to the procedures in their firm's customer identification program, a required element in FINRA's AML program template.

Betty Santangelo, an attorney with the firm Schulte, Roth & Zabel, recommends what she calls a "belt-and-suspenders approach" to that vetting process. Advisors should ask prospective clients for representations about their identity and assets and then do their own background checking based on the information provided.

Advisors should be checking prospective clients against the Treasury Department's Office of Foreign Assets Control list of foreign countries, terrorists, drug traffickers and others barred from trade with U.S. firms, as well as other relevant overseas databases. Commonly firms will engage a third-party vendor to perform those onboarding cross-checks.

Then, too, an AML program should aim to ensure the investor is not moving money through a shell bank, which can sometimes be verified by obtaining a foreign bank certificate. Likewise, advisors might probe investors' political connections to determine whether a prospective client may be deemed a "senior foreign political figure" under the Patriot Act.

"When you're onboarding clients, you want to make sure they don't have any of these issues," Santangelo says. "Once you onboard them, you want to be able to monitor them."

Much of that monitoring can be automated, with reports of high-volume trades, large cash transfers and other exceptional activity routinely delivered to the firm's AML officer. But any effective AML program also counts a strong human element provided by advisors who often know their customers and their investment objectives best. This is a crucial line of defense in flagging suspicious activity. "There are lots of potentially suspicious things that you can't catch systematically," Angotti says.

Look for Danger Signs
Advisors have a fair amount of discretion in how they handle dubious activity, although experts note that some flags are redder than others. "If they are asked to facilitate sending a wire out of the account to an Iranian bank, that's clearly some suspicious activity," says Byron Bowman, general counsel at consulting firm fi360.

Other potential warning signs include investors who move large volumes of cash equivalents through their accounts and do so frequently. "One of the red flags is if a client is using a broker's account as a bank account," Angotti says. "That's not really cost effective, so you have to question why that's happening."

Kay Gordon, a partner at the law firm Drinker, Biddle & Reath, notes that clients who seem unconcerned about the returns on their investment account may also be cause for alarm. "If an account owner never checks on how the account performs, does not care about the returns and is simply transferring money in and out of the account, that's a potential red flag," Gordon says.

Call for Backup
That's not to say that there aren't false positives. What if a customer puts in an order to liquidate all of his or her assets and arrange for a wire transfer to Costa Rica? Although this might appear to be an unusual transaction, it's not necessarily one to send the advisor running to the Feds. Often, the first call will be to compliance.

Compliance, in turn, might tell the advisor to get in touch with the client and find out what's going on. After all, the client requesting the wire transfer could have just bought a house in Costa Rica, where he or she plans to retire.

"Just because there's a red flag that hits doesn't mean that there's something wrong," Angotti notes. "You have to ask that next question," she adds, stressing the importance of handling those phone calls with a measure of discretion.

If an advisor can't obtain a reasonable explanation and concludes that the matter should be escalated—often a wrenching decision when a longstanding client is involved—the next stop will be back at the compliance department. At that point, compliance would determine whether the case warrants the firm filing a suspicious activity report with the Treasury Department's Financial Crimes Enforcement Network.

Once the matter is in the hands of compliance, the advisor is often shut out of the process due to the highly sensitive nature of filing a report, according to Angotti. Then the firm must make the call, often in consultation with law-enforcement authorities, about whether to keep the account open or cut ties with the client.

"If it's a dramatic red flag, like your customer has been indicted using your account, you probably want to close that account unless law enforcement tells you to keep it open," Angotti says. Generally, it falls to compliance "to decide how red that flag is."