“Broker-Dealer Anti-Money Laundering Compliance – Learning Lessons from the Past and Looking to the Future”
David W. Blass
Chief Counsel, Division of Trading and Markets
U.S. Securities and Exchange Commission
SIFMA Anti-Money Laundering & Financial Crimes Conference
February 29, 2012
The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission
or the staff of the Commission.
Good Afternoon, I was honored to be asked to speak at this year’s anti-money laundering and financial crimes conference. I would like to thank Kevin Carroll and SIFMA’s AML committee for inviting me here and for SIFMA’s continued commitment over the years in promoting strong practices to combat money laundering.
Working on AML matters in my new role as Chief Counsel in the Division of Trading and Markets is in many ways a return to my roots at the SEC. I joined the Division almost a decade ago, as the primary attorney working in the AML area. Among other things, I represented the SEC during the 2006 FATF Evaluation of the United States and also participated in special due diligence rulemaking for correspondent and private banking accounts. While I have mainly been involved in other regulatory areas before returning to the Division, I’m pleased to be returning to this critically important and interesting area.
As you may know, my office is responsible for legal interpretations and policy issues relating to AML obligations for broker-dealers. Attorneys in the office work with our colleagues internationally, our fellow regulators domestically, in particular, Treasury, the Financial Crimes Enforcement Network, the U.S. Commodity Futures Trading Commission, and the banking agencies. We also work cooperatively with the industry on a variety of AML initiatives.
As I stated, I joined the SEC almost ten years ago, shortly after the passage of the USA PATRIOT Act.1 As I am returning to my original home at the SEC, it has caused me to reflect on the developments in the AML space during this time. I hope today’s talk will highlight the enormous strides made over the years, both by the industry and by regulators, in combating the abuse of the financial system by money launderers and criminal financiers. I also hope to highlight areas for further focus going forward.
Before I do, though, please let me remind you that my remarks represent my own views, and not those of the Commission, any individual Commissioners, or other members of the staff.
PATRIOT Act Transforms the AML Landscape for Broker-Dealers
Getting the basics right.
As we all know too well by now, the tragic events of September 11, 2001, were a watershed moment for the country and for the US financial service industry’s AML and counter-terrorist financing obligations. However, 9/11 was not the beginning of the story for the securities industry in the AML area.
Broker-dealers have been subject to many aspects of the Bank Secrecy Act since it was adopted in the 1970s.2 A focus on AML compliance has been part of the SEC’s program ever since, as evidenced by the early enforcement cases against a few broker-dealers for blatant violations of the Bank Secrecy Act’s currency reporting requirements.3
Still, while some aspects of AML compliance have long been applicable to securities firms, it was only in 2001 that broker-dealers became fully subject to anti-money laundering obligations with passage of the PATRIOT Act. In fact, within a few years of the President signing the PATRIOT Act into law, broker-dealers went from having basic reporting and recordkeeping obligations to a robust and complimentary set of obligations aimed at detecting and deterring money laundering and criminal financing. We at the SEC recognize that implementing those obligations was a significant challenge to the industry, requiring a considerable devotion of resources.
In the immediate aftermath of the PATRIOT Act, our primary focus was on trying to help firms get educated and started with their new AML obligations. In particular, our examiners focused on determining whether broker-dealers had fully implemented adequate AML programs, including identifying customers, detecting and reporting suspicious activity, and in certain cases, developing and implementing enhanced due diligence procedures.
Our enforcement actions from this period reflected that we were in the early days of firms’ AML understanding and compliance. Many firms were cited for failing on the basics. For example: some did not adopt and implement an adequate AML compliance program that complied with the basic AML requirements, including failing to designate an AML officer, to establish an AML training program, to perform basic customer identification, or to create suspicious activity monitoring procedures.4
Lessons learned -- filling out the contours and assessing the gaps
With the passage of time, all of the players – industry, regulators, and, likely, criminals – have become more sophisticated in their approach to AML. With this sophistication and experience, our expectations have changed, and frankly have increased, as is typically the case when a rule has been on the books for a while. As regulators, we have moved beyond the basic question of whether all the required parts are in place and generally functioning to a more nuanced approach addressing the rigor and effectiveness of a firm’s overall AML compliance structure. This evolution is reflective in the enforcement cases that have been brought by the SEC and FINRA over the last couple of years.
Take, for example, a recent action based largely on violations of CIP requirements, which, as you know, broadly require firms to obtain and verify certain identifying information about their customers. In the SEC’s enforcement action, the firm held master omnibus accounts for foreign entities, which in turn were subdivided into sub-accounts for other foreign entities.5 In this case, the holders of the sub-accounts were “customers” for CIP purposes because they were able to conduct unintermediated transactions directly on the US securities markets, but the firm failed to identify and verify the identities of the sub-account holders as required by the CIP rule. Merely calling an account an “omnibus” account did not relieve the firm of its CIP or other obligations with respect to the underlying customer of that account.
Of course, there are many legitimate account structures where it would be appropriate not to look through the account to the underlying accountholders for CIP purposes, and there is some guidance in this area that you may find helpful.6 What this enforcement action should make clear, however, is that we expect firms to look beyond the account label to the substance of their relationship with the underlying accountholders to determine whether those accountholders are in fact “customers” for purposes of CIP.
Moreover, even where firms adequately comply with CIP requirements, they must always consider the risks associated with grouped and other accounts, regardless of whether they are required to look through to the underlying customer for CIP purposes. A recent National Risk Alert on master/sub-accounts prepared by the SEC’s Office of Compliance Inspections and Examinations addressed some of these issues.7
We have also continued our focus on the adequacy of firms’ suspicious activity monitoring and reporting, which is an absolutely fundamental aspect of BSA compliance. As you know, the SAR rule requires reporting of transactions conducted or attempted “by, at or through” the broker-dealer, and we interpret this language broadly. Accordingly, firms should be monitoring any activity for red flags across their business lines, products, and transactions. Monitoring is not limited to “customer” activity or to certain types of transactions such as cash or securities movements. Instead, monitoring extends to all activity conducted “by, at or through” the broker dealer regardless of whether it is conducted by a “customer” of a firm for CIP or other purposes. So, for example, the fact that a trader in a subaccount may not be a “customer” for the CIP rule doesn’t mean that that trader’s transactions can be ignored for monitoring and reporting purposes. As part of this monitoring, we expect firms to have policies and procedures to resolve or report appropriate red-flags in a timely manner.
In one significant customer case brought by FINRA, a firm failed to obtain the names of the beneficial owners of a number of “high risk” accounts due to concerns that obtaining such information could cause the account holders to move their accounts elsewhere.8 This occurred despite repeated and ongoing requests from the firm’s counsel and the firm’s clearing firm to obtain the names of the beneficial owners before conducting transactions in the accounts. Turning a blind eye because of a fear of losing revenue is never an acceptable excuse for failing to fulfill a firm’s AML obligations or any other obligation under the federal securities laws or FINRA rules.
It is also important to note that suspicious activity monitoring and reporting is not only the responsibility of the firm but also individuals at the firm that are directly responsible for filing SARs on the behalf of the firm. The SEC and FINRA have brought a number of cases citing firms’ AML officers or Chief Compliance Officers for failing to follow up on red flags that are presented at the firm. These actions have resulted in significant fines, supervisory bars and industry suspensions.9
We have also become increasingly focused on how AML obligations interact with a broker-dealer’s other obligations under the securities laws and SRO rules, and with ensuring that firms do not silo information or take an overly narrow view of information that they have for other purposes. Firms should not view AML compliance as unrelated to their other obligations. AML obligations should be viewed as both complementary to and enhancing a firm’s compliance function. Firms should consider how to best leverage these corresponding requirements for a more holistic view of their risks. For example, a firm’s suitability and “know your customer” obligations require firms to obtain a significant amount of information about their customers that is useful in conducting the initial and ongoing customer due diligence necessary to assess the risk of and to adequately monitor an account for all suspicious activity, including securities fraud and other violations of the securities laws and SRO rules.
Learning from the Past to Predict the Future
The past ten years have clearly illustrated that AML compliance is not simply a “banking” issue or only a concern of “cash businesses.” Instead, it has affirmed our long-held belief that AML should be among the forefront of broker-dealers’ compliance concerns. The importance of AML compliance for us extends beyond money laundering and terrorist financing. AML compliance helps us detect and prevent securities fraud and other violations of the law. Accordingly, as we look forward, we will continue to emphasize the significance of this area in the securities industry to firms as well as to other regulators.
By looking back at the past ten years, we can also begin to identify some trends that I predict will manifest themselves in the future. Looking at the enforcement actions I have highlighted, it becomes clear that firms have been living under an expectation that they will be engaging in some form of due diligence of their customers and accounts.
While it is true that there currently is no rule that expressly requires due diligence in all instances, firms are required to have an AML program that at a minimum includes the establishment of policies and procedures reasonably designed to detect and cause the reporting of suspicious activity. It seems difficult to envision how a firm can comply with AML program or SAR responsibilities without having risk-based policies and procedures that allow firms to know who their customers are, what activities they may be reasonably expected to engage in, and also to have procedures to keep this information up to date over the course of the customer relationship. Of course, as SIFMA’s AML committee quite correctly explained in guidance issued in 2008, a firm’s AML program should be designed to permit firms the ability to make risk-based determinations about its customers, its customer’s source of income, and the customer’s expected activity.10 A firm should assess any risks associated with particular customers or transactions by evaluating its business to determine the likelihood that suspicious or potentially illegal activity will be present.11 This kind of common-sense approach to knowing who you are dealing with and what your dealings might reasonably entail should be no surprise to anyone in this room.
While I am on the topic of due diligence, I would like to take the opportunity to applaud David Cohen and his staff at Treasury and FinCEN for the issuance of the customer due diligence advance notice of proposed rulemaking earlier today. We in government should acknowledge and embrace our responsibility to speak clearly about our expectations for firms’ compliance. I believe Treasury’s ANPR can provide a solid roadmap of what a rule in this area could look like, or, at the very least, provide a starting point for discussions about that rule. It is my hope that any rulemaking for customer due diligence would further clarify regulatory expectations regarding this critical BSA obligation, and I encourage you to respond to the solicitation for comments.
As I mentioned, I do take seriously the responsibility to at least try to speak clearly about our expectations as regulators. I also believe we should be good listeners, to ensure that we understand the perspectives of all parties affected by our rules. While success is difficult to measure in this area, my goal is to strive to develop a productive, open relationship with the securities industry in dealing with AML concerns. I invite you to highlight for me and my team comments and concerns regarding the AML regime that are specifically targeted to the securities industry, in addition to those that cross industries. Identifying these issues is enormously helpful for us in working with Treasury, FinCEN, and other regulators in developing an effective AML regime.
To help us in this regard, I would like to let you know of a new initiative designed, at least in part, to enhance our understanding of how you comply with your AML obligations. We are partnering with the CFTC to establish a Capital Markets Working Group that will focus on money laundering vulnerabilities in the capital markets. Given the inherently complex and specialized nature of our capital markets, developing an accurate risk assessment requires the expertise and leadership of various public and private stakeholders, including regulatory agencies, the law enforcement community and representatives from the private sector. So we anticipate reaching out to some of you regarding this initiative. I would like to thank Chip Poncy, Katrina Carroll and Lawrence Scheinert, all from Treasury, for their strong support in this area. Also, I should thank the talented team of attorneys with vast AML expertise with whom I have the privilege of working with at the SEC for their continued dedication to all things AML.
To say the least, we have come a long way. But we could not have made such enormous strides in the area of broker-dealer AML compliance without the collective effort of the regulatory community and the securities industry participants.
I would also like to acknowledge you, as industry professionals, for your invaluable contribution to this shared effort. I know that success can often be difficult to measure in the AML area. An AML officer’s job might seem like a thankless job, but I am here to thank you. We in government appreciate the hard task that you and your firms face.
Thank you for the opportunity to speak today and for your giving me your time and attention. I would be happy to answer any questions.”