FinCEN's Record $80M BSA Fine Against Canaccord Genuity: Every Broker-Dealer's Wake-Up Call

On March 6, 2026, FinCEN delivered a message the securities industry has been waiting for — and dreading. The agency assessed an $80 million civil money penalty against Canaccord Genuity LLC, calling it the largest BSA enforcement action ever brought against a broker-dealer. Coordinated with parallel actions from the SEC ($20 million) and FINRA ($20 million), the total enforcement package hit $120 million.

FinCEN Director Andrea Gacki was blunt: this is “a wake-up call to broker-dealers that willfully fail to comply with their obligations to safeguard the financial system from illicit actors.”

If you run AML compliance at a broker-dealer — or audit one — you need to read this case carefully. The failures here weren’t exotic. They were the same gaps that show up in exam findings across the industry, just left to compound for six years.

TL;DR

• FinCEN assessed a record $80M BSA penalty against Canaccord Genuity; SEC and FINRA added $20M each, for $120M total
• Failures: 160+ unfiled SARs, surveillance alerts ignored for months to 4 years, severely under-resourced AML function
• Aggravating factor: ~400 documents falsified by employees during FINRA exam
• If you run OTC trading with high-risk customers and thin AML staffing, this case is about you

What Happened at Canaccord

Canaccord Genuity LLC is a registered broker-dealer that ran significant over-the-counter (OTC) wholesale market-making operations in the US — roughly $70 billion in OTC trading volume — with a compliance function that couldn’t keep pace.

The violations span from March 2018 through June 2024 (FinCEN’s period; the SEC’s examination period ran February 2019 through March 2022). That’s years of known deficiencies that the firm addressed inadequately or not at all.

The SAR Filing Failures

Canaccord processed thousands of transactions that showed clear hallmarks of suspicious or manipulative trading: wash trades, marking the close, pump-and-dump schemes. Despite these red flags, the firm failed to file at least 160 required Suspicious Activity Reports per FinCEN. The SEC identified approximately 150 additional SARs that should have been filed during its examination period.

These weren’t edge cases. The transactions involved customers with ties to OFAC-sanctioned persons and individuals connected to Venezuela. FinCEN specifically noted the firm enabled customers with “ties to illicit actors and nexus to Russia and Venezuela” to trade undetected.

The Surveillance Breakdown

Canaccord’s trade surveillance system was designed to fail quietly.

The firm configured its alert filters to arbitrarily reduce alert volume — the system was calibrated narrow to produce fewer hits, not to catch more risk. When alerts did fire, they sat unreviewed. According to regulatory orders, exception reports went unreviewed for months to four years.

Running that surveillance operation: four employees with no AML experience reviewing 100+ reports annually. For a firm trading $70 billion in high-risk OTC securities, that’s not a compliance program — it’s a checkbox.

The Due Diligence Gaps

Canaccord failed to conduct required Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) on its highest-risk accounts. The firm’s correspondent account oversight for foreign financial institutions was inadequate, which is a specific BSA requirement for registered broker-dealers under 31 CFR § 1023.640.

Customers that should have triggered enhanced scrutiny — based on geography, transaction patterns, and counterparty relationships — moved through the system with minimal review. The links to OFAC-sanctioned persons and Venezuelan-tied individuals only emerged when regulators went looking.

The Falsified Records

Then it got worse. During FINRA’s examination, approximately 400 documents were falsified by firm employees to make it appear that alerts had been reviewed when they had not. Two employees were subsequently terminated.

This is why the penalty is “willful” and not merely negligent. Falsifying records during a regulatory examination crosses from compliance failure into obstruction. It’s also the kind of aggravating factor that turns a sizable fine into a record-breaking one.

Canaccord eventually ceased its US OTC wholesale market-making operations in November 2025, essentially shutting down the business line at the center of the violations.

Penalty Breakdown

The crediting mechanism means Canaccord doesn’t pay triple — FinCEN offset its $80M by the $40M paid to SEC and FINRA, resulting in a $35M net payment to Treasury plus the $5M suspended pending the SAR lookback review.

Control Failure Analysis

The Canaccord case is a textbook example of cascading AML program failures. Each gap compounded the next.

The common thread: resources and staffing were sized for optics, not for risk. When a $70B trading operation has four untrained AML reviewers, every downstream control breaks down.

What This Means for Your AML Program

FinCEN’s framing — “wake-up call” — isn’t rhetorical. The agency is signaling that broker-dealer AML programs are on its enforcement radar, and this case sets the benchmark for what “willful failure” looks like.

Here’s where to focus:

1. Audit Your Alert Calibration Right Now

Pull your alert suppression and filter logic. If someone made a deliberate decision to reduce alert volume without a documented, risk-based rationale, that’s your first problem. Every threshold and filter should have a written justification based on risk analysis, not workload management.

Ask your surveillance vendor for a calibration review. Document the rationale for every suppression rule. If you can’t articulate why a filter exists, assume a regulator will ask.

2. Check Your Staffing Ratios Against Your Risk Profile

The BSA’s “reasonably designed” standard is relative to your risk profile — not the industry average. A broker-dealer running high-volume OTC trading in micro-cap securities or international stocks has a fundamentally different risk footprint than a retail equity firm.

Map your transaction volumes, high-risk customer count, and alert volumes against your current AML headcount. If four people are supposed to review 400 alerts a month, you have a gap regardless of what your org chart says.

3. Run Your Own SAR Lookback Before a Regulator Forces One

Canaccord’s remediation requires an independent SAR Lookback Consultant, a comprehensive report within 180 days, and retroactive SAR filings. That process is expensive, disruptive, and reputationally damaging.

The smarter move: run an internal lookback now. Pull 12-24 months of closed-without-SAR alerts and review them against current criteria. If your team is finding patterns they missed before, file voluntarily. FinCEN views voluntary SAR filing as evidence of a good-faith program.

4. Lock Down Your Review Documentation

“The alert was reviewed” is meaningless without timestamps, reviewer identification, rationale, and disposition. If your documentation doesn’t answer who reviewed it, when, why they closed it, and what they looked at, you have the same exposure Canaccord had.

The falsification problem at Canaccord started because reviewers felt pressure to show completed work without actually doing it. That’s a management and culture problem as much as a controls problem. Make sure your CCO owns both.

5. Test Your Correspondent Account Controls

If you have correspondent relationships with foreign financial institutions, FinCEN expects documented, risk-based due diligence on each one. Pull your correspondent account files. Do they have current ownership information, jurisdiction risk ratings, and documented review dates? If not, that’s a FinCEN exam finding waiting to happen.

30/60/90 Day Action Plan

30 Days — Assess

• Pull alert calibration documentation and review every suppression rule
• Map AML headcount against transaction volume and high-risk customer count
• Pull list of all correspondent accounts and check due diligence file completeness
• Confirm SAR review documentation standards (who, when, rationale, disposition)
• Audit your independent testing schedule — was it completed on time with adequate scope?

60 Days — Fix

• Remediate any calibration rules that lack documented risk-based rationale
• Address staffing gaps or escalate resource request with documented risk justification
• Refresh EDD on your top 10 highest-risk accounts
• Implement alert review checklists with required fields (timestamp, reviewer ID, rationale)
• Schedule a voluntary lookback of closed-without-SAR alerts from last 12 months

90 Days — Document

• Complete lookback review and file any identified SARs
• Produce a written AML program risk assessment reflecting current operations
• Brief the board or audit committee on AML program findings and remediation status
• Confirm all correspondent account files are current and documented
• Update BSA/AML policies to reflect any control changes made in prior 60 days

The Bigger Picture

The Canaccord case doesn’t exist in isolation. It follows a string of BSA/AML enforcement actions signaling that regulators — particularly FinCEN — are done extending grace periods to firms that treat AML compliance as a staffing cost to minimize.

Broker-dealers with OTC operations, international correspondent relationships, or high-risk customer books are squarely in scope. The legal standard — “willful” violation — doesn’t require intent to break the law. It requires that the firm knew about the deficiencies and failed to fix them. Six years of exam findings, deferred remediation, and alert suppression qualifies.

For firms that have received prior AML exam findings or MRAs: the Canaccord case is the roadmap for how those findings escalate into nine-figure enforcement actions. Get ahead of it.

When enforcement hits, tracking remediation items across BSA/AML deficiencies, SAR lookback findings, and regulatory commitments gets complex fast. The Issues Management Tracker & Template gives you a structured framework to manage open items, document owner accountability, and track closure dates — exactly the kind of paper trail regulators want to see.

Related reading:

• FINRA’s Proposed Rule 4610: What Broker-Dealers Need to Know About Liquidity Risk Management
• Who Needs a Contingency Funding Plan? FINRA, OCC & Interagency Requirements Explained
• SEC Charges Titanium Capital and Henry Abdo in $5.3M Ponzi Scheme

Sources:

• FinCEN Press Release: Historic $80 Million Penalty Against Canaccord Genuity LLC
• FinCEN Consent Order No. 2026-01 (PDF)
• InvestmentNews: Record $80M BSA Penalty — FinCEN’s Wake-Up Call to Broker-Dealers
• AML Intelligence: Breaking — FinCEN Fines Canaccord Genuity Record $80M for BSA Breaches
• Holland & Knight: FinCEN Imposes Record Penalty on Broker-Dealer