The US financial crime enforcement landscape shifted significantly in early 2026 when three regulators coordinated to deliver what has become the most consequential anti-money laundering action against a broker-dealer in American history. The Financial Crimes Enforcement Network, the Securities and Exchange Commission, and the Financial Industry Regulatory Authority jointly sanctioned Canaccord Genuity LLC, a Canadian-owned broker-dealer operating across US markets, with combined penalties totalling more than $120 million for systemic and willful failures under the Bank Secrecy Act spanning more than a decade.
FinCEN’s portion of the action, an $80 million civil money penalty issued on 6 March 2026, represents the largest penalty ever imposed against a broker-dealer for Bank Secrecy Act violations. The SEC and FINRA each separately assessed penalties of $20 million, with FinCEN crediting Canaccord’s payment of those amounts against the total. Of the $80 million owed to FinCEN, $5 million was suspended pending the successful delivery of a satisfactory suspicious activity lookback review pursuant to the terms of the consent order.
The substance of the enforcement action is damning by any measure. Canaccord admitted willfully violating the Bank Secrecy Act on three core fronts: failing to develop, implement, and maintain an effective anti-money laundering programme; failing to conduct required due diligence on correspondent accounts for foreign financial institutions; and failing to file suspicious activity reports when required by law. FinCEN’s findings documented that the firm failed to file at least 160 suspicious activity reports relating to dozens of different over-the-counter securities, with underlying suspicious transactions estimated to be in the thousands.
Those failures allowed the firm to become a conduit for securities fraud schemes that caused significant economic harm to investors and facilitated the onboarding of high-risk customers with reported connections to illicit actors.
The structural nature of the failure is what makes the Canaccord case particularly instructive for the broader broker-dealer community. FinCEN found that Canaccord’s anti-money laundering programme was materially under-resourced and that its monitoring procedures, staffing, training, and internal controls were not proportionate to the risks generated by its business model. The firm was heavily involved in low-priced equity transactions across over-the-counter markets, an environment historically associated with elevated fraud risk including pump-and-dump schemes and market manipulation. Despite operating in that space, the firm’s surveillance infrastructure failed to keep pace with the volume and nature of the activity.
What compounded the severity of the regulatory findings was the timeline of awareness and inaction. FINRA had warned Canaccord about aspects of its AML programme in 2014, 2017, and 2018, flagging deficiencies including the need for automated AML trade surveillance given the firm’s market-making volumes, the need to improve review of suspicious trading activity, and the need to ensure timely review of surveillance outputs. Despite written commitments to remediate those weaknesses, meaningful corrective action was not taken for years. According to FinCEN, significant aspects of the firm’s remediation programme were not undertaken until the regulator’s investigation was already underway.
Further detail emerged regarding internal conduct at the compliance function level. Surveillance reports went unreviewed for as long as four years, directly suppressing the volume of suspicious activity reports being filed with FinCEN. The firm’s annual independent AML audits were found to reflect an inadequate understanding of the risks inherent in the relevant business lines, meaning the external assurance mechanism that should have caught the dysfunction was itself compromised. FINRA separately sanctioned Diane Daly, Canaccord’s former chief compliance officer, and Nicholas Lorenzo, her former deputy who managed the trading compliance group, for failing to implement an effective AML compliance programme across the period from 2017 through 2022.
FinCEN Director Andrea Gacki framed the action as a wake-up call to broker-dealers that willfully fail to comply with their obligations to safeguard the financial system from illicit actors. That framing is significant in the context of the current regulatory environment. Under SEC chair Paul Atkins, the Commission has adopted an enforcement posture described as enforcement for impact, concentrating resources on misconduct that causes the greatest harm to investors. The Canaccord action fits that framework precisely, combining securities fraud exposure with AML failures in a manner that caused documented harm to retail market participants.
The implications for broker-dealers operating in similar business lines are substantial. Firms engaged in market-making or clearing for low-priced OTC securities must now reckon with the fact that FinCEN and FINRA will assess their AML programmes not merely against technical compliance checklists but against the actual risk profile of the business. Inadequate staffing, unreviewed surveillance outputs, and deferred remediation will not be treated as administrative shortcomings. The Canaccord resolution makes clear they constitute willful violations with criminal and civil consequences. Compliance officers at firms including Virtu Financial, Citadel Securities, and other active participants in OTC markets will be reviewing their programmes in light of the specific deficiencies cited across the 13-year failure period identified in the consent order.
The coordinated nature of the action itself signals increasing alignment between FinCEN, the SEC, and FINRA on AML enforcement in securities markets, an area where historically the three agencies have operated with limited joint visibility. The 2026 National Money Laundering Risk Assessment published by the US Treasury explicitly acknowledged that broker-dealers face exposure from customers seeking to disguise illicit proceeds within legitimate trades or engage in fraudulent trading activity involving low-priced securities. That assessment now has direct enforcement precedent attached to it.
For compliance functions across US-registered broker-dealers, the Canaccord case introduces a practical benchmark: AML programmes that cannot demonstrate adequate resourcing, automated surveillance appropriate to business volumes, timely review processes, and meaningful responses to prior regulatory findings are now structurally exposed to enforcement actions that follow the same coordinated model. The era of deferred remediation has ended.
