USA PATRIOT Act's Full Weight Placed on Securities Firms
By: Alan E. Sorcher, representing the Securities Industry Association
The attacks of September 11th were a direct hit on the heart of New York?s financial district and inflicted a terrible toll on the securities industry. Many innocent lives were lost and operations were thrown into disarray. In the almost four years since then, markets have returned to normal and financial institutions have undertaken many operational and system changes to conduct business in a post-September 11th world.
The USA PATRIOT Act, enacted in the weeks after September 11th, has had a major impact on the securities industry and all financial institutions. The legislation imposes its full array of anti-money laundering requirements on broker-dealers.
The USA PATRIOT Act?s provisions include requirements that broker-dealers establish and maintain formal anti-money laundering compliance programs, monitor for and report suspicious activity, identify and verify new customers, maintain certain records for ?correspondent accounts? with foreign banks, conduct special due diligence for foreign correspondent and private banking accounts, and not open or maintain correspondent accounts for foreign shell banks.
This article will summarize the significant provisions of the suspicious activity-reporting rule for securities firms and make some basic recommendations designed to help firms improve their overall anti-money laundering compliance efforts.
A. Suspicious Activity Report
Suspicious activity reporting is an important part of a firm?s anti-money laundering program. The suspicious activity reporting rule for broker-dealers was issued on July 1, 2002 by FinCEN under Section 356 of the USA PATRIOT Act. The rule, which took effect on January 1, 2003, applies to any broker or dealer located in the United States and to those firms registered as broker-dealers simply to permit the sale of variable annuities. The rule also applies to the activities of futures commission merchants registered as broker-dealers that involve securities products over which the Securities and Exchange Commission or any federal agency other than the Commodity Futures Trading Commission has jurisdiction.
The broker-dealer suspicious activity reporting rule, in general, requires the reporting to FinCEN of any ?suspicious transaction relevant to a possible violation of law or regulation? of at least $5,000 in funds or other assets. Specifically, a broker-dealer must report a transaction (of at least $5,000) if it is conducted or attempted by, at, or through the broker-dealer, and the broker-dealer knows, suspects, or has reason to suspect that the transaction (or pattern of transactions): 1) involves funds derived from illegal activity, or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity; 2) is designed, whether through structuring or other means, to evade the requirements of the Bank Secrecy Act; 3) has no business or apparent lawful purpose, or is not the sort in which the particular customer would be expected to engage, and the broker-dealer knows of no reasonable explanation after examining the available facts; or 4) involves use of the broker-dealer to facilitate criminal activity. The reporting requirements apply even to transactions that do not involve currency.
Firms are not required to review every transaction that exceeds $5,000. Instead, firms are expected to follow a risk-based approach in monitoring for suspicious activity and to report suspicious transactions detected over $5,000. The rule states that firms should ?evaluate customer activity and relationships for money laundering risks and design a suspicious transaction monitoring program that is appropriate . . . in light of such risks.? Firms must report suspicious activity even if the funds are legally derived if there is a suspicion that the transaction is being conducted to further illegal activities, such as the funding of terrorist activity. FinCEN also encourages firms to report suspicious transactions even if they are less than $5,000.
Exceptions to Filing
The rule includes two categories of transactions for which Suspicious Activity Reports do not have to be filed. First, violations of the federal securities laws or Self-Regulatory Organization rules committed by a broker-dealer or any of its associated persons that are otherwise required to be reported do not have to be reported on a Suspicious Activity Report as long as such violation is appropriately reported to the Securities and Exchange Commission or Self-Regulatory Organizations. The broker-dealer may be required to demonstrate that it has relied on this exception, and must maintain supporting documentation. This narrow exception from reporting does not apply, however, to violations of the securities laws or self-regulatory organization rules that require broker-dealers and government securities broker-dealers to comply with Bank Secrecy Act rules. Second, a brokerdealer is not required to file a Suspicious Activity Report for a robbery or burglary committed or attempted of the broker-dealer that is reported to appropriate law enforcement authorities, or for lost, stolen, missing or counterfeit securities that are reported in accordance with existing Securities and Exchange Commission rules.
Information Sharing by Introducing and Clearing Brokers
The suspicious activity reporting rule allows introducing and clearing firms to share information in order to determine whether a Suspicious Activity Report needs to be filed. The rule provides that the obligation to identify and report a suspicious transaction ?rests with each broker-dealer involved in the transaction,? but that only one Suspicious Activity Report must be filed, provided that such report includes all of the relevant information. This permits introducing and clearing firms to communicate about a transaction and determine whether a Suspicious Activity Report needs to be filed. In this situation involving a joint filing, the firm filing the Suspicious Activity Report may provide a copy to the other firm involved in the transaction. Broker-dealers should bear in mind, however, that communication between two broker-dealers about the filing of a Suspicious Activity Report (or the sharing of a Suspicious Activity Report) may be inappropriate when a broker-dealer suspects that it is required to report the other broker-dealer (or one of its employees) as the subject of a Suspicious Activity Report.
Filing the Suspicious Activity Report
Suspicious Activity Reports are to be filed on a form ?Suspicious Activity Report by the Securities and Futures Industries? with FinCEN. The report must be filed within 30 days of the broker-dealer becoming aware of facts that may constitute a basis for filing. If a firm is unable to identify a suspect, filing may be delayed for an additional 30 days in order to identify a suspect. In situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, the brokerdealer must immediately notify the appropriate law enforcement agency by telephone in addition to filing a Suspicious Activity Report. The supporting documentation should not be filed with the Suspicious Activity Report form.
The rule requires firms to maintain copies of all Suspicious Activity Reports filed and the original supporting documentation for five years from the date of the filing. In addition, the supporting documentation must be made available to law enforcement or authorized regulatory agencies and the Self-Regulatory Organizations for purposes of examining for compliance with the rule.
Restrictions on Disclosing the Suspicious Activity Report
The suspicious activity reporting rule incorporates the statutory terms of 31 U.S.C.? 5318 (g)(2), which prohibits a firm that files a Suspicious Activity Report from notifying any person involved in the reported transaction that a report has been made. This prohibition does not apply to requests from FinCEN, the Securities and Exchange Commission, Self-Regulatory Organizations, or other law enforcement or regulatory agencies. A firm otherwise subpoenaed or requested to disclose a Suspicious Activity Report or the information contained therein should decline to produce such information and notify FinCEN.
Firms are protected from liability for reporting suspicious activity (even when voluntarily reporting for transactions under $5,000) and for failing to disclose such reporting. Thus, a broker-dealer and any of its directors, officers, employees or agents that report suspicious activity pursuant to the rule will not be held liable to any person for any disclosure contained in, or for failure to disclose the fact of, such report. This protection is also applied in arbitration proceedings.
B. Recommendations to Improve Anti-Money Laundering Efforts
Suspicious Activity Monitoring Should Fit Your Firm
Because financial institutions must now sort through the thousands upon thousands of transactions that occur each day, a firm?s system for monitoring and reporting suspicious activity should be risk-based, and determined by factors such as the firm?s size, nature of its business, and kinds and location of its customers. For comprehensive (but not exhaustive) lists of the ?red flags? of potential money laundering activity, firms should review Securities Industry Association Suggested Practices for Deterring Money Laundering Activity47 and the National Association of Securities Dealers Notice to Members 02-21.48
Information Sharing May Help Fact Gathering
To help in the identification of suspicious activity, firms should consider taking advantage of the USA PATRIOT Act?s procedures for voluntary information sharing between or among financial institutions under Section 314(b). This can be a particularly useful provision given that customers often have accounts at multiple financial institutions and that money laundering often involves the movement of monies between firms. The sharing of information must be for the purpose of identifying and reporting activities that may involve money laundering or terrorist activity. Remember that a financial institution that intends to share information and avail itself of the safe harbor for financial institutions that share information under Section 314(b) must file a notice with FinCEN using the form set forth in the rule, and must submit a new form to FinCEN each year. A financial institution, prior to sharing information with another financial institution under this rule, must take reasonable steps to verify that its counterpart has filed its own notice with FinCEN. A financial institution that does not intend to share information under the rule, however, is not required to notify FinCEN.
Anti-Money Laundering Programs Should Encompass All Bank Secrecy Act Rules
An anti-money laundering program should also take account of all of the other relevant Bank Secrecy Act requirements (as amended by the USA PATRIOT Act) in addition to suspicious activity reporting. As part of its anti-money laundering program, a firm should have procedures to search its records in response to any request received from FinCEN under Section 314(a). Although not under the Bank Secrecy Act, broker-dealers should also have policies and procedures ? whether part of their anti-money laundering program or not ? to comply with the regulations of the Office of Foreign Assets Control, which administers and enforces U.S. economic and trade sanctions against targeted foreign countries, terrorism sponsoring organizations and international narcotics traffickers.
Invest in Training
An anti-money laundering program is only as good as the individuals responsible for implementation. Effective compliance relies on the judgments of those individuals, who all too often are required to make snap decisions based on imperfect information. Thus, firms should devote necessary resources to training their staff involved in anti-money laundering compliance, and should not view training as a ?one-time shot.? Firms should assess which of its employees need to receive additional training, and the required frequency and level of training should be determined by the employee?s responsibilities. Moreover, current employees may require training on new requirements or refresher training. Clearly, investments made in training are well spent.
For a program to be truly effective, firm management must be willing to fully support the program, dedicate the necessary resources, and create a culture committed to adherence to the firm?s policies.
Audit is an Invaluable Tool
Firms must have their anti-money laundering programs audited on at least an annual basis by either external or internal auditors. Firms should carefully review the audit report and ensure that necessary action is taken on any of its recommendations. Whether through the anti-money laundering audit or in some other fashion, a firm should periodically evaluate its anti- laundering program to ensure that it keeps up with changes in the firm?s business, customer base, marketplace, and technology.
The battle against money laundering and terrorist financing presents enormous challenges. Advances in technology and the widespread use of the Internet have created opportunities for those who wish to harm us no matter where they are located. Notwithstanding the achievements of the public and private sectors in implementing the USA PATRIOT Act, more can be done. While the USA PATRIOT Act provides significant tools to combat illicit activity, to be successful law enforcement and industry must continue to coordinate their efforts, and work hand-in-hand.
Excerpted from SAR Activity Review Issue 9, page 47
First published on 10/01/2005