While many of us were winding down the year focused on the December holidays, the U.S. Department of Justice, the SEC, FINRA, and FinCEN were busy delivering a flurry of messages to the broker-dealer industry about AML compliance. In this note, we highlight several noteworthy developments announced during the final weeks of 2018.
First Criminal Charges Against a U.S. Broker-Dealer for Violating Bank Secrecy Act
On December 19, 2018, the U.S. Attorney’s Office for the Southern District of New York announced the first criminal charges ever brought against a U.S. broker-dealer for violating the Bank Secrecy Act (“BSA”).[i] The broker-dealer consented to a deferred prosecution agreement in which it admitted it willfully failed to file a suspicious activity report (“SAR”) concerning the payday-lending activities of one of its customers, Scott Tucker. The firm also agreed to pay a $400,000 penalty to be collected in a related civil forfeiture action.
According to prosecutors, the firm opened accounts for several Native American tribal corporations based solely on communications with Tucker and his brother. Tucker allegedly controlled the accounts solely through oral communications with the firm, while his brother was given sole written authorization over the accounts. The firm allegedly ignored its own written procedures by failing to verify Tucker’s authority over the accounts and disregarded red flags such as Tucker’s previous fraud conviction, a previous FTC enforcement case against him, and allegations that he and his associates had engaged in a deceptive scheme involving the tribes. Prosecutors further alleged that the firm failed to monitor transactions in the relevant accounts and failed to review any of the approximately 100 automated alerts generated by activity in the accounts.
In conjunction with the deferred prosecution agreement, the firm also settled SEC charges that it failed (1) to file SARs when it knew, or had reason to suspect that certain transactions occurring in the accounts controlled by Tucker were derived from illegal activity or had no lawful purpose, and (2) to accurately document procedures set forth in its customer identification program.[ii] The SEC’s cease-and-desist order found that the firm willfully violated Section 17(a) of the Securities Exchange Act of 1934 and Rule 17a-8 thereunder, and required the firm to comply with certain undertakings, including the hiring of an independent compliance consultant who will review and recommend modifications to its AML and customer identification procedures. The firm neither admitted nor denied the SEC’s findings.
The decision by U.S. prosecutors to criminally charge a U.S. broker-dealer for failing to file a SAR is an important reminder that all actors governed by the BSA, not only banks, need to remain vigilant in complying with AML obligations.
SEC Authority to Enforce the Bank Secrecy Act
On December 11, 2018, Judge Denise Cote of the U.S. District Court for the Southern District of New York granted most of the SEC’s motion for summary judgment on claims that a broker-dealer firm violated the books-and-records provisions of Section 17(a) of the Securities Exchange Act of 1934 and SEC Rule 17a-8 thereunder by failing to comply with Section 1023.320 of the regulations implementing the BSA.[iii] In doing so, Judge Cote reiterated her view – which she first articulated in a March 2018 opinion in the same case, deciding an issue of first impression – that the SEC has legal authority to indirectly enforce Section 1023.320 under its own broker-dealer books-and-records provisions. Although the SEC has been doing so in settlements for more than a decade, no court had previously endorsed this approach in a litigated case.
Judge Cote went on to hold that the SEC was entitled to judgment as a matter of law on most of its claims that the firm had either failed to file required SARs or had filed insufficiently informative SARs about red flags surrounding certain transactions by firm customers. The categories of red flags included: (i) related litigation accusing the customer or the relevant issuer of misconduct; (ii) information suggesting the relevant issuer is or was a shell company, had frequently changed its name, or had been the subject of a trading suspension; (iii) a history of stock promotions involving the issuer’s securities; (iv) the inability to verify the legitimacy of the relevant issuer or its status as a functioning business; and (v) large deposits or transfers of very low-priced and thinly-traded securities, especially when followed by a systematic pattern of sales shortly thereafter. Judge Cote also granted the SEC summary judgment on its claim that the firm failed to maintain support files for several hundred SARs that it had filed.
This case is most significant for its seminal holding that the SEC can enforce the BSA through the books-and-records provisions of the Exchange Act. That holding is likely to be appealed. And given that it rests heavily on Chevron deference and the importance of informal agency guidance in interpreting relevant law, the court’s holding could become vulnerable if either or both of these forms of administrative deference are revisited by the Supreme Court.
Late-Year AML Fines from FINRA
In late December, the Financial Industry Regulatory Authority (“FINRA”) imposed two of its largest 2018 fines in separate settlements alleging AML violations against major financial firms.[iv] In one case, filed in conjunction with related cases jointly announced by the SEC and FinCEN, the firm was fined a total of $15 million for allegedly processing numerous foreign currency wires without sufficient oversight, including wires to and from countries known to be at high risk for money laundering, and its affiliate was alleged to have failed to reasonably monitor penny-stock transactions. In the other case, the firm was similarly faulted – and fined $10 million – for inadequately monitoring wire transfers and foreign-currency transfers to and from high-risk jurisdictions and large transactions by customers involving penny stocks. The firm was also charged with supervisory failures in connection with transactions involving unregistered securities and correspondent accounts it maintained for certain foreign financial institutions. In both cases, the firms settled without admitting or denying FINRA’s findings.
FINRA also settled AML charges with a much smaller firm in mid-December, imposing a $100,000 fine for the firm’s alleged facilitation of sales of Venezuelan and Argentinian bonds without having in place a reasonable AML compliance program tailored to the firm’s foreign bond business and alleged failure to conduct due diligence on the accounts of foreign financial institutions.[v] The firm settled without admitting or denying FINRA’s charges.
While nothing in these three settlements was especially novel or controversial, they serve as a timely reminder that enforcement staff at the SEC, FINRA, and FinCEN continue to focus on AML cases and that cases in this area tend to result in relatively large penalties and fines.
Continued SEC and FINRA Exam Focus on AML Compliance
In early December FINRA issued its 2018 report on examination findings,[vi] and in late December the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced its 2019 exam priorities.[vii] Not surprisingly, both included prominent mention of AML compliance concerns, and it is almost certain that when FINRA issues its exam priorities letter in early January, AML concerns will again be included.
The December FINRA exam report discussed AML exam findings among its “additional observations,” highlighting in particular:
- New requirements under FinCEN’s Customer Due Diligence rule (effective as of May 11, 2018), which requires firms to identify and verify the beneficial owners of legal entity customers, to understand the nature and purpose of customer accounts, to conduct ongoing monitoring of customer accounts, and to update customer information on a risk basis;
- Inadequate monitoring for “commonalities” among ostensibly unrelated foreign legal entity accounts, such as accounts engaging in similar transactions in low-float and low-priced securities using the same Internet Protocol locations, the same authorized traders, the same branches of banks, or the same mailing addresses;
- Inadequate documentation of initial reviews and investigations triggered by exception reports, particularly where firms have also failed to establish and implement a formal investigation management process or to document how they decided whether to file a SAR; and
- Failures to conduct or document bi-weekly reviews of FinCEN’s Secure Information Sharing System pursuant to Section 314(a) of the USA PATRIOT Act, or to follow FinCEN guidance to print a confirmation page to verify the review.
OCIE’s 2019 exam priorities announcement more generally highlighted its intention to continue focusing on broker-dealers’ AML compliance, saying:
“In 2019, OCIE will continue to prioritize examining broker-dealers for compliance with their AML obligations, including whether they are meeting their SAR filing obligations, implementing all elements of their AML program, and robustly and timely conducting independent tests of their AML program. The goal of these examinations is to ensure that broker-dealers have policies and procedures in place that are reasonably designed to identify suspicious activity and illegal money laundering activities.”
AML will continue to be a high priority not just for FinCEN but for the exam and enforcement staffs at both the SEC and FINRA, and in extreme cases will remain fair game for criminal prosecution. This is nothing new, but late December’s regulatory flurry in this area serves as a timely reminder for firms to focus intently on AML compliance as the new year gets underway.