Electronic Brokerage Firm Fined Over $38 Million for Anti-Money Laundering Violations
One of the largest electronic broker-dealers will pay $38 million in penalties to the SEC, FINRA and the CFTC for allegedly failing to report suspicious activity to them. The three industry regulators fined the firm for failing to file Suspicious Activity Reports (SARs), and anti-money laundering (AML) controls. FINRA fined the firm $15 million for widespread failures in the firm’s AML program. The SEC and CFTC also fined the firm $11.5 million for AML failures, resulting in more than $38 million in total fines and other penalties.
Broker-dealers are required to file SARs for transactions suspected to involve fraud or a lack of an apparent lawful business purpose. According to the SEC’s order, over a one-year period the firm failed to file more than 150 SARs to flag potential manipulation of microcap securities in its customers’ account, some of the trading accounting for a significant portion of the daily volume in certain of the microcap issuers.
The order finds that the brokers failed to recognize red flags concerning these transactions, failed to properly investigate suspicious activity as required by its written supervisory procedures, and failed to file SARs in a timely fashion even when suspicious transactions were flagged by compliance personnel.
The brokerage firm failed to dedicate necessary resources to properly surveil hundreds of millions of dollars in wire transfers or to reasonably investigate suspicious activity, according to FINRA. FINRA determined that firm failed to meet its AML obligations because of various shortcomings, including the following:
- Firm did not reasonably surveil hundreds of millions of dollars of its customers’ wire transfers for money laundering concerns. Those wires included millions of dollars of third-party deposits into customers’ accounts from countries recognized as “high risk” by U.S. and international AML agencies.
- Firm did not reasonably investigate suspicious activity when it found it because it lacked sufficient personnel and a reasonably designed case management system. Even after a compliance manager at the firm warned his supervisor that “we are chronically understaffed” and “struggling to review reports in a timely manner,” it took Interactive Brokers years to materially increase its AML staffing or augment its AML systems.
- Firm failed to establish and implement policies, procedures and internal controls reasonably designed to cause the reporting of suspicious transactions as required by the Bank Secrecy Act (BSA). In certain instances, the firm’s AML staff identified suspicious conduct, including manipulative trading and other fraudulent or criminal activity. But the firm only filed Suspicious Activity Reports (SARs) regarding that suspicious conduct after it was prompted to do so by FINRA’s investigation.
As a result of these failures, the firm did not reasonably monitor, detect and report many instances of suspicious activity that were Ponzi schemes, market manipulation schemes, and other misconduct.
Failure to comply with books-and-records and net capital rules
An Offer of Settlement was issued in which a firm was censured and fined $25,000. The firm consented to the sanctions and to the entry of findings that it failed to comply with critical books and records and net capital rules established by the SEC and FINRA. The findings also stated that the firm failed to file a notice of its net capital deficiencies with the SEC or FINRA on days that it was net capital deficient.
The findings also included that the firm prepared and filed inaccurate quarterly Financial and Operational Combined Uniform Single (FOCUS) reports when it inaccurately recorded its minimum net capital requirement, inaccurately recorded its shares of an issuer’s stock as an allowable asset, and did not accrue expenses for its email retention provider, for a market data subscription and order entry system, certain legal expenses, certain salaries and one of its offices. FINRA found that the firm made and preserved inaccurate balance sheets, trial balances, general ledgers and net capital computations.
Unapproved email accounts
A broker was assessed a deferred fine of $10,000 because he set up and used unapproved email accounts to correspond with his member firm’s customers about securities business and circumvented the firm’s supervision of his business. The findings stated that the broker sent communications including, among other things, account funding confirmations, portfolio recommendations, fee summaries and trade confirmations.
The broker hid the email accounts from the firm during branch audits. The findings also stated that the broker prevented the firm from preserving records of his communications by using the unapproved email accounts to conduct firm business causing the firm to fail to comply with its recordkeeping obligations. In addition, the broker made misrepresentations on firm annual compliance questionnaires indicating that he only used his firm email address for securities business and client-related correspondence.
FINRA fined a broker a deferred fine of $10,000 because he effected transactions in a customer’s accounts based on instructions given to him by the customer’s son-in-law, who was not authorized to direct transactions in the accounts. The findings also stated that the broker used an email account that was not disclosed to or approved by his member firm to communicate with the son-in-law regarding the customer.
The communications included the son-in-law’s instructions to the broker to withdraw funds from the customer’s accounts. The firm was unaware of the electronic communications the broker sent or received regarding the customer’s account, and thus did not retain these communications.
Another broker was fined $5,000 because he circumvented his member firm’s supervisory procedures in an effort to effect a senior customer’s variable-to-fixed annuity exchange that his firm had already rejected as unsuitable. The findings stated that the broker sent an email from his unmonitored and unapproved personal email account to an individual not associated with his firm, seeking assistance to process the transaction away from the firm. In the email the broker warned the individual not to contact him through his firm email account, but instead to use his cell or the private email address.
Takeaway: appropriate policies, procedures and technology must be in place
The size of the fines illustrates how seriously regulators take lapses in a firm’s widespread system failures. Firms must tailor their AML programs to the firm's business model and customer base, and also dedicate resources to programs that correspond with their growth and business lines.
In FINRA’s 2020 Risk Monitoring and Examination Priorities Letter, AML was highlighted as an area of concern and the regulator noted it will assess firms’ compliance with FINRA Rule 3310. Firms can also review FINRA’s Examination Findings Reports to understand FINRA’s areas of concern related to AML and FINRA provides guidance and offers compliance training to firms about their AML compliance obligations.
An effective AML compliance program under FINRA 3310 should include the following.
- The program has to be approved in writing by a senior manager
- It must be reasonably designed to ensure the firm monitors, detects, and reports suspicious activity
- It must be reasonably designed to achieve compliance with the AML Rules, including, among others, having a risk-based customer identification program (CIP) that enables the firm to form a reasonable belief that it knows the true identity of its customers
- It must be independently tested to ensure proper implementation of the program
- Each FINRA member firm must submit contact information for its AML Compliance Officer through the FINRA Contact System (FCS)
- Ongoing training must be provided to appropriate personnel
- The program must include appropriate risk-based procedures for conducting ongoing customer due diligence, including (1) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (2) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information, including information regarding the beneficial owners of legal entity customers
The takeaway is that firms must develop and maintain policies and procedures reasonably designed to prevent and detect securities law violations by employees working for them. Firms must also have systems to implement their supervisory procedures that would reasonably be expected to prevent and detect violations by persons subject to their supervision. Firms must implement significant technology solutions to keep pace with the evolving industry changes.
The regulators' message is clear — a lax supervisory program will cost firms significantly.
Share this post!
Marianna Shafir Esq.
Latest posts by Marianna Shafir Esq. (see all)
- 2022 Regulatory Roundup: Record-Breaking Penalties Provide a Glimpse Into 2023 - December 28, 2022
- Smarsh Advance Recap: Voice – The Newest Frontier in Supervision - December 15, 2022
- CFTC’s 2022 Enforcement Results Highlight Recordkeeping and Supervision - October 27, 2022
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US