Written by a human
How well can you really say that you ‘know your customers’? In the US financial services industry, it’s a requirement to at least know and verify the customer’s identity, build a risk profile, and monitor it for changes. And all these rules exist under FINRA 2090; the ‘Know Your Customer’ rule.
Learn about this rule’s requirements, its ‘special relationship’ with another Financial Industry Regulatory Authority regulation, a suitability rule, and what happens to financial advisors providers who fail to comply.
Background on FINRA 2090
FINRA 2090 exists to bolster other anti-money laundering regulations and uphold the integrity of the financial markets.
By requiring banks and financial institutions to perform ongoing due diligence on their account holders, these accounts are less likely to be associated with fraudulent practices.
Plus, by tracing the source of funds, the entire supply line becomes transparent, including highlighting ultimate beneficial owners and preventing shady practices. In stamping this out across the industry, the markets become stronger.
2090 is often paired with FINRA rule 2111 when it’s discussed, because this rule focuses on the suitability of investments in the context of anti money laundering. By using these two FINRA rules in tandem, banks and financial services companies can prove that the financial advice they give is well-suited to the individual customer profile it is recommended to.
In general, AML had been on the rise before this rule was updated in 2012, thanks to the move to online banking.
Plus, FINRA data reports highlighted compliance with this particular rule as one of the strongest ways to prevent fraud during the COVID-19 pandemic. By authenticating identity data, it could help financial firms fight against synthetic identity fraudsters, who use a mix of real and false information to build fake profiles to open lines of credit undetected.
KYC requirements under FINRA 2090
The 2090 rule asks that when opening a new customer account, financial institutions must perform their due diligence with regards to the necessary identifier information of the account holder.
Each member firm is authorized to collect this information based on four key principles:
- To perform their necessary account functions
- To follow specific account management instructions
- To understand the authority of a proxy assigned by the account holder
- To comply with relevant laws and regulations
What information should be collected, and how can you verify it?
Identity documents, such as passports, driving licences and household bills can help to prove the identity of the account holder with reasonable diligence. But you should always verify customer identity information against external sources, such as international databases, to confirm that they are accurate and authentic.
Secondly, AML rules require an ‘essential facts’ find; case information for a financial profile built on factors like income and expenditure, financial goals, risk tolerance and more. This is a particularly important part of due diligence for advice and product recommendations, as these must be clearly relevant for the customer’s profile.
Continuous monitoring is also a necessary requirement of FINRA 2090, as this helps to inform the financial institution of any changes, update their customer profiles and notice any suspicious red flags in behavior. It’s also a key starting point for firms in preventing third-party fraud.
Automating this requirement is the most efficient and thorough way to work, especially knowing that software platforms can detect changes in real-time.
Non-compliance can be costly
In 2019, FINRA issued a fine that totalled $1.4 million to five Wall Street firms for failings in compliance with FINRA 2090. The firms were JP Morgan, Citigroup, LPL Financial, Morgan Stanley and Merill Lynch, which all accepted the fine without confirming or denying the charges.
In particular, the fines came in reference to failures to supervise due diligence for certain accounts that provide a way to transfer property to a beneficiary without going down the usual Trust route (UTMA and UGMA accounts). These accounts are typically used for older family members to manage investments for children while they are underage, but as soon as they reach the ‘age of majority’, the control should be handed over .
The failings came as it was revealed that many beneficiaries had not been transferred to the custodial property, which led to the account holders making authorized transactions for months and years after the beneficiaries reached the correct age. Investment decisions didn't necessarily match up with the investment strategy of the beneficiaries, because the brokers were unaware of the beneficiaries investment objectives, through their lack of ongoing due diligence.
“FINRA Rule 2090 requires firms to verify the authority of any person purporting to act on behalf of a customer,” said Jessica Hopper, Senior Vice President and Acting Head of FINRA’s Department of Enforcement in the regulatory notice. “This is essential to safeguarding customer assets— particularly in the case of UTMA and UGMA accounts, where it is essential for firms to implement supervisory systems reasonably designed to verify custodians’ authority to make investment decisions after the account beneficiaries reach the age of majority.”
Supporting your compliance efforts
For brokerage firms, there is no excuse for non-compliance with FINRA’s 2090. Fortunately, Global Relay can help your teams meet due diligence and customer monitoring obligations with a holistic approach to data.
Member firms can ensure that advisers are accountable for acting within the best interests of the individual customer when you deploy future-proof communications surveillance across all channels. By harnessing the latest finance aware LLMs, capture communications seamlessly, transcribe automatically and become easily searchable in your secure record storage archives.
Book a demo to see how communications surveillance could transform your compliance.