Critiquing Your AML Compliance Program
With key regulatorsthe U.S. Department of the Treasurys Financial Crimes Enforcement Network (FinCEN), the Securities and Exchange Commission (SEC), and the Financial Industry Regulatory Authority (FINRA)actively promoting new anti-money laundering (AML) initiatives for 2013, stricter oversight for corporations is all but certain.
As a result, in-house counsel and compliance staff at broker-dealers and investment advisorsincluding those in the multitrillion-dollar hedge fund industryare advised to take this new focus on AML to heart and begin reviewing (and, if necessary, revising) their existing AML measures now, rather than later.
To start, in-house compliance officers should consider how the companys AML policies stack up against the issues or risks regulators have recently deemed serious enough to warrant a public enforcement or disciplinary action.
The most obvious and straightforward compliance risk is the failure to establish and maintain an appropriate AML compliance program. Bank Secrecy Act regulations require broker-dealers to establish an AML compliance program, including a Customer Identification Program (CIP). Further, Rule 17a-8 under the Securities Exchange Act gives the SEC full authority to enforce those requirements.
Administrative enforcement proceedings against broker dealers alleging this type of failure typically involve one of two things: gaps in or deviations from the firms existing policies and procedures.
Lets start with an example of gaps in an existing AML policy. The SEC recently alleged that New York City-based broker-dealer Pinnacle Capital Marketss CIP failed to verify the identities of subaccount holders that comprise corporate omnibus accounts. Specifically, the SEC noted that an omnibus account can itself be deemed the broker-dealers customer when the omnibus account holder fully intermediates the transactions.
In this case, however, the SEC alleged that the subaccount holders directly affected transactions through their subaccounts via the broker-dealers direct market access software. That, in effect, made the subaccount holders the broker-dealers customers and subject therefore to CIP verification.
In another case involving customer identification, the SEC alleged that broker-dealer E-Trade had indicated that the company would verify each customers identity, yet it failed to verify the identity of secondary accountholders in joint accounts.
Similar issues can arise when a company deviates from existing policies and procedures. For example, the SEC recently alleged that broker-dealer Crowell, Weedon & Co. established a written CIP, but then employed informal procedures not set forth in the written policy to verify customers identities. Specifically, while the policies and procedures required photo identification or specific non-documentary methods, in practice the company simply relied on its registered representatives personal knowledge of the customer.
In light of these enforcement proceedings, broker-dealers and investment advisors should begin their due diligence by re-examining and, if necessary, updating their CIP policy.
Compliance Professional Liability
Recent enforcement actions have also demonstrated that compliance professionals and others charged with monitoring and enforcing a companys AML program can themselves be at risk.
Compliance programs mandated by the Bank Secrecy Act include an obligation to name an AML compliance officer. In several recent enforcement cases brought by the SEC, compliance professionals have been named personally.
In many of these cases, the presentation by the SEC is fairly straightforward: The agency alleged a compliance official knew or should have known about red flag issues and failed to file the required suspicious activity report (SAR). However, there were a number of interesting facts that could serve as a warning going forward.
In one case, a compliance officer refused to sign off on a $4 million wire transfer from a customer account to a third party. The transfer clearly violated the companys policy of disallowing wire transfers from customer accounts to third parties. In addition to refusing to sign off on the transfer, the compliance officer also (successfully) required that the funds be returned.
However, in light of the red flags and the potential that money could be laundered through the account, the SEC said the compliance officer should have also filed an SAR. Compliance officers should take heed, therefore, that risks can arise even if they seemingly fulfill their duty by stopping and unwinding a transaction that violates the firms AML policy.
In another noteworthy case, a compliance officer named Robert Gorgia hired a third party to audit a Leeb Brokerage Services Inc.s AML procedures over a period of two years. Upon review however, an administrative law judge (ALJ) simply dismissed the audits by saying they were shams that failed to note any AML issues.
Unfortunately the ALJ failed to explain exactly what made the audits shams and unreliable. With the proceeding against the compliance officer now under review by the SEC, the agency will hopefully provide a better explanation/understanding of the audits. In any event, compliance officers should take heed of the risk that reliance on a third party audit could be rejected without explanation.
A Holistic View
These are but a sampling of the compliance challenges facing broker-dealers and, potentially, investment advisors. In light of this type of heightened scrutiny, regulators are recommending that management take a more comprehensive view of their companys compliance requirements.
In 2012, David Blass, the chief counsel of the SECs Division of Trading and Markets, stated that the regulators have become increasingly focused on how AML obligations interact with a broker-dealers other obligations under the securities laws and SRO rules. Companies, he said, should view their AML obligations as complementary, and should consider how to leverage these corresponding requirements for a more holistic view of their risks.
As broker-dealers prepare for enhanced oversightand financial advisers for possible AML regulationcompanies should take this advice and implement a more macro view of their compliance risks.
Rather than viewing AML as a separate area that poses unique risks, it should be integrated into the companys overall compliance system. After all, the risks discussed abovegaps in and deviations from policies and procedures and a compliance officials personal responsibilityarent just AML issues, they are compliance issues.
John. H. Walsh is a partner at Sutherland Asbill & Brennan. He previously served for 23 years at the Securities and Exchange Commission, where he was instrumental in creating the Office of Compliance Inspections and Examinations.