AML Update: The Latest Trends and Effective Practices
Money laundering looks different in the securities industry and that poses its own challenges. But add to that a landscape of constantly evolving threats and it is a lot to keep up with.
On this episode, Jason Foye, Senior Director of the National Cause and Finance Crimes Detection Program’s Special Investigative Unit joins us once again to tell us about the latest trends, emerging threats and how firms can ensure their AML program remains strong and effective.
How are we doing? Take the FINRA Unscripted survey today.
Resources mentioned in this episode:
Episode 33: Beyond Hollywood: Money Laundering in the Securities Industry
Episode 34: Beyond Hollywood, Part II: AML Priorities and Best Practices
Episode 71: Overlapping Risks, Part 1: Anti-Money Laundering and Cybersecurity
Episode 72: Overlapping Risks, Part 2: Anti-Money Laundering and Elder Exploitation
Episode 86: FINRA’s Financial Intelligence Unit: Connecting the Dots
2022 Report on FINRA’s Exam and Risk Monitoring Program: Cybersecurity
2022 Report on FINRA’s Exam and Risk Monitoring Program: AML
Financial Crimes Enforcement Network (FinCEN) Priorities
FinCEN Alert: Potential Russian Sanctions Evasion Attempts
SEC Staff Bulletin: Risks Associated with Omnibus Accounts Transacting in Low-Priced Securities
Regulatory Notice 20-32: Fraudulent Options Trading in Connection with Potential Account Takeovers and New Account Fraud
Regulatory Notice 22-06: U.S. Imposes Sanctions on Russian Entities and Individuals
Regulatory Notice 21-18: Practices Firms Use to Protect Customers From Online Account Takeover Attempts
FINRA Key Topics: Cybersecurity
Listen and subscribe to our podcast on Apple Podcasts, Google Podcasts, Spotify or wherever you listen to your podcasts. Below is a transcript of the episode. Transcripts are generated using a combination of speech recognition software and human editors and may contain errors. Please check the corresponding audio before quoting in print.
00:00 - 00:21
Kaitlyn Kiernan: Money laundering looks different in the securities industry, and that poses its own challenges. But add to that a landscape of constantly evolving threats, and it's a lot to keep up with. On this episode, we are revisiting the topic of anti-money laundering. To hear about the latest trends, emerging threats and how firms can ensure their AML programs remain strong and effective.
00:30 – 00:45
Kaitlyn Kiernan: Welcome to FINRA Unscripted. I'm your host, Kaitlin Kiernan. I'm pleased to welcome back to the show Jason Foye, senior director of the Special Investigations Unit within Member Supervisions, National Cause and Financial Crimes Detection Program. Jason, welcome back.
00:45 - 00:46
Jason Foye: Hey, thanks for having me again.
00:46 – 01:12
Kaitlyn Kiernan: If you recognize Jason's voice, it's because he's been a repeat guest on FINRA Unscripted. In fact, he is part of the duo behind our all- time most downloaded episode, Episode 33, which first introduced the unique considerations around anti-money laundering in the securities industry. Jason, for those of our listeners who haven't listened to those past episodes, can you quickly reintroduce yourself and what you do at FINRA?
01:13 - 01:49
Jason Foye: Yeah, sure. Happy to. Great to hear that people are still getting a lot out of those original episodes. I think there's still, even today, some really, great lessons to be taken from their great content. So happy to hear that’s something that people are enjoying. As you mentioned, I'm currently the senior director of FINRA Special Investigations Unit. This formerly was known as the AML Investigative Unit, and we've gone through some evolution as a group. But the Special Investigations Unit is where, within and NCFC, our AML specialist program operates, and that's the legacy AML Investigative Unit, our AMLIU, that the audience may be familiar with. And we're now building out an Anti-Fraud Investigations Unit that will do similar things that the AML unit has done historically, both focused on the anti-fraud space as opposed to the anti-money laundering space.
01:49 - 02:11
Kaitlyn Kiernan: And you just mentioned there have been changes within member supervision and the National Cause and Financial Crimes Detection Program. Are there any other ways that's impacted the AML team?
2:11 - 02:45
Jason Foye: I think the big one is the creation of the Complex Investigations and Intelligence section, or CII, under Omer Meisel. CII, which is where my group sits now, is also where the Higher Risk Representative Unit sits, along with other groups such as the Vulnerable Adults and Seniors Team, the Financial Intelligence Unit and the Cyber Analytics Unit. And as you know, Kaitlyn, there's a couple of older podcasts that we've done with a range of these groups, so the audience go check those out if they haven't done so already.
02:45 - 03:11
Kaitlyn Kiernan: Yeah. So, and we do plan to have Omer on the show later this summer as well, so he can talk more in depth about the new group and structure. Jason, just to dig in now on AML, in June of 2021, FinCEN issued its first government wide priorities for AML and countering the financing of terrorism. Can you tell us what these priorities are?
03:11 - 03:45
Jason Foye: Sure. The priorities that got issued were done so as part of the AML Act of 2020. It's one of a number of different requirements of that legislation. The priorities themselves focused on threats to the U.S. financial system and national security, and they reflect longstanding and continuing concerns that have previously been identified by FinCEN, and other US government departments and agencies. In total, FinCEN set out eight priorities. I'll just cover that briefly, just in case the audience hasn't familiarize themselves with these just yet.
The eight priorities are corruption, cybercrime, including relevant cybersecurity and virtual currency considerations, foreign and domestic terrorist financing, fraud, including securities and investment fraud, as well as internet-enabled fraud, transnational criminal organizations, drug trafficking organizations, human trafficking and human smuggling. And the last is proliferation finance.
04:10 - 04:18
Kaitlyn Kiernan: And why is it important for firms to review these priorities and incorporate them into their risk- based AML program?
04:18 - 05:03
Jason Foye: The publishing of these priorities is designed to assist financial institutions in their efforts to combat money laundering and counter terrorist financing. And as the industry awaits the final regulation that FinCEN is currently working on through the rulemaking process, that's really going to detail how our financial institutions, including broker dealers, should incorporate their priorities into their risk-based AML programs. It's really important right now that we have these to really start learning about them and thinking about how they may apply to the different business models. Both because we can anticipate that these are going to be requirements as part of the AML regime that broker dealers and other financial institutions are going to be required to incorporate down the road. And because it can help us right now, even before that, get our arms around some critical threats, educate ourselves, think about how we're going to incorporate these things and get ready for that as we prepare.
05:15 - 05:19
Kaitlyn Kiernan: And how can a firm start to incorporate these priorities into their programs?
05:20 – 06:40
Jason Foye: It won't be a one-size-fits all approach across the industry, but I’ll share some thoughts on where to start. The first step for those listening in the audience, is just research the priorities themselves. FinCEN provides details about each of the individual priorities and includes references to prior FinCEN advisories and guidance documents that identify related typologies and red flags that can help broker dealers understand what these priority threats are. And, within the priorities themselves, there’s footnotes that link to these advisories and other valuable materials, such as the national money laundering risk assessment, for example. And that's where you're going to get a lot more detail about the specific risks of red flags to be aware of, that you can then use as part of the second step, which is thinking about your firm's business and assessing the potential risks associated with the products and services that your firms may offer, the customers that the firms serve, and the geographic areas in which they operate. And based on all of that, whether these priorities apply to my business model, how can I anticipate incorporating some of these into the priorities in the future. And then when, FinCEN's final regulation comes out, we'll be in a better position collectively.
06:40 - 07:00
Kaitlyn Kiernan: We'll link to some of those resources and the priorities in our show notes for easy access. But you've mentioned one of the priorities is cyber. We had an entire episode on the overlapping risks of cybersecurity and AML. That was episode 71 for anyone wants to take a listen. But what's new here since we last talked on that episode?
07:00 - 07:32
Jason Foye: It's an ever-evolving area of risk, cybersecurity and cyber enabled fraud world. First, I would just point out and encourage the audience to check out the cybersecurity section of the 2022 Examine and Risk Monitoring report that FINRA put out, as well as FINRA's dedicated cybersecurity webpage. In terms of what we're observing, what we're focused on in view of all this, I would say that we continue to observe the ways in which fraudsters and other bad actors are engaging in cybercrime, that increases both fraud risk as well as money laundering risk. And in particular, something that we're really focused on right now, is new account fraud and account takeover fraud. And new account fraud, in particular is a situation in which bad actors are using stolen or synthetic identification material to open accounts at member firms that they then use to generate or launder illicit proceeds.
And if you think about this, you're a bad actor looking to generate illicit proceeds, to launder illicit proceeds, if you can open up an account at a member firm in somebody else's name or in a fake name, and use that account to engage in your activity, that's going to create an additional layer between you and the illicit activity you're engaged in and just make it that much harder for both the industry to detect what you're doing for the purpose of filing in SAR and for law enforcement to attribute the activity to you. And it's something that we've seen pop up in a number of different places over the last several years, particularly post pandemic. And FINRA has certainly put out a number of regulatory notices we can cover in a moment here, and since then we've put out a lot of advisories on this as well. Not that it's necessarily new, it's really just exploding in this post-pandemic world where so much more of our day-to-day life occurs online and firms have adjusted to offer the ability of customers to open accounts online and are leveraging tools for things like automatic customer verification and things of that nature.
And bad actors are just trying to exploit these new business models, new tools and systems. It's a constantly evolving threat area that we're really focused on right now from the SIU's perspective and various perspectives. And that's just one side of the coin is the opening of these fake accounts. I think the other side of that is the account takeover aspect where you take over an existing account and then similarly use that account for generating illicit proceeds of laundering, illicit proceeds. Reg Notice 20-32 is a good example of something that FINRA has observed in this space has to do with a fraudulent options trading scheme where bad actors have an account at one broker dealer and they take over an account at another broker dealer and they buy an out of the money option in their own account, and then they sell it at a much higher price to the account they control as the other broker dealer. So, generating big gains for themselves and big losses for the investor that as that account that has been taken over and it's a very challenging space. And one thing I would encourage the audience to take a look at is Reg Notice 21-18, which focuses on challenges and effective practices that the industry can consider when trying to protect themselves and their customers from things that they can take from.
10:32 - 10:51
Kaitlyn Kiernan: Yeah. That's all really interesting. And you mention that stolen info to open accounts, that's really tough too, because if someone steals my info and opens a credit card, I'll know right away from a credit alert. The consumer is not going to know if someone's trading in their name and opening that account and those types of accounts doesn't show up in those free credit reports.
10:52 - 11:29
Jason Foye: Yeah. And one thing at the industry level in terms of red flags to be aware of is common identifying information across seemingly unrelated accounts, especially if there's a lot of seemingly unrelated accounts that have, for example, the same address, the same bank account tied to an email address, even more granular things like IP addresses or MAC addresses. When we see these kinds of common identifiers popping up across a wide range of accounts, that don't seem to be related to one another, that is a big red flag of this type of issue, whether it's new account fraud or account takeover fraud.
11:29 - 11:47
Kaitlyn Kiernan: That's great information. You mentioned the cyber section of the 2022 report on FINRA'S Exam and Risk Monitoring program. But another great section to look at is a section highlighting emerging low-priced securities risk. Can you tell us a little bit about what the concern is there?
11:48 - 12:22
Jason Foye: FINRA continues to observe an increase in activity in low- priced securities that could be indicative of fraudulent schemes, including an increase in this type of activity through omnibus accounts of foreign financial institutions. And at times, what FINRA has observed is that these foreign financial institution accounts may actually be nesting within omnibus accounts of financial institutions that are based in countries considered to be lower risk, such as Canada, the United Kingdom.
And this is something that the SEC has been really focused on as well. They actually put out a staff bulletin on just this fact pattern, the risks associated with omnibus accounts transacting are low- price securities, that if the audience isn't familiar with hasn't taken a look at that, I strongly encourage them to, especially if they have these types of accounts as part of their business model.
Kaitlyn Kiernan: And for those who aren't familiar, what is an omnibus account?
12:48 - 13:18
Jason Foye: So, an omnibus account is a situation where a firm has customer accounts, say for a foreign broker dealer. That foreign broker dealer has its own customers that it's doing business with. But from our firm's perspective, its customer is the foreign broker dealer itself. So, the omnibus relationship refers to that concept where you're doing business with this entity that itself may have its own underlying customers that aren't the customers of a broker dealer.
13:19 - 13:23
Kaitlyn Kiernan: So, you haven't had your opportunity to do your KYC on those people coming through that way?
13:24 - 14:08
Jason Foye: Yeah, there's not necessarily a CIP, a Customer Identification Program or customer due diligence program obligation, because the way to think about these omnibus relationships and you think about the rules and regulations that apply to them, you have your CIP and CDD obligations, and firms are required to perform CIP and CDD on their customers. So, in this case, their customer is the foreign broker dealer. And as long as it's a true omnibus relationship and the underlying customers of the omnibus are controlling the account of the activity in such a way that makes them the customer of the broker dealer, then the firms only have to do CIP and CDD at that top level omnibus relationship.
Now, there is another obligation to think about, though, which is the suspicious activity reporting obligation. And so there could be situations and we've seen this occur where the omnibus account is engaging in activity that triggers one or more red flags. And in order to try to understand the nature and purpose of that activity or to determine whether or not that activity appears suspicious, a broker dealer may want or need to ask that the omnibus account, who's behind this transaction? Is this a proprietary transaction? Is this for the benefit of customers? They may try to get information about who the customer is as part of their investigation, and the omnibus relationship may or may not be willing to share that information. And firms should consider that response or lack of a response as part of their kind of overall investigation and determining, whether or not the files are in those scenarios. But it's definitely a complex area, just given the way the rules and regulations apply to it and the risk that may be posed by the underlying activity. And a lot of this is certainly covered in that SEC staff bulletin and certainly encourage some folks may want to take a look at that if they haven't yet.
15:20 - 15:36
Kaitlyn Kiernan: Another topic that came up after the 2022 report came out, of course, is Russia invaded the Ukraine. What are the AML risks that firms should be aware of as a result of the military action that remains ongoing?
15:37 - 16:24
Jason Foye: I would think about this in two big areas. One is the blocking sanctions themselves after the invasion. The Treasury Department, in fact, the Office of Foreign Assets Control have sanctioned a number of individuals and entities and they've blocked trading in securities. And so, the first thing that any broker dealer listening should do is make sure they have their arms around what those blocking sanctions are and ensure that they're not doing business with any of the sanctioned parties. FINRA released a Reg Notice on this, 22-06, which highlights some of the initial sanctions that occurred, but also provides firms with a contact number for OFAC to the extent they have any specific questions regarding the actual sanction programs themselves. So, I encourage the audience to take a look at that if they haven't done so.
The second piece is around sanctions evasion. And that's a little bit more akin to the AML space because it's a question of suspicious activity that may be indicative of sanctions evasion. FinCEN put out an alert on this on March 7th, where they cover some of the risks that they see in terms of sanctions evasion. That includes the risk that sanctioned entities may be nesting within the accounts of foreign financial institutions, non-sanctioned banks, for example, in Russia or Belarus, as well as certain financial institutions in third countries.
And as firms think about how to consider this risk, the first step is to think about the customers and the business lines that may have an increased risk, where the firm may be doing business with the types of accounts that may be at risk here, and then looking for any material changes in account activity post sanction. So, if for example, using a hypothetical, a firm has an account for a non- sanctioned Russian bank or a non-sanctioned bank in Belarus and post sanctions, the activity dramatically changes, volumes go up, counterparties change, things like that. That's certainly worth some questions to that customer about what prompted the change as you investigate whether or not that may be a red flag of sanctions evasion. And the last thing I would say, as with any risk- based AML decision, is just document whatever your risk-based approach is going to be. So have a thoughtful approach to looking for red flags of sanction evasion. Take a look at what FinCEN put out and then document that process. So, it's clear as to how the firm landed, where it landed and what it did.
18:19 - 18:35
Kaitlyn Kiernan: Now, I just wanted to shift gears a little bit and talk about some exam findings and effective practices from the 2022 report. What are some of the key findings that your team's seen when it comes to the AML space?
18:36 - 19:11
Jason Foye: I think so many of the themes in terms of findings tend to recur year over year. The fact patterns change, the activity changes, but the root causes the big picture items, they tend to seem relatively consistent as we identify situations where firms either fail to establish a reasonable AML program or fail to reasonably implement the AML program they did establish. And I think some of the common themes we see is not using AML reports or systems that accurately or reasonably capture potential suspicious activity and are free of data integrity issues.
We see that particularly in some of the more sophisticated systems where there's data integrity issues that impacts the ability of those systems to function. We also see firms that continue to fail in terms of tailoring AML programs to the risk presented by their products, customers, business lines and transactions. Situations where firms are not dedicating sufficient resources to the AML or program, not conducting or accurately documenting their AML surveillance reviews as they look for red flags of suspicious activity. In situations where the aim of another firm may be relying on another area of the firm to conduct front line reviews.
We continue to see situations where those areas are not notifying the AML department that involve potentially suspicious transactions. And we see this a lot around cybersecurity events or account compromises or takeovers in the accounts that we talked about. Even in trade surveillance, where the trading desk may be looking for the initial red flags or failing to notify AML when they do.
19:11 - 20:24
Kaitlyn Kiernan: Yep. I think we've talked about that on most of our past episodes. On the flip side, what are some of the effective practices FINRA is seeing?
20:24 – 22:00
Jason Foye: I think there's a couple of things to take away here. One, risk assessments, initial and ongoing. Having an understanding of the risk at your firm posed by the different products, services, customers, geographies and so on is critically important to having an effective AML program. The form in which that takes differs. There's no requirement to have a written AML risk assessment, but in order to have a reasonable AML program, you really do need to understand what those risks are so you can tailor program reasonably.
Effective delegation and communication with areas of the firm that are responsible for escalating things to AML. So, I think that includes making sure that those groups know what AML expects to be escalated and having some process whereby AML can reasonably assure themselves that the things they expect to be escalated are being escalated. There's a training component to that as well, but I think there's also just the relationship driven component to that. And I think setting up recurring communication channels with these groups that are front line so that you can communicate what's happening at the AML level, what's happening in these various departments, what they're seeing is a great effective practice and then making sure you have clear escalation procedures is another way to make sure that delegation and communication is there.
And the last thing I would point to is quality assurance programs where we've seen these in existence that member firms. Looking at the quality of the reviews being performed and even having any findings feed into the AML training programs. We've noticed that is a significant effective practice at those firms.
22:00 - 22:16
Kaitlyn Kiernan: Those are helpful, effective practices to refer to. Just to wrap up today. Jason, you've been focusing on the AML space for almost ten years now. What are your thoughts overall on AML and how the space seems to be evolving over time?
22:17 - 22:59
Jason Foye: It's always changing and evolving. It continues to be extremely interesting. The threats evolve and change, the rules and regulations evolve and change. But at the heart of it, combating money laundering and financial crime is just such a critical component of what we do day in, day out, that's trying to protect investors and markets. And I think one big change that internally we're doing a lot more thinking about is this concept of left of boom that I'm sure Omer we'll talk to you a lot about when you have him on the summer. But it's the left of boom and right of boom, right of boom being all that investigative stuff that happens after something occurs. And left of boom being a lot of the preventative or proactive things that could be done to help prevent that thing from happening. That needs to be investigated. And so, as we think about what those opportunities are. It includes some of the things we've talked about before. Ways that we can educate the industry, provide training around different risks or threats or effective practices.
The 2022 Risk Monitoring report I think is a great example of that. If you look at the related considerations, questions at the top of the AML section. If you pick up that report and it's a big report, and you don't know where to go, that's a great place to start because it just asks a series of relatively straightforward questions that we would ask. And if you're a member firm listening to this, pick up that report, look at that section. Ask yourselves those questions and use that to try to figure out where there may be areas that you can enhance your AML program, where there may be new and emerging risks that haven't been considered yet that you want to think about and get in there.
And we spent a lot of time thinking about how to get the right information into that report to be as helpful as possible to the industry and not have it be something that's a pick it up once, put it down and it's over, but something that the industry can come back to and look at throughout the year as they have questions about things. So just the need for the sharing of intelligence, the collaboration where appropriate with industry as we try to combat these different risks and threats that are out there is just something that we're really focused on and certainly something that I think is an evolving space for us.
24:28 - 24:42
Kaitlyn Kiernan: That left of boom phrase. I first heard from Greg Ruppert on an episode that I think it gets to another phrase that people might have heard of an ounce of prevention is worth a pound of cure. I think that applies here too.
24:42 - 24:57
Jason Foye: Yeah, it's definitely true. We continue to look for those types of opportunities and I'm sure we'll have lots of great stories to share next time we talk on how CII, SIU general overall have been able to be left of boom and be more preventative and proactive.
24:57 - 25:27
Kaitlyn Kiernan: Well, thank you, Jason, for joining me once again to update us on the latest trends and info in the AML space. I enjoyed our conversation and I'm sure our listeners did too. Listeners, if you don't already, be sure to subscribe to FINRA Unscripted wherever you listen to podcasts. If you have any ideas for future episodes, you can reach out to us at [email protected] Today's episode was produced by me, Kaitlin Kiernan, and engineered by John Williams. Until next time.
25:27 – 25:32
25:32 – 26:00
Disclaimer: Please note FINRA podcasts are the sole property of FINRA, and the information provided is for informational and educational purposes only. The content of the podcast does not constitute any rule amendment or interpretation to such rules. Compliance with any recommended conduct presented does not mean that a firm or person has complied with the full extent of their obligations under FINRA rules, the rules of any other SRO or securities laws. This podcast is provided as-is. FINRA and its affiliates are not responsible for any human or mechanical errors or omissions. Parties may not reproduce these podcasts in any form without the express written consent of FINRA.
26:00 – 26:06
Music Fades Out