Skip to content
  • There are no suggestions because the search field is empty.

FinCEN Compliance Checklist for Security Exchanges

Bank Secrecy Act (BSA) & Anti-Money Laundering Compliance Checklist

The Financial Crimes Enforcement Network (FinCEN) is the United States financial intelligence unit responsible for administering and enforcing Anti-Money Laundering (AML) requirements under the Bank Secrecy Act (BSA). National securities exchanges registered with the SEC are subject to FinCEN oversight and are expected to maintain robust AML compliance programs commensurate with their role as systemically important market infrastructure.

This checklist is intended to help security exchanges understand the core compliance requirements that may apply to their operations. While exchanges primarily serve as self-regulatory organizations (SROs) and trading venues rather than direct customer-facing financial institutions, they bear significant AML-related obligations through their market surveillance, member oversight, and direct participant relationships. Regulatory expectations encompass both traditional equities and fixed income markets as well as emerging obligations for exchanges operating or planning to operate markets for tokenized securities and digital asset securities.

A national securities exchange is generally considered subject to FinCEN-related obligations if it operates a trading venue for listed securities, provides direct market access to members and participants, operates a clearing or settlement function, maintains participant account relationships, processes payments or margin, or exercises SRO authority over member broker-dealers. Exchanges seeking to operate alternative trading systems (ATS) or platforms for tokenized/digital asset securities face additional emerging compliance and registration requirements under evolving SEC and FinCEN guidance.

If your organization operates as a registered national securities exchange within the United States, it is important to ensure that your AML compliance program and market surveillance framework meet FinCEN and SEC requirements. Failure to maintain an effective program can result in regulatory enforcement actions, loss of registration, monetary penalties, reputational damage, and systemic risk to market integrity.

Required - Mandatory by regulation

Needs tool - Technology required

Emerging - New/digital asset obligation

 

BSA/AML Program Framework

  • Written BSA/AML compliance program approved by Board of Directors Required
  • Designated BSA/AML Compliance Officer with authority and sufficient resources Required
  • Regular reporting of BSA/AML activities and market surveillance findings to Board and senior management Required
  • Enterprise-wide BSA/AML risk assessment documented, maintained, and updated periodically Required
  • AML/BSA policies and procedures tailored to exchange operations, participant types, and listed products Required
  • Annual independent audit of BSA/AML program (internal or external) Required
  • Comprehensive AML training for all employees and exchange staff (annual minimum) Required
  • Training for Board and senior management on AML compliance requirements and SRO responsibilities Required

Participant Onboarding & Due Diligence

  • Collect and verify identity of all direct market participants, members, and sponsored access users Required Needs tool
  • Verify participant identity using documentary and/or non-documentary evidence Required
  • Compare participant identity against FinCEN Exclusion List, OFAC lists, and negative media Required Needs tool
  • Identify and verify beneficial owners of all legal entity participants (25%+ ownership threshold) Required
  • Understand the nature and purpose of each participant relationship and expected trading activity Required
  • Obtain information on source of funds/source of wealth for higher-risk participants Required
  • Enhanced due diligence for higher-risk participants (foreign entities, offshore funds, high-volume traders) Required Needs tool
  • Ongoing monitoring and periodic update of participant information Required Needs tool

Market Surveillance & Transaction Monitoring

  • Implement automated market surveillance system covering all listed securities and trading activity Required Needs tool
  • Monitor for market manipulation: spoofing, layering, wash trading, and front-running Required Needs tool
  • Monitor for pump-and-dump schemes and coordinated trading patterns across accounts Required Needs tool
  • Monitor for unusual volume, price movements, or trading patterns inconsistent with market norms Required Needs tool
  • Implement cross-market surveillance to detect manipulation spanning multiple venues or instruments Required Needs tool
  • Document investigation and escalation procedures for flagged surveillance alerts Required
  • Escalate suspicious trading activity to SAR review process within defined timeframe Required
  • Coordinate with FINRA, SEC, and law enforcement on referrals of suspicious market activity Required

Suspicious activity Reporting (SARs)

  • File Suspicious Activity Reports (SARs) for suspicious transactions or trading platforms Required
  • File SARs within 30 calendar days of detection of suspicious activity Required
  • Establish internal SAR procedures including investigation, documentation and escalation Required
  • Designate individuals responsible for SAR review and filing Required
  • Train staff on recognizing suspicious market activity and escalation procedures Required
  • Maintain confidentiality regarding SAR filings (tipping-off prohibition) Required

OFAC Sanctions Compliance

  • Screen all participants against OFAC SDN List at onboarding and upon sanctions list updates Required Needs tool
  • Implement ongoing OFAC screening procedures covering participants and listed issuers Required Needs tool
  • Suspend or restrict trading by participants or in securities matching OFAC designations Required
  • Report blocked transactions to OFAC within 10 business days Required
  • Maintain records of OFAC compliance actions and blocked transactions Required
  • Document OFAC sanctions policies and procedures Required

Customer Due Diligence (CDD) - Beneficial Ownership

  • Identify all beneficial owners of legal entity participants (persons owning 25%+ of entity) Required
  • Verify beneficial owner identity through government ID or other reliable means Required Needs tool
  • Maintain and periodically update records of beneficial owners of participants Required
  • Understand the anticipated trading purpose and activity profile of each participant relationship Required
  • Implement ongoing monitoring of participant and beneficial owner information Required Needs tool

Listing Standards & Issuer Due Diligence

  • Apply AML-related listing standards requiring issuer disclosure of beneficial ownership and control persons Required
  • Review issuer filings for red flags associated with shell companies or high-risk jurisdictions Required
  • Conduct enhanced review of issuers seeking listing from high-risk countries or with complex structures Required
  • Monitor listed issuers for SEC enforcement actions, delistings, or AML-related developments Required Needs tool
  • Maintain procedures for emergency trading halts related to suspected market manipulation or fraud Required

SRO Oversight & Member Supervision

  • Establish rules requiring member broker-dealers to maintain AML programs compliant with FinCEN requirements Required
  • Conduct periodic AML-related examinations of member firms Required
  • Refer significant AML findings to SEC, FINRA, or FinCEN as appropriate Required
  • Maintain whistleblower and internal reporting mechanisms for AML-related concerns Required
  • Document member supervision procedures and examination findings Required

Digital Asset Securities and Tokenized Markets (Emerging)

  • Assess whether exchange operations for tokenized or digital asset securities trigger additional registration or AML obligations Required Emerging
  • Implement blockchain analytics and on-chain surveillance for markets trading tokenized securities Needs tool Emerging
  • Apply Travel Rule compliance procedures for transfers of digital asset securities at applicable thresholds Required Emerging
  • Perform enhanced due diligence for participants accessing digital asset securities markets Required Emerging
  • Monitor for DeFi-related activity, mixer usage, or anonymizing technology in participant wallets Needs tool Emerging
  • Engage legal counsel to assess ATS vs. national exchange registration requirements for tokenized markets Required Emerging
  • Establish procedures to suspend trading in tokenized securities upon OFAC or sanctions match Required Emerging
  • Maintain audit trail of on-chain and off-chain trading activity for tokenized securities markets Required Emerging

Record-keeping & Documentation

  • Retain all participant CIP documentation for minimum 5 years after relationship termination Required
  • Maintain CDD and beneficial ownership records for 5+ years Required
  • Maintain records of all SARs filed and related documentation Required
  • Document all SAR investigations and decisions Required
  • Maintain surveillance logs, monitoring activity, and alert investigation records Required
  • Keep audit trail of all AML system modifications and compliance reviews Required
  • Maintain training records and employee certifications Required

Regulatory Compliance & Examination Readiness

  • Prepare for periodic SEC and FinCEN examinations of BSA/AML program and market surveillance Required
  • Document policies and procedures in audit-ready format Required
  • Maintain evidence of compliance testing and controls effectiveness Required
  • Address any prior examination findings and regulatory requests Required
  • Maintain documented coordination protocols with SEC, FINRA, CFTC, and FinCEN Required

 

Need help with your FinCEN compliance program? Click here to schedule a call with one of our experts.