SEC Enforcement Sends Clear Message That “AML Obligations Are Sacrosanct”

On May 20, 2022, the US Securities and Exchange Commission settled charges against a dually registered broker-dealer and investment adviser, which also is a subsidiary and nonbank affiliate of a bank holding company, for failing to file at least 34 Suspicious Activity Reports (SARs) in a timely manner. According to the findings in the SEC order, which the company neither admitted nor denied, the failure to file SARs resulted from two technical breakdowns in the implementation and testing of the company’s compliance process for anti-money laundering (AML) transaction monitoring. Despite the technical nature of the violations, and even with the company’s full cooperation and remedial efforts, the company agreed to pay a $7 million penalty. The action is a good reminder for all broker-dealers and financial services companies of the overlapping enforcement regime among their regulators.

Section 17(a) of the Securities Exchange Act of 1934 (Exchange Act) and Rule 17a-8 thereunder requires every registered broker-dealer subject to the Bank Secrecy Act (BSA) to comply with the recordkeeping requirements set forth by the US Treasury’s Financial Crimes Enforcement Network (FinCEN). In turn, FinCEN has promulgated regulations that require broker-dealers to file a SAR when a transaction is relevant to a possible violation of law or regulation. As discussed in a prior Advisory, the Second Circuit recently affirmed the SEC’s independent authority as the primary federal regulator of broker-dealers to enforce Rule 17a-8 and its requirements to comply with the BSA. See United States Sec. & Exch. Comm'n v. Alpine Sec. Corp., 982 F.3d 68, 77 (2d Cir. 2020), cert. denied, 142 S. Ct. 461, (2021).

Here, the hook for enforcement by the Commission was compliance monitoring. According to the recent order, there were two technical compliance failures that led to the enforcement action, both of which involved the company’s AML transaction monitoring system:

• First, after transitioning to a new AML transaction monitoring system in 2019, the new system did not properly cross-reference certain country codes when monitoring wire transfers made to foreign countries. As a result, brokerage customers with transactions in certain high-risk or moderate-risk countries did not trigger alerts in the monitoring system for further review and no SARs were filed. This cross-reference issue was identified to the company during an annual exam conducted by the Financial Industry Regulatory Authority (FINRA) and potentially impacted 1,708 wire transfers. The company subsequently filed at least 25 late SARS.
• Second, while investigating the first issue, the company discovered and self-reported to the Commission an “unrelated failure.” On dates when there was a bank holiday, but not a brokerage holiday, the system would not generate alerts for wire transfers with high- or moderate-risk countries for further review. This potentially impacted 658 wire transfers, and the company ultimately filed at least nine additional late SARS.

In the press release announcing the settlement, the Director of the SEC’s Division of Enforcement, Gurbir S. Grewal, was quoted as stating that the Commission was “sending a loud and clear message to other registrants that AML obligations are sacrosanct.” Even though the company fully cooperated, hired an outside consulting firm, and provided the SEC staff with the consultant’s reports and recommendations, it still faced a significant penalty. Notably, the SEC press release stated that this was the second BSA action against the company in the last five years and pointed to the Commission’s settled order against the company in 2017 for failing to timely file 54 SARs. The prior settled action likely played a role in the terms of the recent settlement, even though the issue that caused late filings in the prior action was different.

Compliance with AML obligations goes without saying, but this action highlights yet again the risks associated with transitioning AML monitoring systems and the importance of testing and monitoring a system’s implementation to assure its effectiveness. The order also re-emphasizes that the SEC’s heightened enforcement role can be brought to bear across a wide swath of regulations that the SEC views as promoting the goals of the Exchange Act.

Broker-dealers and other financial services companies would do well to evaluate and ensure that their compliance processes, including newly implemented systems and technologies, are adequately designed, tested and monitored to ensure they are working properly and comply with all applicable laws and regulations. Among other items, companies, especially when transitioning to new monitoring systems, should query and confirm whether all data and risk ratings are properly captured and transitioned from one system to another, and take measures to ensure unwelcomed compliance surprises do not occur when the new system is turned on. This should be followed by testing the new system after implementation.

Arnold & Porter is continuing to monitor developments in this area for our financial institution clients. If you are seeking advice on how to mitigate risks in connection with AML compliance and suspicious activity reporting, or with SEC compliance more broadly, please reach out to the authors or your regular Arnold & Porter contact.

© Arnold & Porter Kaye Scholer LLP 2022 All Rights Reserved. This Advisory is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.