FinCEN, SEC, FINRA Fine Canaccord Genuity $100M for AML Failures

FinCEN, the SEC, and FINRA issued a combined $100 million penalty against Canaccord Genuity LLC on 6 March 2026 for willful failure to establish and maintain an adequate anti-money laundering programme under the Bank Secrecy Act. The enforcement action, settled by consent order, cited systematic gaps in high-risk OTC market-making activities and unreviewed suspicious trading surveillance reports spanning multiple years.

• Regulator's line: FinCEN stated Canaccord knowingly operated without sufficient AML controls for OTC equities and derivatives trading desks despite regulatory guidance on market-making risk.
• The number: $100 million represents the largest penalty issued against a broker-dealer for BSA/AML violations in US regulatory history.
• Timeline: Compliance failures occurred over a multi-year period with no corrective action following internal and external audit findings.
• For compliance teams: OTC market-making desks must now demonstrate documented daily suspicious activity review, trade pattern analytics, and escalation protocols or face similar enforcement exposure.

This penalty signals zero tolerance for passive surveillance systems. Canaccord's case shows regulators now distinguish between technical non-compliance and willful neglect, particularly where SAR reports accumulate unreviewed. Market-making operations face heightened scrutiny because velocity and complexity create blind spots. Compliance officers should conduct immediate audits of OTC desk controls, verify SAR tracking workflows, and document management review cadences. FINRA's involvement strengthens the message that broker-dealer self-regulatory obligations carry equivalent weight to federal BSA requirements.

Switzerland's financial regulator has imposed a $15 million penalty on Mirabaud Bank for material anti-money laundering compliance deficiencies. The enforcement action underscores regulators' focus on executive accountability when AML controls fail to detect or prevent suspicious activity.

• Regulator's line: The Swiss authority cited gaps in customer due diligence procedures and transaction monitoring systems that created systemic risk exposure.
• The number: $15 million represents a significant fine relative to Mirabaud's private banking operation, flagging seriousness of the breaches identified.
• For compliance teams: The penalty reinforces that junior AML officer training alone cannot substitute for governance frameworks and documented escalation procedures at senior management level.

Compliance teams should treat this as a signal that regulators now expect boards and CEOs to own AML performance metrics directly. Review your transaction monitoring thresholds, customer risk classification procedures, and escalation chains. Mirabaud's case suggests that documentation of control decisions matters as much as the controls themselves when regulators investigate.

OFAC issued General License 35 on 14 April 2026, permitting financial institutions and investors to wind down positions in counterterrorism-designated entities on an orderly basis. The licence applies to blocked entities worldwide, with particular focus on Russia-related counterterrorism designations. The authorization is time-limited and requires documented compliance with OFAC blocking rules during exit.

• Regulator's line: OFAC authorizes orderly liquidation of counterterrorism-blocked assets to prevent forced fire-sales and financial instability from sudden divestment mandates.
• Scope: General License 35 covers global counterterrorism designations, primarily entities on OFAC's SDN list with Russia-nexus terrorism tags.
• For compliance teams: Institutions must document wind-down transactions, obtain pre-clearance from OFAC where required, and maintain full audit trails of all divestment activity.

This licence signals OFAC's shift toward managed exit strategies rather than absolute blocking. Compliance teams should review holdings against the SDN list immediately and prepare wind-down documentation now. Watch for OFAC guidance on reporting thresholds and timeline extensions, expected within 30 days. Operational delays in divestment could signal OFAC enforcement focus on institutions missing the compliance window.

Diligent has released Third-Party Risk Intel, an AI agent designed to automate vendor review workflows for compliance, legal, and procurement teams. The tool targets KYC/AML onboarding and vendor risk assessment, claiming 80% time savings on third-party screening processes. Release timing not yet disclosed.

• For compliance teams: The agent handles repetitive screening tasks against sanctions lists, adverse media, and beneficial ownership checks, freeing staff for exception handling and judgment calls on borderline cases.
• The number: 80% time reduction suggests moving typical vendor reviews from weeks to days, material gain for teams managing hundreds of onboardings annually in regulated sectors.
• What changed: Diligent shifts from manual-first workflows to AI-first triage, with human review remaining the final gate on approval decisions and contentious findings.

The pitch lands squarely where compliance pain sits: vendor onboarding backlogs and duplicated effort across functions. Watch whether regulators treat AI-generated screening decisions differently than human-led ones in exam findings. CCOs should test the tool's audit trail clarity and exception escalation logic before scaling.