SEC’s Division of Exams on AML Compliance
Money laundering compliance is a critical area for banks, broker-dealers and others in the financial world. The importance of this area was recently highlighted by the passage of the Corporate Transparency Act or CTA to bolster the requirements. Indeed, Kenneth Blanco, the Director of the Financial Crimes Enforcement Network or FinCEN recently hailed the Act as a “landmark piece of legislation that will bolster the Untied States’ national security and help better protect the communities and people of this great country.” Kenneth A. Blanco, Remarks at Florida International Bankers Association AML Compliance Conference (March 22, 2021)(here). FinCEN is preparing to write new regulations to implement the new legislation.
AML is also a focus for the Commission’s Division of Examinations or EXAMS. To assist registrants in preparing for examinations in this area EXAMS issued a new Risk Alert titled “Compliance Issues Related to Suspicious Activities Monitoring and Reporting at Broker-Dealers” (March 29, 2021)(here).
Exchange Act Rule 17a-8 requires broker-dealers to comply with the reporting and record keeping dictates of the Bank Secrecy Act or BSA provisions regarding anti-money laundering. Under the BSA and Rule 17a-8 an AML program must be implemented which is keyed to the risks associated with the business of the firm. This means that the program should be designed by “taking into account factors such as a size, location, activities, customers, and other risks of (or vulnerabilities to) money laundering.” The firm must focus on what are called “red flags,” that is, indications of illegal activity, and be prepared to respond appropriately.
Central to broker-dealer compliance is the filing of a suspicious activity report or SAR for any possible violation of law or regulation. Accordingly, the firm “must file a SAR for any transaction involving funds or other assets of at least $5,000 that are conducted or attempted by, at, or through the broker-dealer and for which the broker-dealer knows, suspects, or has reason to suspect that, among other things, the transaction (or pattern of transactions of which the transaction is part) . . .” This occurs when a transaction involves: 1) funds from illegal activity or which conceal such actions; 2) is designed to evade the requirements of the BSA; 3) have no apparent lawful purpose; or 4) uses the firm in criminal activity. In view of these requirements the broker-dealer must conduct appropriate due diligence.
Observations of the staff in this area are divided into four key areas below.
Monitoring: This area focuses on AML policies and internal controls. EXAMS concluded that a number of broker-dealers failed to design and implement policies and procedures reasonably designed to identify and report suspicious activity. Examples include:
· A number of firms failed to include red flags in their policies and procedures; others failed to properly design the red flags in view of their business and customers;
· Some firms with large volumes of transactions failed to install appropriate automated procedures and relied only on manual procedures;
· Some firms failed to set the limits for transactions involving low priced securities at the proper level which for penny stocks is $5 and under while others did not monitor exchange traded stocks;
· A number of firms set the dollar limit for a SAR at a level that exceeded the $5,000 minimum, thus failing to monitor and detect certain transactions; and
· A number of firms inappropriately deferred monitoring to their clearing firms or failed to
monitor high risk customer activity such as trading in low priced securities.
Failure to implement: A number of firms that reasonably designed their policies and procedures did not implement them and failed to conduct adequate due diligence or report suspicious activity in accord with their procedures. Examples include:
· At times firms were inconsistent, filing a SAR for a transaction and later failing to file a SAR for a transaction without distinguishing between the two;
· Some firms failed to use available transaction reports in monitoring transactions;
· Other firms failed to follow-up on suspicious activity; and
· In a number of instances there was a failure to comply with firm procedures regarding the acceptance of certain kinds of transactions or requirements to conduct due diligence.
Failure to respond: In some instances, EXAMS observed weak policies, procedures and internal controls or a failure to enforce or comply with existing procedures. In those instances, a SAR was not filed in accordance with the requirements. Examples include:
· Large deposits of low-priced securities followed by almost immediate liquidation;
· Patterns by a number of customers where low priced securities of multiple issuers are acquired;
· Customers with questionable backgrounds; or
· Trading in securities where there were warnings about the issuer’s compliance with requirements such as filing periodic reports.
Inadequate SAR: In a number of instances EXAMS observed significant numbers of inadequate SARs which lacked information about the transactions. In other instances the filings were simply boiler plate, again omitting key details. In many cases the omitted details were important. For example, in some cases the purchase of low-priced securities was reported while the sale information was omitted. In some cyber security cases the reports failed to include facts about the implementation of the scheme and other critical details.
As EXAMS makes clear, AML is a key area of concern. The recent passage of the CTA and the comments of the FinCEN director cited above emphasize this point. It is thus critical that each firm properly prepare, implement and enforce an appropriate AML policy carefully focused on the business and customers of the firm.