On March 29, 2021, the Securities and Exchange Commission (“SEC”) began to make good on its promise to make AML a key examination priority in 2021 by issuing a risk alert authored by the Division of Examinations (“EXAMS”) detailing the results of a review of broker-dealers’ compliance with anti-money laundering (“AML”) requirements (the “Alert”).
The Alert details the obligations of broker-dealers to comply with AML programs and SAR monitoring and reporting requirements pursuant to the “AML Program Rule,” 31 C.F.R. § 1023.210, and the “SAR Rule,” 31 C.F.R. § 1023.320, as well as similar obligations under Rule 17a-8 of the Securities Exchange Act of 1934 (“Exchange Act”), which incorporates the Bank Secrecy Act (“BSA”) reporting and record-keeping obligations applicable to broker-dealers. The Alert further issues findings that indicate certain firms are experiencing shortcomings when it comes to establishing and implementing sufficient suspicious activity monitoring and reporting policies and procedures, which is leading to inadequate SAR reporting in several respects.
Perhaps not coincidentally, EXAMS issued the Alert shortly after the U.S. Court of Appeals for the Second Circuit ruled in December 2020 in SEC vs. Alpine Securities Corp. that the SEC has the authority to bring an enforcement action against broker-dealers under Section 17(a) and Rule 17a-8 of the Exchange Act on the basis of alleged BSA failures, including failures to comply with the SAR Rule. Whether the Alert is a true “heads up” or a forewarning of enforcement actions to come, firms are encouraged not to replicate the specific deficiencies identified in the Alert.
Broker-Dealer AML Obligations
Before laying out its specific areas of concern, the Alert summarizes the AML Program Rule and the SAR Rule as they apply to broker-dealers. Under the AML Program Rule:
a broker-dealer is required to establish and implement policies, procedures, and internal controls reasonably designed to, among other things, identify and report suspicious transactions as required by the BSA and its implementing regulations. An AML program should be tailored to address the risks associated with a firm’s particular business, taking into account factors such as size, location, activities, customers, and other risks of (or vulnerabilities to) money laundering. . . . a broker-dealer should [also] look for indicators of illicit activities . . . and incorporate those red flags into its policies and procedures. Awareness by firm personnel of red flags and how to respond to those red flags, including escalating awareness of the red flags to appropriate firm personnel, will help ensure that a firm is in a position to identify the circumstances that warrant further due diligence and possible reporting.
The SAR Rule requires broker-dealers to report any potentially illegal transactions to FinCEN, and mandates filing a SAR for any completed or attempted transaction involving at least $5,000, or its equivalent in assets, that the broker-dealer “knows, suspects, or has reason to suspect that, . . . the transaction (or pattern of transactions of which the transactions is a part):”
- involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade any federal law or regulation;
- is designed to evade any requirements set forth in regulations implementing the BSA;
- has no business purpose or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the broker-dealer knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or
- involves use of the broker-dealer to facilitate criminal activity.
According to the Alert, a SAR is required if “a reasonable broker-dealer in similar circumstances would have suspected the transaction was subject to SAR reporting.” SARs must be filed within 30 calendar days after the discovery of facts that may constitute the basis for filing the SAR. The failure to file a SAR or maintain records as required by the SAR Rule would be a violation of Section 17(a) and Rule 17a-8. The SAR should include a “clear, complete, and concise narrative of the activity, including what was unusual or irregular that caused suspicion” in order to enable law enforcement to understand the “nature and circumstances of the suspicious activity and its possible criminality.” A SAR’s narrative section should include the who, what, where, when and why of the suspicious activity being reported.
Observations of Broker-Dealer Suspicious Activity Monitoring and Reporting
The Alert, which reads more like a warning to broker-dealers, identifies four main areas of concern: inadequate AML policies and procedures, failure to implement AML procedures, failure to respond to suspicious activity, and filing inaccurate or incomplete SARs.
First, EXAMS reported it observed broker-dealers that did not establish policies, procedures and internal controls in a manner necessary to adequately identify and report suspicious activity. Examples include:
- policies that failed to reference red flags “to assist with identifying activity for further due diligence” or those that are commonly associated with securities transactions;
- policies that did reference red flags but failed to address risks associated with the type of activity in which their customers regularly engaged;
- high-volume firms failed to establish and implement automated suspicious activity monitoring and reporting systems, relying instead on manual review without procedures for identifying trends or suspicious patterns across multiple accounts;
- automated monitoring systems that tracked low-priced securities transactions that set the threshold for generating an alert at securities worth less than $1 per share to the exclusion of monitoring transactions in securities priced between $1 and $5 per share, also known as “penny stocks;”
- automated monitoring systems that fail to incorporate transactions in low-priced securities occurring on an exchange;
- policies that set the SAR reporting thresholds at amounts significantly higher than the $5,000 threshold identified in the SAR Rule, thereby failing to identify and repot potentially suspicious transactions involving amounts between $5,000 and the firms elevated threshold; and
- inappropriate deference to clearing firms to identify and report suspicious transactions in customer accounts and failure to adopt their own procedures that take into account the high-risk nature of their customers’ activity.
For those broker-dealers that did have sufficient policies, procedures, and internal controls, EXAMS reported that some did not implement them adequately, or comply with their own due diligence and reporting requirements. As a result, some firms did not file SARs on transactions that were near identical to previous transactions that had warranted a SAR, sufficiently use transaction reports and systems to monitor suspicious activity, follow up on red flags identified in their procedures, or comply with firm prohibitions on accepting trades for securities priced at less than one penny per share and fail to conduct due diligence on whether to file a SAR on the same.
EXAMS concluded that the inadequate policies and controls coupled with the failure to adhere to those procedures that were sufficient was resulting in “firms not conducting or documenting adequate due diligence in response to known indicators of suspicious activity especially with respect to activity in low-priced securities, which are particularly susceptible to market manipulation.” These deficiencies were leading to SARs not being filed when they should have been, including for improper sales of unregistered securities, and pump-and-dump schemes and market manipulations of thinly traded, low-priced securities. EXAMS further reported that firms did not follow to consider filing a SAR when certain red flags that had previously been highlighted by FINRA were observed, such as:
- large deposits of low-priced securities, followed by the near-immediate liquidations of those securities and then writing out the proceeds;
- patterns of trading activity common to several customers including, but not limited to, the sales of large quantities of low-priced securities of multiple issuers by the customers;
- trading in thinly traded, low-priced securities that resulted in sudden spikes in price or that represented most, if not all, of the securities’ daily trading volumes;
- trading in the stock of issuers that were shell companies or had been subject to trading suspensions or whose affiliates, officers, or other insiders had a history of securities law violations;
- questionable background of customers such as the fact that they were the subject of criminal, civil, or regulatory actions relating to, among other things, securities law violations;
- trading in the stock of issuers for which over-the-counter stock quotations systems had published warnings because the issuers had ceased to comply with their SEC financial reporting obligations or for which the firms relied on a “freely tradeable” legal opinion that was inconsistent with publicly available information.
EXAMS also noticed that firms failed to account for publicly available information that could give context to the suspicious activity, such as promotional activity, trading by affiliates, large liquidations by high risk broker-dealers or their counterparts.
And finally, EXAMS noted that occasionally broker-dealers did not include all relevant details in the SAR narrative, and firms were filing hundreds of SARs with the same generic boilerplate language insufficient to describe the true nature of the suspicious activity. Further, several firms were filing SARs with inaccurate or incomplete information.
EXAMS concluded by strongly “encourage[ing] broker-dealers to review and strengthen their applicable policies, procedures, and internal controls related to their suspicious activity monitoring and reporting processes to further their compliance with federal AML rules and regulations.” To that end, EXAMS highlights additional pertinent resources from the SEC, FINRA, FinCEN, and elsewhere regarding complying with BSA/AML obligations.
The Alert makes clear that the SEC will take enforcement action if firms are not complying with their BSA/AML monitoring and reporting requirements. In the government’s view, broker-dealers play a critical role in providing law enforcement agencies with the information necessary to investigate and root out suspicious transactions. As we’ve blogged about here, here and here, if broker-dealers are not living up to the government’s expectations in that regard, then the proverbial knock on their door is no doubt coming soon. Now is the time to internally overhaul suspicious activity policies, procedures and internal controls, and ensure that monitoring and reporting procedures are up to snuff to avoid that unwanted visitor.