Remarks From the SIFMA Anti-Money Laundering and Financial Crimes Conference
Executive Vice President, Enforcement
New York, NY
As prepared for delivery.
Money laundering is not a new issue for the securities industry. In fact, it has been listed in every FINRA annual regulatory priorities letter issued over the past 11 years. Many of the issues we've focused on over the years remain areas of focus in 2016. For example, we've addressed risk on many occasions. In 2009, we reminded firms to ensure that their AML policies and procedures are appropriately tailored to the firm's business model, risk profile and volume of transactions, particularly with regard to monitoring, detecting and reporting suspicious activity. And in 2014, we reminded firms with high-risk customer bases to tailor their programs around the specific risks of those customers, including the types of customers, where their customers are located and the types of services they offer to those customers.
Equally telling is how little has changed regarding the key characteristics of a strong AML program. What has changed is the nature of the schemes we're seeing. So it's imperative that firms maintain a strong compliance program that is responsive to the ever-changing challenges and adequately addresses the risks that an individual firm faces. From our perspective, a strong focus on culture and a deep understanding of the specific risks a firm faces are fundamental components of a robust compliance program. So this morning I want to focus my remarks on two areas—culture and risk—and how focusing on these two areas can help a firm be prepared to tackle the ever-changing AML challenges.
You've often heard FINRA executives speak—sometimes very passionately—about conflicts of interest, firm culture and professional ethics. These related areas have been a focus for FINRA for many years, and they are areas where we think firms should also be paying keen attention.
Many of the problems we've observed in the financial services industry have their roots in firm culture and the culture inherent in the business they choose to accept. So, as I'm sure you know by now, FINRA is formalizing our assessment of firm culture while continuing our focus on conflicts of interest and ethics. Firm culture has a strong influence on how firms conduct their business. For a good culture to flourish, a firm's management must articulate and practice high standards of ethical behavior that are expected and visible throughout the organization.
Let me assure you that our goal is not to dictate firm culture or to use the survey to develop enforcement cases. Instead, we want to understand how it affects a firm's compliance and risk management practices.
FINRA will focus on the frameworks that firms use to develop, communicate and assess conformance with their culture. We'll look at five indicators of a firm's culture:
- one, whether control functions are valued within the organization;
- two, whether policy or control breaches are tolerated;
- three, whether the organization seeks to proactively identify risk and compliance events;
- four, whether supervisors are effective role models of firm culture; and
- five, whether firms identify and address sub-cultures—such as the culture at a branch office, a trading desk or an investment banking department—that may not conform to the overall corporate culture.
It is interesting to note that these factors are the same ones that have gone into sanctions analyses—either positively or negatively—over the last 20 years. Even more importantly, an ethical culture is central to achieving our shared goal of restoring and maintaining investor confidence and trust in the securities industry.
Let's shift gears to risk. I began my remarks with two examples of how we addressed risk and AML programs in our annual priorities letters. It should be no surprise that careful consideration of your risks as it pertains to AML programs remains a concern for FINRA. I won't go into significant detail since you will hear more about our exam priorities from Mike Rufino later on the 11 o'clock panel. There are two areas that I want to mention given their relevance to some of the trends we're seeing on the enforcement side.
First is around the adequacy of firms' systems for monitoring for suspicious activity. I can't stress enough the importance of ensuring that the systems your firm uses to monitor customer accounts and activity are properly tested and calibrated, and are continuously modified to tailor them to the risks inherent in your business models. Think about the various types of high-risk activity flowing through your firm; are those transactions—including all relevant steps—being adequately captured in your systems? Are the thresholds in those systems appropriate? We talk a lot about the importance of tailoring your AML program to the risks of your firm, and your systems should reflect a careful consideration of your risks. And, if you're delegating the monitoring of suspicious trading to someone outside of AML, which I know is a common industry practice, be sure it's an appropriate delegation—and that you have an open line of communication back to the AML function.
Another area where you really need to keep a close eye is microcap securities. If you choose to accept this business, you must be able to establish that the deposits of large blocks of microcap securities are in compliance with or exempt from SEC registration requirements. You must have processes in place to identify suspicious trading activity—in particular those with "red flags" of pump-and-dump schemes—and you must independently verify key facts around the deposit and liquidation of microcap stocks, rather than rely blindly on opinions or statements from customers or issuers that are almost always self-serving. These are areas we're looking at when we examine and when we commence enforcement action—and areas that you should be evaluating yourself.
These are just a few of our priorities. As I mentioned, Mike will talk further about these and other areas of concern in our exam program later.
Now, let's turn to enforcement and some recent actions that are noteworthy.
First, we charged a firm $950,000 for sales of unregistered penny stocks and AML violations. In this case, we found that from April 2009 to June 2011, the firm liquidated nearly 3.9 billion shares of five penny stocks that were not registered with the SEC and not exempt from registration, in violation of Section 5 of the '33 Act.
There were many red flags associated with the activity, including that the seven customers involved were referred to the firm by a single former securities broker who was barred from the industry—for microcap-related violations, I might add—and who controlled the activity in several of the firm's accounts. Without conducting a reasonable inquiry into the red flags, the firm sold the unregistered shares in violation of the registration requirements of the securities laws.
The red flags alleged by FINRA included:
- Multiple accounts under common control.
- Multiple deposits of the same issuer in each account.
- Through repeated deposits with immediate liquidations across the accounts, substantial amounts of Total Shares Outstanding were liquidated in a short period of time—for example over 30 percent in one month—with no registration statement and no available exemption because the transactions were part of a scheme to evade Section 5.
- In two years, the seven customers deposited and liquidated 3.9 billion shares of microcap shares.
- Sales generated 24.5 million dollars in proceeds, $1.1 million in commissions.
- The shares were acquired through a convertible debt agreement.
- The shares were quickly liquidated upon deposit, and the proceeds promptly wired out of the accounts.
- The shares were sold amidst heavy online promotional activity.
In the end, there was overwhelming evidence that the firm's procedures were inadequately tailored to the firm's risks, the implementation of those procedures was inadequate, and there was underlying suspicious activity that—at the end of the day—caused harm to unsuspecting investors. We also charged the two chief compliance officers over the relevant time period, who happened to be the firm's AML officers as well, with supervisory and AML violations.
Now I want to mention another case, and I want you to take note of the similarities and one key difference.
In the second case, we fined the firm $6 million and ordered disgorgement of $1.3 million in commissions, for selling more than 73 billion shares of microcap securities without conducting adequate due diligence. The firm decided to ratchet up its microcap business in 2011. The firm gradually worked to expand the firm's microcap business by developing seven high-risk customers. The firm's penny stock expansion was not complemented by any effort to supplement and update its procedures to account for the additional risks this new business line posed to the firm. Some of the red flags presented by this business included:
- repeated deliveries of large volumes of recently issued, thinly traded securities, followed by the immediate liquidation of the securities and the wiring out of the proceeds;
- sales that dominated the daily market volume for trading in the security;
- sales that represented a significant portion of the total outstanding shares of the security;
- sales amidst heavy promotional activity; and
- shares acquired through convertible debt agreements.
As I mentioned, in this case, we charged the firm a significant fine and disgorgement. However, in this case, we didn't charge the AML officer. We did charge the equity trader and his supervisor, who led the firm's push into the penny stocks, with supervisory violations.
So what was the difference between the two cases? Why do we charge individuals in some cases and not in others?
When we look at cases and charging decisions, we look at potential liability for individuals in every case. Among the factors we considered are:
- extent the individual was involved in the wrong-doing;
- whether the individual has taken corrective measures;
- the extent of underlying conduct and degree of investor harm; and
- willful blindness or intentional participation in the violations.
In each and every case, it's facts and circumstances analysis of conduct. Let's review what differentiated the outcomes for the AML officers in these two cases.
In the first case we charged two AML officers—who, I think it's important to note were also compliance officers at the firm. In this case, our investigation showed that these two individuals were squarely in charge with establishing and implementing an adequate supervisory system for the sale of microcap securities and they failed in both respects.
They did not establish for the firm a supervisory system that included a mandatory standardized process for ensuring that sales were in compliance with Section 5. Instead, they propagated a system that was more concerned with generating commissions than it was with complying with laws and regulations. Further, they inconsistently and inadequately implemented this weak system, by unreasonably relying on representations from customers and their counsel without verifying that information. They also did not consider patterns of deposits and liquidations of microcap securities to be a red flag that required investigation or inquiry. In short, these AML officers did little to nothing to question or stop the sales of billions of shares of microcap stock dumped into the marketplace through the firm. In comparison, we did not charge the AML compliance officer in the second case because he made numerous attempts to question the activity and inadequate supervisory systems. It was clear that the head of equities who was charged in the case was the one who was pushing for the microcap business to be expanded, even in the face of objections from the compliance staff. It was also clear that that individual, and the rep who was conducting the transactions and was also charged, pushed for the business to continue and expand even after the compliance staff had received regulatory inquiries and subpoenas regarding the business.
Before I close, I want to address another issue that we frequently hear about: regulatory overlap, especially with many regulators focused on the same hot topics. FINRA, the SEC and other regulators are taking steps to reduce regulatory overlap and duplication to the fullest extent. To reduce—with the goal of eliminating—duplication, we have increased our coordination and information sharing with the SEC's Enforcement Division and the SEC's Office of Compliance Inspections and Examinations. For example, we share information on cycle examinations, branch examinations and investigations of individual registered representatives, and significant investigations.
We have augmented our long-standing quarterly OCIE meetings with additional standing meetings specifically focused on the topics of duplication and coordination. Moreover, FINRA and OCIE share information for specific examinations to avoid overlap and duplications. Our staffs confer when both organizations are focused on the same firm to ensure that we have distinct interests. If interests are not distinct, we may defer our matter to OCIE.
In the AML space, FINRA has a different role than the SEC and the Financial Crimes Enforcement Network. The SEC's AML rule is focused on recordkeeping and reporting. And at FINRA we are focused on a firm's compliance with AML rules under FINRA Rule 3310, which sets forth minimum standards for a firm's written AML compliance program. We also coordinate our AML efforts with the SEC and FinCEN. We hold quarterly meetings with the SEC that are just dedicated to AML to discuss policy issues, areas of concern, and examination and enforcement trends. We also hold joint examiner training every few years with the SEC and we have informal ad hoc contact on AML on a daily to weekly basis. With respect to FinCEN, we have calls every two weeks to go over examination and enforcement matters, and also hold frequent ad hoc discussions on policy and other matters.
We've covered a fair amount of ground today. What should you take-away and bring into action at your firm? That depends, of course, largely on your firm's business model and the types of customers you have.
You need to know your customers. You need to conduct due diligence on the securities you're selling. You need to tailor your program to the risks inherent in your business model. You need to test your program. And, make updates as your business changes or expands. You need to be sure your employees are trained—especially when you have new business lines. You need to make sure you have good supervisory systems when you do high-risk business like micro-caps.
But, of course, you know all that. Your being here today is a strong indicator that you are committed to your firm's AML program. I get that your job isn't always easy. You are often the first line of defense in detecting and reporting potential money laundering—and we're glad you're there. We all have a mutual interest in keeping investors from harm and retaining trust in the markets.
Thanks for listening.