On March 29, the Securities and Exchange Commission Division of Examinations (EXAMS) issued a risk alert to remind broker-dealers of their obligations related to anti-money laundering (AML) rules and regulations, as well as to provide the staff’s observations of compliance items related to those obligations. The risk alert is designed to assist broker-dealers with reviewing and enhancing their AML programs.
SEC examination staff observed deficiencies in firms’ establishment of procedures and internal controls for identifying and reporting suspicious activity, including:
- Not including any red flags in their policies and procedures to assist with identifying activity for further due diligence, or failing to include red flags associated with securities transactions;
- Not establishing and implementing automated systems to monitor and report suspicious activity associated with trading in large volumes;
- Failing to include securities priced between $1 and $5 per share (by setting price to $1) in automated monitoring of “penny stocks”;
- Setting Suspicious Activity Report (SAR) reporting thresholds at amounts significantly higher than the $5,000 threshold specified in the SAR Rule and thus failing to identify and report potentially suspicious transactions involving amounts between $5,000 and the firms’ elevated thresholds; and
- Deferring inappropriately to clearing firms to identify and report suspicious transactions in customer accounts and failing to adopt their own procedures that take into account the high-risk nature of their customers’ activity.
In addition, EXAMS noted that some firms failed to implement appropriate procedures:
- To sufficiently explain why they were not filing a SAR on activity that appeared identical to activity for which they otherwise filed SARs;
- To review red flags identified by their own procedures, such as deposits and immediate liquidations of large quantities of low-priced securities, or allowing trading in penny stocks when their policies and procedures prohibited this activity; and
- To accurately complete SARs, specifically noting that firms who each filed hundreds of SARs or more often contained the same generic boilerplate language, which failed to make clear the true nature of the suspicious activity and the securities involved, rendering the SAR less valuable to law enforcement and regulators trying to understand the activity and its criminal or regulatory implications.