A recent enforcement action offers a glimpse of the Financial Industry Regulatory Authority’s (“FINRA”) expectations for firms conducting anti-money laundering (“AML”) due diligence and transaction monitoring. On July 27, 2020, FINRA settled with broker-dealer JKR & Company (“JKR”) over allegations that the firm failed to detect, investigate, and report suspicious activity in four customer accounts in violation of FINRA Rules 3310(a) and 2010. JKR agreed to a $50,000 fine and a censure to resolve the matter. The settlement is notable in that FINRA applied transaction monitoring and due diligence expectations common in the banking industry to a broker-dealer. It also serves as a reminder that FINRA expects member firms to not only establish written AML policies and procedures, but also to put their AML programs into practice in order to meet their regulatory obligations.
FINRA Rule 3310(a) requires member firms establish and implement written policies and procedures reasonably expected to detect and cause the reporting of transactions as required under the Bank Secrecy Act, 31 U.S.C. §5318(g), and its implementing regulations, 31 C.F.R. 1023.320. NASD Notice to Members 02-21 explains that firms must tailor their compliance programs to monitor for potential money laundering, investigate, and file a suspicious activity report (“SAR”), where necessary.
According to the FINRA, JKR established written AML procedures but failed to detect, investigate, and report suspicious activity in four customer accounts. The accounts at issue were held by customers with high-risk backgrounds and relationships. For example, an accountholder’s president and control person had been barred by the SEC from participating in penny stock offerings seven months before opening the account, and the corporate entities behind two of the accounts were formed in the Seychelles, a known high-risk jurisdiction, only a week prior to account opening.
Suspicious trading and wire activity occurred in some of these accounts. During the Know Your Customer (“KYC”) process, the customers had indicated that one account would liquidate its holdings in a penny stock in order to diversify its holdings, while the other three accounts would trade traditional securities. However, the penny stock position was never fully liquidated, and a customer involved in the stock’s initial offering continued to trade it almost exclusively. Proceeds from the penny stock trades were then wired to third parties, including an account related to another customer. The unexpected activity served no apparent business purpose and raised price manipulation concerns, but went undetected by JKR.
According to FINRA, JKR missed other red flags, including passport irregularities, investment advisory and power of attorney relationships among the customers, one customer’s control of three accounts, unusual transfers and journal entries that served no business purpose, and account inactivity that called into question a customer’s reason for using the firm’s services.
In identifying these specific red flags, the JKR action makes clear that FINRA will hold member firms to the same standard of customer due diligence and transaction monitoring associated with banks and conventional credit institutions. Member firms should conduct comprehensive and ongoing KYC (i.e., background checks, negative news and litigation searches for all related parties and accounts, account profile and activity review) and robust transaction monitoring (i.e., third party transfers, manipulative transactions, etc.). A member firm that fails to effectively implement and maintain its written AML program will run afoul of FINRA Rules 3310(a) and 2010. Firms must put their written procedures into practice, including conducting adequate customer due diligence and implementation of effective transaction monitoring plans appropriately tailored to their business model.