Epic BD AML Compliance Failure Yields Another Record Fine

On Monday, December 5, 2016, FINRA announced yet another record fine against a broker-dealer for AML compliance failure. This action follows another just seven months ago in which FINRA fined a broker-dealer complex $17 million for AML compliance failure. There are numerous messages here which you can read about in my LinkedIn article that analyzes the new case. The bottom line here is to remember that the days of a slap on the wrist for a firm with a serious AML compliance failure are over. FINRA has demonstrated that it will not hesitate to slap a broker-dealer with a significant sanction, and even to name individual AML compliance officers if violations are serious. There are parallels between this case and FINRA’s May 2016 action against a Florida BD complex. Read my summary of that case here.

The case involved several significant areas of compliance breakdowns. The firm utilized and automated surveillance system, but according to the FINRA settlement document, the data feeding into the system was inaccurate and/or missing information critical to its proper functioning. FINRA also found that the system did not utilize scenarios to detect specific types of activity that it believed the firm systems should have covered.

Another AML compliance failure was that there were deficiencies in the manner in which the firm determined ownership and saleability of microcap securities. FINRA noted that the firm was involved in the liquidation of over 3.7 billion shares of microcap issuers during its review period and earned $10.4 million in commissions from same. Because the system for determining whether the shares could be properly liquidated was inadequate, FINRA found that the firm violated NASD Rule 3010, FINRA Rule 3110, and FINRA Rule 2010.

The AML compliance failure also involved inadequate procedures covering suspicious activity reporting, and failure to conduct adequate due diligence on foreign financial institutions that were also firm affiliates.

FINRA Tolerance for AML Compliance Failures Fading

AML compliance failures are starting to get the “zero tolerance” message from FINRA. It recently announced its largest fine ever against two firms for AML compliance failures, including the suspension of the AML compliance officer. Mitch Atkins, a former FINRA official breaks down this action in a LinkedIn article. In reality, these sanctions are not too different in scope than that which was levied on Brown Brothers Harriman in 2014. The difference is there are two firms involved in this sanction. Also, the failures in the Brown Brothers case appear to be more limited to the area of low-priced securities and while that is an element of the recent action, it seems broader in scope as to the nature of the compliance failures.

At the recent FINRA Annual Conference in Washington, D.C., FINRA’s head of Enforcement, Brad Bennett, indicated in his comments during a panel discussion that there were more enforcement cases to come in the AML compliance space. Bennett stated that FINRA noted a signficant number of red flags in the recent case, but he suggested that future cases may involve actual money laundering rather than just compliance failures. I suspect these cases will be as significant or more significant given the apparent escalation of sanctions of late.

AML Compliance Failures Don’t Necessarily Mean AMLCOs will be Named

The good news is that Bennett reassured the attendees that the action against the AMLCO in this case was an exception and that FINRA is not out to get compliance officers. He insisted that FINRA carefully considers naming compliance officers and would rather not do it at all. FINRA has long stated that compliance officers who are doing their jobs and who take reasonable steps to address compliance issues will not be named in disciplinary actions. Bennett warned, however, that should senior executives ignore the calls of compliance officers for additional resources and compliance failures were the result of such decisions, FINRA would not hesitate to name them in an action.

Mitch Atkins is a consultant to broker-dealers, investment advisers and financial firms. He has over 23 years experience in the securities industry and is the founder and principal of FirstMark Regulatory Solutions based in Boca Raton, Florida.

Atkins in Forbes: Email and Social Media Compliance

Last month in New York, I was invited to speak with a group of broker-dealer compliance staff at an event about email and social media compliance. More specifically, and to be technically correct, we call this “supervision of electronic communications” and you can read all about it in FINRA Rule 3110(b)(4). There, I had the opportunity to speak with Forbes contributor, Joanna Belbey. Before the event, we had a good discussion on the FINRA 2016 examination priorities and more specifically, how they relate to email and social media compliance. You can read the interview by clicking here: Mitch Atkins Forbes. See the follow-up piece to this (Don’t ‘Set it and Forget it’) by clicking here: Mitch Atkins Forbes Part II.

Email and Social Media Compliance Decrypted

After having worked in regulation for nearly 20 years, working as a consultant to broker-dealers and investment advisers has been truly enlightening, particularly in understanding the perspective of the chief compliance officer. I have had the opportunity to help design, audit and improve systems of supervision for electronic communications. What has become evident in my recent work with consulting clients is that FINRA has been very active in its email and social media compliance reviews. Today, more than ever, the term electronic communications includes far more than email. In the past, firms could be relatively confident if they had a decent email compliance system and banned the use of social media. But today, if talented advisors are not permitted to use popular communication channels, they may work elsewhere – read: competitors.

For these reasons more employers are ensuring that they have top-notch supervisory controls in place to allow the use of communication channels advisors want. To that end, firms wanting to beef up compliance might consider the following:

  1. procedures – development of clear policies and procedures covering communications;
  2. technology – implementation of a cutting edge email and social media compliance platform (but be careful and remember that simply buying the system isn’t enough – FINRA recently published an AWC in which a Chief Compliance Officer was suspended for failing to implement such a system – see FINRA Case 2014039194102 – Feb. 23, 2016);
  3. personnel – ensuring that persons tasked with conducting email and social media compliance reviews are adequately trained and that adequate resources are devoted to conducting reviews;
  4. controls requiring annual compliance questionnaires in which advisors certify their compliance with policy and disclose all communication channels they use;
  5. testing – some firms are hiring summer interns to search advisor names against social media sites (and who is better at social media?).

And finally, your keyword flagging database is the key (no pun intended) to the effectiveness of your supervisory system. Make sure that the database is reviewed frequently, that it is dynamic and evolves with both the business of the firm and the changing times. See my LinkedIn article about that for more details.

Mitch Atkins is Founder and Principal of FirstMark Regulatory Solutions, a broker-dealer and investment advisor compliance consulting practice in Boca Raton, Florida. Contact Mitch at 561-948-6511.

 

Electronic Communication “Let’s Talk Supervision”

Compliance risks exist in your electronic communication. How will you effectively manage these risks? With the volume and velocity of information flowing through electronic communications channels, supervision has become a real challenge. Mitch Atkins presented at the Actiance Executive Briefing Series in New York on April 7, 2016 on how organizations can leverage their electronic communications applications to comply with regulatory requirements. Entitled, “Let’s Talk Supervision: Freedom with Responsibility” the talk took place at the Viceroy hotel in Midtown Manhattan. Among the topics discussed were:

  • FINRA 2016 examination priorities
  • Electronic communications requirements
  • Managing volume in supervisory reviews
  • Common challenges in managing reviews
  • Supervision of non-email content

Atkins discussed recent FINRA disciplinary actions that involved electronic communications rules violations, including two from the 1st quarter of 2016 in which FINRA named individuals, including a Chief Compliance Officer. CCOs are faced with many challenges from day to day and some of those include managing the review of electronic communications. During the presentation, Atkins stated that excessive volume, low value keywords, lack of training for reviewers and representatives, and insufficient internal controls contribute to failures in thia area. He emphasized that electronic communication channels are dynamic as is the language that is used through these channels. As such, supervisory systems related to electronic communications must also be dynamic. Keyword flagging databases must be updated frequently and should be developed with the input of the supervisors of the departments for which electronic communications are being monitored. Additionally, broker-dealers must develop and document that training has been conducted for associated persons who use electronic communications. He advised that systems of supervisory controls such as annual attestations by associated persons as to the electronic communications channels they use and that they understand the prohibition of using outside email or non-email channels for business communications. He recommended periodic testing of electronic communication channels to ensure that all are being captured in supervisory systems. He also queried the audience whether, in light of FINRA’s recent emphasis on culture of compliance, they know what culture is appearing in their electronic communications.

Electronic Communication Live Webinar

Additionally, Mitch Atkins was a featured presenter at the Actiance “From Supervision to Surveillance” webinar on April 12, 2016. This session also cover challenges in surveillance of electronic communication. View more information about the live webinar here. Another session will occur on May 5, 2016, and it is not too late to register.

Email Flagging Keywords Out of Date?

Do you Update your Email Flagging Keywords?

It is important to remember to periodically update your email flagging keywords if you use a monitoring system for electronic communications. Those systems, while powerful, are only as good as the dictionary of email flagging keywords used to call out a communication for review. Broker-dealers are required to supervise all communications relating to their investment banking or securities business, so says FINRA Rule 3110. Systems provided by Global Relay and SMARSH have the ability to call out electronic communications for review based on the parameters set by the system administrator. And a key element of an adequate supervisory system for reviewing communications is a robust set of email flagging keywords. Knowing the fine line about how much is too much is also important. Because a list that is too long and doesn’t use carefully thought-out lists of email flagging keywords will call out too many “false positives” for review, thus making the process ineffective.

To develop an effective list, consider conducting a thorough analysis of: 1) business lines and relevant keywords, 2) languages spoken by clients and employees, and 3) latest industry intelligence on terminology being used. It is important to understand that the manner in which we communicate, even in business, is constantly changing. For this reason, we must ensure that the supervisory systems and processes we use are updated in such a way as to remain relevant tools. The email flagging keywords list should be dynamic and should be the product of careful scrutiny and analysis.

FirstMark Regulatory Solutions is a broker-dealer and investment adviser compliance consulting firm based in Fort Lauderdale, Florida. FirstMark founder, Mitch Atkins, has written an article on LinkedIn, about email flagging keywords and some of the terms prosecutors and defense attorneys are using according to a September 2, 2015 article in Bloomberg Business. For more information or for help preparing your email flagging keyword list, contact Mitch Atkins at (561) 948-6511.