Wells Fargo Advisors Financial Network, LLC and Wells Fargo Clearing Services, LLC (collectively, “Wells Fargo”) have submitted a letter of Acceptance Waiver and Consent, resulting in a censure and a $2,250,000 fine. A FINRA investigation found that Wells Fargo failed to properly store records related to their customer identification program (CIP) in the non-erasable and non-writable format (WORM) required by FINRA.

Wells Fargo CIP Record Storage

According to FINRA, in November 2016, Wells Fargo’s personnel discovered that the CIP record storage was not WORM-compliant, and they advised an internal working group of the issue. The working group decided that the record issue should be escalated to determine if it needed to be reported to FINRA. However, the issue was not escalated to the proper group that considered FINRA reporting obligations. Thus, the record issue was not reported to FINRA or remediated.

From 2003 to August 2020, Wells Fargo allegedly stored thirteen million CIP records of approximately eight million customers improperly. The AWC reports that four million of those documents were stored after the firms discovered the recording issue in November 2016.

At the same time of the discovery, the firms were finalizing a separate AWC for December 2016. The firms submitted the plan required by the 2016 AWC in February 2017. By June of 2017, the firms certified to FINRA that they concluded their review and had made changes to the relevant policies and procedures in order to be compliant with FINRA rules and federal securities laws. However, the firms allegedly did not inform FINRA of the CIP-related violation or remediate it despite the certification to FINRA.

Related FINRA Rules

Broker-dealers are required to establish, document, and maintain a Customer Identification Program (CIP), including risk-based procedures for verifying the identity of its customers, pursuant to federal anti-money laundering regulations. A broker-dealer’s CIP must include procedures for making and maintaining records of all information obtained in verifying a customer’s identity, including a description of the methods and the results of any identity verification measures, and a description of the resolution of each substantive discrepancy discovered when verifying such information. As such, CIP records are an integral part of a broker-dealer’s anti-money laundering program.

The non-WORM compliant platform on which the CIP-related records were stored did not have the required audit system. The firms also failed to notify FINRA, its designated examining authority, at least 90 days prior to using the non-WORM compliant platform on which it stored the CIP-related records. Therefore, from 2003 to August 2020, the firms violated Exchange Act Rules 17a-4(f)(3)(v) and 17a-4(f)(2)(i), NASD Rules 3110 and 2110, and FINRA Rules 4511 and 2010.

FINRA Ruling

In determining the appropriate sanctions in this matter, FINRA considered, among other factors, that the firms (i) identified the CIP-related WORM issue in November 2016 while they were finalizing the December 2016 AWC with FINRA but did not advise FINRA of the issue at that time; and (ii) did not inform FINRA of the CIP-related WORM violation, or remediate it, for more than three years after its discovery. The firms were censured and fined $2,250,000 jointly and severally.