As 2018 came to a close, U.S. financial regulators continued to pursue anti-money laundering (“AML”) enforcement actions against financial institutions, announcing monetary penalties against and resolutions with three U.S. broker-dealers. The Financial Crimes Enforcement Network (“FinCEN”), the Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) announced on December 17, 2018 that they had issued parallel fines against UBS Financial Services Inc. (“UBSFS”) totaling $14.5 million for willful failures to comply with the Bank Secrecy Act (“BSA”). FinCEN assessed a $14.5 million penalty, of which $5 million is to be paid to the U.S. Treasury Department, $5 million is to be paid to the SEC, and $4.5 million is to be paid to FINRA. The U.S. Department of Justice (“DOJ”) announced a criminal charge and a $400,000 fine two days later against Central States Capital Markets, LLC (“CSCM”) for willful BSA violations. The charge against CSCM represents the first criminal BSA charge ever brought against a U.S. broker-dealer. Finally, on December 26, 2018, FINRA announced a $10 million fine against Morgan Stanley Smith Barney LLC (“Morgan Stanley”) for AML program and supervisory failures.
These recent actions against U.S. broker-dealers are consistent with the 2018 Report on FINRA’s Examination Findings issued last month, in which FINRA noted the following persistent issues related to broker-dealers’ AML compliance:
- adequacy of some firms’ overall AML programs;
- allocation of AML monitoring responsibilities, particularly responsibilities for trade monitoring;
- data integrity in AML automated surveillance systems, especially in suspense accounts for processing foreign currency money movements and conversions;
- firm resources for AML programs; and
- independent testing of AML monitoring programs.
Enforcement Actions Against UBSFS
FinCEN found that UBSFS willfully violated the BSA by failing to implement an adequate AML program and due diligence program for correspondent accounts for foreign financial institutions. The activity at issue covered the period from 2004 through April 2017.
AML Program Requirement Violations. According to FinCEN, UBSFS’s AML program exhibited three core failings related to policies and procedures, monitoring and resources.
- Policies and Procedures: FinCEN’s assessment of a civil monetary penalty (the “Assessment”) stated that UBSFS failed to develop policies and procedures to address the AML risks associated with certain of its accounts and transactions and to ensure the detection and reporting of suspicious activity through all accounts. Specifically, FinCEN noted that UBSFS offers brokerage accounts that provide “banking-like services,” such as wire transfers, check writing and ATM withdrawals. While broker-dealers are permitted to provide such services to brokerage clients, FinCEN warned that firms must implement policies and procedures to ensure that they “[do] not become a conduit for movement of illicit funds.” Such policies and procedures include a mechanism for detecting large movements of money with little to no securities trading—a common red flag associated with potential money laundering in brokerage accounts. FinCEN noted that UBSFS processed hundreds of transactions involving amounts aggregating in the millions of dollars that exhibited this and other common red flags associated with shell company activity during the relevant period. FinCEN also indicated that UBSFS failed to develop adequate policies and procedures to address risks associated with foreign clients’ use of brokerage accounts that offered banking-like services.
- Monitoring: According to the Assessment, UBSFS failed to adequately monitor foreign currency-denominated wire transfers conducted through commodities and retail brokerage accounts. Its AML monitoring system did not capture critical information about thousands of wire transfers totaling tens of billions of dollars. While FinCEN noted that the firm attempted to remediate the issues, the measures were insufficient to proactively monitor for and identify patterns of suspicious activity.
- Resources: According to the Assessment, for much of the relevant period, UBSFS lacked the staff needed to review alerts generated relating to potentially suspicious activity. FinCEN noted that UBSFS reduced AML headcount from 41 to 29 employees from January 2008 through May 2011, despite an increase in volume and complexity of AML investigations during the same period. The lack of sufficient resources resulted in a backlog of alerts, which left UBSFS unable to identify and report suspicious activity in a timely manner.
Foreign Correspondent Account Failures. FinCEN also determined that UBSFS did not implement a reasonably designed procedure for conducting ongoing periodic reviews of correspondent accounts for foreign financial institutions and that it failed to perform periodic reviews of these accounts.
Remediation. In the Assessment, FinCEN recognized that UBSFS had taken actions that demonstrated its commitment to correct the deficiencies, in particular by making significant investments in BSA/AML staffing and technology.
The SEC issued a cease and desist order and imposed a $5 million penalty against UBSFS, finding that it failed to file suspicious activity reports (“SARs”) from January 2011 through March 2013 in willful violation of Section 17(a) of the Securities Exchange Act of 1934 and Rule 12a-8 thereunder. The SEC noted that system deficiencies led to the failure to file SARs, and that UBSFS did not have a reasonably designed AML program to detect suspicious activity in non-resident alien accounts with elevated money laundering risk.
Like FinCEN, the SEC noted that it considered UBSFS’s substantial remedial actions.
FINRA imposed a $4.5 million penalty and a censure on UBSFS, finding that, beginning in 2004, it failed to establish and implement an AML program reasonably designed to detect and cause the reporting of potentially suspicious activity, particularly involving foreign currency wires in commodities and retail accounts, in violation of NASD Rule 3011 and FINRA Rule 3310. FINRA also found that UBSFS’s actions violated NASD Rule 2110 and FINRA Rule 2010.
According to FINRA, UBSFS also failed to establish a reasonably designed due diligence program for foreign correspondent accounts, in violation of FINRA Rules 3310 and 2010.
Enforcement Action Against Morgan Stanley
Many of the same failures discussed in the enforcement actions against UBSFS were identified in FINRA’s action against Morgan Stanley. FINRA fined Morgan Stanley $10 million and imposed a censure for AML program and supervisory failures that led to violations of FINRA Rules 3310(a) and 2010 over the course of more than five years beginning in 2011. FINRA found that Morgan Stanley failed to establish and implement AML policies and procedures reasonably expected to detect and cause the reporting of suspicious transactions, specifically identifying three shortcomings related to data, resources and monitoring:
- Data: From January 2011 until at least April 2016, Morgan Stanley’s automated AML surveillance system did not receive critical data from several systems, undermining the firm’s surveillance of wire and foreign currency transfers, including transfers to and from countries with high money laundering risks.
- Resources: From January 2011 to December 2013, Morgan Stanley failed to devote sufficient resources to review alerts generated by its automated AML surveillance system. As a result, Morgan Stanley’s analysts often closed alerts without sufficiently conducting and/or documenting their investigations of potentially suspicious wire transfers.
- Monitoring: From January 2011 to December 2013, Morgan Stanley’s AML department did not reasonably monitor customers’ deposits and trades in penny stock for potentially suspicious activity, despite its customers’ large deposits of penny stock shares. FINRA noted that Morgan Stanley’s customers deposited approximately 2.7 billion shares of penny stock, which resulted in subsequent sales totaling approximately $164 million during the relevant period.
In addition to the above shortcomings, FINRA noted two other failures. First, in violation of FINRA Rules 3010(b) and 2010, Morgan Stanley failed to establish and maintain a supervisory system reasonably designed to comply with Section 5 of the Securities Act of 1933, which generally prohibits the offer and sale of unregistered securities. Second, similar to UBSFS, FINRA found that Morgan Stanley failed to implement the firm’s policies, procedures and controls with respect to conducting periodic risk-based reviews of correspondent accounts maintained for certain foreign financial institutions, thereby violating FINRA Rules 3310(b) and 2010.
In its press release, FINRA noted that it considered “extraordinary corrective measures Morgan Stanley took to expand and enhance its AML-related programs,” when determining the appropriate monetary sanction.
Enforcement Action Against CSCM
The DOJ charged CSCM with one felony violation of the BSA for willful failure to file a SAR regarding accounts associated with a payday lending scheme perpetrated by one of its customers. CSCM entered into a deferred prosecution agreement with the DOJ and agreed to pay a $400,000 penalty to be collected through CSCM’s forfeiture to the United States of such amount in a civil forfeiture action.
CSCM’s customer extended payday loans to individuals around the country in violation of multiple state usury laws and entered into sham relationships with certain Native American tribes to conceal his ownership and control of the companies through which he extended his loans. The customer assigned nominal ownership of his payday lending companies to certain corporations created under the laws of those tribes (“Tribal Companies”).
A DOJ press release notes that CSCM failed to follow its written customer identification procedures and did not address red flags before opening investment accounts for the Tribal Companies. Specifically, CSCM disregarded information indicating that the accounts’ beneficial owner was in fact the CSCM customer rather than the Tribal Companies. Moreover, CSCM ignored various red flags, including a fraud conviction against the customer, allegations of a “rent-a-tribe” scheme implicating the Tribal Companies and an action brought by the U.S. Federal Trade Commission against the customer and the Tribal Companies.
In addition, CSCM failed to monitor transactions associated with its customer’s accounts that generated alerts related to potential suspicious activity. Between December 2011 and December 2015, CSCM’s AML tool generated 103 alerts, none of which was reviewed. Despite the red flags and these alerts, the DOJ asserts that CSCM did not file a SAR until long after the customer was convicted in 2017.
These recent actions reflect a continued U.S. regulatory emphasis on the need for strong AML controls. They also serve as a reminder that, although the amounts of the fines against broker-dealers may generally be smaller, BSA/AML enforcement actions are not limited to the headline-catching actions of recent years against U.S. and foreign banking organizations.
 FINRA also assessed a $500,000 fine against UBS Securities LLC to failing to design a program to monitor high-risk transactions in low-priced equity securities, or “penny stocks,” and foreign correspondent accounts for suspicious activity. See FINRA Fines UBS $5 Million for Significant Deficiencies in Anti-Money Laundering Programs (Dec. 17, 2018). The FINRA report also noted that some firms have faced challenges relating to questionable ownership status of certain foreign legal entity customers (involving potential ownership or control by similar beneficial owners), lack of documentation of investigations of potentially suspicious activity, and irregular and undocumented searches under Section 314(a) of the USA PATRIOT Act. FinCEN issued guidance listing common red flags associated with shell companies in 2006. See Potential Money Laundering Risks Related to Shell Companies (Nov. 9, 2006). NASD Rule 2110 was superseded by FINRA Rule 2010 effective December 15, 2008.