Overview
On March 6, 2026, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), in coordination with the US Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA), assessed an $80 million penalty against broker-dealer Canaccord Genuity LLC for violations of the federal anti-money laundering (AML) laws, including the Bank Secrecy Act (BSA) and its implementing regulations. The enforcement action is notable not only because it is the largest penalty assessed against a broker-dealer for AML violations, but also because of the close coordination among FinCEN, the SEC, and FINRA, the detailed nature of the regulator findings, and the egregiousness of the facts. The sizable civil money penalty reflects the severity of compliance failures and the risk to the market for allowing those failures to continue.
Below, we highlight notable aspects of the FinCEN, SEC, and FINRA releases.
In Depth
FinCEN consent order
FinCEN issued a consent order assessing an $80 million civil money penalty against Canaccord, which provided wholesale market making for over-the-counter (OTC) low-price securities and trade execution for institutional customers. As part of the resolution of the enforcement action, Canaccord admitted several violations of federal AML laws.
First, FinCEN found that Canaccord willfully failed to implement and maintain an AML program that adequately managed the exposure from its high-risk OTC market-making business line, violating 31 U.S.C. § 5318(h) and 31 C.F.R. § 1023.210. Surveillance reports designed to identify suspicious trading went unreviewed. Further, two compliance employees admitted they had falsified records to appear as though they had completed the required reviews. Second, FinCEN determined that Canaccord failed to conduct sufficient customer due diligence (CDD) on foreign correspondent accounts, violating 31 U.S.C. § 5318(i) and 31 C.F.R. § 1010.610. Canaccord onboarded and maintained such accounts without obtaining key information about business purpose, expected activity, or jurisdictional risks and failed to perform ongoing monitoring. To the extent it did collect documents, Canaccord did not conduct further evaluation or any ongoing due diligence to maintain customer information and risk profiles. Third, FinCEN identified at least 160 instances where Canaccord failed to file suspicious activity reports (SARs), violating 31 U.S.C. § 5318(g) and 31 C.F.R. § 1023.320. This included transactions later revealed to be part of pump-and-dump schemes, as well as numerous other instances where Canaccord failed to appropriately investigate and act upon red flags, including matched trades, prearranged trades, rapid deposit and liquidation patterns, domination of trading volume of a security, and marking the close.
FinCEN found these violations to be egregious because of their volume and because the AML deficiencies were not cured despite regulators repeatedly identifying issues. As early as 2013, FINRA had identified deficiencies in Canaccord’s AML program and suggested increased use of electronic and automated reports, which Canaccord committed to implementing. However, a 2016 FINRA analysis of a sample of transactions found that compliance reviews of flagged trades continued to be inadequate. Canaccord again committed to enhancing its AML program but failed to do so.
In addition to the monetary penalty, Canaccord agreed to hire a qualified independent consultant to conduct a SAR lookback review to identify other instances of noncompliance.
SEC cease-and-desist order
Simultaneously with the FinCEN consent order, the SEC issued a cease-and-desist order imposing sanctions against Canaccord for the same conduct cited by FinCEN. The SEC found that Canaccord willfully violated Section 17(a) of the Exchange Act and Rule 17a-8 by failing to file approximately 150 SARs.[1]
Like FinCEN, the SEC found Canaccord’s misconduct to be egregious because it occurred despite repeated regulatory guidance issued by FinCEN and FINRA that highlighted red flags relevant to Canaccord’s microcap and penny stock valuation and trading business, emphasizing the need for robust monitoring of such transactions.[2]
FINRA letter of acceptance, waiver, and consent
Finally, FINRA named Canaccord in a letter of acceptance, waiver, and consent (AWC) stemming from the same conduct described in the FinCEN and SEC orders. The AWC detailed wide‑ranging violations of FINRA rules, including Rule 3310 (failure to develop and implement a written AML program reasonably designed to achieve compliance with the BSA), Rule 3110 (failing to implement a supervisory system to ensure compliance with AML rules), Rule 8210 (submitting falsified documents), Rule 5310 (failing to comply with best execution rules), Rule 5260 (trading through halts), Rule 5320 (trading ahead of customers), Rule 6460 (undue delays in execution and display of orders), and Rule 2010 (violations of standards of commercial honor).[3]
FINRA also noted that Canaccord relied on an underqualified and severely understaffed trading compliance group that “failed to review most of the firm’s surveillance reports for extended periods,” with some delays lasting years.
Additionally, FINRA faulted Canaccord for its failure to address these violations following numerous prior warnings. For example, FINRA warned Canaccord following AML examinations that its suspicious activity surveillance was deficient in 2014, that its completion of surveillance reviews and monitoring of foreign correspondent accounts were deficient in 2017, and that it failed to remediate the issues identified in the 2014 review in 2018.
Canaccord submitted a statement of corrective action describing steps it had taken to address the issues identified by FINRA, including increasing AML staffing, exiting the OTC market-making business, closing the majority of foreign customer accounts, and retaining independent consultants to conduct a comprehensive review of its AML program, which included a SAR lookback and enhancements to its onboarding due diligence process. Despite these significant actions, FINRA assessed a $20 million fine against Canaccord.
Conclusion
In the wake of these actions, broker-dealers and other financial institutions should evaluate their AML programs to ensure their effectiveness and remediate any previously identified problems. Financial institutions should also verify that their AML programs are appropriately resourced given the risks presented by the business, both with respect to staffing and training. The FinCEN and SEC orders, along with FINRA’s AWC, emphasize that high-risk business models require proportionate AML efforts and that CDD and ongoing monitoring must be rigorous and risk based. Entities should carefully review:
- Staffing and resources for AML compliance capabilities
- Onboarding due diligence processes
- Suspicious trading activity surveillance policies and reporting
- AML policies and procedures specific to high-risk business lines
- Prior guidance received from federal regulators to confirm implementation
Our lawyers have decades of experience helping financial institutions comply with AML requirements and handling examinations and enforcement actions. If you have questions or if you would like to discuss whether your AML program is sufficiently resourced, appropriately tailored to your business, or otherwise vulnerable to enforcement, please contact your regular McDermott Will & Schulte lawyer or the authors of this alert.