Suspicious Activity Reviews by Securities Regulators
By Staff of the Financial Industry Regulatory Authority and the Securities and Exchange Commission22
In recent years, broker-dealers?and regulators?have dedicated more time and resources to anti-money laundering (AML) compliance. The U.S. Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA)23 conduct the majority of AML compliance examinations of broker-dealers. Following the USA PATRIOT Act?s amendments to the Bank Secrecy Act, FINRA published NASD Rule 3011, effective April 2002. NASD Rule 3011 requires each member firm to have an AML compliance program in place that is reasonably designed to achieve and monitor the firm?s ongoing compliance with the requirements of the Bank Secrecy Act and the implementing regulations promulgated thereunder. The New York Stock Exchange (NYSE) promulgated a comparable rule, NYSE Rule 445, in April 2002, which FINRA incorporated into its rulebook as part of the consolidation.24 Compliance with NASD Rule 3011 or NYSE Rule 445 also constitutes compliance with the Bank Secrecy Act?s AML compliance program requirements.25
The SEC and FINRA both examine broker-dealers for compliance with the Bank Secrecy Act and its implementing regulations, as well as for compliance with Rule 17a-8 under the Securities Exchange Act of 1934 (Exchange Act), NASD Rule 3011 and NYSE Rule 445.26 Each year since 2002, the SEC and FINRA have conducted over 2,000 examinations of broker-dealers that have included an AML review. Even prior to the passage of the USA PATRIOT Act, which expanded the scope of a broker-dealer?s AML obligations, FINRA conducted examinations of securities firms for compliance with the AML obligations in place at the time, such as Currency Transaction Reporting (CTR), structuring and the joint and travel rules.
A significant focus of the SEC and FINRA?s AML examination programs is on the broker-dealers? policies and procedures to identify and report suspicious activity. These are examined as part of the examiners? review of Exchange Act Rule 17a-8, which requires broker-dealers to comply with the reporting, recordkeeping and record retention requirements of the implementing regulations under the Bank Secrecy Act. They are also examined to ensure compliance with NASD Rule 3011(a), which requires that firms registered with FINRA establish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of transactions under 31 U.S.C. 5318(g) and the underlying implementation of those policies and procedures as part of 31 CFR 103.19, which requires broker-dealers to report suspicious transactions.
There are three questions firms most often ask of the securities regulators in connection with examinations of a firm?s suspicious activity reporting: (1) what are the examiners looking for when conducting their reviews, (2) will the examiner ?second-guess? a decision not to file a Suspicious Activity Report (for the Securities and Futures Industries, or SAR-SF); and (3) what are the examiners finding during their examinations?
To address the first question, when conducting an examination for Exchange Act Rule 17a-8, NASD 3011(a) and 31 CFR 103.19, examiners generally focus their review on four items:
- Written Policies and Procedures ? Examiners review the policies and procedures of the firm to see if they are designed to address the risk of the firm?s business, such as its size, where its customers and branch offices are located, how accounts are opened, and the types of customers and products handled by the firm. In addition, examiners review procedures to determine whether they address the specific requirements of 31 CFR 103.19, which include the filing of SAR-SFs and the safeguarding of SAR-SF information along with the notification to law enforcement, when required.
- Implementation of the Written Policies and Procedures ? Equally important to having policies and procedures is their implementation. Examiners test the procedures to determine whether the firm is actually following its procedures.
- Monitoring for Suspicious Activity ? Examiners assess whether the firm?s transaction-monitoring system and the adequacy of the system, either automated or manual, is reasonably designed to identify potential suspicious activity and whether the firm files SAR-SFs when appropriate. Examiners also review any exception reports used by the firm to monitor activity.
- Reporting of Suspicious Activity ? Examiners review a sample of SAR-SFs that the firm filed to determine the accuracy of the filing, including the timeliness of the filing, whether the firm correctly completed the SAR-SF form, whether the firm maintained proper supporting documentation and whether the SAR-SFs have been kept confidential. In addition, examiners also conduct an independent review for undetected suspicious activity.
Suspicious Activity Reporting
To address the second question, examiners will accept a firm?s decision not to file a SAR-SF as long as the firm demonstrates that it had reasonable, risk-based controls and a reasonable decision-making process, and the examiners must find that the firm?s decision not to file a particular SAR-SF was reasonable under the facts and circumstances. However, examiners have found that some firms did not implement reasonable, riskbased controls and as a result, they failed to identify transactions showing ?red flags? for suspicious activity that were identified in the firm?s own procedures.
For example, during one examination, a firm?s records showed excessive wire activity and penny stock transactions that indicated the customer might be involved in a market manipulation. The firm did not follow up to analyze these red flags as required by the firm?s procedures and, hence, did not file a SAR-SF. In such cases, FINRA and the SEC would likely cite the firm for failing to implement its procedures and may cite the firm for failing to file a SAR-SF.
Common Examination Findings
Regarding the third question about common examination findings, one of the more common findings is that firms fail to have adequate suspicious activity reporting procedures. The procedures are deemed inadequate based on the nature of the firm?s business and its clientele. For example, one firm had an online business and customers located in higher-risk jurisdictions, neither of which was addressed in its procedures. In many instances, firms also fail to identify suspicious customer activity and file SAR-SFs where required. For other firms, the procedures failed to set forth the process under which a SAR-SF filing is to be made, how often reviews are conducted, what documents are reviewed, who conducts the reviews, and who within the firm has the authority to make a determination as to whether to file a SAR-SF. Additional findings include the following:
- Failure to document reviews of suspicious activity;
- Incomplete SAR-SF Forms;
- SAR-SFs in which items are completed inaccurately;
- SAR-SFs in which the narrative section fails to adequately describe why the activity was suspicious;
- Inadequate due diligence conducted once potentially suspicious activity is identified; for example, a firm may fail to use readily available public information about a customer?s criminal or regulatory history when evaluating potentially suspicious activity for a SAR-SF filing.
More frequently, examiners find that firms have failed to identify and report, as necessary, potentially suspicious transactions involving low-priced securities known as ?penny-stocks.? The following scenario has been identified on several examinations:
- Substantial deposit, transfer or journal of very low-priced and thinly traded securities;
- Journaling of those shares between related and unrelated accounts;
- Systematic sale of those low-priced securities shortly after being deposited, transferred or journaled into the account;
- Multiple wire transfers out of the accounts?usually to third parties and many times to offshore tax havens; and
- Little to no other activity in the accounts other than the deposit of low-priced securities, liquidation of shares and the wiring out of funds.
Transactions like these are red flags for the sale of unregistered securities, and possibly even fraud and market manipulation; they need to be investigated thoroughly by the firm. However, several firms failed to obtain information regarding the source of the stock certificates, the registration status of the shares, how long the customer has held the shares and how he or she happened to obtain them, and whether the shares were freely tradable and no longer restricted resulting in unregistered offerings. Often times, these transactions involve the deposit of physical certificates, which have their own red flags, such as the shares were not issued in the name of the customer, or were recently issued or sequentially numbered. In several instances, firms did not flag this activity for further review and no SAR-SFs were filed where appropriate.27 In January 2009, FINRA issued Regulatory Notice 09-05 reminding firms of their obligations in this area.28
Firms have an obligation to report any suspicious transactions ?by, at or through? the firm.29 Examinations have disclosed that some firms review reports that show journals of money, large wire transfers, large money movements and checks distributed from client accounts, but fail to review trading activity or securities movements in order to identify patterns of suspicious activity involving securities. Recent enforcement actions have highlighted the importance of broker-dealers monitoring all aspects of their business and not just money movements.30 The expectation is for firms to monitor potentially suspicious trading in customers? accounts, as well as the flow of funds and securities into and out of accounts.
Both clearing and introducing firms have independent obligations to review for suspicious activity. Yet, despite this requirement, examiners have found instances where the clearing firms were relying on their correspondent firms who introduce their business to them to conduct suspicious activity reviews, with the clearing firms conducting little to no reviews of their own.31 Conversely, despite the clearing firm making reports available to its correspondent introducing firms to assist them in their review for suspicious activity, some correspondent introducing firms were not conducting suspicious activity reviews of their own, but rather were relying on their clearing firm to conduct the review.
The monitoring of suspicious activity and the filing of SAR-SFs are cornerstones of any firm?s AML program. Broker-dealers should expect examiners to review their suspicious activity reporting program whenever an AML review is conducted.
22 This article was prepared by staff from the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission?s (SEC or Commission) Division of Trading and Markets and the Office of Compliance Inspections and Examinations (OCIE), but does not necessarily represent any staff views. The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed in this document do not necessarily represent the views of the Commission, or the members of the staff of the Commission.
23 FINRA was created in July 2007 through the consolidation of NASD and the member regulation, enforcement and arbitration functions of the NYSE (the consolidation transaction). FINRA operates subject to the oversight of the SEC and is the largest non-governmental regulator for all securities firms doing business in the United States. FINRA is dedicated to investor protection and market integrity through effective and efficient regulation. FINRA oversees nearly 5,000 brokerage firms, about 173,000 branch offices and approximately 656,000 registered securities representatives. The current FINRA rulebook includes (1) FINRA Rules, (2) NASD Rules and (3) rules incorporated from NYSE. For more information about the rulebook consolidation process, see FINRA Information Notice 03/12/08 (Rulebook Consolidation Process).
25 See 31 CFR 103.120; see also 31 U.S.C. 1538(h)(1).
26 Throughout this document, NASD Rule 3011 citations have a comparable NYSE Rule 445 citation for members of the New York Stock Exchange.
27 In the Matter of Franklin Ross (20060046142) (2007); In the Matter of James I Black and Jess Tucker, 2006007424601(2008); See Nevwest Securities Corporation (E022004011201) (2007), in which FINRA found that the firm?s decision not to file a SAR was unreasonable under the circumstances.
28 See FINRA Regulatory Notice 09-05 (FINRA Reminds Firms of Their Obligations to Determine Whether Securities are Eligible for Public Sale) issued January 2009.
29 See 31 CFR ?103.19.
30 30. In the Matter of E*Trade Securities LLC and E*Trade Clearing LLC (2006004297301) (2008); Southwest Securities Inc. (2005002895501) (2008).
31 Southwest Securities Inc. (2005002895501) (2008); Wells Fargo Investments LLC (20070073069) (2008).
Excerpted from SAR Activity Review Issue 15, page 25
First published on 03/12/2008