Ben Franklin once said “by failing to prepare, you prepare to fail.” Based on the SEC’s latest risk alert concerning broker-dealers’ anti-money laundering (AML) compliance (or lack thereof), some firms would be well served to heed Mr. Franklin’s advice.
The SEC specifically seeks to examine broker-dealers’ compliance with the various regulations and laws governing firms’ AML obligations. The risk alert highlights the SEC’s observations relating to firms’ deficiencies concerning (a) AML policies and procedures and internal controls; and (b) suspicious activity reporting (SAR). The SEC’s emphasis on AML should come as no surprise, as the SEC has previously included it as an exam priority. FINRA has additionally provided broker dealers with extensive AML guidance.
Below, we identify points of interest in the risk alert in both categories.
AML Policies and Procedures and Internal Controls
Failure to Establish Policies and Procedures: The SEC says that certain firms did not implement red-flag policies to address risks associated with commonplace activity such as low-priced securities and pump and dump schemes. Firms with heavy trading volumes did not implement adequate automated systems to detect large volumes of trading. These firms thus failed to identify suspicious trading patterns that occurred across multiple accounts.
Failure to Implement Procedures: SEC examples include (a) failing to file SARs on transactions nearly identical to others for which the firms had regularly filed SARs; (b) investigating red flags that a firm’s existing procedures had identified, including those related to potential insider trading; and (c) not reasonably using existing transaction reports and systems to monitor potential suspicious activity.
Suspicious Activity Monitoring and Reporting
Failure to Respond to Suspicious Activity: In general, the SEC reports that certain firms failed to conduct or document adequate due diligence in response to known indicators of suspicious activity, such as with low-priced securities. The SEC underscored that “even when firms were presented with activity in this high-risk area involving low-priced securities … firms did not review the activity and follow up to consider filing SARs.”
Specific examples of firms’ failures to identify high-risk areas were (a) problematic customers, such as those facing criminal or securities law violations; (b) trading the stock of issuers that were shell companies or that had previous securities law violations; and (c) large deposits of low-priced securities, followed closely by the near-immediate liquidations of those securities.
Filing inaccurate or incomplete SARs: Some broker-dealers filed hundreds of SARs that failed to clearly state the true nature of the suspicious activity and the securities involved. This was due, in part, to firms utilizing boilerplate language.
Examples of key information that these SARs failed to include are social security numbers, customers’ disciplinary history, and dollar amounts for customers’ losses due to identity theft. The SEC found these particularly concerning, considering the firms had this information readily available. Omitting “the methods and manner of cyber-intrusions and schemes to ‘take-over’ customer accounts.”
The bottom line: the SEC identified a plethora of concerning broker-dealer failures to combat anti-money laundering. Broker-dealers would be well-advised to review—and, where needed, to strengthen—their AML policies, procedures and reporting systems. To end with another Ben Franklin quote, “don’t put off until tomorrow what you can do today.” This is especially apt advice for broker-dealers, as weak AML protections can not only lead to regulatory headaches, but can also harm good-faith clients.