Priorities Echo Prior Alerts and Enforcement Actions
The SEC’s Division of Examinations (the “Division”) released on October 16 a report on its “Examination Priorities” (the “Report”) for fiscal year 2024. This release occurred earlier than in prior years, which the Report’s prefatory message characterizes as an example of the Division’s “intention to provide more transparency” and “to move forward together with investors and industry to promote compliance.”
The Report highlights four major areas of focus for the Division’s examinations in the coming year, which it terms “risk areas impacting various market participants”:
- Anti-money laundering (“AML”);
- Information security and “operational resilience”;
- Crypto and emerging financial technologies (“fintech”); and
- Regulation systems compliance and integrity (“SCI”).
As to AML, the Report first rehearses the requirement of the Bank Secrecy Act (“BSA”) for broker-dealers: namely, that they establish AML programs tailored to their unique risk profile – their location, size, customer base, menu of products and services, and method of delivery of those products and services. The Report further notes that such AML programs must be reasonably designed to achieve compliance with the BSA and related regulations, must undergo independent testing of their viability, and must include customer due diligence procedures and ongoing transaction monitoring – including, where appropriate, filing of Suspicious Activity Reports (“SARs”) with the Financial Crimes Enforcement Network (“FinCEN”). Although the Report also references “certain registered investment companies,” investment advisers as a group are not (yet) subject to the BSA.
With that general foundation, the Report enunciates the Division’s 2024 priorities in examination of AML programs:
- Whether the program is appropriately tailored to a firm’s business model and associated AML risks;
- Whether the firm conducts independent testing of its AML program;
- Whether the firm has an adequate customer identification program (which includes identifying the beneficial owners of legal entities);
- Whether the firm meets its SAR filing obligations;
- If applicable, whether the firm has adequate policies and procedures regarding oversight of financial intermediaries; and
- Whether the firm ensures compliance with Office of Foreign Assets Control (“OFAC”) sanctions.
While the emphasis is important, nothing here is actually new. The SEC published on July 31, 2023 an alert outlining deficiencies the Division has observed in broker-dealers’ compliance with AML requirements. Consistent with the Report, the alert focuses on deficiencies the Division has observed with regard to independent testing of broker dealers’ AML programs, personnel training and identification and verification of customers and their beneficial owners.
Likewise, the new Director of FinCEN, Andrea Gacki, recently addressed the issue of investment advisers at the Association of Certified Anti-Money Laundering Specialists (“ACAMS”) conference in Las Vegas, Nevada. Director Gacki observed that “investment advisers are not generally subject to comprehensive AML/CFT requirements under the [BSA]. Although certain categories of investment advisers may undertake some AML/CFT obligations in limited circumstances, the absence of comprehensive regulation under the BSA in this industry creates gaps in the U.S. AML/CFT regime.” In 2015, during President Obama’s second term, FinCEN proposed exactly such a rule for certain investment advisers, but never moved forward. According to Director Gacki, FinCEN is assessing the relevant AML risks “and identifying the best ways to mitigate those risks.”
The Archipelago Enforcement Action
Indeed, a recent AML enforcement action, summarized in an Order issued August 29, 2023 and stemming from a Division examination culminating in a May 2020 deficiency letter, highlights the fact that the above is a reiteration of what already have been priorities for the SEC for some time.
Archipelago Trading Services, Inc. (“ATSI”), a registered broker-dealer, ran an alternative trading system (“ATS”) called Global OTC. This ATS exclusively traded in over-the-counter (“OTC”) securities – i.e., securities not listed on a national securities exchange – that consisted primarily “microcap” or “penny stock” securities. ATSI, like any registered broker-dealer, was required to comply with the BSA and its implementing regulations, and as such to file SARs relating to trades on the platform that ATSI knew, suspected, or had reason to suspect involved use of the platform to facilitate fraud or had no lawful purpose.
But from August 2012 to September 2020, ATSI allegedly did not implement (or even have) reasonably designed AML policies and procedures to surveil transactions on its ATS for possible red flags; the AML program related to Global OTC was limited to initial “know your subscriber” due diligence during the onboarding process, and monitoring of OFAC sanctions and enforcement matters.
Lacking the necessary AML processes, ATSI allegedly failed to conduct any “red flag” surveillance of Global OTC transactions for an eight year period, which necessarily meant it failed to investigate suspicious behavior. And the suspicious behavior was apparently rampant – the Order notes that, just between October 2017 and September 2020, there were numerous red flags connected to approximately 15,000 transactions – which the SEC found “would have required the filing of at least 461 SARs.” The end date of September 2020 reflects the fact that ATSI began implementation of updated AML policies, revised in August 2020 in response to a May 2020 deficiency letter from the Division. These updated policies included a post-trade monitoring system surveilling all transactions on Global OTC for potentially manipulative or otherwise suspicious activity, and consistent filing of SARs related to such activity.
ATSI settled with the SEC on a charge of willful violation of Section 17(a) of the Exchange Act and related Rule 17a-8 – which together require broker-dealers to comply with various reporting and record-keeping requirements of the BSA, including filing of SARs. ATSI was censured, fined $1.5 million, and ordered to cease and desist from future violations.
While the scope of the violation here – in length of time and number of transactions – is somewhat outsized, the core issues that the Division is concerned about are more widely applicable. Firms – including trading platforms – must have systems and procedures in place to (a) know, to the best of their reasonable ability, who they’re doing business with, and (b) flag suspicious activity, and bring it to FinCEN’s attention via filing SARs.