The SEC has warned broker-dealers to watch for compliance issues related to suspicious activity monitoring and reporting.
Seeking to improve compliance with federal anti-money laundering (AML) rules and regulations, the Division of Examinations encouraged firms “to review and strengthen their applicable policies, procedures, and internal controls” in an AML risk alert for broker-dealers.
“The SEC encourages broker-dealers to strengthen their policies and procedures for identifying and reporting suspicious activity as examiners have seen that many firms are not fulfilling their obligations under the law,” said Margie Webber, director of regulatory compliance for RegEd.
The Examination Division has noticed several deficiencies related to broker-dealers’ obligations under the Bank Secrecy Act (BSA), specifically regarding the Financial Crimes Enforcement Network’s (FinCEN’s) AML Program Rule and SAR Rule. Examiners’ findings include the following observations, according to the risk alert issued on March 29.
AML Policies and Procedures
FinCEN’s AML Program Rule requires broker-dealers to establish and implement policies, procedures, and internal controls for identifying and reporting suspicious transactions. “A broker-dealer should look for indicators of illicit activities (generally referred to as “red flags”) and incorporate those red flags into its policies and procedures. Awareness by firm personnel of red flags and how to respond to those red flags, including escalating awareness of the red flags to appropriate firm personnel, will help ensure that a firm is in a position to identify the circumstances that warrant further due diligence and possible reporting,” the SEC explained in its risk alert.
Inadequate policies and procedures for AML
SEC examiners have found that some firms have not established “reasonably designed policies and procedures and internal controls” for identifying and reporting suspicious activity as required. Examiners noted the following examples.
- No policies or procedures for raising “red flags” for suspicious activities
- Setting SAR reporting thresholds at amounts “significantly higher” than the $5,000 regulations require
- Relying on clearing firms to identify and report suspicious transactions in customer accounts
Failure to implement procedures
“Some firms that had reasonably designed written policies and procedures did not implement their procedures adequately and did not conduct adequate due diligence on or report suspicious activity that, per their own procedures, appeared to trigger a SAR filing requirement,” examiners wrote in their risk alert for broker-dealers.
Examples included:
- Not filing SARs for transactions similar to ones that they previously reported
- Not monitoring transaction reports and systems for suspicious activity
- Failing to follow up on red flags that were raised
Suspicious Activity Reporting
The SAR Rule requires a broker-dealer to file a report of any suspicious transaction with FinCEN. The requirement applies to any transaction of $5,000 or more that meets any of the various criteria established by FinCEN, like it seems to be a transaction that the particular customer would not normally be expected to do.
Failure to respond to suspicious activity
“Weak policies, procedures, and internal controls, or the failure to implement existing policies and procedures, ultimately resulted in firms not conducting or documenting adequate due diligence in response to known indicators of suspicious activity especially with respect to activity in low-priced securities, which are particularly susceptible to market manipulation,” examiners wrote.
Examiners also noted that firms failed to act on information within customer accounts like records of liquidations of large volumes of high-risk, low-priced securities or trades of low-priced stock by customers affiliated with the issuer.
Filing inaccurate or incomplete SARs
Some broker-dealers make it difficult for regulators and law enforcement to follow up on suspicious activity by not including transaction-specific details in the SARs that the firm files. Rather, some firms have “filed hundreds of SARs or more containing the same generic boilerplate language, which failed to make clear the true nature of the suspicious activity and the securities involved,” examiners wrote.
Examiners noted the following examples of SARs that contained inaccurate information or lacked sufficient detail on key aspects of the suspicious activity.
- Failing to include customer-identification information like Social Security numbers
- Not reporting the liquidation of low-priced securities shortly after they were deposited
- Not including details of a cyber-intrusion, like time, manner, and method of the incident
Improving AML compliance
“In fulfilling their important AML obligations, broker-dealers play a vital front-line role in assisting regulators and law enforcement in identifying and addressing suspicious activities to prevent our financial systems from being used for criminal purposes,” examiners wrote, in urging broker-dealers to strengthen policies, procedures, and internal controls for identifying and reporting suspicious activities.
“Strong policies, procedures, and internal controls protect broker-dealers and their customers by ensuring that any suspicious activity is quickly identified and properly reported,” RegEd’s Webber said. “Removing improper and illegal trading is key to maintaining the integrity of firms and financial markets.”
RegEd’s Policies and Procedures Management Solution helps broker-dealers comply with their AML obligations and other regulations. It enables comprehensive, end-to-end administration and oversight of all elements of a firm’s policies and procedures through an enterprise workflow, work-process, and task management platform. Broker-dealers can also incorporate AML into their Firm Element Continuing Education Program through RegEd’s learning management technology.
Schedule a consultation to learn more about how RegEd’s compliance solutions enable securities firms to improve efficiency, effectiveness, and transparency across the enterprise.
About RegEd
RegEd is the market-leading provider of RegTech enterprise solutions with relationships with more than 200 enterprise clients, including 80% of the top 25 financial services firms.
Established in 2000 by former regulators, the company is recognized for continuous regulatory technology innovation with solutions hallmarked by workflow-directed processes, data integration, regulatory intelligence, automated validations, business process automation, and compliance dashboards. The aggregate drives the highest levels of operational efficiency and enables our clients to cost-effectively comply with regulations and continuously mitigate risk.
Trusted by the nation’s top financial services firms, RegEd’s proven, holistic approach to RegTech meets firms where they are on the compliance and risk management continuum, scaling as their needs evolve and amplifying the value proposition delivered to clients. For more information, please schedule a consultation.