Many broker/dealers aren’t committing the necessary resources and staff to comply with anti-money laundering regulations “given the volume and risks of their business,” according to a risk alert from the Securities and Exchange Commissions’ Examinations Division.
The compliance gap could also grow because of the Office of Foreign Assets Control’s increased sanctions against some Russian nationals after the country’s invasion of Ukraine. SEC examiners worried compliance officers are in danger of missing requirements trying to keep up with both AML and sanction mandates.
The risk alert was released Monday, a few weeks after Merrill Lynch agreed to pay $12 million to settle dual SEC and FINRA charges it failed to file hundreds of Suspicious Activity Reports between 2009 and 2019.
During that time, the firm’s parent company used a threshold of $25,000 for reporting suspicious transactions (the correct threshold was $5,000). B/ds like Merrill are also required to file SARs on suspected criminal activity indicated in transactions, including money laundering.
According to Monday’s risk alert, b/ds must keep a written AML program, including policies to comply with the Bank Secrecy Act, and designate an “AML compliance officer” to oversee the program as well as run an independent test of a firm’s AML program (in some cases, annually). Firms also need procedures in place to conduct ongoing due diligence on new and current customers, according to the SEC.
Examiners found numerous shortfalls with firms’ independent testing procedures, including b/ds who didn’t conduct examinations in the required timeframe. Additionally, some independent testing was ineffective because it didn’t cover parts of the firm’s AML program, the personnel conducting the review wasn’t actually independent or the testing “was conducted under requirements not applicable to the securities industry,” according to the risk alert.
The SEC also found many firms weren’t adhering to the commission’s Customer Identification Program rule, which demands a b/d have a “reasonable belief” it knows the true identity of its customers to judge risk levels of working with those individuals.
But examiners found many b/d CIP procedures fell short. Some firms didn’t undertake any procedures to learn more about clients investing in a private placement or made no moves to collect clients’ dates of birth or addresses, sometimes allowing customers to open accounts with only a P.O. Box address.
In May of last year, Wells Fargo Advisors paid $7 million to settle SEC charges it failed to report numerous suspicious transactions, with dollar values ranging from $29,800 to $2.5 million. At the time, SEC Enforcement Director Gurbir S. Grewal said the charges reiterated that “AML obligations are sacrosanct” for registrants.
In August 2020, the SEC, FINRA and the Commodity Futures Trading Commission fined Interactive Brokers $38 million for poor AML investigations and reporting. According to the charges, the firm grew so much between 2013 and 2018 that it cleared more transactions for foreign financial institutions than any other b/d while not having necessary measures in place.
The year before, FINRA fined BNP Paribas Securities $15 million for not having procedures in place to detect suspicious transactions with penny stocks, despite internal warnings that the company’s lax surveillance in the area was an industry outlier.
In the aftermath of Russia’s invasion of Ukraine last year, sanctions compliance became an even hotter topic for financial institutions or firms, who worried that they were entwined with individuals and entities sanctioned by the United States goverment. OFAC rules apply to all b/ds and investment advisors, but SEC examiners found a number of weaknesses in b/d OFAC policies.
In some cases, firms had no (or substandard) controls for following up on potential matches between the sanctions list and their clients or failed to perform “periodic or event-based screening” of current clients.