In December 2018, the federal prosecutors in the Southern District of New York filed one of the first criminal charges against a U.S.-based broker-dealer for a violation of the Bank Secrecy Act (“BSA”).
The broker-dealer failed to follow its procedures for adequately addressing previously identified suspicious activity. First, the due diligence process used during account openings raised several red flags about one of the firm’s customers. The firm also failed to address additional red flags raised by the customer’s activities after the accounts were open.
Despite the numerous red flags raised, the firm failed to file Suspicious Activity Reports (“SARs”). For instance, the customer who opened the accounts had a prior criminal conviction and was also subject to action by the Federal Trade Commission.
The firm also failed to address 103 alerts of suspicious activity generated by its surveillance system. Prosecutors determined that the firm depended on the “factory settings” when it implemented the automated surveillance system. As a result, the parameters for determining red flag alerts were insufficient for the type of business the customer conducted.
The firm’s failures resulted in a deferred prosecution agreement with the government in which it
- accepted responsibility for its actions,
- forfeited $400,000, and
- agreed to enhance its anti-money laundering (“AML”) and BSA programs.
The firm also entered into a cease and desist order with the United States Securities and Exchange Commission (“SEC”).
ACA reminds all firms of their responsibility to customize their AML programs to their business, and to act upon the red flags they identify. To achieve this, firms should consider doing the following:
- Develop a robust customer identification program that includes escalation and remedial steps to be taken when the firm identifies suspicious activity.
- Establish robust automated surveillance systems that provide more than "out of the box” alerts. These systems should provide monitoring of the following:
- Customer transaction activity
- Money and security movements
- Configure the monitoring system to be in line with the Firm’s business parameters, and perform periodic assessments of the system to confirm it works as designed.
- Identify and investigate red flags indicating suspicious activity relative to the firm’s business, and determine whether the firm must file an SAR.
- If the firm determines an SAR filing to be unnecessary, provide a rationale for that determination.
- Complete the activities, including the SAR filing, fully and correctly, in a timely manner.
- Maintain comprehensive documentation for all investigations regardless of whether or not the firm files a SAR.
- Train employees not only to monitor and identify AML risks and suspicious activity, but also to identify any subsequent actions the firm needs to take.
Enforcement actions by the Financial Industry Regulatory Authority ("FINRA") and the SEC for AML violations have always been part of the regulatory landscape. Keep in mind that regulators focus both on whether firms have established an AML program and whether firms have taken the appropriate actions dictated by those programs. The first case of criminal charges for AML violations offers another reminder that an effective AML program serves as a key component of a firm’s risk management efforts.