On March 6, the Financial Crimes Enforcement Network (FinCEN) announced a historic $80 million civil money penalty against Canaccord Genuity LLC for willful violations of the Bank Secrecy Act (BSA) and its implementing regulations. FinCEN, which is part of the U.S. Treasury Department, has principal responsibility for administration of U.S. anti-money laundering (AML) and terrorist financing laws.

This largest-ever penalty imposed by FinCEN against a broker-dealer serves as a reminder of the importance of tailored, risk-based AML compliance and due diligence and compliance oversight.

Penalty Imposed by FinCEN in Conjunction with Securities & Exchange Commission and Financial Industry Regulatory Authority

Canaccord is a U.S.-based broker-dealer that buys and sells securities both on its own behalf and for clients. The firm is registered with the U.S. Securities & Exchange Commission (SEC) and is a member of the Financial Industry Regulatory Association (FINRA). The company is a subsidiary of Canaccord Genuity Group Inc., a firm incorporated in British Columbia and publicly traded on the Toronto Stock Exchange.

According to FinCEN, the company failed to maintain an adequate AML program, report suspicious activity, and conduct required due diligence on accounts for non-U.S. financial institutions.

Although FinCEN imposed an $80 million penalty, it agreed to suspend $5 million and credit Canaccord’s $20 million payment to the SEC and $20 million payment to FINRA, leaving $35 million payable to the U.S. Treasury, underscoring the multi-agency nature of the investigation and enforcement action. The SEC serves as Canaccord’s primary federal regulator and examines broker-dealers for compliance with the BSA and related securities law requirements. FINRA, the self-regulatory organization overseeing broker-dealers, also examines member firms like Canaccord for AML compliance.

Canaccord Did Not Adequately Invest in Compliance Resources

During the relevant period (March 2018 through June 2024), Canaccord operated both a wholesale market-making business and a trade execution business for institutional customers. FinCEN emphasized that, during this time, the firm was among the most active market makers in over-the-counter (OTC) low-volume and low-priced securities, including microcap and penny stocks.

According to the consent order, Canaccord did not dedicate sufficient resources to compliance. Among other things, the firm failed to ensure that personnel responsible for AML monitoring had the experience, training, and oversight needed to perform the job effectively. FinCEN also found that certain reports concerning low-priced, low-volume, pump-and-dump, self-trading, and wash-sale activity went unreviewed for months or even years.

These weaknesses were compounded by customer due diligence failures and inadequate oversight of correspondent accounts for foreign financial institutions. FinCEN found that Canaccord often applied the same basic onboarding diligence to all customers regardless of risk, failed to consistently verify beneficial ownership information, did not maintain an effective process for updating customer risk profiles, and failed to take additional steps even when high-risk indicators emerged. FinCEN also found that the firm operated foreign correspondent accounts without obtaining or evaluating key risk information and failed to apply enhanced due diligence even after internal and external warning signs emerged.

FinCEN: Canaccord Willfully Violated the Bank Secrecy Act

FinCEN determined that Canaccord had willfully violated the BSA and its implementing regulations; specifically, the firm willfully failed to:

  • Implement and maintain an AML program that meets the minimum requirements of the BSA.
  • Accurately and timely report suspicious transactions to FinCEN.
  • Conduct due diligence on U.S. correspondent accounts for non-U.S. financial institutions.

FinCEN emphasized that Canaccord’s violations were prolonged, systemic, and serious because they occurred in high-risk business lines where suspicious activity risks were well known. Canaccord reportedly had been aware of AML deficiencies for years, including through prior FINRA examinations, yet failed to remediate those issues in a timely or adequate manner. Rather than building a surveillance and escalation framework suited to a business heavily involved in OTC microcap trading, the firm relied on surveillance reports that were not reasonably calibrated to its business. Many reports were generated daily, and often contained huge amounts of data. Canaccord personnel also relied on manual filtering of reports to make the volume of reports more manageable. In fact, FinCEN notes, in many cases surveillance reports were not meaningfully reviewed at all.

FinCEN also focused on evidence suggesting that the firm’s suspicious activity monitoring controls failed at a foundational level. According to FinCEN, two compliance employees falsified records to make it appear that trade surveillance reviews had been completed, including one employee who allegedly falsified nearly 400 documents and another who backdated policies and procedures. FinCEN also cited a third-party review from November 2023 that found Canaccord lacked written trade surveillance guidance, consistent investigation standards, and quality assurance measures.

Failure to File Suspicious Activity Reports

Suspicious Activity Report (SAR) failures were central to the penalty. Based on preliminary SAR lookback results, FinCEN found that Canaccord failed to file at least 160 SARs tied to dozens of OTC securities and thousands of suspicious transactions. FinCEN highlighted examples involving suspected pump-and-dump and manipulative trading activity involving one security in which suspicious transactions totaled nearly $100 million, and another security for which Canaccord allegedly failed to act on multiple red flags even after an SEC trading suspension and an internal recommendation to file a SAR. FinCEN concluded that these failures deprived law enforcement of timely and critical financial information.

FinCEN likewise emphasized the risks created by weak customer due diligence and correspondent account controls. The order describes customers with apparent ties to higher-risk jurisdictions, sanctions concerns, dramatic unexplained growth, bearer-share ownership, and alleged connections to illicit actors. Yet Canaccord often failed to elevate risk ratings, conduct enhanced due diligence, or meaningfully update customer files. FinCEN viewed these deficiencies as especially significant because they allowed higher-risk actors to access the U.S. financial system without appropriate controls or oversight.

In total, FinCEN identified several aggravating factors that, in its view, justified the size of the penalty. According to the agency, Canaccord had ample notice of deficiencies in its AML program but failed to take meaningful corrective action for years. FinCEN found that the firm underinvested in its AML program and, in doing so, avoided significant expenses it otherwise would have incurred to manage the risks associated with a high-risk line of business. The agency also concluded that Canaccord’s violations were numerous, substantial in aggregate value, and extended over a lengthy period, allowing suspicious and potentially illicit activity to flow through the firm unreported for years. FinCEN further emphasized that Canaccord’s deficient customer due diligence practices allowed high-risk customers, including some with reported ties to illicit actors, to access the U.S. financial system without appropriate controls or oversight.

FinCEN acknowledged that Canaccord eventually implemented remedial measures, including enhancements to trade surveillance, a SAR lookback, increased compliance staffing, and the retention of third-party consultants, but noted that those measures were not taken particularly promptly.

Lessons Learned: Importance of Tailored AML Controls, Appropriate Due Diligence

This action is a reminder that FinCEN expects broker-dealers (and other regulated parties) to structure AML controls to the actual risk profile of their business, especially when operating in high-risk markets. It is not enough to simply generate surveillance reports: reports must be reasonably designed, properly calibrated, consistently reviewed, and supported by trained personnel, adequate resources, and clear procedures.

The order also shows that FinCEN will closely examine whether a firm’s customer due diligence program is truly risk-based. The Federal Financial Institutions Examination Council (FFIEC) makes this plain in its overview of customer due diligence: “The cornerstone of a strong BSA/AML compliance program is the adoption and implementation of risk-based [customer due diligence] policies, procedures, and processes …”

As a practical matter, merely collecting documents during onboarding is not sufficient unless there is also an evaluation of the source of funds, beneficial ownership, customer purpose, activity patterns, or adverse information that should affect risk ratings and ongoing monitoring. The same principle applies to non-U.S. correspondent accounts. Due diligence is essential not only at the outset but throughout the life of a transaction or business relationship. Absent such ongoing vigilance and a commitment to monitoring compliance on a continuing basis, it can be easy for violations to occur. And when there are systemic issues because of an inadequate set of processes, those violations can quickly proliferate.

Please contact the authors if you have any questions.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Michael Brady Michael Brady

Michael Brady joined Bass, Berry & Sims in 2007 as a Member of the firm and serves as co-chair of its Broker-Dealer & Financial Products Practice Group. For over twenty-five years, Michael has focused his practice on serving clients in the financial services…

Michael Brady joined Bass, Berry & Sims in 2007 as a Member of the firm and serves as co-chair of its Broker-Dealer & Financial Products Practice Group. For over twenty-five years, Michael has focused his practice on serving clients in the financial services industry in a wide range of matters including defending class actions and investor arbitrations, litigating non-compete and recruitment cases, and prosecuting and defending raiding claims. Michael has appeared before courts and arbitration panels throughout the country representing broker-dealers, financial institutions, investment advisers and registered representatives in disputes involving sales practices, breach of contract, complex structured products and product failure(s), selling away, raiding and employee transitions, and allegations of fraud, breach of fiduciary duty and failure to supervise.

Read more about Michael Brady
Show more Show less
Photo of Thad McBride Thad McBride

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP)…

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP), and the Foreign Corrupt Practices Act (FCPA). He also advises clients on anti-boycott controls, and assists companies with matters involving the Committee on Foreign Investment in the United States (CFIUS). Thad supports international companies across a range of industries, including aviation, automotive, defense, energy, financial services, manufacturing, medical devices, oilfield services, professional services, research and development, retail, and technology. Beyond advising on day-to-day compliance matters, Thad regularly assists clients in investigations and enforcement actions brought by government agencies, including the U.S. Department of Justice (DOJ), the U.S. Treasury Department Office of Foreign Assets Control (OFAC), the U.S. State Department Directorate of Defense Trade Controls (DDTC), Customs and Border Protection (CBP), the U.S. Commerce Department Bureau of Industry & Security (BIS), and the Securities & Exchange Commission.

Read more about Thad McBride
Show more Show less
Photo of James Parkinson James Parkinson

Jamie Parkinson focuses his practice on counseling businesses and individuals in regulatory compliance and government investigations, with an emphasis on multi-jurisdictional and Foreign Corrupt Practices Act (FCPA) matters. A member of the firm’s Compliance & Government Investigations group, Jamie  has significant experience navigating…

Jamie Parkinson focuses his practice on counseling businesses and individuals in regulatory compliance and government investigations, with an emphasis on multi-jurisdictional and Foreign Corrupt Practices Act (FCPA) matters. A member of the firm’s Compliance & Government Investigations group, Jamie  has significant experience navigating cross-border matters and representing clients in criminal and civil enforcement actions involving the FCPA, extradition, securities fraud, insider trading, false statements and environmental issues.

Read more about James Parkinson
Show more Show less
Related Posts
Is the “Pause” Over? DOJ Resumes FCPA Enforcement, Announces Guidelines
June 12, 2025
Anti-Money Laundering Update: California Card Club Clubbed by FinCEN for AML Violations
November 21, 2017

From the Bass, Berry & Sims Blog Network
From the Bass, Berry & Sims Blog Network

Thought Leadership by our Attorneys.