Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 7, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of its 2020 Examination Priorities. The annual release of exam priorities provides transparency into the risk-based examination process and lists areas that pose current and potential risks to investors. OCIE’s 2020 examination priorities include:
- Retail investors, including seniors and those saving for retirement. OCIE places particular emphasis on disclosures and recommendations provided to investors.
- Information security. In addition to cybersecurity, top areas of focus include: risk management, vendor management, online and mobile account access controls, data loss prevention, appropriate training, and incident response.
- Fintech and innovation, digital assets and electronic investment advice. OCIE notes that the rapid pace of technology development, as well as new uses of alternative data, presents new risks and will focus attention on the effectiveness of compliance programs.
- Investment advisers, investment companies, broker-dealers, and municipal advisers. Risk-based exams will continue for each of these types of entities, with an emphasis on new registered investment advisers (RIA) and RIAs that have not been examined. Other themes in exams of these entities include board oversight, trading practices, advice to investors, RIA activities, disclosures of conflicts of interest, and fiduciary obligations.
- Anti-money laundering. Importance will be placed on beneficial ownership, customer identification and due diligence, and policies and procedures to identify suspicious activity.
- Market infrastructure. Particular attention will be directed to clearing agencies, national securities exchanges and alternative trading systems, and transfer agents.
- FINRA and MSRB. OCIE exams will emphasize regulatory programs, exams of broker-dealers and municipal advisers, as well as policies, procedures and controls.
On July 11, the Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 19-23, which provides clarifying guidance on enforcement credit for firms or individuals that provide “extraordinary cooperation” in investigations that exceed FINRA’s rule requirements. Specifically, FINRA defines “extraordinary cooperation” as including (i) self-reporting violations prior to regulator detection and intervention; (ii) taking voluntary, extraordinary steps to correct problems; (iii) making voluntary remediation to customers prior to detection; and (iv) providing a substantial amount of assistance to FINRA’s investigation. The notice, which supplements prior guidance issued in 2008, also clarifies the difference between required cooperation and extraordinary efforts, and outlines the types of credit firms or individuals may receive.
On July 8, the SEC and the Financial Industry Regulatory Authority (FINRA) issued a joint statement in response to compliance questions received from broker-dealer participants who handle digital asset securities. While recognizing that the application of federal securities law and FINRA rules to digital asset securities, as well as related innovative technologies, “raise novel and complex regulatory and compliance questions and challenges,” the joint statement encourages “reasonably practicable” efforts to address these issues. Among other things, the guidance emphasizes that broker-dealer participants who try to maintain custody of clients’ digital asset securities must comply with the SEC’s Customer Protection Rule to safeguard customers’ assets and prevent investor loss or harm. In situations involving noncustodial digital asset securities activities, relevant laws, rules, and requirements must also be followed, even if these activities generally do not raise the same level of concern. The SEC and FINRA also acknowledge that compliance with these rules may be challenging as technological enhancements and situations unique to digital asset securities continue to develop, and emphasize that they will continue to engage with broker-dealer participants as the marketplace evolves.
On May 6, the Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 19-18, which provides guidance to member firms regarding suspicious activity monitoring and reporting obligations under FINRA’s Anti-Money Laundering Compliance Program. Specifically, the Notice is intended to assist broker-dealers with their existing obligations under Bank Secrecy Act/Anti-Money Laundering (BSA/AML) requirements by providing a list of “money laundering red flags,” augmenting the red flags list from the 2002 Notice to Members 02-21 with additional red flags published by a number of U.S. government agencies and international organizations. The guidance lists potential red flags in a number of categories, including (i) customer due diligence and interactions with customers; (ii) deposits of securities; (iii) securities trading; (iv) money movements; and (v) insurance products. The Notice emphasizes that the list of 97 red flags “is not an exhaustive list and does not guarantee compliance with AML program requirements or provide a safe harbor from regulatory responsibility,” but rather provides examples for firms to consider incorporating into their AML programs, as may be appropriate in implementing a risk-based approach to BSA/AML compliance. The Notice also reminds firms to be aware of emerging areas of risk, such as those associated with activity in digital assets.
On April 24, the Financial Industry Regulatory Authority (FINRA) announced the formation of a new office, the Office of Financial Innovation, that will act as a central point of coordination for issues related to financial innovation by FINRA members. The new office, which is an outgrowth of FINRA’s Innovation Outreach Initiative (previously covered by InfoBytes here), will collaborate with various FINRA teams as well as regulators, investors, and other stakeholders to encourage the use of fintech in a way that strengthens market integrity and protects investors. The new office also will incorporate FINRA’s existing Office of Emerging Regulatory Issues, which focuses on analyzing new and emerging risks and trends related to the securities market.
On January 22, the Financial Industry Regulatory Authority (FINRA) issued new guidance on areas member firms should consider when seeking to improve their compliance, supervisory, and risk management programs. The 2019 FINRA Risk Monitoring and Examination Priorities Letter (2019 Priorities Letter) examines both new priorities as well as areas of ongoing concern, including the adequacy of firms’ cybersecurity programs. FINRA notes, however, that the 2019 Priorities Letter does not repeat topics previously addressed in prior letters, and advises member firms that it will continue to review ongoing obligations for compliance. Topics FINRA plans to focus on in the coming year include:
- Firms’ use of regulatory technology to help compliance efforts become “more efficient, effective, and risk-based.” FINRA will work with firms to understand risks and concerns related to supervision and governance systems, third party vendor management, and safeguarding customer data;
- Supervision of digital assets, including coordinating with the SEC to review how firms determine whether a given digital asset is a security and whether firms are implementing adequate controls and supervisions related to digital assets, such as complying with anti-money laundering and Bank Secrecy Act rules and regulations;
- Assessment of firms’ compliance with FinCEN’s Customer Due Diligence rule, which requires firms to identify beneficial owners of legal entity customers (as previously covered by InfoBytes here); and
- Financial risks, including credit risks, funding and liquidity planning.
On December 26, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent (AWC), fining a broker-dealer $10 million for failing to establish and enforce an anti-money laundering (AML) program that complies with Bank Secrecy Act and implementing regulation requirements. According to FINRA, alleged failures in the firm’s automated AML surveillance system allowed transactions from countries with “high money laundering risk” to flow through the financial system from January 2011 through at least April 2016. Furthermore, the firm allegedly failed to (i) devote sufficient resources to reviewing suspicious transactions; (ii) adequately monitor customers’ penny stock trades and deposits for suspicious activities; and (iii) adequately monitor and conduct risk-based reviews of correspondent accounts of certain foreign financial institutions.
The firm neither admitted nor denied the findings set forth in the AWC agreement, but agreed to address identified deficiencies in its programs. FINRA further noted that the firm “has taken extraordinary steps and devoted substantial resources since 2013 to expand and enhance its AML policies and procedures.”
On December 17, the Financial Industry Regulatory Authority (FINRA), the Financial Crimes Enforcement Network (FinCEN), and the SEC announced separate settlements (see here, here, and here) with a global broker-dealer following investigations into the firm’s anti-money laundering (AML) programs. According to FINRA, the broker-dealer and its affiliated securities firm allegedly failed to establish and implement AML processes reasonably designed to detect and report potentially high-risk transactions, including foreign currency wire transfers to and from countries known to be at high risk for money laundering, as well as penny stock transactions processed through the use of an omnibus account on behalf of undisclosed customers. FINRA alleged that from January 2004 to April 2017, the broker-dealer “processed thousands of foreign currency wires for billions of dollars, without sufficient oversight.”
In a separate investigation conducted by FinCEN in conjunction with FINRA and the SEC, the broker-dealer reached a settlement over allegations that it failed to, among other things, (i) develop and implement a risk-based AML program that “adequately addressed the risks associated with accounts that included both traditional brokerage and banking-like services”; (ii) implement policies and procedures, which would ensure the detection and reporting of suspicious activity through all accounts, particularly for those accounts with little to no securities training; (iii) “implement an adequate due diligence program for foreign correspondent accounts”; and (iv) provide sufficient staffing, leading to a backlog of alerts and decreased ability to file suspicious activity reports (SARs).
According to the SEC's investigation, from at least 2011 to 2013, the broker-dealer allegedly failed to file SARs as required by the Bank Secrecy Act’s reporting requirements and Section 17(a) of the Securities Exchange Act of 1934. Among other things, the SEC also claimed that the broker-dealer (i) provided customers with other services, such as cross-border wires, internal transfers between accounts and check writing, which increased its susceptibility to risks of money laundering and other types of associated illicit financial activity; and (ii) “did not properly review suspicious transactions flagged by its internal monitoring systems and failed to detect suspicious transactions involving the movement of funds between certain accounts in suspicious long-term patterns.”
After factoring in remedial actions, the broker-dealer has been assessed total civil money penalties of $14.5 million, including a $500,000 fine against the securities firm.
On November 28, the Financial Industry Regulatory Authority (FINRA) filed a proposed rule change with the SEC to amend paragraph (a)(3) of FINRA Rule 4512(a)(3)—“Customer Account Information”—which will permit the use of electronic signatures consistent with the E-SIGN Act. Specifically, under the proposed rule, firms will be allowed to obtain electronic signatures of personnel exercising discretionary trading authority over customer accounts maintained by a member. FINRA acknowledges that “[g]iven technological advances relating to electronic signatures, including with respect to authentication and security” it now believes that the requirement for manual signatures is obsolete. If approved by the SEC, the proposed rule change will be published in a regulatory notice no later than 60 days following approval, and will take effect within 30 days following publication.
On October 29, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent (AWC), fining a broker-dealer $2.75 million for identified deficiencies in its anti-money laundering (AML) program. According to FINRA, design flaws in the firm’s AML program allegedly resulted in the firm’s failure to properly investigate (i) certain third-party attempts to gain unauthorized access to its electronic systems, and (ii) other potential illegal activity, which should have led to the filing of Suspicious Activity Reports (SARs). FINRA notes that this failure primarily stemmed from the firm's use of an inaccurate “fraud case chart,” which provided guidance to employees about investigating and reporting requirements related to suspicious activity where third parties use “electronic means to attempt to compromise a customer's email or brokerage account.” Consequently, FINRA alleges that the firm failed to file more than 400 SARs and did not investigate certain cyber-related events. Among other things, FINRA also asserts that the firm failed to file or amend forms U4 or U5, which are used to report certain customer complaints, due to an overly restrictive interpretation of a requirement that complaints contain a claim for compensatory damages exceeding $5,000.
The firm neither admitted nor denied the findings set forth in the AWC agreement, but agreed to address identified deficiencies in its programs.
- Daniel P. Stipano to moderate "Washington update" at the Puerto Rican Symposium of Anti Money Laundering
- Melissa Klimkiewicz to discuss "Private flood insurance updates" at the Mortgage Bankers Association Servicing Solutions Conference & Expo
- Jonice Gray Tucker and H Joshua Kotin to discuss regulatory compliance issues in the fintech industry at Protiviti's Risk & Compliance Innovation Roundtable
- APPROVED Checkpoint Webcast: CFL overview
- Amanda R. Lawrence and Sherry-Maria Safchuk to discuss "California privacy rule" on an NAFCU webinar
- Sasha Leonhardt to discuss "MLA & SCRA" on a NAFCU webinar
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS International AML & Financial Crime Conference
- Brandy A. Hood to discuss "RESPA 8 (TRID applied compliance)" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- John P. Kromer to discuss "Navigating the multi-state fintech regulatory regime" at the American Conference Institute Legal, Regulatory and Compliance Forum on Fintech & Emerging Payment Systems
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Hank Asbill to discuss "Critique of direct examination; Questions and answers" at the American Bar Association Section of Litigation Anatomy of a Trial: Murder Trial of Ziang Sung Wan
- Hank Asbill to discuss "What judges want from trial lawyers" at the American Bar Association Section of Litigation Anatomy of a Trial: Murder Trial of Ziang Sung Wan
- Steven R. vonBerg to speak at the "Conference super session" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference