InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Broker-dealer settles AML allegations with FINRA
On February 12, FINRA settled allegations with a Florida-based broker-dealer for failing to implement reasonable procedures requiring escalation of potentially suspicious trading activity. Closely following the SEC and DFPI’s recent enforcement action (covered by InfoBytes here), the company, without admitting or denying the allegations, agreed to pay a $700,000 fine to settle claims regarding its failure to effectively implement anti-money laundering (AML) programs. FINRA claimed that the company did not adequately equip its analysts to review and address trading alerts related to suspicious activities by customers, which could total up to 100 alerts per trading day. Additionally, the company allegedly lacked proper written procedures in connection with the acceptance and resale of low-priced securities as required to comply with Section 5 of the Securities Act of 1933 in violation of FINRA Rules. FINRA also noted that, despite being aware that improvements to the AML program were necessary as early as 2016, the company did not fully implement recommended improvements until March 2022. In issuing the fine, FINRA highlighted that the company was fined for similar AML violations back in 2011 and emphasized instances where the company’s analysts failed to escalate suspicious activity to the AML department in a timely manner, leading to regulatory inquiries and subpoenas regarding certain customers’ practices.
Securities regulators issue guidance and an RFC on AI trading scams
On January 25, FINRA and the CFTC released advisory guidance on artificial intelligence (AI) fraud, with the latter putting out a formal request for comment. FINRA released an advisory titled “Artificial Intelligence (AI) and Investment Fraud” to make investors aware of the growing popularity of scammers committing investment fraud using AI and other emerging technologies, posting the popular scam tactics, and then offering protective steps. The CFTC released a customer advisory called “AI Won’t Turn Trading Bots into Money Machines,” which focused on trading platforms that claim AI-created algorithms can guarantee huge returns.
Specifically in FINRA’s notice, the regulator stated that registration is a good indicator of sound investment advice, and offers the Investor.gov tool as a means to check; however, even registered firms and professionals can offer claims that sound too good to be true, so “be wary.” FINRA also warned about investing in companies involved in AI, often using catchy buzzwords or making claims to “guarantee huge gains.” Some companies may engage in pump-and-dump schemes where promoters “pump” up a stock price by spreading false information, then “dump” their own shares before the stock’s value drops. FINRA’s guidance additionally discussed the use of celebrity endorsements to promote an investment using social media; FINRA states that social media has become “more saturated with financial content than ever before” leading to the rise of “finfluencers.” Finally, FINRA mentioned how AI-enabled technology allows scammers to create “deepfake” videos and audio recordings to spread false information. Scammers have been using AI to impersonate a victim’s family members, a CEO announcing false news to manipulate a stock’s price, or how it can create realistic marketing materials.
The CFTC’s advisory highlighted how scammers use AI to create algorithmic trading platforms using “bots” that automatically buy and sell. In one case cited by the CFTC, a scammer defrauded customers into selling him nearly 30,000 bitcoins, worth over $1.7 billion at the time. The CFTC posted a Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets. The Request listed eight questions addressing current and potential uses of AI by regulated entities, and several more addressing concerns regarding the use of AI in regulated markets and entities for the public to respond to.
FINRA report finds 70 percent of broker-dealer communications potentially violate crypto-asset rule.
On January 23, FINRA published a report which found 70 percent of broker-dealer communications with retail customers showed potential violations of crypto-asset communications as part of a targeted exam. The potential violations fall under FINRA Rule 2210, which require that broker-dealer communications are fair, balanced, based in fact, and do not omit any material facts. With these rules in mind, FINRA reviewed more than 500 retail communications on crypto-assets made by broker-dealers consisting of podcasts, commercials, correspondences, and retail and institutional communications. FINRA’s exam uncovered numerous potential violations of Rule 2210, including the failure to clearly differentiate whether crypto-assets were offered by the member or by a third-party (especially on mobile apps); false statements that crypto-assets function like cash; comparisons of crypto-assets with other assets without providing a comparison of their features and risks; unclear and misleading explanations of how crypto-assets actually work; the failure to include key explanations of how crypto-assets are issued or held; misrepresenting the federal protections that apply to crypto-assets; and making misleading statements. Last, FINRA published a list of questions for broker-dealers to consider when reviewing and supervising their retail communications about crypto-assets.
FINRA report covers new topics including cryptoassets
On January 9, FINRA released a report on regulatory oversight titled “2024 FINRA Annual Regulatory Oversight Report.” The report integrates FINRA’s regulatory operations programs as a source of information for firms to strengthen their compliance standards. The report outlines new topics, including Crypto Asset Developments, OTC Quotations in Fixed Income Securities, Advertised Volume, and the Market Access Rule.
With respect to Crypto Asset Developments, the report focuses on surveillance themes and effective practices including best practices for due diligence. On the topic of OTC Quotations in Fixed Income Securities, the report highlights amendments to the rules governing publication of quotations by broker-dealers in a quotation medium. Further, with respect to Advertised Volume, FINRA highlights Rule 5210, which prohibits member firms from publishing transactions that are not believed to be a bona fide purchase or sale of a security.
The report notes that the SEC’s Market Access Rule prohibits firms that provide market access from “jeopardiz[ing] their own financial condition.” Findings include insufficient controls and failure to consider additional data. Effective practices include pre-trade fixed-income financial controls and soft blocks, among others. The report also covers several other topics including Cybersecurity, AML Fraud and Sanctions, Reg BI and Form CRS, and Consolidated Audit Trail.
FINRA alerts firms about rising ransomware risks
On December 14, FINRA issued Regulatory Notice 22-29, alerting member firms about the increasing number and sophistication of ransomware incidents. FINRA explained that the proliferation in ransomware attacks can be attributed in part to the increased use of technology and continued adoption of cryptocurrencies that bad actors use to conceal their identities when collecting ransom payments. Moreover, bad actors who purchase attack services on the dark web “have helped execute attacks on a much larger scale and make attacks available to less technologically savvy bad actors,” FINRA said. Under Rule 30 of the SEC’s Regulation S-P, firms are required to maintain written policies and procedures designed to reasonably safeguard customer records and information, FINRA stated, adding that FINRA Rule 4370 (related to business continuity plans and emergency contact information) also applies to ransomware attacks that include service denials and other interruptions to firms’ operations. The notice provides questions for firms to consider when evaluating their cybersecurity programs and outlines common attack types and considerations for firms’ ransomware threat defenses, as well as additional ransomware controls and relevant resources.
FINRA requests information on crypto asset retail communications
Recently, FINRA announced that it is conducting a targeted exam of firm practices regarding retail communications on crypto asset products and services for the time period of July 1, 2022 through September 30, 2022. In the targeted exam letters, FINRA requested, among other things, that firms or their affiliates provide: (i) all retail communications on the firm’s behalf that refer to, relate to, or concern a crypto asset or service involving the transaction or holding of a crypto asset; (ii) written supervisory procedures concerning the review, approval, record keeping, and dissemination of communications; and (iii) any compliance policies, manuals, training materials, compliance bulletins, and any other written guidance.
FINRA alerts firms about rising ACATS fraud
On October 6, FINRA issued Regulatory Notice 22-21, alerting member firms to the rising trend of fraudulent account transfers of customer accounts using the Automated Customer Account Transfer Service (ACATS)—an automated system that facilitates the transfer of customer account assets from one member firm to another. FINRA explained that “ACATS fraud is related to the growing threat of new accounts being opened online or through mobile applications using stolen or synthetic identities,” and may occur when the identity of a legitimate customer of a carrying member is stolen by a bad actor to open a brokerage account online or through a mobile app at a receiving member. Bad actors, FINRA warned, may open a new account using stolen information only or through a combination of stolen and false information, and will try to move the ill-gotten assets to an external account at a different financial institution. FINRA reminded members of regulatory obligations that may apply to ACATS fraud, including know-your-customer rules, Bank Secrecy Act/AML requirements, and the Identity Theft Red Flags Rule.
FINRA revises Sanctions Guidelines
On September 29, FINRA issued Regulatory Notice 22-20, announcing revisions to its Sanctions Guidelines to ensure they align with the levels of sanctions imposed in FINRA disciplinary proceedings and reflect the differences between types of respondents. Among other things, the revised guidelines: (i) differentiate current guidelines for individuals and firms; (ii) establish separate fine ranges for firms based on size; (iii) remove the upper limit of the fine range for mid- and large-size firms “to reflect the settlement amounts that FINRA frequently seeks for these types of violations and the fact that these guidelines address the most serious violations that FINRA pursues”; (iv) create six new AML guidelines (the revisions specify that the guidelines “have no upper limit on the fine range for mid-size and large-size firms for AML violations that involve the failure to reasonably monitor to report suspicious transactions”); (v) include a discussion of non-monetary sanctions for firms; (vi) create “single fine ranges for all actions in the Quality of Markets guidelines and other select guidelines”; (vii) establish a $5,000 minimum fine for all firms regardless of size; and (viii) delete certain infrequently used guidelines.
FINRA fines broker dealer for AML failures
On September 9, FINRA settled charges with a broker dealer (respondent) for alleged failures in its anti-money laundering (AML) compliance program. According to the letter of acceptance, waiver, and consent, the respondent allegedly failed to, among other things: (i) establish a reasonably designed AML program; (ii) implement a customer identification program; (iii) reasonably supervise for potentially manipulative trading; and (iv) preserve and maintain certain electronic communications. Additionally, FINRA found that the respondent unreasonably relied on manual reviews of the daily trade blotter to identify market manipulation. FINRA’s order includes alleged violations of FINRA Rule 2010, Rule 3110, Rule 3310(a)-(b) and Rule 4511. FINRA also determined that the respondent violated Securities Exchange Act of 1934 Section 17(a) and Rule 17a-4(b)(4). The respondent agreed to pay a $450,000 civil monetary penalty to FINRA and is prohibited from providing market access for two years.
FINRA reminds firms of their obligation to supervise digital signatures
Recently, FINRA issued Regulatory Notice 22-18 reminding member firms of their obligation to supervise for digital signature forgery and falsification. FINRA reported it has received a rising number of reports claiming registered representatives and associated persons have been forging or falsifying customer signatures, as well as those of colleagues or supervisors in some instances. Issues have been flagged in “account opening documents and updates, account activity letters, discretionary trading authorizations, wire instructions and internal firm documents related to the review of customer transactions.” FINRA advised member firms to review outlined methods and scenarios for identifying digital signature forgery or falsification in order to mitigate risk and meet regulatory obligations.