Posts

AML Surveillance – Major FINRA AML Case

Yesterday FINRA settled yet another major case involving AML surveillance system deficiencies. This is one more in a series of cases in which FINRA has found that a broker-dealer’s electronic surveillance systems were insufficient to detect potentially suspicious transactions. In this case, FINRA fined the firm $13 million (which was duplicated by the SEC bringing the total sanction to $26 million) for failures related to an automated system the firm used for monitoring transactions for potentially suspicious activity. In 2010, firm connected the system to a larger, enterprise-wide system that risk-scored the results in such a way that limited the reviews of alerts from the original system. This means that, according to the settlement document, for a four-month period, the firm did not investigate suspicious activity detected by the original system. It appears from the settlement language that the firm believed its system was generating too many “false positives” and during a transition period simply determined not to investigate those items. All in all, it seems that the firm failed to investigate 1,015 instances of potentially suspicious activity.  The firm designed the system parameters such that it also excluded multiple occurrences of potentially suspicious money movements that involved high-risk counterparties and entities only once. Thus, because there was no linkage between related accounts, it did not consistently identify or monitor these customers, which apparently included some in high-risk jurisdictions and who were senior foreign political figures (PEPs). Also, quite interestingly, the settlement states that millions of accounts were excluded from the firm’s automated monitoring system.

This case is an obvious demonstration of FINRA’s increasing ability to conduct highly sophisticated AML investigations. FINRA’s last several major AML actions have sought progressively higher fine amounts for failures to adequately implement AML surveillance technology. No doubt, the investment in staffing and technology to address this issue proactively would have cost less than $26 million. But of course, hindsight is always 20/20. That said, the message is abundantly clear. It is time to invest in top-notch AML surveillance systems. And, such an investment is not simply the installation, but the ongoing periodic maintenance, which in the industry is often called tuning. It is also important that firms utilizing AML surveillance systems employ experts in FINRA AML requirements to ensure that the systems are tested and tuned in a manner similar to that which is performed by FINRA.

Finally, I have previously explained that while tuning is an important aspect of the maintenance of AML surveillance systems, it is important to take a measured approach to managing false positives generated by these systems. On one hand, false positives are a fact of life with AML surveillance systems. However, changes to rules and thresholds that are not validated or tested by experts against prior results can end up causing costly mistakes. I’m a firm believer in eliminating as many false positives as possible, because by their nature a good percentage of them are just noise and interfere with proper AML surveillance and detecting potentially suspicious activity. I’ve written about this before.  However, I worry that FINRA actions such as this will have a chilling effect on those firms wishing to fine tune these systems. I fully support modification of thresholds and rules to result in the maximum efficiency of the AML surveillance system overall. Also, it often makes sense to implement enterprise-wide surveillance. As with many things, however, this case illustrates that the devil is in the details.

Mitch Atkins, CRCP is the founder and principal of FirstMark Regulatory Solutions, a compliance consulting organization based in Boca Raton, Florida that specializes in AML compliance.

 

Epic BD AML Compliance Failure Yields Another Record Fine

On Monday, December 5, 2016, FINRA announced yet another record fine against a broker-dealer for AML compliance failure. This action follows another just seven months ago in which FINRA fined a broker-dealer complex $17 million for AML compliance failure. There are numerous messages here which you can read about in my LinkedIn article that analyzes the new case. The bottom line here is to remember that the days of a slap on the wrist for a firm with a serious AML compliance failure are over. FINRA has demonstrated that it will not hesitate to slap a broker-dealer with a significant sanction, and even to name individual AML compliance officers if violations are serious. There are parallels between this case and FINRA’s May 2016 action against a Florida BD complex. Read my summary of that case here.

The case involved several significant areas of compliance breakdowns. The firm utilized and automated surveillance system, but according to the FINRA settlement document, the data feeding into the system was inaccurate and/or missing information critical to its proper functioning. FINRA also found that the system did not utilize scenarios to detect specific types of activity that it believed the firm systems should have covered.

Another AML compliance failure was that there were deficiencies in the manner in which the firm determined ownership and saleability of microcap securities. FINRA noted that the firm was involved in the liquidation of over 3.7 billion shares of microcap issuers during its review period and earned $10.4 million in commissions from same. Because the system for determining whether the shares could be properly liquidated was inadequate, FINRA found that the firm violated NASD Rule 3010, FINRA Rule 3110, and FINRA Rule 2010.

The AML compliance failure also involved inadequate procedures covering suspicious activity reporting, and failure to conduct adequate due diligence on foreign financial institutions that were also firm affiliates.

FINRA Tolerance for AML Compliance Failures Fading

AML compliance failures are starting to get the “zero tolerance” message from FINRA. It recently announced its largest fine ever against two firms for AML compliance failures, including the suspension of the AML compliance officer. Mitch Atkins, a former FINRA official breaks down this action in a LinkedIn article. In reality, these sanctions are not too different in scope than that which was levied on Brown Brothers Harriman in 2014. The difference is there are two firms involved in this sanction. Also, the failures in the Brown Brothers case appear to be more limited to the area of low-priced securities and while that is an element of the recent action, it seems broader in scope as to the nature of the compliance failures.

At the recent FINRA Annual Conference in Washington, D.C., FINRA’s head of Enforcement, Brad Bennett, indicated in his comments during a panel discussion that there were more enforcement cases to come in the AML compliance space. Bennett stated that FINRA noted a signficant number of red flags in the recent case, but he suggested that future cases may involve actual money laundering rather than just compliance failures. I suspect these cases will be as significant or more significant given the apparent escalation of sanctions of late.

AML Compliance Failures Don’t Necessarily Mean AMLCOs will be Named

The good news is that Bennett reassured the attendees that the action against the AMLCO in this case was an exception and that FINRA is not out to get compliance officers. He insisted that FINRA carefully considers naming compliance officers and would rather not do it at all. FINRA has long stated that compliance officers who are doing their jobs and who take reasonable steps to address compliance issues will not be named in disciplinary actions. Bennett warned, however, that should senior executives ignore the calls of compliance officers for additional resources and compliance failures were the result of such decisions, FINRA would not hesitate to name them in an action.

Mitch Atkins is a consultant to broker-dealers, investment advisers and financial firms. He has over 23 years experience in the securities industry and is the founder and principal of FirstMark Regulatory Solutions based in Boca Raton, Florida.