New York City, NY
Feb. 25, 2015
Thank you, Jeff [Weiss], for that introduction. Before I start, I must give our standard disclaimer that the views I express today are my own and do not necessarily reflect the views of the Commission or its staff.[1]
It is a real pleasure to be with all of you and to have an opportunity to speak to such a large group of anti-money laundering (AML) compliance professionals and practitioners. As I will discuss today, you contribute significantly to the work that we do at the SEC and I am sure we all share the goal of ensuring that illegal activity is detected, reported, and punished through rigorous execution of Bank Secrecy Act (BSA) and AML obligations.
Today I will cover three topics. First, I will talk about the important task of promoting a culture of compliance at companies and the significant role you play in that effort. I also briefly will share some observations on how AML compliance fits into the broader compliance program and the importance that the AML compliance program not be siloed from other aspects of compliance. Second, I will talk about the value of Suspicious Activity Reports (SARs) to what we do in the Division of Enforcement. And third, I will share some troubling data concerning SAR filings and discuss the SEC’s commitment to enforcing the rules relating to the BSA, and discuss an initiative the Division has begun to foster compliance with these rules.
Turning to my first topic, I hope that the strong turnout at this conference reflects a high level of commitment at your firms to establishing and maintaining a strong culture of compliance. As I have said many times, strong legal and compliance functions are critical elements of any successful enterprise, particularly those operating in the securities industry. Today more than ever, given the vastly increased financial regulatory structure, legal and compliance must be gatekeepers in ensuring conformance with the law.
At different points in my career, I have observed that firms that have done well in avoiding significant regulatory problems typically place a high priority on legal and compliance issues, and place the legal and compliance functions at the center of the operation. I have found that we can learn a lot about the likelihood of regulatory problems at a firm, and about the chances that a firm will take appropriate measures to correct any such problems, by asking a few questions:
When legal and compliance departments are not treated as full partners in the business, regulatory problems are inevitable. On the other hand, when the culture of the firm weaves the legal and compliance functions into the business and maintains an open dialogue with them about the risks the firm faces, and when legal and compliance are at the table and consulted on important business decisions, those views are heard and typically heeded.
Now many of you focus on AML compliance, which is only one aspect of compliance programs. And many of you might be tempted to narrow your focus to AML compliance issues. But one of the lessons of some of our recent cases is the importance of integrating AML compliance with other aspects of the compliance program and with the business generally. It is critical to ensure that your AML compliance processes are leveraging the work done in other parts of your compliance programs, and vice versa. Regardless of the primary purpose of the due diligence or other data analysis that you or someone else in your firm are carrying out, the information uncovered by these processes can be important information for multiple aspects of the compliance program. You must ensure that there is communication across different aspects of the compliance program and business, and ensure that siloes do not exist.
Take our recent case against the broker-dealer Oppenheimer,[2] where we charged the firm, among other things, with aiding and abetting illegal unregistered broker-dealer activity by a customer, an off-shore broker-dealer. The customer in question engaged in large deposits and sales of penny stocks. At one point, Oppenheimer AML compliance personnel detected a suspicious transfer and escalated their concerns. But despite this escalation, compliance personnel failed to recognize the red flags suggesting multiples forms of illegal activity, including unregistered broker-dealer activity and potential market manipulation, and no SARs were filed. Had there been better communication amongst the compliance functions, with each function bringing to bear their skills and knowledge, and together reviewing the issue to determine whether there were signs of illegal conduct, this potential illegal activity could have been identified.
A second example is our recent enforcement action against Wedbush Securities.[3] As you may know, if a firm provides direct market access to brokers or customers, the market access rule, Rule 15c3-5, requires the firm to ensure that it has reasonably designed controls and procedures in place to manage related financial and regulatory risks. Wedbush failed to have these policies and procedures. For example, in numerous instances, an executive in the firm’s correspondent services division became aware of potential wash trading and other forms of potential manipulation. But the firm’s policies and procedures did not specify how employees in that division should address these sorts of improper trading. These failures in market access compliance also led to failures to file SARs on this activity. If the firm had appropriate policies and procedures on market access, the results of any surveillance could have easily fed into their AML compliance people and led to SAR filings. The lack of such policies and procedures, and of communication among different parts of the business, led to multiple violations.
The final example comes from our recent Wells Fargo case, which highlights what can go wrong when compliance functions operate with silos.[4] There were multiple groups at the firm that had responsibility for detecting insider trading or had access to relevant information, including an AML function and a group that reviewed employee trades after market-moving events to determine whether they potentially resulted from the misuse of inside information. In this case, a financial advisor, and several of his clients, made significant trades in Burger King securities before the announcement of a buy-out transaction. One of these compliance groups learned that the financial advisor had in his possession offering documents relating to the buy-out transaction that were dated before the public announcement. These documents would have shown that the financial advisor in question had access to material nonpublic information when he traded in Burger King securities, which of course was highly relevant to any review looking at potential insider trading. But the firm did not have a system in place to ensure that relevant information existing in various parts of its compliance program would be properly assessed and shared appropriately across compliance personnel.
The bottom line is that it is critical to ensure that AML compliance is integrated fully into the other compliance operations of the firm to ensure that suspicious activity detected by other compliance functions makes its way to the AML compliance function and vice versa. We live in a world now with a wealth of data but we must find ways to ensure that data makes it to the right place.
Now a critical role of AML compliance is ensuring that SARs are filed when potential illegal activity is detected. Let me speak a bit about how the SEC relies on the data that you compile and report in SARs. Your work contributes directly to our work at the SEC to protect investors and ensure that our markets operate fairly. The intelligence you provide, especially in the form of SARs, is indispensable to us and to our colleagues. The SEC receives tens of thousands of tips and referrals every year from many different sources including investors, whistleblowers, and SROs. But SARs coming from broker-dealers often stand out from this pack in terms of reliability because the best ones contain allegations of wrongdoing that are described clearly and comprehensively, but also concisely. This reduces the amount of research and assessment that is needed before determining whether and how to act. The staff uses the intelligence and insight you provide to initiate cases, expand existing investigations, and to identify and understand trends and patterns of activity within the industry.
Our Division has an Office of Market Intelligence (OMI), which reviews all tips, complaints, and referrals. Within OMI sits a Bank Secrecy Act Review Group. In the course of a year, this group reviews between 27,000 and 30,000 SARs. If a SAR is filed by a broker-dealer, that group will see it, along with any other SARs filed by any other type of financial institution about any entity, person or transaction within our jurisdiction. On average, the group reviews your SARs within two weeks of filing; researches the allegations; and passes them along to examination and enforcement staff throughout the country as relevant.
For the most urgent matters, the group also operates a hotline you can call with information that we should know right away. Many of you contact that hotline each year, and someone in the Division will assess the SAR you file within twenty four hours of its entry into FinCEN’s database. I encourage you to use that hotline if you come across information that is timely and suggests serious misconduct. You can find the number by going to SEC.gov and searching for “SAR hotline.”
Each year, the BSA Review Group makes hundreds of referrals based on information gleaned initially from SAR reporting. Some statistics drive home the usefulness of the information we receive through SARs:
I share these statistics to illustrate the important point that the AML programs you oversee are critical in helping to expose fraud, the exploitation of vulnerable investors, and other misconduct. The quality of the reporting, and the industry expertise that you lend to your reports, often makes it possible for us to act more quickly than we otherwise could. And it increases the chance that we will be able to hold wrongdoers responsible and, we hope, recover investor losses.
Another aspect of the group’s work, and a clear illustration of the value of yours, is the role Bank Secrecy Act reporting plays in supporting and extending Enforcement investigations that arise from other sources. Regardless of the substantive focus of the cases or their origin, your SARs support our work every day. Among all the SARs the group reviews for tips, roughly 5% relate to active Division investigations and the SARs are forwarded to those investigative teams. In addition to those, countless of our cases benefit from research in FinCEN’s database by identifying unknown parties, relationships, accounts, and the like.
It also is worth mentioning some of our other efforts to use the SAR data to support our Enforcement efforts. The BSA Review Group uses BSA data on a broader scale, to support ongoing Division initiatives, to identify patterns of securities-related issues, and to identify potential BSA compliance concerns in the industry. For example, we are using SAR data to detect persons who have previously been barred from participating in the securities industry but may be conducting business in violation of that bar; to identify firms that have an inordinate number of account intrusions or takeovers; to support the Division’s initiative to uncover illegal short sales during restricted periods; and to detect persons who might appear as peripheral players in various cases over the years and that might therefore deserve closer individual scrutiny.
Finally, I’ll briefly note that our collections unit finds your reporting helpful in enforcing our penalties and orders after we conclude our cases. We sometimes are able to learn of assets through your SAR filings that we were previously unaware of. So with all of this, you can see that your work affects and improves the full life cycle of our cases.
Now for all of the help you provide, there also are clearly some broker-dealers who are not living up to their BSA obligations.
Industry-wide SAR filing data
The number of SARs filed by securities firms has generally grown over the past several years. That itself is encouraging news about AML compliance in the industry. But I want to dig down and share with you some other observations that we have on SAR filings generally.
Over the past several years, the number of SARs filed by securities firms has been in the range of about 18,000 to 25,000 per year. Many of those SARs are great, but many are not. For better and sometimes for worse, often our reviewers can look at a narrative and instantly recognize which firm filed it. With some firms, narratives differ by only a few words from one SAR to another, revealing a “check-the-box” mentality. With others, the narratives never exceed a total of about fourteen words. Additionally, from some firms we might receive a description of the deposit and sale of shares with absolutely no explanation of the basis of suspicion. Obviously, such SARs have little value to us – and tend to suggest that the submitting firm does not take its BSA reporting obligations seriously.
Consider another fact. There are approximately 4,700 to 4,800 broker-dealers in the United States, all of whom are required to file SARs in appropriate circumstances. When you compare that number with the number of SARs filed by broker-dealers every year, that means that on average, each firm in the U.S. files about five SARs per year. This is disconcerting and hard to understand. Think about your businesses – is it possible that only five transactions a year were suspicious enough to justify a SAR filing? The nature of your industry and the sheer volume of transactions executed each year suggest to me that this number is far too low.
Last year, the Division’s BSA Review Group began to dig into this issue by analyzing the SARs filed across different time periods and comparing that information to what we know about the broker-dealers registered in the U.S. We looked at the number of filings alongside other factors, including: the number of registered representatives associated with the firms; the number of customer accounts; whether the firm retailed microcap securities or was dually registered as an investment advisor; the number of regulatory, civil, or criminal disclosures related to the firms; and the number of times the firm was involved in transactions that the Division has investigated in the past.
Among other things, the BSA Review Group’s analysis of BSA filings by industry members can identify firms that do not file any SARs for extended periods of time, that routinely file SARs long after the transactions being reported, provide little or no detail in the narratives of the SARs, or who provide brokerage services to persons or entities who appear frequently in SARs filed by other firms.
I will not go into all the details of what we found, but I can say that the number of firms that filed zero SARs or one SAR per year was disturbingly large. Without knowing more, I can’t say that each firm necessarily failed to file SARs that it should have filed. But these findings are troubling, and suggest a need for further investigation. In fact, more than half of all the SARs filed by the securities industry last year were filed by fewer firms than are represented in this room. Recall, that’s out of a population of between four and five thousand. Judging by the numbers, I find it hard to believe that the industry as a whole is fulfilling its obligations.
As I have said, we in the Enforcement Division rely on Bank Secrecy Act reporting every single day, and find it critical to preserving the integrity of our markets. Because it is such a crucial pipeline of information, we need to determine whether firms are meeting their reporting obligations, and to address this failure if they are not. How are we doing that?
Broker-Dealer Task Force
Historically, our Division of Enforcement has pursued Bank Secrecy Act compliance issues in the context of enforcement matters involving other violations. When we have found BSA violations, we have brought that as an additional charge, usually together with other charges. This makes sense, because as I have discussed, the SAR reporting obligations do not exist in a vacuum. Problems in BSA reporting often go hand in hand with problems elsewhere.
That said, the information I have described above concerning the incidence of SAR reporting suggests there is a need to pursue standalone BSA violations to send a clear message to the industry about the need for compliance. Our Broker-Dealer Task Force – which was formed to focus on current issues and practices within the broker-dealer community, and is developing broker-dealer initiatives that can be implemented Division-wide – has taken up this issue.
They have targeted those firms who do not appear to be consistently meeting their books and records obligations under Rule 17a-8 and the Bank Secrecy Act. They have identified those firms that have filed few or no SARs over extended periods of time and whose failure raises questions about their compliance with their BSA obligations. Working with examination staff, they have then done a preliminary analysis to determine whether the lack of filing can be easily explained. If not, they have determined whether an examination or investigation is warranted. The early efforts of this initiative have resulted in dozens of examinations and investigations potentially focused on BSA violations, and we will pursue recommendations for action if we conclude that Enforcement cases are warranted. Whether or not this initiative generates enforcement actions, it will almost certainly increase focus on SAR filings in the broker-dealer community – which is a good thing.
Creative and aggressive remedies
If and when the Commission does take enforcement action, I expect it will send a strong and clear message about the importance of BSA compliance. As many of you no doubt are aware, we have changed the Commission’s long-standing no-admit, no-deny settlement protocols. In certain cases the Commission now requires admissions of fact and wrongdoing where heightened accountability and acceptance of responsibility are in the public interest. Significantly, in both the Wedbush and Oppenheimer cases, we required and obtained admissions that the firms had failed to satisfy their obligations under the Bank Secrecy Act and engaged in other violations. This is something to be carefully considered in future actions as well.
Our case against Oppenheimer, which we brought last month with FinCEN, featured the largest civil money penalty ever against a broker-dealer for AML failures. The sanctions imposed on Oppenheimer, which included $20 million in monetary relief, reflect the magnitude of Oppenheimer’s regulatory failures. Taken together, the Wedbush and Oppenheimer cases demonstrate that the SEC is fully committed to addressing lax AML compliance programs at broker-dealers through strong enforcement action.
I should also mention that not only is the Oppenheimer settlement the largest civil money penalty imposed on a securities firm in a BSA enforcement action, it is the first case in recent years in which FinCEN and SEC Enforcement acted jointly. I am very pleased with the relationship we have developed with FinCEN and look forward to a strong partnership with them. They share our strong desire to ensure that firms are complying with their SAR filing obligations.
The Wedbush and Oppenheimer cases have something else in common, which is that each settlement required the firm to retain independent outside consultants to assess its BSA compliance programs and identify fixes, which the firm must then implement. This is another way to ensure that firms take seriously the task of remedying past failures.
To close, let me reiterate that I place a high value on the work you do. Enforcement staff has been very busy trying to broaden our use of the intelligence you provide. Every day you provide us with tools to detect and investigate misconduct, and I am confident that our program will continue to benefit from your efforts in the coming years. Overall, my message is a simple one: BSA compliance is not optional, and a failure to file a required SAR is by itself a basis for enforcement action. While many in your industry are taking their Bank Secrecy Act obligations seriously, it’s critical that all firms understand and meet those obligations. Thank you for your attention, and enjoy the rest of the conference.
[1] The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or of the author’s colleagues upon the staff of the Commission.
[2] See Press Rel. No. 2015-14, SEC Charges Oppenheimer With Securities Law Violations Related to Improper Penny Stock Sales (Jan. 27, 2015), available at http://www.sec.gov/news/pressrelease/2015-14.html.
[3] See Press Rel. No. 2014-263, Wedbush Securities and Two Officials Agree to Settle SEC Case, (November 20, 2014), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543504806.
[4] See Press Rel. No. 2014-207, Wells Fargo Advisors Admits Failing to Maintain Controls and Producing Altered Document, Agrees to Pay $5 Million Penalty (Sept. 22, 2014), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543012047.