By Kara Williams and Gargi Sharma
Here is a look back at a few key topics related to anti-money laundering (AML) obligations that rose to the level of being included in FINRA’s 2023 Examination and Risk Monitoring Report. These threats continue to be prevalent today and remain as areas of focus for FINRA’s Complex Investigations and Intelligence (CII) section.
One was manipulative trading in small cap initial public offerings (IPOs). FINRA recently published Regulatory Notice 22-25 to highlight a heightened threat of fraud related to IPOs for certain small-capitalization (small-cap) issuers listed on U.S. stock exchanges that may be the subject of pump-and-dump-like schemes (sometimes referred to as "ramp-and-dump" schemes”). While this threat continues to evolve, the Notice details some of the elements observed in these schemes to date. Examples of these elements include:
- Each IPO typically raised less than $25 million and valued each issuer at less than $100 million, with the IPO typically issuing fewer than 20 million shares. Many issuers or their operating subsidiaries or affiliates maintained primary operations in China, but some issuers also based their operations in other countries.
- Underwriters and selling group members (including foreign broker-dealers) may be allocating the majority of shares to a small number of investors, leading to a concentration of shares being held in very few hands.
- Nominee accounts, primarily accounts opened for foreign nationals, have been opened at U.S. broker-dealers to invest in IPOs and later place manipulative orders and trades to inflate aftermarket prices.
- Most shares of issuers that are the subject of suspected ramp-and-dump schemes experienced significant price increases in the opening trade on an exchange and in continuous trading on the day of, or days immediately following, the listing. These price increases did not appear to be driven by news or material events. After the spike, the price quickly declined to a level at or below the offering price.
- Omnibus accounts at U.S. broker-dealers maintained for foreign financial institutions, including foreign broker-dealers, have been observed liquidating large amounts of shares of the small-cap issuers at the peak of price spikes associated with suspected ramp-and-dump schemes.
Another was Russia-related sanctions evasion. FINRA alerted member firms to the initial rounds of sanctions against Russian entities and individuals that were implemented in connection with Russia’s further invasion of Ukraine through Regulatory Notice 22-06 and a Russia-Related Sanctions Alert. FinCEN issued alert FIN-2022-Alert001 to warn financial institutions of efforts to evade Russia-related sanctions, to provide red flags to assist in identifying potential sanctions evasion and to remind firms of Bank Secrecy Act reporting obligations. The sanctions and related considerations for FINRA member firms such as the risk of sanctions evasion were a major focus for FINRA’s AML Investigations Unit in 2022.
And a third risk area of emerging focus involved fraudulent Automated Customer Account Transfer Service (ACATS) requests.
By way of background, while some transfers may occur outside of ACATS, in general, a customer who wishes to transfer securities account assets from the firm carrying the customer’s account (carrying member) to another firm must open an account at the new firm that is expecting to receive the customer’s account assets (receiving member). The account transfer process begins when the receiving member receives the customer’s authorized Transfer Instruction Form (TIF); the receiving member then initiates the account transfer through ACATS. Typically, a TIF includes the customer’s name, date, the account type and account numbers at the receiving member and carrying member, and other personal identifiable information about the customer (e.g., tax identification number or Social Security number).
FINRA’s Regulatory Notice 22-21 alerted member firms to a trend in fraudulent transfers of accounts through ACATS. At a high level, ACATS fraud typically unfolds in the following way:
- A bad actor will open a brokerage account online or through a mobile application at the receiving member using the stolen identity of a legitimate customer of a carrying member.
- Shortly after opening the new account at the receiving member, the bad actor will provide the receiving member with a Transfer Instruction Form to initiate an account transfer through ACATS of the legitimate customer’s account assets from the carrying member.
- Once the ACATS transfer to the newly established account at the receiving member is completed, the bad actor will attempt to move the ill-gotten assets to an account at another financial institution.
ACATS fraud is related to the growing threat of new accounts being opened online or through mobile applications using stolen or synthetic identities. In connection with the COVID-19 pandemic, FINRA previously advised member firms that bad actors may be “targeting firms offering online account opening services and perhaps especially, firms that recently started offering such services” by using stolen or synthetic identities to establish new accounts at member firms as a way to “divert congressional stimulus funds, unemployment payments or to engage in automated clearing house (ACH) fraud.”1 Similarly, with ACATS fraud, bad actors may be taking advantage of the efficiencies of the account transfer process offered through ACATS to fraudulently transfer assets out of an existing account of a legitimate customer whose identity is stolen to a new account the bad actor established at another broker-dealer using the stolen identity.
In September 2021, FINRA stood up CII section to focus on complex threats facing investors, markets, and financial institutions. CII includes specialized teams such as FINRA’s Special Investigations Unit (which includes FINRA’s AML Investigations Unit and a newly created Anti-Fraud Investigations Unit), the Financial Intelligence Unit, the Cyber and Analytics Unit, the Cyber Enabled Fraud unit, the High-Risk Representative Unit and the Vulnerable Adults and Seniors Team. Collectively, these groups work together to proactively identify, assess, investigate, and mitigate complex risks and threats in the areas of fraud, cyber/crypto, money laundering, high risk brokers, and vulnerable investor abuse. As part of these efforts, CII also partners with industry to combat complex threats facing investors and markets by, among other things, getting threat intelligence out to the industry as early as possible. To learn more about CII, check out the FINRA Unscripted Podcast from August 2022 (Introducing FINRA’s Complex Investigations and Intelligence team and Cyber and Analytics Unit).
1See Regulatory Notice 20-13 (May 2020) (reminding firms to be aware of fraud during the pandemic). See also Regulatory Notice 20-32 (September 2020) (reminding firms to be aware of fraudulent options trading in connection with potential account takeovers and new account fraud); Regulatory Notice 21-14 (March 2021) (alerting firms to recent increase in ACH “Instant Funds” abuse); and Regulatory Notice 21-18 (May 2021) (sharing practices firms use to protect customers from online account takeover attempts).