SEC and FINRA Continue to Focus on AML Deficiencies

APR 11, 2021 | PRACTUS LLP

SEC and FINRA Continue to Focus on AML Deficiencies

Authored by Robert Moreiro

SEC and FINRA Continue to Focus on AML Deficiencies

This Legal Insight summaries recent Anti-Money Laundering (“AML”) developments regarding *broker-dealers. The Legal Insights provides insights on the recent U.S. Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) Examination Priorities; the Anti-Money Laundering Act of 2020; SEC Division of Examinations Risk Alert Reminding Broker-Dealers of Their Obligations Related to AML Rules and Regulations; SEC Division of Examinations Risk Alert Regarding Digital Asset Securities; FINRA’s Low-Priced Securities Guidance for Broker-Dealers; FINRA’s AML Red Flag Guidance for Broker-Dealers; and Recent AML Enforcement Actions. Lastly, the Legal Insights provides Key Takeaways  for Broker-Dealers.

The SEC and the FINRA continue to focus on broker-dealers’ AML programs. Both regulators examine broker-dealers’ AML programs to ensure that the programs are tailored to each broker-dealer’s business and risks. This focus appears to be continuing; therefore, broker-dealers must continue to regularly update and adapt their AML programs to meet regulatory requirements and expectations and to best suit their unique businesses as they evolve. Moreover, both the SEC and FINRA have increased enforcement actions against broker-dealers for AML deficiencies.

The primary AML regulations promulgated by the SEC and FINRA require broker-dealers to establish and implement a risk-based AML program, which must include, at a minimum; policies and internal controls to ensure compliance with the Bank Secrecy Act (“BSA”); designation of a AML Compliance Officer (“AMLCO”) to ensure day-to-day compliance; independent testing for BSA/AML compliance; ongoing training for personnel; and including appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to, understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile and conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. Additionally, broker-dealers should have appropriate risk-based procedures for ongoing customer due diligence; establish and implement a Customer Identification Program (“CIP”); and monitor for, detect and file suspicious activity report (“SAR”) with the Financial Crimes Enforcement Network (“FinCEN”).

SEC Examination Priorities for 2021

On March 3, 2021, the SEC’s newly renamed Division of Examinations (the “Division”) (formerly known as the Office of Compliance Inspections and Examinations, “OCIE”) released its annual list of examination priorities for 2021 (the “SEC Report”). The SEC Report notes that the BSA requires financial institutions, including broker-dealers and registered investment companies, to establish AML programs that are tailored to address the risks associated with the firm’s location, size, and activities, including the type of products and services offered to customers or investors, and the means by which those products and services are offered. These programs must, among other things, include policies and procedures reasonably designed to identify and verify the identity of customers and beneficial owners of legal entity customers, perform customer due diligence (as required by the Customer Due Diligence rule), monitor for suspicious activity, and, where appropriate, file SARs with FinCEN. SARs are used to detect and combat terrorist financing, public corruption, market manipulation, and a variety of other fraudulent behaviors.

According to the SEC Report, the SEC will continue to prioritize examinations of broker-dealers and registered investment companies for compliance with their AML obligations in order to assess, among other things, whether firms have established appropriate customer identification programs and whether they are satisfying their SAR filing obligations, conducting due diligence on customers, complying with beneficial ownership requirements, and conducting robust and timely independent tests of their AML programs. The goal of these examinations is to evaluate whether broker- dealers and registered investment companies have adequate policies and procedures in place that are reasonably designed to identify suspicious activity and illegal money-laundering activities.

FINRA Priorities for 2021

On February 1, 2021, FINRA issued its 2021 Report on FINRA’s Examination and Risk Monitoring Program (“FINRA Report”).  The FINRA Report reminds broker-dealers of their regulatory obligations. The BSA requires firms to monitor for, detect and report suspicious activity conducted or attempted by, at, or through the firms to FinCEN. Firms should also be aware of the recently enacted Anti-Money Laundering Act of 2020, which may result in material revisions to the implementing regulations over time. FINRA Rule 3310 (Anti-Money Laundering Compliance Program) requires that members develop and implement a written AML program reasonably designed to comply with the requirements of the BSA and its implementing regulations. Additionally, FinCEN’s CDD rule requires that firms identify beneficial owners of legal entity customers, understand the nature and purpose of customer accounts, and conduct ongoing monitoring of customer accounts to identify and report suspicious transactions and—on a risk basis—update customer information.  

The FINRA Report also lists related considerations that firms need to consider such as:

  • How does your firm’s AML compliance program address new business lines, products, customers and risks? 
  • Does your firm tailor and adequately resource their AML program to the firm’s business model and associated AML risks? 
  • Does your firm’s independent testing confirm that it maintains appropriate risk-based procedures for collecting and verifying customer identification information on all individuals and entities that would be considered customers under the Customer Identification Program rule, and beneficial owners of legal entity customers under the CDD rule? 
  • Does your firm review the integrity of its data feeds for its surveillance and monitoring programs? 
  • How does your firm coordinate with your clearing firm, including with respect to the filing of joint suspicious activity reports? 
  • Does your firm document the results of its reviews and investigations into potentially suspicious activity identified by exception reports?

The following are the exam observations noted in FINRA Report in regard to AML:

  • Inadequate AML Transaction Monitoring – Not tailoring transaction monitoring to address firms’ business risk(s).
  • Limited Scope for SARs – Not requiring staff to notify AML departments or file SARs for a range of events involving suspicious transactions, such as financial crime-related events, including but not limited to cybersecurity events, account compromises, account takeovers, new account fraud and fraudulent wires.
  • Inadequate AML framework for cash management accounts – FINRA has identified cash management accounts as a product area where firms have not adequately adapted their AML programs to address the unique money laundering risk associated with these accounts as compared to brokerage or other types of accounts, and to implement a tailored, risk-based approach.
  • Unclear Delegation of AML Responsibilities – Non-AML staff (e.g., business line staff responsible for trade surveillance) failing to escalate suspicious activity monitoring alerts to AML departments because firms did not: clearly define the activities that were being delegated; articulate those delegations and related surveillance responsibilities in their WSPs; or train non-AML staff on AML surveillance policies and procedures.
  • Data Integrity Gaps – Excluding certain types of data and customer accounts from monitoring programs as a result of problems with ingesting certain data, inaccuracies and missing information in data feeds. 
  • Failure to Document Investigations – Not documenting initial reviews and investigations into potentially suspicious activities identified by SARs. 
  • Concerns About High-Risk Trading by Foreign Legal Entity Accounts – Inadequate identification of or follow-up on increased trading by foreign legal entity accounts in similar low-float and low-priced securities, which raised concerns about potential ownership or control by similar beneficial owners. 
  • Insufficient Independent Testing – Not reviewing how the firm’s AML program was implemented; not ensuring independence of the testing; and not completing tests on an annual calendar year basis. 
  • Improper Reliance on Clearing Firms – Introducing firms relying primarily or entirely on their clearing firms for transaction monitoring and suspicious activity reporting, even though they are required to monitor for suspicious activity attempted or conducted through their firms. 

The FINRA Report also highlights the following emerging AML and other financial crime risks: microcap and other fraud, issuers based in restricted markets, and risks related to SPACs. In regards to microcap fraud, FINRA directs firms to the SEC Staff Bulletin on Risks Associated with Omnibus Accounts Transacting in Low-Priced Securities, which highlights a number of financial crime risks associated with trading in low-priced securities. In addition, FINRA flagged the prevalence of account openings by foreign nationals and entities for participating in initial public offerings in jurisdictions like China and related aftermarket trading. FINRA has identified red flags in connection with these accounts, specifically instances where multiple accounts were opened by or on behalf of the same beneficial owners and engaged in trading indicative of market manipulation of the relevant securities issued in high-risk jurisdictions.

Finally, FINRA highlighted that several firms are engaged in the formation and offering of SPACs without having adequate procedures in place to address the financial crime risk associated with SPACs, which include potential misrepresentations and omissions in offering documents, fees associated with SPAC transactions, control of funds raised in SPAC offerings, and insider trading.

Anti-Money Laundering Act of 2020

On January 1, 2021, Congress enacted the Anti-Money Laundering Act of 2020 (“AMLA”).  As part of the National Defense Authorization Act for Fiscal Year 2021, the AMLA creates a broad range of new AML obligations for broker-dealers and other financial institutions. The AMLA amends the BSA to impose new obligations on FinCEN, the agency primarily responsible for maintaining and enforcing AML/CFT laws and regulations, and other related federal agencies over the coming years, as well as new reporting requirements for companies created under the laws of the United States or registered to do business in the United States. Most of the AMLA’s requirements for private entities do not take immediate effect but will instead kick in after the Treasury Department promulgates implementing regulations. As a result, there is still some time to digest the new requirements and incorporate the changes into existing compliance policies and procedures. 

The AMLA includes several provisions that will alter the landscape for financial institutions including broker-dealers implementing BSA/AML programs. Key among these changes are requirements that FinCEN provide financial institutions with information about financial crime concerns and patterns. Within six months, the U.S. Department of Treasury must establish national AML priorities, to be updated at least once every four years. Federal regulators will subsequently review whether and to what extent financial institutions have incorporated the national AML priorities into their risk-based programs to comply with BSA requirements.

The AMLA also requires FinCEN, “to the extent practicable,” to periodically disclose to “each financial institution” a summary of information on SARs that “proved useful” to law enforcement. The AMLA does not require financial institutions to respond to FinCEN’s disclosures, but financial institutions that receive negative feedback or no positive feedback may wish to consider whether they are meeting regulatory expectations.

FinCEN also must publish information relating to emerging money laundering and terrorist financing threat patterns and trends. FinCEN must include typologies, “including data that can be adapted in algorithms if appropriate,” suggesting that financial institutions will be evaluated on whether and to what extent they have incorporated FinCEN’s published threat patterns and trends into the financial institutions’ BSA/AML programs and SAR reporting processes.

The AMLA also addresses de-risking, which is the practice of cutting off financial services to underserved individuals, entities, and geographic areas when BSA/AML risks are difficult or expensive to manage. The AMLA states that BSA/AML policies “must not unduly hinder or delay legitimate access to the international financial system,” and that federal enforcement efforts should not primarily focus on BSA/AML policies that result in “incidental, inadvertent benefits” to designated groups while delivering “life-saving aid to civilian populations.” The Office of the Comptroller of the Currency and FinCEN are required to study and report on de-risking, and to propose changes, as appropriate, to reduce any unnecessarily burdensome regulatory requirements.

The following are some key requirements included in the AMLA:  

  • New beneficial ownership requirements and the creation of a registry
  • Establishment of national AML and counter-terrorism priorities
  • Creation of a new Office of Domestic Liaison within FinCEN
  • Broader Department of Justice (DOJ) and Department of the Treasury subpoena authority for non-U.S. bank records
  • Expanded definition of “financial institution” to include “dealers in antiquities” and “virtual currencies”
  • Review by FinCEN of whether to implement a “no-action letter” program
  • Increased BSA/AML penalties
  • Mandatory U.S. Treasury Department review of CTR and SAR requirements
  • New SAR pilot program to allow regulated financial institutions to share SARs with their foreign branches, subsidiaries, and affiliates
  • Safe harbor for compliance with “keep open” letters
  • New whistleblower program

SEC Division of Examinations Risk Alert Reminding Broker-Dealers Of Their Obligations Related to AML Rules and Regulations

On March 29, 2021, the SEC’s Division of Examinations issued a risk alert to remind broker-dealers of their obligations related to AML rules and regulations as well as to provide the SEC’s observations of compliance items related to those obligations. The risk alert also is designed to assist broker-dealers with reviewing and enhancing their AML programs. Moreover, the risk alert includes observations from SEC examination staff on the adequacy of firms’ AML compliance programs, particularly the detection and reporting of red flags relating to abrupt increases in volume in low-priced or thinly-traded stocks. 

Relevant Regulation and Guidance

The risk alert reminds broker-dealers of the relevant regulation and guidance regarding AML.  The BSA and implementing regulations establish the basic framework for AML obligations imposed on financial institutions.  FinCEN), a bureau of the Department of Treasury, adopted the “AML Program Rule” and the “SAR Rule” to implement AML programs and suspicious activity monitoring and reporting requirements for broker-dealers.  Rule 17a-8 under the Securities Exchange Act of 1934 (“Exchange Act”) requires broker-dealers to comply with the reporting, recordkeeping, and record retention requirements of the BSA, including those regarding SARs. 

AML Policies and Procedures and Internal Controls

Under the AML Program Rule, a broker-dealer is required to establish and implement policies, procedures, and internal controls reasonably designed to, among other things, identify and report suspicious transactions as required by the BSA and its implementing regulations. An AML program should be tailored to address the risks associated with a firm’s particular business, taking into account factors such as size, location, activities, customers, and other risks of (or vulnerabilities to) money laundering. Moreover, in order to be able to identify suspicious transactions, a broker-dealer should look for indicators of illicit activities (generally referred to as “red flags”) and incorporate those red flags into its policies and procedures. Awareness by firm personnel of red flags and how to respond to those red flags, including escalating awareness of the red flags to appropriate firm personnel, will help ensure that a firm is able to identify the circumstances that warrant further due diligence and possible reporting

Inadequate Policies and Procedures

According to the risk alert, the SEC has observed that certain broker-dealers have not established reasonably designed policies and procedures and internal controls necessary to identify and report suspicious activity. The observations in the risk alert indicate that broker-dealers should:

  • include red flags in policies and procedures to assist in identifying activity for further due diligence
  • tailor flags in policies and procedures to address risks associated with the type of activity in which its clients regularly engage
  • automate systems to monitor and report suspicious activity associated with trading in large volumes as well as to identify trends or suspicious patterns across multiple accounts
  • include transactions in low-priced securities on an exchange into automated monitoring in addition to those traded over the counter
  • set SAR thresholds at the appropriate $5,000 threshold in order to identify and report on potentially suspicious transactions

Failure to Implement Procedures

The SEC indicates that broker-dealers should be reminded to implement their procedures and conduct adequate due diligence on or report suspicious activity that, per their procedures, appears to trigger SARs.  Moreover, the SEC also pointed a host of observations related to broker-dealers that continue to trade in low-priced securities, namely, the lack of review of low-priced securities activities and follow-up, despite the existence of red flags that were reflected in 2014 SEC Risk Alert and FINRA Notice to Members 19-18.

Suspicious Activity Reporting

The SAR Rule requires broker-dealers to file with FinCEN a report of any suspicious transaction relevant to a possible violation of law or regulation. Generally, a broker-dealer must file a SAR for any transaction involving funds or other assets of at least $5,000 that are conducted or attempted by, at, or through the broker-dealer and for which the broker-dealer knows, suspects, or has reason to suspect that, among other things, the transaction (or pattern of transactions of which the transaction is a part): involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade any federal law or regulation; is designed to evade any requirements set forth in regulations implementing the BSA; has no business purpose or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the broker-dealer knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or involves use of the broker-dealer to facilitate criminal activity.

A broker-dealer is expected to conduct due diligence in determining whether to file a SAR on particular transactions based on the facts existing at the time. Under the SAR Rule’s objective “knows, suspects, or has reason to suspect” standard, a SAR is required if, on the facts existing at the time, a reasonable broker-dealer in similar circumstances would have suspected the transaction was subject to SAR reporting. A broker-dealer must file a SAR “no later than 30 calendar days after the date of the initial detection … of facts that may constitute a basis for filing a SAR.”6 In its SAR filing instructions (and various advisories), FinCEN has provided guidance that filers include a clear, complete, and concise narrative of the activity, including what was unusual or irregular that caused suspicion. FinCEN also has highlighted that the care with which the narrative section is drafted is important to law enforcement’s ability to understand the nature and circumstances of the suspicious activity and its possible criminality. Furthermore, FinCEN has urged financial institutions to identify the five essential elements of information – who? what? when? where? and why? – of the suspicious activity being reported.

Filing Inaccurate or Incomplete SARs 

The SEC has observed that broker-dealers, in some cases, did not include details known to the firm of individual customer trades or issuers that were suspicious or, in other cases, did not make use of specific structured data fields on the SAR. The observations mention that broker-dealers should:

  • not send SARs with boilerplate language, particularly when that language does not make clear the true nature of the suspicious activity and the securities involved
  • include and correctly capture key information that the broker-dealer has in its records (e.g., Social Security numbers, dollar amounts, account numbers, details related to foreign customers and sub account holders) 
  • include details known at the time of reporting regarding the method and manner of cyber intrusions and schemes to take over customer accounts; the details should include method of transferring out funds, how the account was accessed, bank account information phone/fax number s, email addresses and IP address where available 

Lastly, the SEC indicated in the risk alert that broker-dealers in fulfilling their important AML obligations, they play a vital front-line role in assisting regulators and law enforcement in identifying and addressing suspicious activities to prevent the financial systems from being used for criminal purposes. As such, the SEC encourages broker-dealers to review and strengthen their applicable policies, procedures, and internal controls related to their suspicious activity monitoring and reporting processes to further their compliance with AML rules and regulations.

SEC Division of Examinations Issues Risk Alert Regarding Digital Asset Securities

On February 26, 2021, the SEC’s Division of Examinations issued a risk alert regarding digital assets securities.  The risk alert notes that, during examinations, the Staff has observed inadequate broker-dealer AML procedures and controls. Moreover, the risk alert notes that certain aspects of distributed ledger technology present unique challenges to the robust implementation of AML program. For example, the risk alert notes that broker-dealers transacting in digital securities may not consistently conduct routine searches against the Specially Designated Nationals list maintained by the Office of Foreign Assets Control (“OFAC”) of the U.S. Department of Treasury. The risk alert also notes that many broker-dealers transacting in digital assets have inadequate AML procedures, controls, and documentation regarding Digital Asset Securities. Furthermore, the risk alert notes that the Staff will continue to examine broker-dealers’ compliance with applicable AML regulations.

FINRA Low-Priced Securities Guidance For Broker-Dealers

On February 10, 2021, FINRA issued Regulatory Notice 21-03 which focuses on fraud prevention for low-priced exchange-listed and OTC securities (the “Regulatory Notice”).  The communication urges firms to review their policies and procedures relating to red flags of potential securities fraud involving low-priced securities.  This Regulatory Notice provides information to help firms strengthen their controls in four important areas related to potential fraud involving low-priced securities and thereby protect investors from financial harm and the firms themselves from financial, regulatory and reputational damage: 

  • Detection: the Regulatory Notice describes possible red flags of potentially fraudulent low-priced securities activity;
  • Monitoring: the Regulatory Notice describes selected effective supervisory and other control practices FINRA has observed firms implement; 
  • SAR filing: the Regulatory Notice describes firms’ SARs filing obligations; and 
  • Fraud Reporting: the Regulatory Notice describes additional avenues for firms to report potential fraud involving low-priced securities.

The Regulatory Notice provides firms with regulatory guidance pertaining to their obligations to report potential fraud involving low-priced securities. FINRA Rule 3310(f) and 31 CFR 1023.210(b)(5) require that member firms’ AML programs include appropriate risk-based procedures for conducting ongoing customer due diligence, including procedures for conducting ongoing monitoring to identify and report suspicious transactions. In addition, FINRA Rule 3310(a) requires firms to “[e]stablish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of transactions required under [the BSA] and the implementing regulations thereunder;” the BSA and its implementing regulations require financial institutions to report suspicious transactions to FinCEN using SARs. FinCEN has issued several notices and advisories noting emerging trends relating to illicit behavior connected to COVID-19, including investment scams and insider trading, and encouraged all financial institutions to enter the term “COVID19” or the specific term provided in a relevant FinCEN notice or advisory in Field 2 of the SAR and provide other requested information in the relevant fields and narrative. 

Financial institutions are also required to provide information to FinCEN in response to requests in furtherance of Section 314(a) of the USA PATRIOT Act for information regarding accounts reasonably suspected based on credible evidence of engaging in terrorist acts or money laundering. Financial institutions subject to an anti-money laundering program requirement under FinCEN regulations, and any qualifying association of such financial institutions, are eligible to share information under Section 314(b) of the USA PATRIOT Act. Section 314(b) provides financial institutions with the ability to share information with one another, under a safe harbor provision that offers protections from civil liability, in order to better identify and report potential money laundering or terrorist financing. Although sharing information pursuant to Section 314(b) is voluntary, FinCEN and FINRA strongly encourage financial institutions to participate to enhance their compliance with anti-money laundering/ counter-financing of terrorism requirements.

Beyond the filing obligations discussed above, FINRA urges firms to protect customers and other firms by immediately reporting potential fraud involving low-priced securities to one or more of the following: 

  • FINRA’s Regulatory Tip Form found on FINRA.org or through FINRA’s Whistleblower Tip Line at (866) 96-FINRA; 
  • U.S. Securities and Exchange Commission’s system for tips, complaints and referrals (TCRs) or by phone at (202) 551-4790; 
  • a local Federal Bureau of Investigation’s (FBI) field office; or 
  • local state securities regulators.

In addition, firms should consider whether circumstances would trigger a reporting obligation pursuant to FINRA Rule 4530 (Reporting Requirements).

FINRA AML Red Flag Guidance for Broker-Dealers

On May 6, 2019, FINRA issued Regulatory Notice 19-18 providing guidance to broker-dealers on potential red flags to help identify suspicious activity that may be reportable under the BSA and FINRA rules (the “Regulatory Notice”).  Red flags have long been used to assist broker-dealers in identifying such suspicious activity. The Regulatory Notice is important and merits particular attention because it is the first significant guidance providing such detailed potential red flags since the self-regulatory organization issued Special Notice to Members 02-21 in April 2002. In addition, the Regulatory Notice provides a better sense of regulatory expectations beyond those already set forth in FINRA AML enforcement actions issued throughout the years. Indeed, the guidance provides some insight into the regulator’s view on what it deems necessary for broker-dealers to look for when trying to identify suspicious activity. In particular, the Regulatory Notice provides significant clarity in the kinds of activity that may trigger additional review or investigation. However, it also reminds broker-dealers to be aware of emerging areas of risk for suspicious activity such as risks associated with digital assets. The Regulatory Notice makes clear that BSA/AML requirements, including SAR filing requirements, apply to digital assets irrespective of whether they are securities. As a result, broker-dealers should consider the relevant risks around these assets, monitor for suspicious activity and make reports as appropriate.

In light of this Regulatory Notice, broker-dealers should review the identified red flags and consider incorporating into their AML programs those appropriate to, among other things, their client base and business model. The Regulatory Notice breaks down a wide range of potential red flags into five specific categories and one general category:

  • Potential Red Flags in Customer Due Diligence and Interactions with Customers
  • Potential Red Flags in Deposits of Securities
  • Potential Red Flags in Securities Trading
  • Potential Red Flags in Money Movements
  • Potential Red Flags in Insurance Products
  • Other Potential Red Flags

FINRA also stated that the Regulatory Notice intends to assist broker-dealers in complying with their existing obligations under the BSA and AML requirements and does not create any new requirements or expectations. Notwithstanding, broker-dealers should carefully review the Regulatory Notice and, as FINRA states, “consider incorporating [the red flags] into their AML programs,” including revising policies and procedures related to suspicious activity monitoring, investigation and reporting. While implementation of the potential red flags into the AML program will be important, the Notice informs broker-dealers that the list is not exhaustive, does not guarantee compliance with AML program requirements and is not a safe harbor from regulatory responsibility. 

Recent AML Enforcement Actions

Recent AML Enforcement Actions have held that broker-dealers must not only have adequately documented AML policies, but they also must have processes and procedures in place that are consistent with those policies. Consequently, broker-dealers must not only have a comprehensive documented AML program, but must ensure that the program is also operating effectively. The SEC and FINRA continue to reiterate the role of broker-dealers as “gatekeepers to the securities markets” by focusing on firms’ AML obligations. The importance that the SEC and FINRA place on firms’ AML obligations is evident in the large fines and penalties imposed in these cases. While FINRA has a specific rule related to AML compliance (FINRA Rule 3310), the SEC lacks such a rule. Consequently, in pursuit of AML violations, the SEC primarily relies on Section 17(a) of the Securities Exchange Act of 1934 and Rule 17a-8 promulgated thereunder, the books-and-records provision, as the basis for its AML enforcement efforts. The SEC’s reliance on Rule 17a-8 reflects yet another shift in the regulatory landscape yet may also afford firms an opportunity to enhance or fine tune their AML compliance programs. Specifically, SEC Rule 17a-8 compels SEC registered broker-dealers to “comply with the recordkeeping, retention, and reporting obligations of the BSA and its implementing regulations.” SEC Rule 17a-8 rule requires broker-dealers to maintain accurate books and records, including having policies and procedures that reflect the actual processes in place; file suspicious activity reports that are complete, accurate, and timely; and retain supporting documentation as required by the BSA.

US Securities and Exchange Commission v. Alpine Securities Corp., 982 F.3d 68, 2nd Cir, (Dec. 04, 2020)

On December 4, 2020, the US Court of Appeals for the Second Circuit affirmed the decision of the US District Court for the Southern District of New York in US Securities and Exchange Commission v. Alpine Securities Corp. The case primarily dealt with the issue of whether the SEC possesses the authority to enforce broker-dealer compliance with SAR reporting as required by the BSA, but under Section 17(a) and Rule 17a-8 of the Exchange Act. The Second Circuit affirmed the SEC’s authority to require SEC registered broker-dealers to comply with the BSA’s reporting and recordkeeping requirements, under Section 17(a) and Rule 17a-8 of the Securities Exchange Act of 1934.  Alpine, the defendant, was an SEC registered broker-dealer specializing in clearing and settlement services for penny stocks and micro-cap securities. Alpine had previously been the subject of an examination conducted by FINRA, and FINRA had issued a report in September 2012 containing its findings. FINRA found that Alpine had not filed SARs for extensive periods, was not in compliance with SAR reporting rules, had filed late when discovering that SARs should have been filed, and had provided substantively deficient SAR narratives. The report ultimately concluded that Alpine’s AML procedures were inadequate to detect and report suspicious activity. Subsequently, in July 2014, the SEC conducted a one-week on-site review of Alpine and issued its own report, similarly criticizing Alpine’s deficient SAR reporting practices.

The SEC thereafter named Alpine in an enforcement action alleging that it had failed to properly file several thousands of SARs, in violation of Section 17(a) of the Exchange Act and Rule 17a-8 thereunder. Alpine argued that the SEC lacked authority to enforce SAR reporting under this Section and Rule because the requirement derived from the BSA and not the Exchange Act. The district court had granted summary judgment in favor of the SEC on the following grounds:

  • The SEC correctly applied its enforcement authority under Section 17(a) and Rule 17a-8 on the basis of deficient SAR reporting
  • Alpine’s deficient SAR reporting violated these sections
  • Rule 17a-8 was valid and did not violate the Administrative Procedures Act

Interactive Brokers LLC, Exchange Act Rel. No. 89510, 2020 WL 4596109 (Aug. 10, 2020), FINRA Letter of Acceptance, Waiver and Consent, No. 2015047770301 (Aug. 10, 2020)

In a parallel action brought by the SEC, the CFTC and FINRA for AML violations, Interactive Brokers LLC (“Interactive”) entered into a settlement relating to allegations that it failed to investigate red flags and monitor suspicious activity relating to, among other things, potential insider trading and manipulative trading in microcap securities. Interactive was sanctioned for failing to file SARs as required under the AML and for failing to establish and implement a reasonably tailored AML compliance program to detect and prevent suspicious activity.  Broker-dealers (and investment companies) are required to file SARs when they suspect fraud or a lack of an apparent lawful business purpose. The SEC alleged that during a one-year period, Interactive failed to recognize numerous red flags and file SARS on at least 150 occasions relating to (i) the deposit, sale, and withdrawal of funds in a short period; (ii) customers whose trades accounted for a substantial percentage of the trading volume in a particular security; and (iii) trades in securities whose issuers were subject to regulatory trading suspensions.

The SEC’s Order Instituting Administrative Cease-And-Desist Proceedings in this action (the “Order”) also noted that on at least three occasions Interactive identified red flags and restricted trading by customers who had previously violated securities or other federal laws but failed to timely file SARs. In its Order, FINRA concluded that during a five-year period Interactive failed to (1) reasonably surveil third-party money transfers to customers in high-risk countries, including China, Hong Kong and Macau; (2) file SARs even after a customer had informed the firm that it had been “scammed” by a broker or when Interactive learned about suspicious conduct from a regulator or law enforcement agencies; (3) reasonably investigate potentially suspicious activity; and (4) develop a reasonably designed surveillance tool to identify insider trading and manipulative microcap securities trading. During the course of the investigations, Interactive undertook some remedial measures including retaining third-party consultants to conduct a thorough review of its AML processes and systems. It also increased its legal and compliance resources devoted to AML and developed a case management system for AML surveillance.

The parallel actions against Interactive make clear that AML remains a significant regulatory area of focus. In the SEC’s release announcing the actions, Marc Berger, then Director of the SEC’s New York Regional Office, stated: “Today’s multi-agency settlement reflects the seriousness we place on broker-dealers complying with their SAR reporting obligations and maintaining appropriate anti-money laundering controls.” Both the SEC and FINRA identified AML compliance as 2020 examination priorities. Firms should, therefore, ensure that their AML compliance policies and programs are robust, tailored to the business, and sufficiently resourced and tested, particularly to ensure that SARs are timely filed where appropriate. As a result of its conduct, Interactive paid civil penalties totaling $38 million (of which $11.5 million was paid to the SEC, $15 million to FINRA, and $11.5 million to the CFTC). Additionally, the SEC ordered

Interactive to cease-and-desist from future violations, censured Interactive and determined that its failure to file SARs violated the reporting, recordkeeping, and record-retention requirements of the BSA in violation of Section 17(a) of the Exchange Act and Rule 17a-8 thereunder. FINRA similarly found that Interactive violated the BSA for failing to file SARs in contravention of FINRA Rules 3310(a) and (b) and 2010 and failing to conduct annual testing of its AML program in contravention of FINRA Rules 3310(c) and 2010. Additionally, FINRA imposed an undertaking that required the third-party consultant engaged by Interactive to provide FINRA with periodic reports of its recommendations and Interactive’s implementation of a more robust AML program.

Hilltop Securities, Inc., FINRA Letter of Acceptance, Waiver and Consent, No. 2017053708001 Jul. 28, 2020)

On July 28, 2020, FINRA reached a settlement with Hilltop Securities, Inc. (“Hilltop”) a retail brokerage based in Dallas, for failures in the firm’s AML program between 2015 and 2016.  In addition to imposing a $475,000 fine and formally censuring Hilltop, the settlement requires the firm to take remedial measures and to engage an independent consultant to review the firm’s policies, systems and procedures relating to compliance with the BSA and FINRA regulations for the period between April 2016 and the present. According to the Letter of Acceptance, Waiver and Consent, Hilltop failed to reasonably review and detect potentially suspicious activity in connection with $221 million worth of low-priced securities trades; as these trades may have warranted the filing of suspicious activity reports with the FinCEN, Hilltop’s conduct violated FINRA Rules 3310(a) and 2010.  FINRA also found that the firm failed to devote adequate resources for the successful implementation of its AML program. Moreover, as part of the settlement, the independent consultant will report to FINRA within six months regarding the adequacy of Hilltop’s compliance program, including recommendations for modifications and additions to systems, procedures and training with respect to low-priced securities.  Hilltop will have 60 days to adopt and implement the consultant’s recommendations.

In re BNP Paribas Securities Corp., Exchange Act Rel. No. 89177, 2020 SEC LEXIS 2774 (June 29, 2020)

The SEC accepted an Offer of Settlement from BNP Paribas Securities Corp. (“BNP”). The Commission alleged that BNP had violated Rule 203(a)(1) of Regulation SHO, which prohibits lending shares to settle sale orders marked as “long.” Specifically, the SEC alleged that, from April 2016 through July 2016, BNP, on at least 35 occasions, improperly loaned a hedge fund prime brokerage customer securities on a settlement date to settle purported “long” sales. The SEC alleged that BNP had, in total, loaned the hedge fund more than eight million shares in the securities of three different issuers to settle the purported “long” sales that had been submitted to BNP for clearing. As a result, the SEC found that BNP violated Rule 203(a)(1) of Regulation SHO. BNP provided an undertaking to cooperate with any subsequent SEC investigation regarding the matter and with any subsequent enforcement action. BNP was ordered to cease-and-desist from future violations, was censured, and was required to pay a civil money penalty of $250,000.

In re Biltmore International Corporation, Exchange Act Rel. No. 88744, 2020 SEC LEXIS 1096 (April 24, 2020)

The SEC accepted an Offer of Settlement from Biltmore International Corporation (“Biltmore”), a registered broker-dealer. The SEC alleged that Biltmore had violated Rule 203(b)(1) of Regulation SHO, which prohibits a broker or dealer from accepting a short-sale order from another person, or effecting a short sale in an equity security for its own account, unless the broker or dealer has borrowed the security, has entered into a bona fide arrangement to borrow the security, or has reasonable grounds to believe that the security can be borrowed so that it can be delivered on the delivery date (the “locate requirement”). Further, the SEC alleged that Biltmore violated Section 17(a) of the Exchange Act and Rule 17a-8 thereunder for failing to comply with the reporting, recordkeeping and record-retention requirements of the BSA and failing to file SARs as required under the SAR rule (31 C.F.R. § 1023(a)(2)). Specifically, the SEC alleged that Biltmore routinely executed a series of short sales throughout the day for its own account in the stocks being sold by customers, then later covered the short positions by purchasing shares from the customers on a “net” basis, charging the customers an average price at a pre-negotiated markdown, while failing to locate shares of those stocks as required by Rule 203(b)(1) of Regulation SHO. “The order finds that, for at least several thousand of these short sales, Biltmore t failed to locate shares of those stocks that it could borrow, as is required by the federal securities laws.” The SEC also alleged that Biltmore engaged in facilitating high-volume liquidations of low-priced, thinly traded, over-the-counter (“OTC”) stocks without adequately implementing its anti-money laundering policies and procedures so as to reasonably address the risks associated with its business model. The result was a finding by the SEC that Biltmore “failed to adequately monitor its customers’ trading in low priced over-the-counter stock, did not look for risk indicators or red flags as specified in its policies and procedures, and failed to file SARs for numerous transactions that it had reason to suspect involved fraudulent activity or had no business or apparent lawful purpose.” Biltmore was ordered to cease-and-desist from future violations, was censured, and was required to pay a civil money penalty of $125,000. 

Key Takeaways for Broker-Dealers

The following are best practices for broker-dealers to ensure their AML programs are meeting regulatory requirements and expectations. Broker-dealers should review these key takeaways and, where gaps are identified, implement changes to their AML program to address these areas: 

  • Conduct a comprehensive AML risk assessment that is designed to assess the risk related to its services, products, customers, locations, transactions, etc.
  • Tailor its AML programs, including policies and procedures, to the risks posed by the firm’s business and customer mix.
  • Periodically assess whether its AML programs is keeping pace with changes in its business.
  • Have adequate resources for its AML program.
  • Have qualified and trained staff to perform the required AML duties and responsibilities
  • Establish a written CIP and incorporate the program as part of the firm’s overall AML program. The CIP should clearly outline the policies and procedures used by the broker-dealer for collecting, verifying, and maintaining identification not only for direct customers, but also for individuals who are transacting through customer accounts,
  • Perform a customer risk assessment at the time of account opening to gain an understanding of the customer’s expected type of activity, volume, risk profile, etc. 
  • Understand their direct customers but also who the beneficial owners are of subaccounts and/or those individuals/entities for whom transactions may be executed.
  • Monitor for potential suspicious or illegal activity.
  • Verify the completeness and accuracy of data sources used for AML surveillance,
  • Perform an investigation into the activity and/or customer if potentially suspicious activities (e.g., red flags) are identified, to determine whether a SAR should be filed, and carefully document the results of the investigation and decision whether or not to file a SAR.
  • If a SAR should be filed, the SAR should be complete and contain the who, what, when, where, and why of the activity, including a clear, complete, and concise description of the activity, comprising what was unusual, irregular or suspicious about the transaction(s). It should ensure that the information on the SAR is accurate and does not omit information known to the firm that may deem the SAR misleading.
  • Perform independent testing/auditing of the AML compliance program 

Practus AML Services

Practus provides broker-dealers and other financial institutions comprehensive and diverse services relating to all aspects of AML rules and regulations. The firm offers the following services:

  • Perform independent testing/auditing of AML compliance programs
  • Develop and design AML compliance programs
  • Conduct AML reviews and investigations
  • Develop and present AML training

Who should you talk to if you have further questions?

If you would like further information concerning the matters discussed in this Legal Insights, please contact Robert Moreiro.

The Authors
Robert Moreiro
Read Full Bio

Practus, LLP provides this information as a service to clients and others for educational purposes only. It should not be construed or relied on as legal advice or to create an attorney-client relationship. Readers should not act upon this information without seeking advice from professional advisers.

Search Icon