Industry News

FinCEN’s $80M AML Enforcement Against Canaccord: Key Lessons for Broker-Dealer

March 10, 2026·2 min read

FinCEN imposed an $80 million AML penalty on Canaccord Genuity for major BSA failures, weak transaction monitoring, and SAR reporting deficiencies. Key lessons for broker-dealers

The recent enforcement action by Financial Crimes Enforcement Network (FinCEN) against Canaccord Genuity marks a significant milestone in U.S. anti-money laundering (AML) enforcement within the securities sector. Through FinCEN Consent Order No. 2026-01, regulators imposed an $80 million civil penalty for willful violations of the Bank Secrecy Act (BSA), the largest AML penalty ever issued by FinCEN against a broker-dealer.

Key AML Takeaways – FinCEN Consent Order No. 2026-01:

Record AML enforcement penalty

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) imposed an $80 million civil penalty for willful violations of the Bank Secrecy Act (BSA), marking the largest FinCEN penalty against a broker-dealer for AML failures.

Failure to file Suspicious Activity Reports (SARs)

The firm failed to file at least 160 SARs despite large volumes of transactions displaying potential red flags.

Inadequate transaction monitoring and surveillance

Canaccord relied heavily on manual reviews of alerts generated by internal surveillance systems, which proved ineffective in detecting suspicious trading patterns.
Numerous alerts remained unreviewed for extended periods, sometimes months or years.

Weak AML controls in high-risk trading activity

The firm conducted significant volumes of low-priced over-the-counter securities trading, a segment commonly associated with market manipulation and money laundering risks.

Exposure to high-risk foreign actors

Suspicious transactions included activity linked to a Cyprus-based entity reportedly assisting Russian oligarchs in moving funds out of Russia, highlighting deficiencies in risk detection and escalation processes.

Compliance misconduct and control failures

Two compliance staff members falsified records to make it appear that surveillance alerts had been reviewed, indicating major governance and oversight weaknesses.

AML program deficiencies identified by FinCEN

Weak or ineffective AML transaction monitoring framework
Failure to timely investigate and escalate suspicious activity alerts

Insufficient AML staffing and supervision

Deficient internal controls and compliance culture.

Remediation and compliance obligations

The firm must implement enhanced AML controls and governance reforms, including improved surveillance and compliance oversight.
FinCEN requires engagement of an independent compliance consultant to assess and strengthen the AML program.

Regulatory message to broker-dealers

FinCEN emphasized that the case should serve as a warning to securities firms that inadequate AML monitoring and SAR reporting will lead to significant enforcement actions.

Share this article:

Industry NewsMay 29, 2026

Why a sanctions freeze is a data problem before it is a legal one

A data provider's perspective on Swiss Federal Supreme Court judgment 4A_537/2025 of 28 April 2026 In brief — four things to know • The trigger is suspicion, not proof. A Swiss financial institution must freeze and report assets as soon as it has reasonable suspicion they are directly or indirectly controlled by a sanctioned person — and the freeze applies automatically, by law, without waiting for an official order. • The risk hides in the relationships, not the name. The client company and its beneficial owner were on no list; the exposure ran through extended family — the owner was the spouse of the sanctioned person's nephew. Plain name-against-list screening catches none of this. • “Family” is defined differently everywhere. EU and UK PEP rules use a narrow, closed list (spouse, children, parents); Switzerland's PEP rule is open-ended (“persons close for family, personal or business reasons”); and sanctions regimes turn on control, not kinship — with US measures reaching furthest through the “acting on behalf of” and 50% rules. • For data providers, it is a balancing act. The job is to map relationships richly enough to support any of these tests, while respecting data-protection limits and keeping false positives manageable — and to leave the final call on “how close is too close” to the client. Sanctions screening is often imagined as a clean, binary exercise: a name either matches an entry on a list, or it does not. The reality our clients deal with every day is far messier — and a recent judgment from the Swiss Federal Supreme Court is a useful reminder of just how subtle the line can be. Very often the hard question is not whether someone is listed, but how far a chain of family and ownership links has to run before the assets at the other end of it are caught by a freeze. This case sits squarely on that line.

Industry NewsApril 24, 2026

UK Sanctions End-Use Controls: Why Diversion Risk Now Deserves Closer Attention

The UK government’s new guidance on Sanctions End-Use Controls (SEUC) is a useful reminder that sanctions compliance no longer stops with checking the name in front of you.

Industry NewsApril 6, 2026

OFAC Advisory (March 2026): What It Means for Data & SaaS Platforms

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has issued a new advisory highlighting the growing use of sham transactions to evade sanctions. These structures are designed to obscure the involvement of sanctioned entities through intermediaries, complex ownership, or misleading documentation.