The SEC continues to reiterate the role of broker-dealers as “gatekeepers to the securities markets” by focusing on firms’ anti-money laundering (“AML”) obligation. The import that the SEC, as well as FINRA, places on firms’ AML obligation is evident in the large fines and penalties imposed in these cases.
Most recently, on May 16, 2018, the SEC announced settled charges against Chardan Capital Markets LLC and Industrial and Commercial Bank of China Financial Services LLC (ICBC) for failing to report suspicious sales of billions of penny stock shares. In the press release regarding these settlements, the SEC characterized the failure to file SARs in the face of red flags as “unacceptable” and noted that between the SEC and FINRA, the firms were fined in excess of $7,000,000. https://www.sec.gov/litigation/admin/2018/34-83251.pdf
The SEC and FINRA’s focus on AML issues is once again addressed in recent Examination Priority letters issued by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) and FINRA, both of which identify compliance with AML rules and regulations as a priority.
Traditionally AML violations remained beyond the SEC’s radar, instead of being usually pursued by the DOJ, FinCEN, the IRS, and other federal agencies. After the SEC’s former enforcement director said in a statement that the SEC must “pursue stand-alone BSA violations to send a clear message about the need for compliance,” recently the SEC has, on more than one occasion, charged broker-dealers with failing to file Suspicious Activity Reports.
While FINRA has a specific rule related to AML compliance, the SEC lacks such a rule. Consequently, in pursuit of AML violations, the SEC relies on Section 17(a) of the Securities Exchange Act of 1934 and Rule 17a-8 promulgated thereunder, the books-and-records provision, as the basis for its AML enforcement efforts. The SEC’s reliance on Rule 17a-8 reflects yet another shift in the regulatory landscape, yet may also afford firms an opportunity to enhance or fine tune their AML compliance programs.
AML Regulatory Backdrop And Program Requirements
The AML regulatory regime originates from the Bank Secrecy Act (“BSA”), which requires broker-dealers to develop and implement AML programs. Consistent with the BSA, FINRA adopted Rule 3310 in April 24, 2002 requiring every broker-dealer to establish, implement and maintain a written AML compliance program “reasonably designed to achieve and monitor” compliance with the BSA and its implementing regulations, including detection and reporting of suspicious activity.
Each firm’s AML program must, at a minimum, satisfy the “four pillars” set forth in the BSA’s implementing regulations, which are incorporated into Rule 3310:
the establishment and implementation of policies, procedures and internal controls reasonably designed to achieve compliance with the applicable provisions of the BSA and implementing regulations;
independent testing for compliance by broker-dealer personnel or a qualified outside party;
designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls of the AML program; and
ongoing training for appropriate persons.
Rules advanced by the Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) pursuant to the BSA requires broker-dealers to:
Implement a Customer Identification Program (“CIP”) designed to obtain and verify basic customer information such as name, address, date of birth, and identification number;
Report all cash transactions greater than $10,000 through the filing of a Currency Transaction Report;
Create and maintain adequate transaction records, regardless of whether the activity is believed to be suspicious or illegal;
File a SAR with respect to conduct that the firm “knows, suspects, or has reason to suspect” involves more than $5,000 and: 1) involves or is designed to hide funds derived from illegal activity; 2) is intended to evade BSA requirements; 3) does not have an apparent business or lawful purpose and is otherwise out of the norm for the customer; or 4) involves facilitating criminal activity.
31 C.F.R. § 1023.320.
In addition, most recently, FinCEN adopted a final rule on Customer Due Diligence Requirements for Financial Institutions (the “CDD Rule”), with which member firms must be in compliance by May 11, 2018. With the intent of clarifying and strengthening existing AML obligations, the CDD Rule articulates several elements of effective customer due diligence: (1) determination and verification of customer identity; (2) determination and verification of the identity of the beneficial account owner; (3) determination and understanding of the nature and purpose of the customer relationship; and (4) ongoing monitoring and information updates, as required on a risk-assessment basis.
According to FinCEN, the first element is already a requirement for AML programs; the second element is new; and the last two elements merely formalize existing obligations. The second, third and fourth elements constitute the ongoing customer due diligence obligation that is referred to as the “fifth pillar.” FinCEN Guidance on the Requirements of the CDD Rule can be found at https://www.fincen.gov/resources/statutes-regulations/guidance/frequently-asked-questions-regarding-customer-due-diligence.
The SEC’s avenue for ensuring compliance with AML obligations is primarily through policing the SAR process outlined above. While historically, the SEC had not been that active in the AML enforcement arena, primarily focused on CIP failings, recent SEC enforcement trends are focused on SAR failings. Specifically, SEC Rule 17a-8 compels SEC registered broker-dealers to “comply with the recordkeeping, retention, and reporting obligations of the BSA and its implementing regulations.” SEC Rule 17a-8 rule requires broker-dealers to maintain accurate books and records, including having policies and procedures that reflect the actual processes in place; file suspicious activity reports that are complete, accurate, and timely; and retain supporting documentation as required by the BSA.
Recent AML Enforcement Activity – Includes Personal Liability
The SEC and FINRA’s interests in AML issues are reflected in several recent cases. As noted above, the SEC announced settlements with Chardan Capital Markets LLC and Industrial and Commercial Bank of China Financial Services LLC (ICBC) and related to failures to file SARs. See https://www.sec.gov/news/press-release/2018-87. The SEC charged Chardan’s AML Officer for aiding and abetting a violation of the securities laws, resulting in a fine and a three year industry bar in order to settle the charges.
Specifically, the SEC alleged that Chardan did not conduct the requisite review of certain penny stock liquidations occurring in certain accounts. Further, the SEC asserted that Chardan’s clearing firm, ICBC, conveyed its concerns to Chardan about this trading activity. The SEC contends that that Chardan “knew, suspected, or had reason to suspect that certain of the seven customers were engaged in fraudulent activity based on other red flags listed in their policies.” The SEC did not find evidence that the red flags were investigated or a SAR filed related to these penny stock transactions. The SEC concluded that by failing to file SARs, Chardan willfully violated Section 17(a) of the Exchange Act and Rule 17a-8 thereunder.
The SEC’s investigation into the Chardan matter was conducted in conjunction with FINRA. While Chardan and ICBC paid penalties totaling just under $2,000,000 to settle the SEC charges, in order to resolve the broader AML issues identified by FINRA, the firms paid an additional $5,300,000 and Chardan agreed to retain an independent compliance consultant.
In another SEC and FINRA join effort, in a recent press release (http://www.finra.org/newsroom/2018/finra-fines-aegis-capital-corp-550000-aml-and-supervision-rule-violations), FINRA details alleged misconduct by Aegis Capital Corporation (“Aegis”) and highlights the risks associated with disregarding internal red flags, particularly when the transactions at issue involve foreign financial institutions:
FINRA found that Aegis’ supervisory system for trading in delivery versus payment (DVP) accounts was not reasonably designed to satisfy its obligation to monitor and investigate trading in DVP accounts, particularly in low-priced securities transactions. In a DVP account, customers buy and sell securities that are not held at the brokerage firm executing the trades, and the purchases and sales of those shares are then effected through the brokerage firm. During its investigation, FINRA found that Aegis failed to adequately monitor or investigate the trading in seven DVP customer accounts that liquidated billions of shares of low-priced securities, generating millions of dollars in proceeds for its customers. Several of these customers were foreign financial institutions that effected transactions on behalf of their underlying customers, all of whom were unknown to Aegis. The firm did not identify these trades as suspicious even after its clearing firm alerted Aegis to AML red flags and specific suspicious low-priced securities transactions. These violations were accompanied by a failure to implement an adequate AML program tailored to detect red flags associated with these sales.
On March 28, 2018, the SEC entered a Cease and Desist Order finding that Aegis’s failure to file SARs on numerous occasions constituted a willful violation of 17a-8. The SEC imposed a $750,000 penalty and required the firm to retain a compliance expert. See https://www.sec.gov/litigation/admin/2018/34-82956.pdf.
The very same day, FINRA announced the imposition of an additional $550,000 in fines against Aegis based on the same failure to submit SARs. See http://www.finra.org/sites/default/files/aegis_awc_032818.pdf. Moreover, FINRA pursued the firm’s CEO for having “caused” the firm’s violations, as well as the firm’s former AML compliance officer for aiding and abetting Aegis’s violations. The CEO paid a $40,000 penalty and the former AML compliance officer paid a $20,000 penalty, as well as agreed not to serve in a compliance or AML capacity without seeking FINRA approval. Finally, one other firm compliance officer is litigating FINRA’s assertion that he aided and abetted the firm’s violations. That case will be heard by an Administrative Law Judge.
Finally, in a matter that is still pending, the SEC filed suit against Salt Lake City broker-dealer Alpine Securities over its failure to report transactions that the firm flagged as suspicious. (https://www.sec.gov/litigation/complaints/2017/comp-pr2017-112.pdf) According to the SEC, Alpine failed to file SARs for numerous suspect transactions or, when it did file them, it omitted critical information about the customer’s track record of violations in the United Stated and abroad.
Minimum Requirements For A Compliant AML Program
In order to mitigate the risk of a FINRA or SEC action based on an AML failing, firms should ensure that their AML program is designed to, among other things:
Utilize a risk-based approach in developing an AML Program to be sure it meets the risks presented by the firm’s particular business model;
Emphasize the necessity of knowing the customer, including avoiding customers with prior regulatory issues, scrutinizing foreign financial institution relationships and perhaps adoption of written CIP processes and procedures;
File a SAR based only on reasonable suspicion that activity may be unlawful;
Review and document the review of any potentially suspicious activity;
Be judicious in permitting trading in low priced securities and in providing clients with market access;
Implement schedule and methodology for reviewing and testing AML compliance;
Regularly confirm completeness and accuracy of data used in AML surveillance;
Ensure availability of sufficient resources to adequately meet the needs of the firm’s AML compliance obligations; and
Timely respond to any identified deficiencies.
Finally, we anticipate continued regulatory scrutiny in light of the May 11, 2018 effective date of the new due diligence rule.