Credit Suisse Securities U.S.A. LLC has agreed to pay $16.5 million to resolve Financial Industry Regulatory Authority (FINRA) allegations that the firm violated anti-money laundering (AML) program regulations, supervision requirements and other policies, FINRA reported Monday.
Specifically, FINRA found that Credit Suisse’s U.S. division relied solely on registered representatives to report suspicious trading, who then failed to escalate or investigate high-risk activity. In addition, the firm inadequately implemented its automated surveillance system, opted not to use available suspicious activity identification scenarios and failed to investigate suspicious activities that it did detect.
Considering the significant $16.5 million fine and FINRA’s increased focus on AML violations, broker-dealers should take this opportunity to re-examine their own AML programs for potential deficiencies.
Credit Suisse AML Program Deficient in Responsible Departments, Microcap Instruction and Proper Use of Automated Surveillance System
FINRA’s AML Investigative Unit examination of Credit Suisse identified a number of red flags, leading to a Department of Enforcement investigation. The investigation found that, from January 2011 through September 2013, the systems and procedures Credit Suisse used to monitor trading were not adequate to identify suspicious activity and prompt a Suspicious Activity Report (SAR) filing.
Lesson One: Single Department Insufficient to Detect and Report Suspicious Activity
Specifically, the AML program required only registered representatives to identify unusual or suspicious activity (described in Credit Suisse’s AML policies) and report it to the AML compliance department. The AML compliance department was to then investigate the report and file an SAR if appropriate. Seems functional enough. Yet, this AML program approach failed to account for electronic orders received from foreign affiliates, orders that bypassed the sales traders.
As a result, obvious red flags fell through the cracks. In one case, a New York-based hedge fund was depositing, then immediately selling and wiring proceeds out of the account. No department reviewed or reported the activity.
Lesson Two: Failure to Instruct Representatives on Microcap Registration and Exemption
FINRA investigators also found that Credit Suisse failed to instruct its representatives on how to determine whether microcap securities were registered or subject to registration exemption. As a result, Credit Suisse customers were able to deposit and sell microcap shares - including potentially suspicious trades made in foreign affiliates’ omnibus accounts - transactions that should have raised red flags indicating potential illegal distribution.
FINRA reports that these deficiencies facilitated the illegal distribution of at least 55 million unregistered shares of securities.
Lesson Three: Flawed Automated Surveillance System and Inadequate Staffing
Additionally, FINRA found that, from January 2011 through December 2015, Credit Suisse failed to feed adequate data into its automated surveillance system and opted not to implement suspicious activity identification scenarios applicable to its own money-laundering risks. Because Credit Suisse used this flawed automated surveillance system to identify red flags for suspicious activity, the firm missed a number of potentially suspicious money transfers.
FINRA also found that Credit Suisse’s staffing was not adequate to be able to review the tens of thousands of automated system alerts generated each year.
Per FINRA, Credit Suisse neither admitted nor denied the charges in this settlement, but consented to the entry of FINRA's findings.
FINRA Cracking Down on AML Program Deficiencies
As I discussed in my post, “Top 6 Most Common Broker-Dealer AML Program Deficiencies,” FINRA continues to seek out firms with anti-money laundering (AML) program deficiencies, specifically those involving microcap securities. The greatest number of AML-related enforcement actions in 2016 involved failures to supervise and detect warning signs regarding large volume sales of microcap securities.
As seen in the Credit Suisse case, placing responsibility for detecting and reporting red flags solely on one department cannot cover all trades and suggests other departments may ignore suspicious activity. FINRA reports “other departments and branches of the firm did not effectively assume responsibility for reviewing trading for AML reporting purposes.”
Regarding automated surveillance systems, the 2016 FINRA Regulatory and Examination Priorities Letter stated that “FINRA has observed problems with firms’ automated AML surveillance systems not capturing complete and accurate data, which can result in missed or poor quality alerts.”
The Credit Suisse case supplies further evidence that FINRA is focusing enforcement efforts on automated AML surveillance systems, making certain that firms are taking measures to verify data source accuracy and implementing available scenarios. Equally as important, adequate staffing must be available to ensure that all reports generated via an automated surveillance system are addressed in the proper manner.
Firms Must Devote Adequate Resources to Resolve Issues in A Timely Fashion
Remember, self-identifying your firm’s AML program deficiencies and taking steps to address them may not be enough for FINRA. While, Credit Suisse did self-identify a number of its AML program deficiencies and took steps to evaluate them – even retaining a consulting firm - FINRA sanctioned Credit Suisse for the initial failure to “devote adequate resources to resolve the issues in a timely fashion.”
Brad Bennett, FINRA's Executive Vice President and Chief of Enforcement, said, "It’s critical that firms have effective AML systems in place so that they can comply with their obligations to review and report suspicious transactions, including those involving trading in microcap securities or potentially suspicious money transfers.”
Credit Suisse’s $16 million sanction suggests that firms re-examine their AML programs for potential weaknesses, especially regarding microcap securities and automated surveillance system protocols. If you have questions regarding AML-program compliance, you should connect with a Herskovits PLLC securities lawyer to avoid potential FINRA enforcement issues. 212.897.5410 or Connect by Email