The most interesting legal point is that the SEC argues that the failure to implement compliance policies and procedures that would have uncovered wrongdoing can serve as a predicate for a failure to supervise charge. In the past, the regulators generally separated the compliance program from the supervisory obligations. Does this mean that a compli-pro can be charged with aiding and abetting his/her firm’s failure to supervise if the compliance monitoring program fails to detect wrongdoing?
FINRA has fined a large broker-dealer $10 Million for widespread anti-money laundering compliance failures arising from failed systems, insufficient resources, and poorly-designed supervision. FINRA charges that the firm’s wire transfer surveillance system failed to collect required data and thereby omitted information that should have been transmitted to the AML surveillance system. FINRA also faults the firm for significantly understaffing the AML surveillance team, resulting in cursory reviews. The firm was also faulted for improperly allocating supervisory responsibility over surveillance of penny stock trades. FINRA rules require member firms to implement an anti-money laundering program to ensure compliance with the Bank Secrecy Act. A FINRA Enforcement official chided the industry, noting that the regulator “continues to find problems with the adequacy of some firms’ overall AML programs, including allocation of AML monitoring responsibilities, data integrity in AML automated surveillance systems, and firm resources for AML programs.”
Anti-Money Laundering compliance remains a huge challenge for broker-dealers that must spend significant resources on both technology and personnel to ensure adequate monitoring. Regardless, we recommend upgrading your systems and processes before the regulators force your hand with enforcement actions and multi-million fines.
A large mutual fund company agreed to pay a $1 Million fine and reimburse clients another $1.095 Million for failing to stop a portfolio manager from engaging in unlawful cross-trades. The SEC also fined and barred the portfolio manager. The SEC alleges that the portfolio manager interpositioned a friendly broker to execute cross-trades between clients in a scheme that benefited buying clients over selling clients. Such cross-trades – which were not conducted at the bid-ask spread and which paid commissions – violated the Investment Company Act’s affiliated transactions rules and did not comply with the Rule 17a-7 safe harbor. The SEC faults the firm and its compliance function for failing to further investigate responses from the portfolio management team that uniformly contended that the questioned trades were not prearranged. The SEC also criticizes the compliance function for failing to properly monitor trading practices and for neglecting to train employees.
OUR TAKE: Compliance testing and monitoring does not stop when a questioned employee (with an incentive to engage in violative transactions) denies wrongdoing. While this may avoid personal responsibility in the corporate blame game, it will not satisfy the regulators or fulfill a compli-pro’s obligations to implement reasonable policies and procedures.
OUR TAKE: We love compliance regtech as a tool to leverage compli-pros’ efforts to uncover wrongdoing. However, over-reliance on technology without professional judgment and intervention will lead to a false sense of compliance security. An automatic hammer will not build a house without the architects and the builders.
The SEC fined a large bank-affiliated broker-dealer $13 Million for weaknesses in its anti-money laundering program and for failing to file suspicious activity reports over a 5-year period. The SEC faults the firm for utilizing a patchwork monitoring system across its large enterprise that often failed to monitor certain accounts and uncover potential money laundering activity. The SEC raised specific concerns about transactions in brokerage accounts that utilized banking services such as ATMs, check-writing, and wire transfers. The firm also failed to quickly remedy some of the AML monitoring issues that it self-identified.
OUR TAKE: As firms get larger (especially through acquisition), account monitoring and AML management becomes much more difficult. Larger firms should consider appointing an enterprise-wide AML czar to take control of all monitoring activities.
The SEC filed insider trading charges against an investment bank VP who worked in the risk management department and received material nonpublic information as part of his duties to provide technical information to support internal committees. According to the SEC, the defendant learned inside information about a pending going-private transaction when he was copied on an email intended for the firm’s Debt Loan Committee and those that supported its functioning. The SEC alleges that the risk management VP used undisclosed personal brokerage accounts in his name and his wife’s name to trade call options and stock in the target, thereby collecting over $40,000 in ill-gotten gains. In addition to the SEC’s civil charges, the U.S. Attorney has filed a parallel criminal action.
OUR TAKE: It hurts all compli-pros when a risk management professional misuses his position and access to engage in unlawful activity. Who can you trust? Presumably nobody, which is why nobody should be exempt from oversight and testing.
FINRA fined a large broker-dealer $16.5 Million for failing to devote sufficient resources to anti-money laundering compliance. According to FINRA, the firm’s AML monitoring analysts were “negatively impacted by the level of resources dedicated by the firm to AML surveillance.” With respect to exceptions generated by an automated system, FINRA claims that the internal staff was overwhelmed: “The number of analysts employed by the firm at any time (ranging from 3 to 5) did not have the ability to adequately review the tens of thousands of alerts generated.” FINRA also faults the firm for mis-programming an automated surveillance system and for over-relying on sales traders to report suspicious AML activities when most order flow came into the firm electronically.
OUR TAKE: The regulators have increasingly examined the level of resources devoted to compliance monitoring as an indication of a firm’s commitment to compliance. While every firm must assess its own needs, firms should spend no less than 5% of revenue on compliance monitoring.