April 1, 2026

FinCEN Update: Huge Penalty on Broker-Dealer for Willful AML, SAR, and Due Diligence Failures

LinkedIn Facebook X Send Embed

On March 6, the Financial Crimes Enforcement Network (FinCEN) announced a historic $80 million civil money penalty against Canaccord Genuity LLC for willful violations of the Bank Secrecy Act (BSA) and its implementing regulations. FinCEN, which is part of the U.S. Treasury Department, has principal responsibility for administration of U.S. anti-money laundering (AML) and terrorist financing laws.

This largest-ever penalty imposed by FinCEN against a broker-dealer serves as a reminder of the importance of tailored, risk-based AML compliance and due diligence and compliance oversight.

Penalty Imposed by FinCEN in Conjunction with Securities & Exchange Commission and Financial Industry Regulatory Authority

Canaccord is a U.S.-based broker-dealer that buys and sells securities both on its own behalf and for clients. The firm is registered with the U.S. Securities & Exchange Commission (SEC) and is a member of the Financial Industry Regulatory Association (FINRA). The company is a subsidiary of Canaccord Genuity Group Inc., a firm incorporated in British Columbia and publicly traded on the Toronto Stock Exchange.

According to FinCEN, the company failed to maintain an adequate AML program, report suspicious activity, and conduct required due diligence on accounts for non-U.S. financial institutions.

Although FinCEN imposed an $80 million penalty, it agreed to suspend $5 million and credit Canaccord’s $20 million payment to the SEC and $20 million payment to FINRA, leaving $35 million payable to the U.S. Treasury, underscoring the multi-agency nature of the investigation and enforcement action. The SEC serves as Canaccord’s primary federal regulator and examines broker-dealers for compliance with the BSA and related securities law requirements. FINRA, the self-regulatory organization overseeing broker-dealers, also examines member firms like Canaccord for AML compliance.

Canaccord Did Not Adequately Invest in Compliance Resources

During the relevant period (March 2018 through June 2024), Canaccord operated both a wholesale market-making business and a trade execution business for institutional customers. FinCEN emphasized that, during this time, the firm was among the most active market makers in over-the-counter (OTC) low-volume and low-priced securities, including microcap and penny stocks.

According to the consent order, Canaccord did not dedicate sufficient resources to compliance. Among other things, the firm failed to ensure that personnel responsible for AML monitoring had the experience, training, and oversight needed to perform the job effectively. FinCEN also found that certain reports concerning low-priced, low-volume, pump-and-dump, self-trading, and wash-sale activity went unreviewed for months or even years.

These weaknesses were compounded by customer due diligence failures and inadequate oversight of correspondent accounts for foreign financial institutions. FinCEN found that Canaccord often applied the same basic onboarding diligence to all customers regardless of risk, failed to consistently verify beneficial ownership information, did not maintain an effective process for updating customer risk profiles, and failed to take additional steps even when high-risk indicators emerged. FinCEN also found that the firm operated foreign correspondent accounts without obtaining or evaluating key risk information and failed to apply enhanced due diligence even after internal and external warning signs emerged.

FinCEN: Canaccord Willfully Violated the Bank Secrecy Act

FinCEN determined that Canaccord had willfully violated the BSA and its implementing regulations; specifically, the firm willfully failed to:

• Implement and maintain an AML program that meets the minimum requirements of the BSA.
• Accurately and timely report suspicious transactions to FinCEN.
• Conduct due diligence on U.S. correspondent accounts for non-U.S. financial institutions. FinCEN emphasized that Canaccord’s violations were prolonged, systemic, and serious because they occurred in high-risk business lines where suspicious activity risks were well known. Canaccord reportedly had been aware of AML deficiencies for years, including through prior FINRA examinations, yet failed to remediate those issues in a timely or adequate manner. Rather than building a surveillance and escalation framework suited to a business heavily involved in OTC microcap trading, the firm relied on surveillance reports that were not reasonably calibrated to its business. Many reports were generated daily, and often contained huge amounts of data. Canaccord personnel also relied on manual filtering of reports to make the volume of reports more manageable. In fact, FinCEN notes, in many cases surveillance reports were not meaningfully reviewed at all.

FinCEN also focused on evidence suggesting that the firm’s suspicious activity monitoring controls failed at a foundational level. According to FinCEN, two compliance employees falsified records to make it appear that trade surveillance reviews had been completed, including one employee who allegedly falsified nearly 400 documents and another who backdated policies and procedures. FinCEN also cited a third-party review from November 2023 that found Canaccord lacked written trade surveillance guidance, consistent investigation standards, and quality assurance measures.

Failure to File Suspicious Activity Reports

Suspicious Activity Report (SAR) failures were central to the penalty. Based on preliminary SAR lookback results, FinCEN found that Canaccord failed to file at least 160 SARs tied to dozens of OTC securities and thousands of suspicious transactions. FinCEN highlighted examples involving suspected pump-and-dump and manipulative trading activity involving one security in which suspicious transactions totaled nearly $100 million, and another security for which Canaccord allegedly failed to act on multiple red flags even after an SEC trading suspension and an internal recommendation to file a SAR. FinCEN concluded that these failures deprived law enforcement of timely and critical financial information.

FinCEN likewise emphasized the risks created by weak customer due diligence and correspondent account controls. The order describes customers with apparent ties to higher-risk jurisdictions, sanctions concerns, dramatic unexplained growth, bearer-share ownership, and alleged connections to illicit actors. Yet Canaccord often failed to elevate risk ratings, conduct enhanced due diligence, or meaningfully update customer files. FinCEN viewed these deficiencies as especially significant because they allowed higher-risk actors to access the U.S. financial system without appropriate controls or oversight.

In total, FinCEN identified several aggravating factors that, in its view, justified the size of the penalty. According to the agency, Canaccord had ample notice of deficiencies in its AML program but failed to take meaningful corrective action for years. FinCEN found that the firm underinvested in its AML program and, in doing so, avoided significant expenses it otherwise would have incurred to manage the risks associated with a high-risk line of business. The agency also concluded that Canaccord’s violations were numerous, substantial in aggregate value, and extended over a lengthy period, allowing suspicious and potentially illicit activity to flow through the firm unreported for years. FinCEN further emphasized that Canaccord’s deficient customer due diligence practices allowed high-risk customers, including some with reported ties to illicit actors, to access the U.S. financial system without appropriate controls or oversight.

FinCEN acknowledged that Canaccord eventually implemented remedial measures, including enhancements to trade surveillance, a SAR lookback, increased compliance staffing, and the retention of third-party consultants, but noted that those measures were not taken particularly promptly.

Lessons Learned: Importance of Tailored AML Controls, Appropriate Due Diligence

This action is a reminder that FinCEN expects broker-dealers (and other regulated parties) to structure AML controls to the actual risk profile of their business, especially when operating in high-risk markets. It is not enough to simply generate surveillance reports: reports must be reasonably designed, properly calibrated, consistently reviewed, and supported by trained personnel, adequate resources, and clear procedures.

The order also shows that FinCEN will closely examine whether a firm’s customer due diligence program is truly risk-based. The Federal Financial Institutions Examination Council (FFIEC) makes this plain in its overview of customer due diligence: “The cornerstone of a strong BSA/AML compliance program is the adoption and implementation of risk-based [customer due diligence] policies, procedures, and processes …”

As a practical matter, merely collecting documents during onboarding is not sufficient unless there is also an evaluation of the source of funds, beneficial ownership, customer purpose, activity patterns, or adverse information that should affect risk ratings and ongoing monitoring. The same principle applies to non-U.S. correspondent accounts. Due diligence is essential not only at the outset but throughout the life of a transaction or business relationship. Absent such ongoing vigilance and a commitment to monitoring compliance on a continuing basis, it can be easy for violations to occur. And when there are systemic issues because of an inadequate set of processes, those violations can quickly proliferate.

Send Print Report

Related Posts

• FinCEN Interim Final Rule Signals End of Domestic Entities’ CTA Reporting Obligations
• FinCEN Extends BOI Reporting Deadlines: Key Updates for Reporting Companies

Latest Posts

• FinCEN Update: Huge Penalty on Broker-Dealer for Willful AML, SAR, and Due Diligence Failures
• Healthcare Regulatory & Compliance Summit 2026 Recap
• Federal Appeals Court Invalidates NLRB’s Cemex Standard See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Bass, Berry & Sims PLC
2026

Written by:

Bass, Berry & Sims PLC Contact + Follow Michael Brady + Follow Thaddeus McBride + Follow James Parkinson + Follow

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Anti-Money Laundering + Follow Bank Secrecy Act + Follow Broker-Dealer + Follow BSA/AML + Follow Civil Monetary Penalty + Follow Due Diligence + Follow Enforcement Actions + Follow Financial Crimes + Follow Financial Industry Regulatory Authority (FINRA) + Follow FinCEN + Follow Penalties + Follow Reporting Requirements + Follow Securities and Exchange Commission (SEC) + Follow Suspicious Activity Reports (SARs) + Follow General Business + Follow Finance & Banking + Follow Securities + Follow more

Bass, Berry & Sims PLC on:

Solve with 2Captcha

Solve with 2Captcha