December 3, 2018.
Pursuant to Section 19(b)(1) 
of the Securities Exchange Act of 1934 
and Rule 19b-4 thereunder,
notice is hereby given that, on November 20, 2018, the Investors Exchange LLC (“IEX” or “Exchange”) filed with the Securities and Exchange Commission (“Commission”) the proposed rule change as described in Items I, II, and III below, which Items have been prepared by the Exchange. The Commission is publishing this notice to solicit comments on the proposed rule change from interested persons.
I. Self-Regulatory Organization's Statement of the Terms of Substance of the Proposed Rule Change
Pursuant to the provisions of Section 19(b)(1) under the Securities Exchange Act of 1934 (“Act”),
and Rule 19b-4 thereunder,
IEX is filing with the Commission a proposed rule change to amend IEX Rule 5.160 (Anti-Money Laundering Compliance Program) to reflect the Financial Crimes Enforcement Network's (“FinCEN”) adoption of a final rule on Customer Due Diligence Requirements for Financial Institutions (“CDD Rule”). Specifically, the proposed amendments would conform IEX Rule 5.160 to the CDD Rule's amendments to the minimum regulatory requirements for Member' anti-money laundering (“AML”) compliance programs by requiring such programs to include risk-based procedures for conducting ongoing customer due diligence. This ongoing customer due diligence element for AML programs includes: (1) Understanding the nature and purpose Start Printed Page 63550of customer relationships for the purpose of developing a customer risk profile; and (2) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. The Exchange has designated this rule change as “non-controversial” under Section 19(b)(3)(A) of the Act 
and provided the Commission with the notice required by Rule 19b-4(f)(6) thereunder.
The text of the proposed rule change is available at the Exchange's website at www.iextrading.com, at the principal office of the Exchange, and at the Commission's Public Reference Room.
II. Self-Regulatory Organization's Statement of the Purpose of, and the Statutory Basis for, the Proposed Rule Change
In its filing with the Commission, the self-regulatory organization included statements concerning the purpose of and basis for the proposed rule change and discussed any comments it received on the proposed rule change. The text of these statement may be examined at the places specified in Item IV below. The self-regulatory organization has prepared summaries, set forth in Sections A, B, and C below, of the most significant aspects of such statements.
A. Self-Regulatory Organization's Statement of the Purpose of, and the Statutory Basis for, the Proposed Rule Change
The Bank Secrecy Act 
(“BSA”), among other things, requires financial institutions,
including broker-dealers, to develop and implement AML programs that, at a minimum, meet the statutorily enumerated “four pillars.” 
These four pillars currently require broker-dealers to have written AML programs that include, at a minimum:
- The establishment and implementation of policies, procedures and internal controls reasonably designed to achieve compliance with the applicable provisions of the BSA and implementing regulations;
- independent testing for compliance by broker-dealer personnel or a qualified outside party;
- designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls of the AML program; and
- ongoing training for appropriate persons.
In addition to meeting the BSA's requirements with respect to AML programs, Exchange Members 
must also comply with IEX Rule 5.160, which incorporates the BSA's four pillars, as well as requiring Members' AML programs to establish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of suspicious transactions.
Pursuant to Rule 17d-2 under the Act,
the Exchange and the Financial Industry Regulatory Authority, Inc. (“FINRA”) entered into an agreement to allocate regulatory responsibility for common rules (the “17d-2 Agreement”).
The 17d-2 Agreement covers common members of the Exchange and FINRA, and allocates to FINRA regulatory responsibility, with respect to common members for Exchange rules and certain federal securities laws, rules and regulation that the Exchange certifies are identical or substantially similar to FINRA rules.
IEX Rule 5.160 is substantially similar to FINRA Rule 3310, and therefore among the common rules included in the 17d-2 Agreement.
On May 11, 2016, FinCEN, the bureau of the Department of the Treasury responsible for administering the BSA and its implementing regulations, issued the CDD Rule 
to clarify and strengthen customer due diligence for covered financial institutions,
including broker-dealers. In its CDD Rule, FinCEN identifies four components of customer due diligence: (1) Customer identification and verification; (2) beneficial ownership identification and verification; (3) understanding the nature and purpose of customer relationships; and (4) ongoing monitoring for reporting suspicious transactions and, on a risk basis, maintaining and updating customer information.
As the first component is already required to be part of a broker-dealer's AML program under the BSA, the CDD Rule focuses on the other three components.
Specifically, the CDD Rule focuses particularly on the second component by adding a new requirement that covered financial institutions identify and verify the identity of the beneficial owners of all legal entity customers at the time a new account is opened, subject to certain exclusions and exemptions.
The CDD Rule also addresses the third and fourth components, which FinCEN states “are already implicitly required for covered financial institutions to comply with their suspicious activity reporting requirements,” by amending the existing AML program rules for covered financial institutions to explicitly require these components to be included in AML programs as a new “fifth pillar.”
On November 21, 2017, FINRA published Regulatory Notice 17-40 to provide guidance to member firms regarding their obligations under FINRA Rule 3310 in light of the adoption of FinCEN's CDD Rule.
In addition, the Notice summarized the CDD Rule's impact on member firms, including the addition of the new fifth pillar required for member firms' AML programs. FINRA also recently amended FINRA Rule 3310 to explicitly incorporate the fifth pillar.
This proposed rule change amends IEX Rule 5.160 to harmonize Start Printed Page 63551with the FINRA rule change and incorporate the fifth pillar.
II. IEX Rule 5.160 and Amendment to Minimum Requirements for Members' AML Programs
Section 352 of the USA PATRIOT Act of 2001 
amended the BSA to require broker-dealers to develop and implement AML programs that include the four pillars mentioned above. Consistent with Section 352 of the PATRIOT Act, and incorporating the four pillars, IEX Rule 5.160 requires each Member to develop and implement a written AML program reasonably designed to achieve and monitor the Member's compliance with the BSA and implementing regulations. Among other requirements, IEX Rule 5.160 requires that each member firm, at a minimum: (1) Establish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of suspicious transactions; (2) establish and implement policies, procedures, and internal controls reasonably designed to achieve compliance with the BSA and implementing regulations; (3) provide for annual (on a calendar-year basis) independent testing for compliance to be conducted by Member personnel or a qualified outside party; 
(4) designate and identify to IEX an individual or individuals (i.e., AML compliance person(s)) who will be responsible for implementing and monitoring the day-to-day operations and internal controls of the AML program and provide prompt notification to IEX of any changes to the designation; and (5) provide ongoing training for appropriate persons.
FinCEN's CDD Rule does not change the requirements of IEX Rule 5.160 and Members must continue to comply with its requirements.
However, FinCEN's CDD Rule amends the minimum regulatory requirements for broker-dealers' AML programs by explicitly requiring such programs to include risk-based procedures for conducting ongoing customer due diligence.
Accordingly, IEX is proposing to amend IEX Rule 5.160 to incorporate this ongoing customer due diligence element, or “fifth pillar” required for AML programs. Thus, proposed Rule 5.160(f) would provide that the AML programs required by this Rule shall, at a minimum include appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: (1) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (2) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
As stated in the CDD Rule, these provisions are not new and merely codify existing expectations for Members to adequately identify and report suspicious transactions as required under the BSA and encapsulate practices generally already undertaken by securities firms to know and understand their customers.
The proposed rule change simply incorporates into IEX Rule 5.160 the ongoing customer due diligence element, or “fifth pillar,” required for AML programs by the CDD Rule to aid Members in complying with the CDD Rule's requirements. However, to the extent that these elements, which are briefly summarized below, are not already included in Members' AML programs, the CDD Rule requires Members to update their AML programs to explicitly incorporate them.
III. Summary of Fifth Pillar's Requirements
Understanding the Nature and Purpose of Customer Relationships
FinCEN states in the CDD Rule that firms must necessarily have an understanding of the nature and purpose of the customer relationship in order to determine whether a transaction is potentially suspicious and, in turn, to fulfill their SAR obligations.
To that end, the CDD Rule requires that firms understand the nature and purpose of the customer relationship in order to develop a customer risk profile. The customer risk profile refers to information gathered about a customer to form the baseline against which customer activity is assessed for suspicious transaction reporting.
Information relevant to understanding the nature and purpose of the customer relationship may be self-evident and, depending on the facts and circumstances, may include such information as the type of customer, account or service offered, and the customer's income, net worth, domicile, or principal occupation or business, as well as, in the case of existing customers, the customer's history of activity.
The CDD Rule also does not prescribe a particular form of the customer risk profile.
Instead, the CDD Rule states that depending on the firm and the nature of its business, a customer risk profile may consist of individualized risk scoring, placement of customers into risk categories or another means of assessing customer risk that allows firms to understand the risk posed by the customer and to demonstrate that understanding.
The CDD Rule also addresses the interplay of understanding the nature and purpose of customer relationships with the ongoing monitoring obligation discussed below. The CDD Rule explains that firms are not necessarily required or expected to integrate customer information or the customer risk profile into existing transaction monitoring systems (for example, to serve as the baseline for identifying and assessing suspicious transactions on a contemporaneous basis).
Rather, FinCEN expects firms to use the customer information and customer risk profile as appropriate during the course of complying with their obligations under the BSA in order to determine whether a particular flagged transaction is suspicious.
Conduct Ongoing Monitoring
As with the requirement to understand the nature and purpose of the customer relationship, the requirement to conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information, merely adopts existing supervisory and regulatory expectations as explicit minimum standards of customer due diligence required for firms' AML programs.
If, in the course of its normal monitoring for suspicious activity, the Member detects information that is relevant to assessing Start Printed Page 63552the customer's risk profile, the Member must update the customer information, including the information regarding the beneficial owners of legal entity customers.
However, there is no expectation that the Member update customer information, including beneficial ownership information, on an ongoing or continuous basis.
2. Statutory Basis
IEX believes that the proposed rule change is consistent with the provisions of Section 6(b) 
of the Act in general, and furthers the objectives of Section 6(b)(5) of the Act 
in particular, in that it is designed to prevent fraudulent and manipulative acts and practices, to promote just and equitable principles of trade, to remove impediments to and perfect the mechanism of a free and open market and a national market system, and, in general, to protect investors and the public interest. Specifically, the Exchange believes the proposed rule change will aid Members in complying with the CDD Rule's requirement that Members' AML programs include risk-based procedures for conducting ongoing customer due diligence by also incorporating the requirement into IEX Rule 5.160.
B. Self-Regulatory Organization's Statement on Burden on Competition
IEX does not believe that the proposed rule change will result in any burden on competition that is not necessary or appropriate in furtherance of the purposes of the Act. The proposed rule change simply incorporates into IEX Rule 5.160 the ongoing customer due diligence element, or “fifth pillar,” required for AML programs by the CDD Rule. Regardless of the proposed rule change, to the extent that the elements of the fifth pillar are not already included in Members' AML programs, the CDD Rule requires Members to update their AML programs to explicitly incorporate them. In addition, as stated in the CDD Rule, these elements are already implicitly required for covered financial institutions to comply with their suspicious activity reporting requirements. Further, all IEX Members that have customers are required to be members of FINRA pursuant to Rule 15b9-1 under the Exchange Act,
and are therefore already subject to the requirements of the proposed rule change pursuant to FINRA Rule 3310. IEX is not imposing any additional direct or indirect burdens on member firms or their customers through this proposal, and as such the proposal imposes no new burdens on competition.
C. Self-Regulatory Organization's Statement on Comments on the Proposed Rule Change Received From Members, Participants, or Others
Written comments were neither solicited nor received.
III. Date of Effectiveness of the Proposed Rule Change and Timing for Commission Action
The Exchange has designated this rule filing as non-controversial under Section 19(b)(3)(A) 
of the Act and Rule 19b-4(f)(6) 
thereunder. Because the proposed rule change does not: (i) Significantly affect the protection of investors or the public interest; (ii) impose any significant burden on competition; and (iii) become operative for 30 days from the date on which it was filed, or such shorter time as the Commission may designate, it has become effective pursuant to Section 19(b)(3)(A) of the Act and Rule 19-4(f)(6) thereunder.
At any time within 60 days of the filing of the proposed rule change, the Commission summarily may temporarily suspend such rule change if it appears to the Commission that such action is necessary or appropriate in the public interest, for the protection of investors, or otherwise in furtherance of the purposes of the Act. If the Commission takes such action, the Commission shall institute proceedings under Section 19(b)(2)(B) 
of the Act to determine whether the proposed rule change should be approved or disapproved.
IV. Solicitation of Comments
Interested persons are invited to submit written data, views and arguments concerning the foregoing, including whether the proposed rule change is consistent with the Act. Comments may be submitted by any of the following methods:
- Send paper comments in triplicate to Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.
All submissions should refer to File Number SR-IEX-2018-22. This file number should be included in the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission's internet website (http://www.sec.gov/rules/sro.shtml). Copies of the submission, all subsequent amendments, all written statements with respect to the proposed rule change that are filed with the Commission, and all written communications relating to the proposed rule change between the Commission and any person, other than those that may be withheld from the public in accordance with the provisions of 5 U.S.C. 552, will be available for website viewing and printing in the Commission's Public Reference Section, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10:00 a.m. and 3:00 p.m. Copies of the filing will also be available for inspection and copying at the IEX's principal office and on its internet website at www.iextrading.com. All comments received will be posted without change. Persons submitting comments are cautioned that we do not redact or edit personal identifying information from comment submissions. You should submit only information that you wish to make available publicly. All submissions should refer to File Number SR-IEX-2018-22 and should be submitted on or before December 31, 2018. For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.43
Eduardo A. Aleman,
[FR Doc. 2018-26593 Filed 12-7-18; 8:45 am]
BILLING CODE 8011-01-P