FINRA Rule 3310 requires each member firm to develop and implement a written anti-money laundering program that includes, at a minimum, independent testing for compliance. The independent testing requirement — codified at Rule 3310(c) — is one of the four required pillars of a compliant AML program, alongside internal controls, a designated AML compliance officer, and annual training. It is also one of the most frequently misunderstood requirements — and one of the most common sources of FINRA examination findings.

What 'Independent' Actually Means

The independence requirement under FINRA Rule 3310(c) prohibits the AML compliance officer from testing their own program. Testing must be performed by a qualified individual or team that is independent of the AML compliance function. FINRA's guidance makes clear that this can be satisfied by: an internal audit department that is structurally independent of the compliance function; a qualified outside vendor or consulting firm engaged specifically for AML testing; or, in some cases, another compliance officer within the firm who is not responsible for AML compliance and has no operational involvement in the AML program. What it cannot be satisfied by is the AML compliance officer testing their own program — regardless of how thorough that review may be.

Annual vs. Biennial Testing — Who Qualifies

FINRA Rule 3310(c) generally requires annual independent testing. However, the rule provides that firms with limited business models may conduct testing on a biennial basis — specifically, firms that do not execute transactions for customers and do not have customer accounts. In practice, this biennial exception applies to a narrow category of broker-dealers — primarily those engaged exclusively in advisory-type activities where no customer funds or securities are held and no transactions are executed. Introducing brokers who introduce customer accounts to a clearing firm, firms that execute retail transactions, and firms that receive or transmit customer funds generally must test annually.

Minimum Scope of Testing

FINRA does not specify a mandatory testing checklist, but examination practice reveals a set of minimum scope elements that FINRA examiners expect independent testing to cover: review of the written AML program for adequacy against current regulatory requirements, including FinCEN's CDD Rule; testing of Customer Identification Program procedures, including a sample review of actual account documentation; review of OFAC screening procedures; review of FinCEN 314(a) search compliance; review of SAR decision-making procedures; and review of AML training completion records. For firms subject to the beneficial ownership requirement, testing must cover beneficial ownership collection procedures and records.

Common FINRA Examination Findings

FINRA's AML examination findings cluster around several recurring issues. First: no independent testing at all — firms that have not conducted any testing since their initial program adoption. Second: testing performed by the AML compliance officer, which fails the independence requirement on its face. Third: inadequate testing scope — testing engagements that cover the written program generally but do not test specific procedures such as beneficial ownership, OFAC screening, or SAR decision-making. Fourth: failure to address prior testing findings — testing reports that identify deficiencies and remediation plans that are never implemented, creating a documented pattern of known non-compliance.

Documentation Requirements

Independent testing must produce a written report. FINRA examiners will request testing reports as part of the AML examination, and the content of those reports is itself subject to scrutiny. A compliant testing report should document: the scope of the testing, the methodology, the findings, and the remediation plan with a timeline. Testing reports that consist of a brief memo stating that the AML program was reviewed and found to be adequate without any description of scope or methodology are unlikely to satisfy FINRA examination requirements.

AML independent testing is not a compliance formality — it is a substantive regulatory obligation with defined independence, frequency, scope, and documentation requirements. Broker-dealers that approach independent testing as a checkbox exercise are creating the kind of examination exposure that results in formal findings. The standard is testing that is genuinely independent, adequately scoped, and fully documented. That is the standard Doo Compliance applies to every AML testing engagement.