SEC continues focus on broker-dealer anti-money laundering compliance
The Securities and Exchange Commission’s (SEC) Division of Examinations (the Staff) recently issued a risk alert reminding broker-dealers (firms) of their obligations under anti-money laundering (AML) rules and regulations, in particular requirements related to monitoring for and reporting of suspicious activity (AML Risk Alert). The AML Risk Alert comes on the heels of several recent enforcement actions, as well as other recent SEC and FINRA statements, with a focus on broker-dealers facilitating trading in low-priced securities and accounts for foreign intermediaries.[1] The string of regulatory statements and enforcement efforts indicate that AML concerns continue to be an area of focus for the SEC, and likely will continue to be moving forward—particularly given the recent passage of the Anti-Money Laundering Act of 2020 and the ongoing promulgation of associated implementing regulations.
Staff Observations
The AML Risk Alert identifies the Staff’s key areas of concern:
- Inadequate Policies and Procedures. The Staff noted that some firms did not establish adequate AML policies, procedures and internal controls to address the type of activity in which their customers regularly engage. Accordingly, firms should include appropriately tailored red flags in AML policies and procedures to assist with identifying activity for further due diligence. For example, the Staff highlighted that low-priced securities transactions in omnibus accounts maintained for foreign financial institutions may pose significant AML risk and firms should apply and tailor red flags as appropriate.[2] Further, it may not be sufficient for introducing broker-dealers to rely on suspicious activity monitoring by their clearing firms; instead introducing broker-dealers may need to adopt their own procedures to take into account the nature of the customer activity. Finally, the Staff cautioned firms against setting Suspicious Activity Report (SAR) thresholds above the $5,000 threshold required by AML regulations.
- Failure to Implement Procedures. The Staff observed that some firms with reasonably designed written policies and procedures may nonetheless fail to adequately implement them. As a result, those firms failed to (i) file SARs on transactions that appeared identical to transactions for which SARs had been previously filed, (ii) use available transaction reports and systems, (iii) follow up on red flags or (iv) comply with firm prohibitions on trading for securities priced at less than one penny per share.
- Failure to Respond to Suspicious Activity. The Staff reminded firms to conduct and document adequate due diligence in response to red flags, especially with respect to activity in low-priced securities, consistent with firm policies and procedures and the red flags identified in prior guidance, such as the 2014 SEC examination risk alert and FINRA Notice to Members 19-18.
- Filing Inaccurate or Incomplete SARs. The Staff cautioned firms against filing SARs containing generic boilerplate language, which renders the SAR less valuable to law enforcement and regulators. As a result of the use of boilerplate language, a number of firms filed SARs that contained inaccurate information or lacked sufficient detail to make clear the true nature of the suspicious activity. For example, reports of cyber-intrusions failed to include details regarding the method and manner by which customer accounts were taken over; such as the method of transferring out funds, how the account was accessed, bank account information, phone/fax numbers, email addresses, and IP addresses.
In light of the SEC’s continued focus on broker-dealer AML compliance, firms may expect to receive questions from the SEC or FINRA on how they are addressing the areas the Staff has highlighted, and might consider taking preemptive steps to determine whether any further enhancements are needed.
[1] The Financial Crimes Enforcement Network adopted the “AML Program Rule” and the “SAR Rule” to implement AML programs and suspicious activity monitoring and reporting requirements for broker-dealers. Rule 17a-8 under the Exchange Act of 1934 requires broker dealers to comply with the reporting, recordkeeping and record retention requirements of the Bank Secrecy Act, including those related to SARs. Over the past few years, the SEC has brought a number of enforcement actions alleging violations of Section 17(a) of the Exchange Act and Rule 17a-8 in connection with the failure to discharge certain AML obligations. See, e.g., In the Matter of Interactive Brokers, LLC, Exch. Act Rel. No. 89510 (Aug. 10, 2020) (settled action) (finding a violation of Section 17(a) of the Exchange Act and Rule 17a-8 thereunder where a broker-dealer “ignored or failed to recognize numerous red flags, failed to properly investigate certain conduct as required by its written supervisory procedures, and ultimately failed to file SARs on suspicious activity” involving certain U.S. microcap securities transactions the broker-dealer executed on behalf of its customers); In the Matter of E.S. Financial Services, Inc. n/k/a Brickell Global Markets, Inc., Exch. Act Rel. No. 77056 (Feb. 4, 2016) (settled action) (finding a violation of Section 17(a) of the Exchange Act and Rule 17a-8 thereunder where a broker-dealer did not accurately collect, verify and maintain information regarding sub-account holders or other beneficial owners of corporate accounts in accordance with the broker-dealer’s customer identification procedures).
[2] The Staff noted its concern that nominee accounts and multiple foreign financial intermediaries can be used to obfuscate the identities of people engaging in illicit activities, including money laundering. The Staff believes that AML due diligence and reporting obligations apply to omnibus relationships with foreign financial institutions regardless of whether the ultimate beneficial owner of the funds and securities held in the account is a broker-dealer’s “customer” for customer identification and due diligence purposes or a “beneficial owner” for customer due diligence purposes. For example, a broker-dealer must file a Suspicious Activity Report on a suspicious transaction, whether or not the ultimate beneficial owner who requested the transaction is considered the broker-dealer’s customer. See Staff Bulletin: Risks Associated with Omnibus Accounts Transacting in Low-Priced Securities (last modified Nov. 12, 2020), https://www.sec.gov/tm/risks-omnibus-accounts-transacting-low-priced-securities.