Coordinated $80 Million AML Enforcement Action Highlights Breakdown Between Policy and Practice

Image of corporate building exterior close upSEC³ Compliance
April 28, 2026

Regulators continue to focus on AML programs that exist on paper but fail in practice, particularly in higher-risk trading environments such as microcap and over-the-counter markets.

What Happened

On March 6, 2026, Financial Crimes Enforcement Network, the U.S. Securities and Exchange Commission, and Financial Industry Regulatory Authority brought coordinated enforcement actions against Canaccord Genuity LLC arising from significant anti-money laundering failures tied to its over-the-counter trading business.

The coordinated resolutions resulted in a $80 million total monetary settlement, including amounts payable to the SEC and FINRA. FinCEN also required additional remedial undertakings, including independent consultant review work.

You can review the primary orders here:
FinCEN Consent Order
SEC Cease-and-Desist Order
FINRA Letter of Acceptance, Waiver, and Consent

Regulators found that the firm failed to maintain an AML program reasonably designed to address the risks of its business. Surveillance alerts identifying potentially suspicious trading activity were not properly reviewed, and in some cases went unaddressed for extended periods. The firm also failed to conduct adequate customer due diligence, including for higher-risk foreign accounts, and did not file required suspicious activity reports despite the presence of multiple red flags.

These failures occurred over several years and persisted despite prior regulatory findings identifying similar deficiencies.

Compliance Breakdowns

This matter reflects several compliance breakdowns that regulators continue to prioritize:

• AML programs not aligned with the actual risk profile of the business
• Surveillance alerts generated but not timely or meaningfully reviewed
• Inadequate customer due diligence, including for higher-risk or foreign accounts
• Failures to identify, escalate, and report suspicious trading activity
• Insufficient staffing, expertise, or oversight within compliance functions
• Weak supervisory structures and lack of accountability
• Failure to remediate known issues after prior examinations

A key theme in this case is that regulators are focused on whether compliance controls are functioning effectively in practice, not simply whether policies exist.

Charges and Resolution

FinCEN found willful violations of the Bank Secrecy Act, including failures relating to AML program design, customer due diligence, and suspicious activity reporting.

The SEC found that the firm failed to file required suspicious activity reports in connection with potentially suspicious trading activity, including transactions exhibiting common indicators of market manipulation.

FINRA cited additional AML, supervisory, recordkeeping, and trading-related violations, including failures to implement effective supervisory systems and to address previously identified deficiencies.

As part of the resolution, the firm agreed to undertake significant remedial measures, including engaging an independent consultant to conduct a comprehensive lookback review of suspicious activity reporting and implementing enhancements to its AML and supervisory controls.

Why This Matters

This case underscores that regulators expect AML programs to be risk-based, properly resourced, and actively implemented on an ongoing basis.

For firms operating in higher-risk areas, it is not enough to maintain written policies or generate surveillance alerts. Firms must demonstrate that alerts are reviewed promptly, red flags are investigated and escalated, reporting decisions are documented, and compliance functions are staffed with appropriate expertise.

The case also highlights the heightened enforcement risk associated with repeat deficiencies. Where regulators have previously identified issues, firms are expected to take meaningful corrective action. Failure to do so can significantly increase exposure to enforcement.

How SEC3 Compliance Can Help

SEC3 Compliance works with firms to ensure that compliance programs operate effectively in practice, not just in design. We assist with:

• AML program assessments tailored to business risk
• Independent testing of surveillance, escalation, and reporting processes
• Customer due diligence and onboarding reviews
• Suspicious activity reporting frameworks and documentation practices
• Mock examinations and regulatory readiness assessments
• Remediation planning and implementation support

If your firm operates in higher-risk areas or has received prior regulatory feedback, now is the time to confirm that your controls are functioning as intended.

This alert is provided for informational purposes only and does not constitute legal or investment advice.

Need assistance with your compliance program? SEC’s team of experienced compliance professionals can help. For more information, please email us at info@sec3compliance.com, call (212) 706-4029 x 214, or visit our website at www.sec3compliance.com.

SEC3 provides links to other publicly available legal and compliance websites for your convenience. These links have been selected because we believe they provide valuable information and guidance. The information in this e-newsletter is for general guidance only. It does not constitute the provision of legal advice, tax advice, accounting services, or professional consulting of any kind

Fuel your curiosity! Explore and learn more at https://sec3compliance.com/news-events/

Photo by John Unwin on Unsplash