Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 22, the Financial Industry Regulatory Authority (FINRA) issued new guidance on areas member firms should consider when seeking to improve their compliance, supervisory, and risk management programs. The 2019 FINRA Risk Monitoring and Examination Priorities Letter (2019 Priorities Letter) examines both new priorities as well as areas of ongoing concern, including the adequacy of firms’ cybersecurity programs. FINRA notes, however, that the 2019 Priorities Letter does not repeat topics previously addressed in prior letters, and advises member firms that it will continue to review ongoing obligations for compliance. Topics FINRA plans to focus on in the coming year include:
- Firms’ use of regulatory technology to help compliance efforts become “more efficient, effective, and risk-based.” FINRA will work with firms to understand risks and concerns related to supervision and governance systems, third party vendor management, and safeguarding customer data;
- Supervision of digital assets, including coordinating with the SEC to review how firms determine whether a given digital asset is a security and whether firms are implementing adequate controls and supervisions related to digital assets, such as complying with anti-money laundering and Bank Secrecy Act rules and regulations;
- Assessment of firms’ compliance with FinCEN’s Customer Due Diligence rule, which requires firms to identify beneficial owners of legal entity customers (as previously covered by InfoBytes here); and
- Financial risks, including credit risks, funding and liquidity planning.
On December 26, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent (AWC), fining a broker-dealer $10 million for failing to establish and enforce an anti-money laundering (AML) program that complies with Bank Secrecy Act and implementing regulation requirements. According to FINRA, alleged failures in the firm’s automated AML surveillance system allowed transactions from countries with “high money laundering risk” to flow through the financial system from January 2011 through at least April 2016. Furthermore, the firm allegedly failed to (i) devote sufficient resources to reviewing suspicious transactions; (ii) adequately monitor customers’ penny stock trades and deposits for suspicious activities; and (iii) adequately monitor and conduct risk-based reviews of correspondent accounts of certain foreign financial institutions.
The firm neither admitted nor denied the findings set forth in the AWC agreement, but agreed to address identified deficiencies in its programs. FINRA further noted that the firm “has taken extraordinary steps and devoted substantial resources since 2013 to expand and enhance its AML policies and procedures.”
On December 17, the Financial Industry Regulatory Authority (FINRA), the Financial Crimes Enforcement Network (FinCEN), and the SEC announced separate settlements (see here, here, and here) with a global broker-dealer following investigations into the firm’s anti-money laundering (AML) programs. According to FINRA, the broker-dealer and its affiliated securities firm allegedly failed to establish and implement AML processes reasonably designed to detect and report potentially high-risk transactions, including foreign currency wire transfers to and from countries known to be at high risk for money laundering, as well as penny stock transactions processed through the use of an omnibus account on behalf of undisclosed customers. FINRA alleged that from January 2004 to April 2017, the broker-dealer “processed thousands of foreign currency wires for billions of dollars, without sufficient oversight.”
In a separate investigation conducted by FinCEN in conjunction with FINRA and the SEC, the broker-dealer reached a settlement over allegations that it failed to, among other things, (i) develop and implement a risk-based AML program that “adequately addressed the risks associated with accounts that included both traditional brokerage and banking-like services”; (ii) implement policies and procedures, which would ensure the detection and reporting of suspicious activity through all accounts, particularly for those accounts with little to no securities training; (iii) “implement an adequate due diligence program for foreign correspondent accounts”; and (iv) provide sufficient staffing, leading to a backlog of alerts and decreased ability to file suspicious activity reports (SARs).
According to the SEC's investigation, from at least 2011 to 2013, the broker-dealer allegedly failed to file SARs as required by the Bank Secrecy Act’s reporting requirements and Section 17(a) of the Securities Exchange Act of 1934. Among other things, the SEC also claimed that the broker-dealer (i) provided customers with other services, such as cross-border wires, internal transfers between accounts and check writing, which increased its susceptibility to risks of money laundering and other types of associated illicit financial activity; and (ii) “did not properly review suspicious transactions flagged by its internal monitoring systems and failed to detect suspicious transactions involving the movement of funds between certain accounts in suspicious long-term patterns.”
After factoring in remedial actions, the broker-dealer has been assessed total civil money penalties of $14.5 million, including a $500,000 fine against the securities firm.
On November 28, the Financial Industry Regulatory Authority (FINRA) filed a proposed rule change with the SEC to amend paragraph (a)(3) of FINRA Rule 4512(a)(3)—“Customer Account Information”—which will permit the use of electronic signatures consistent with the E-SIGN Act. Specifically, under the proposed rule, firms will be allowed to obtain electronic signatures of personnel exercising discretionary trading authority over customer accounts maintained by a member. FINRA acknowledges that “[g]iven technological advances relating to electronic signatures, including with respect to authentication and security” it now believes that the requirement for manual signatures is obsolete. If approved by the SEC, the proposed rule change will be published in a regulatory notice no later than 60 days following approval, and will take effect within 30 days following publication.
On October 29, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent (AWC), fining a broker-dealer $2.75 million for identified deficiencies in its anti-money laundering (AML) program. According to FINRA, design flaws in the firm’s AML program allegedly resulted in the firm’s failure to properly investigate (i) certain third-party attempts to gain unauthorized access to its electronic systems, and (ii) other potential illegal activity, which should have led to the filing of Suspicious Activity Reports (SARs). FINRA notes that this failure primarily stemmed from the firm's use of an inaccurate “fraud case chart,” which provided guidance to employees about investigating and reporting requirements related to suspicious activity where third parties use “electronic means to attempt to compromise a customer's email or brokerage account.” Consequently, FINRA alleges that the firm failed to file more than 400 SARs and did not investigate certain cyber-related events. Among other things, FINRA also asserts that the firm failed to file or amend forms U4 or U5, which are used to report certain customer complaints, due to an overly restrictive interpretation of a requirement that complaints contain a claim for compensatory damages exceeding $5,000.
The firm neither admitted nor denied the findings set forth in the AWC agreement, but agreed to address identified deficiencies in its programs.
On July 30, the Financial Industry Regulatory Authority (FINRA) issued a Special Notice seeking comment on how it can support fintech innovation consistent with its mission of investor protection and market integrity. According to FINRA, the comment request builds on its Innovation Outreach Initiative, which launched last year to assist FINRA in understanding fintech innovations and how those innovations affect the securities industry (previously covered by InfoBytes here). The Special Notice seeks general comments on FINRA’s rules or processes that could be “modified to better support fintech innovation without adversely affecting investor protection or market integrity,” and comments pointing to specific areas of fintech innovation that may need a greater focus by the organization. In addition to those comments, the notice also raises three specific topics for comment that have previously been flagged as potential areas of engagement through the Innovation Outreach Initiative: (i) data aggregation services; (ii) supervision as it relates to artificial intelligence; and (iii) the development of a taxonomy-based machine-readable rulebook. Comments are due by October 12.
On May 18, the Financial Industry Regulatory Authority (FINRA) issued a notice covering enhancements to its disclosure review process. According to the notice, the enhancements will allow firms, for purposes of compliance with public record search requirements, to rely on FINRA’s verification process. Specifically, beginning on July 9, FINRA will conduct a public records search for bankruptcies, judgements, and liens within fifteen calendar days of receiving a firm’s Uniform Application for Securities Industry Registration or Transfer (Form U4). FINRA will provide any information to the firm that is different from what was provided on the Form U4. FINRA expects these enhancements to (i) reduce the cost associated with public records searches for firms; (ii) result in timelier reporting of disclosure information; and (iii) significantly reduce late disclosure fees.
On May 16, the Financial Industry Regulatory Authority (FINRA) and the SEC reached settlements (here and here) with a Chinese-based broker-dealer following an inquiry and investigation into the firm’s anti-money laundering (AML) programs. According to FINRA, the broker-dealer allegedly failed to implement reasonable processes to ensure that its AML programs were able to detect and report potentially suspicious transactions, particularly those concerning penny stocks. In addition, FINRA claimed the broker-dealer’s AML program compliance testing was “inadequate and failed to uncover any of the deficiencies in the firm’s trade monitoring.” In a separate investigation conducted by the SEC in conjunction with FINRA’s inquiry, the broker-dealer reached a settlement over allegations that it failed to, among other things, file suspicious activity reports as required under the Bank Secrecy Act or comply in a timely fashion with SEC record requests. Under the terms of the settlements, the broker-dealer agreed to pay $5.3 million to FINRA for systemic anti-money laundering compliance failures and $860,000 to the SEC. In agreeing to the settlements, the broker-dealer neither admitted nor denied the charges, but consented to the entry of the findings.
The SEC’s investigation also resulted in settlements with a second broker-dealer and its AML officer for allegedly violating the Exchange Act and SEC financial recordkeeping and reporting requirements for not reporting the suspicious sales of billions of penny stock shares. The broker dealer agreed to pay a civil money penalty of $1,000,000 to the SEC, was censured, and was ordered to cease and desist from causing or committing any violations or future violations of the SEC’s suspicious activity reporting requirements. The AML officer was assessed a $15,000 civil money penalty and barred from association with any broker, dealer, investment advisor, municipal securities dealer, municipal advisor, transfer agency, or national recognized statistical rating organization for a period of three years, among other things.
On May 3, FINRA issued a Regulatory Notice 18-19 amending Rule 3310—Anti-Money Laundering (AML) Compliance Program rule—to reflect the Financial Crimes Enforcement Network’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which becomes applicable on May 11. According to Regulatory Notice 18-19, member firms should ensure that their AML programs are updated to include, among other things, appropriate risk-based procedures for conducting ongoing customer due diligence including (i) “understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile,” and (ii) “conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.” The announcement also makes reference to FINRA’s Regulatory Notice 17-40, issued last November, which provides additional guidance for member firms complying with the CDD rule. (See previous InfoBytes coverage here.). The notice further states that the “provisions are not new and merely codify existing expectations for firms.”
On May 2, FINRA issued a notice revising its Sanction Guidelines to reflect recent changes to General Principle No. 2, which instructs adjudicators “to consider customer-initiated arbitrations that result in adverse arbitration awards or settlements” in addition to the more traditional disciplinary history when assessing sanctions. FINRA Regulatory Notice 18-17 states that if an adjudicator determines that a “pattern of causing harm” to investors or market integrity exits, or a respondent demonstrates a disregard to regulatory requirements, then more stringent sanctions should be considered. New FAQs related to the revisions are available here.
Revisions to the Sanctions Guidelines will apply to all complaints filed in FINRA’s disciplinary system beginning June 1.
- Buckley Webcast: Maintaining privilege in cross-border internal investigations
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program