Anti-Money Laundering Summary for Fund Managers

Transcription

1 Anti-Money Laundering Summary for Fund Managers Session Chairman: Walter Zebrowski, JD, CPA Chairman, Regulatory Compliance Association Senior Fellow from Practice: Harry E. Wedewer, Assistant Chief Counsel, Division of Enforcement, United States Commodity Futures Trading Commission March 21, 2018 PracticEdge TM

2 Who We Are We protect investors and financial markets by serving and supporting regulators, institutional investors, alternative investment and asset management firms, and financial institutions. Our mission is four-fold: Serve as the exclusive programmatic accreditation agency for CCE (Continuing Compliance Education ). Deliver post-graduate degrees and programs in Regulation and Compliance. Design, develop and administer certification programs for regulatory agencies. Govern and regulate the professional licensure of compliance officers and regulatory practitioners by administering the Chartered Regulatory Counsel and Chartered Regulatory Analyst examinations. 2

3 Who We Serve Executives & Staff Job Seekers Employers (Institutional Investors & Financial Institutions) 3

4 Our Community Over 80,000 compliance, legal and operations executives. 4

5 What We Offer RCA collaborates with regulators, governmental agencies and financial services firms to build the organization s professional development, training and certification programs using RCA s myuniversity Platform. All RCA course work qualifies for CCE (Continuing Compliance Education), for which RCA is the exclusive programmatic accreditation agency. Professional Exams Accreditation Graduate Level Education Events 5

6 Advancing Your Career Professional Exams Our certification programs for regulatory agencies and post-graduate degrees in regulation and compliance are the most respected professional licensure by regulators, compliance officers, attorneys and regulatory practitioners: CRC (Chartered Regulatory Counsel) ; and CRA (Chartered Regulatory Analyst). Graduate Level Education Each degree program offers students a comprehensive suite of resources geared to maximize the student s ability to secure a significant, relevant and meaningful employment opportunity. We offer the following programs: MS in Regulation & Compliance; MBA in Regulation and Compliance; and LLM in Regulation & Compliance. Events RCA Symposia and Roundtables provide an opportunity to learn the most timely, practical and actionable guidance on compliance controls and analytics, examination priorities and tactics, the latest enforcement initiatives, mandates from regulators and investors and more! 6

7 Course Faculty Harry E. Wedewer serves an Assistant Chief Counsel in the Division of Enforcement at the United States Commodity Futures Trading Commission (CFTC). In this capacity, he serves as the Division s Bank Secrecy Act expert, litigates as a trial attorney and coordinates the orderly flow of Division recommendations through the Commission voting process. Prior to serving at the CFTC, Harry practiced in the Washington office of Vinson & Elkins LLP in the energy regulatory practice. Harry began his legal career as an intern at the United States Nuclear Regulatory Commission (NRC) followed by service as a paralegal and acceptance into the NRC s attorney honors program. At the NRC, Harry worked in the nuclear materials litigation and enforcement and Yucca mountain nuclear waste repository sections, respectively. Prior to becoming a lawyer, Harry served in the United States Navy as a Naval Flight Officer/Aircraft Weapons Systems Operator and Aerospace Engineering Duty Officer and retired in 2003 as a Commander. Harry is a 1983 graduate of The Citadel, The Military College of South Carolina and a 2004 graduate of the Georgetown University Law Center. Harry E. Wedewer 7

8 Course Outline 1. AML basics overview (LO 1) 2. Introduction to CIP and CDD (LO 2) 3. Review case summaries (LO 3) 4. SAR Filing/Recordkeeping/Security Overview (LO 4) 5. Introduction of OFAC requirements (LO 5) 6. Emergent developments (LO 6) 8

9 Course Objectives 1. Recognize AML basics including principles, relevant portions of the Bank Secrecy Act (BSA) and criminal statutes 2. Identify Customer Identification Program (CIP) and Customer Due Diligence (CDD) regulations and requirements 3. Apply lessons learned from case summaries 4. Define basic suspicious activity report (SAR) filing, recordkeeping and confidentiality requirements 5. Apply basic Office of Foreign Assets Control (OFAC) requirements 6. Recognize emergent developments that may have an impact on AML programs 9

10 Introduction Three Elements/Stages of Money Laundering: Placement; Layering; and Integration Stage I Placement: initial stage of money laundering, during which the launderer introduces illegal profits into the financial system. Placement may be done by breaking-up large amounts of cash into less conspicuous smaller sums that are then deposited directly into a bank account, or Purchasing a series of monetary instruments (checks, money orders, etc.) that are then collected and deposited into accounts at another location. 10

11 Introduction Stage II Layering: after the funds have entered the financial system, the second or layering stage takes place the launderer engages in a series of conversions or movements of the funds to distance them from their source. The funds may be channeled through the purchase and sales of investment instruments, or the launderer may wire the funds through a series of accounts at various banks across the globe. This use of widely scattered accounts for laundering is especially prevalent in those jurisdictions that do not cooperate in AML investigations. In some instances, the launderer might disguise the transfers as payments for goods or services, thus giving them a legitimate appearance. 11

12 Introduction Stage III Integration: stage in which the funds re-enter the legitimate economy. The launderer might choose to invest the funds into real estate, luxury assets, or business ventures for example. 12

13 Introduction Money Laundering Predicate Offenses According to the 2015 U.S. National Money Laundering Risk Assessment, proceeds from all forms of financial crime in the U.S., excluding tax evasion, was $300 billion in 2010, or about two percent of the U.S. economy. Proceeds from illicit drug sales were approximately $64 billion. Proceeds from all other forms of financial crime in the U.S. were approximately $236 billion, most of which is attributable to fraud. Unlike drug trafficking, fraud proceeds rarely start off as a cash purchase and the transactions typically occur through normal, regulated financial channels as to appear legitimate. 13

14 Introduction Fundamental AML Principles Threat of money laundering is very real both in the money laundering and terrorist financing contexts Requires an all hands effort/ Culture of Compliance AML violations are often accompanied by a break-down in supervisory controls Constant vigilance Importance of internal communication within the Financial Institution (FI) and external communication with criminal authorities and regulators Constantly changing area/importance of staying informed 14

15 Introduction Introductory Case Summary Consequence of failing to execute AML properly Deferred Prosecution Agreement (DPA) between JPMorgan Chase Bank, N.A. (JPMC) and DOJ (1/6/14) associated with JPMC s handling of the Madoff Securities accounts resulting in a $1.7 billion dollar fine and remedial measures. From approximately October 1986 through Madoff s arrest on December 11, 2008, the Madoff Ponzi scheme was conducted almost exclusively through a demand deposit account and other linked cash and brokerage accounts at JPMC. During this period all client investments were deposited into the Madoff Securities account at JMPC and virtually all redemptions were paid through a linked disbursement account held by Madoff Securities at JPMC. At the time of its collapse in December 2008, Madoff Securities maintained more than 4,000 investment advisory client accounts purported to have combined assets of $65 billion when it reality it had approximately $300 million. 15

16 December 11, 2008 Madoff arrested. Supervisor of JPMC analyst who wrote the October 16, Can t say I m surprised, can you? Analyst confirms, No. TIMELINE December 1998 JPMC fund manager: Madoff Securities returns possibly too good to be true and too many red flags to invest. June 2007 Senior JPMC executive to JPMC Chief Risk Officer: There is a well known cloud over the head of Madoff and that his returns are speculated to be part of a ponzi scheme. October 2008 Dec JPMC redeems more than $275 million of its own money October 16, 2008: an analyst on the JPMC London Equities Exotics Desk (London Desk) wrote an to the head of the desk and others questioning Madoff Securities trading activity and custody of assets; questioned Madoff s odd choice of a small, unknown accounting firm; and reported that JPMC seemed to be relying on Madoff s integrity with little to verify that such reliance was well-placed. The London Desk memo closed: There are various elements in the story that could make us nervous, including whether the assets actually exist and are properly custodied and the feeder funds managers apparent fear of Madoff, where no one dares to ask any serious questions as long as the performance is good. October 29, 2008 JPMC U.K. filed a report with the U.K. Serious Organized Crime Office (SOCA), which identified Madoff Securities as the Main Subject Suspect and noted: the investment performance achieved [by the Madoff Securities] funds is so consistently and significantly ahead of its peers year-to-year, even in the prevailing market conditions, so as to appear too good to be true meaning that it probably is.

17 Introduction The information contained in the 10/16/08 was never communicated to AML personnel in the U.S. and there was no meaningful investigation of Madoff Securities relationship with JPMC. Nor was there any notification of AML compliance personnel in the U.S. of the information contained in the report to the SOCA as a result, a SAR was never filed with U.S. authorities. Because of JPMC s lack of effective policies, procedures and controls, it was required to: Waive indictment and to the filing of a two-count felony Information, charging JPMC with violations of the Bank Secrecy Act due to its failure to file reports of suspicious activity while handling a Madoff Securities account. Acknowledge responsibility for its conduct by stipulating a detailed statement of facts. Pay a non-tax deductible penalty of $1.7 billion, in the form of a civil forfeiture, which was distributed to the victims of the Madoff fraud. 17

18 Relevant Criminal Provisions There are several AML-related statutes in the U.S. code each of which contains significant criminal penalties (18 U.S.C. 1956, 1957, 1960, 5324) Domestic and international anti-money laundering statute (18 U.S.C. 1956) Unlawful to conduct financial transactions involving the proceeds of a specified unlawful activity (SUA) with specific intent (18 U.S.C. 1956(a)(1)) Outlaws four kinds of money laundering promotional, concealment, structuring, and tax evasion Unlawful to knowingly engage in a transaction more than $10,000 if the funds are from a SUA (18 U.S.C. 1957) Unlawfully operating an unlicensed money transmitting business (18 U.S.C. 1960) Any transmission business operating in a state that requires it to be licensed and criminalizes the failure to do so. Any transmitting business operating in a manner that fails to comply with Treasury Department regulations governing such enterprises. Any business that transmits of money known to be derived from or intended to finance criminal activity even if the transmitter is duly licensed Structuring transaction to evade reporting requirements is prohibited (18 U.S.C. 5324) 18

19 Bank Secrecy Act (BSA) The BSA was enacted in the early 1970 s and was amended significantly in 2001 by the USA Patriot Act in response to the 9/11 terrorist attacks. BSA definition of an FI is very broad and includes: an insured bank a commercial bank or trust company a private banker an agency or branch of a foreign bank in the United States any credit union a thrift institution a broker or dealer registered with the Securities and Exchange Commission (SEC) under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.) a broker or dealer in securities or commodities an investment banker or investment company a currency exchange an issuer, redeemer, or cashier of travelers checks, checks, money orders, or similar instruments an operator of a credit card system an insurance company a dealer in precious metals, stones, or jewels a pawnbroker a loan or finance company 19

20 Bank Secrecy Act SAR Filing Requirement The Secretary of Treasury may require any FI and any director, officer, employee, or agent of any FI, to report any suspicious transaction relevant to a possible violation of law or regulation. General Notification Prohibitions Re: When a SAR is filed if an FI or any director, officer, employee, or agent of any FI, voluntarily or pursuant to the BSA or any other authority, reports a suspicious transaction to a government agency: Neither the FI, director, officer, employee, or agent of such institution (whether or not any such person is still employed by the institution), nor any other current or former director, officer, or employee of, or contractor for, the FI or other reporting person, may notify any person involved in the transaction that the transaction has been reported. No current or former officer or employee of or contractor for the Federal Government or of or for any State, local, tribal, or territorial government within the U.S., who has any knowledge that such report was made may disclose to any person involved in the transaction that the transaction has been reported, other than as necessary to fulfill the official duties of such officer or employee. Any FI that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to the BSA or any other authority, and any director, officer, employee, or agent of such institution who makes, or requires another to make any such disclosure, shall not be liable to any person under any law or regulation of the U.S., any constitution, law, or regulation of any State or political subdivision of any State, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such disclosure or for any failure to provide notice of such disclosure to the person who is the subject of such disclosure or any other person identified in the disclosure. 20

21 Bank Secrecy Act BSA AML Program Requirements Development of internal policies, procedures, and controls Designation of a compliance officer Ongoing employee training program Independent audit function to test programs Identification and verification of accountholders BSA Implementing Regulations (Part 31) AML program requirements for brokers or dealers in securities (BD) (31 C.F.R ) AML program requirements for futures commission merchants (FCM) and introducing brokers in commodities (IB) (31 C.F.R ) Beneficial ownership (BO) requirements for legal entity customers and impact on AML program requirements for BDs, FCMs and IBs (31 C.F.R ) 21

22 Bank Secrecy Act Related Regulations General background/overview AML program requirements for brokers or dealers in securities (BD) (31 C.F.R ) AML program requirements for futures commission merchants (FCM) and introducing brokers in commodities (IB) (31 C.F.R ) Beneficial ownership (BO) requirements for legal entity customers and impact on AML program requirements for BDs, FCMs and IBs (31 C.F.R ) 22

23 Bank Secrecy Act Related Regulations AML program requirements for Brokers or Dealers in securities (31 C.F.R ) and for Futures Commission Merchants and Introducing Brokers in commodities (31 C.F.R ) (implements 31 U.S.C. 5318(h)(1)) Maintain a written AML program approved by senior management that complies with due diligence requirements of 31 C.F.R and (due diligence programs for correspondent accounts for foreign financial institutions and private banking accounts respectively) and any applicable regulation of its Federal functional regulator governing the establishment and implementation of anti-money laundering programs. 23

24 Bank Secrecy Act Related Regulations Minimum AML program requirements: The establishment and implementation of policies, procedures, and internal controls reasonably designed to prevent the FI from being used for money laundering or the financing of terrorist activities and to achieve compliance with the applicable provisions of the BSA and the implementing regulations Independent testing Designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls of the program Ongoing training for appropriate persons Appropriate risk-based procedures for conducting ongoing customer due diligence Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information 24

25 Supplementary Bank Secrecy Act Related Regulations FINRA Rule 3310 MSRB Final Rule G-41 NFA Compliance Rule

26 CIP Section Overview Customer Identification Programs (CIP) for BDs (31 C.F.R ) and for FCMs and IBs (31 C.F.R ) Customer Identity Verification Procedures Recordkeeping and Retention of Records Other Considerations Sources: CIP for BDs (31 C.F.R ) and for FCMs and IBs (31 C.F.R ) FINRA Rule 3310; NASD Notice to Members 03-34; Customer Account Record Information SEC Rule 17a-3(a)(17) NFA Compliance Rule 2-9 Interpretive Guidance 26

27 CIP Customer Identity Verification Procedures The CIP must include risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable. The procedures must enable each BD, FCM or IB to form a reasonable belief that it knows the true identity of each customer. The procedures must be based on the BD s FCM s or IB s assessment of the relevant risks, including those presented by the various types of accounts maintained, the various methods of opening accounts, the various types of identifying information available, and the BD s FCM s or IB s size, location and customer base. 27

28 CIP Customer Identity Verification Procedures Each BD, FCM and IB must implement a written CIP appropriate for its size and business that, at a minimum, include: Identity and verification procedures Procedures for opening an account that specify identifying information that will be obtained from each customer Procedures for verifying the identity of each customer that describe when the BD, FCM or IB will use documents, non-documentary methods, or a combination of both methods Means of verification: Verification through documents Verification through non-documentary methods Additional verification for certain customers Lack of verification 28

29 CIP Recordkeeping & Retention of Records Recordkeeping: the CIP must include procedures for making and maintaining a record of all information obtained under procedures implementing a CIP Retention of records Documentary records must be retained for five years after the account is closed. Records made when identity is verified through non-documentary means must be retained for five years after the record is made. Comparison with government lists: the CIP must include procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency. Identifying high-risk accounts and jurisdictions Customer notice Reliance on another FI 29

30 Customer Identification Procedures Supplemental Authorities FINRA Rule 3310; NASD Notice to Members 03-34; Customer Account Record Information SEC Rule 17a-3(a)(17) NFA Compliance Rule 2-9 Interpretive Guidance 30

31 Customer Due Diligence/Beneficial Ownership CDD/BO Rule Overview Covered FIs are required to establish and maintain written procedures that are reasonably designed to identify and verify BOs of legal entity customers and are required to comply by 5/11/18 (31 C.F.R ) Establish appropriate risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships and to conduct ongoing monitoring to identify and report suspicious transactions, and, on risk basis, to maintain and update customer information (31 C.F.R ; ) Applicability Covered FIs include: Depository institutions BDs Mutual funds FCMs and IBs in commodities 31

32 Customer Due Diligence/Beneficial Ownership Legal Entity Customers (two types) Ownership prong The term beneficial owner includes each individual who, directly or indirectly, owns 25 percent or more of the equity interests of the legal entity customer. Control prong The term beneficial owner means a single individual with significant responsibility to control, manage, or direct the legal entity customer (e.g., a Chief Executive Officer, Vice President, or Treasurer). 32

33 Customer Due Diligence/Beneficial Ownership Identify the beneficial owner(s) of each legal entity customer at the time a new account is opened, unless the customer is otherwise excluded or the account is exempted. Covered FIs also must verify the identity of each BO by using risk-based procedures to the extent reasonable and practicable. Covered FIs are required to retain records of the information they obtain regarding BO. Risk-based Due Diligence Requirements 33

34 Customer Due Diligence/Beneficial Ownership CDD/BO Rule Detailed Review General requirements: covered FIs (including BDs, FCMs and IBs) are required to establish and maintain written procedures that are reasonably designed to identify and verify BOs of legal entity customers and to include such procedures in their AML program required under the BSA and its implementing regulations. Identification and verification. The covered FI s CDD procedures shall enable the institution to: Identify the BO(s) of each legal entity customer at the time a new account is opened, unless the customer is otherwise excluded (using the regulation form or other means). Verify the identity of each BO identified to the covered FI, according to risk-based procedures to the extent reasonable and practicable. 34

35 Customer Due Diligence/Beneficial Ownership CDD/BO Rule Definitions Account means a formal relationship with a BD established to effect transactions in securities, including, but not limited to, the purchase or sale of securities and securities loaned and borrowed activity, and to hold securities or other assets for safekeeping or as collateral. Account means a formal relationship with an FCM or IB, including, but not limited to, those established to effect transactions in contracts of sale of a commodity for future delivery, options on any contract of sale of a commodity for future delivery, or options on a commodity. 35

36 Customer Due Diligence/Beneficial Ownership Account does not include: An account that the BD, FCM or IB acquires through any acquisition, merger, purchase of assets, or assumption of liabilities; or An account opened for the purpose of participating in an employee benefit plan established under the Employee Retirement Income Security Act of New Account Definition: new account means each account opened at a covered FI by a legal entity customer on or after the applicability date. 36

37 Customer Due Diligence/Beneficial Ownership BO Definition (Ownership Prong and Control Prong) Each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a legal entity customer; and A single individual with significant responsibility to control, manage, or direct a legal entity customer, including and executive officer or senior manager; e.g. Chief Executive Officer Chief Financial Officer Chief Operating Officer Managing Member General Partner President Vice-President Treasurer Or, any individual who performs similar functions (control prong) 37

38 Customer Due Diligence/Beneficial Ownership Legal Entity Customer: means a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account. 38

39 Customer Due Diligence/Beneficial Ownership Legal entity customer does not include (among others): An FI regulated by a Federal functional regulator or a bank regulated by a State bank regulator; An issuer of a class of securities registered under Section 12 of the Securities Exchange Act of 1934 or that is required to file reports under Section 15(d) of that Act; An investment company, as defined in Section 3 of the Investment Company Act of 1940, that is registered with the SEC under that Act; An investment adviser, as defined in Section 202(a)(11) of the Investment Advisers Act of 1940, that is registered with the SEC under that Act; An exchange or clearing agency, as defined in Section 3 of the Securities Exchange Act of 1934, that is registered under Section 6 or 17A of that Act; Any other entity registered with the Securities and Exchange Commission under the Securities Exchange Act of 1934; A registered entity, commodity pool operator, commodity trading advisor, retail foreign exchange dealer, swap dealer, or major swap participant, each as defined in section 1a of the Commodity Exchange Act, that is registered with the CFTC; A bank holding company, as defined in Section 2 of the Bank Holding Company Act of 1956 (12 U.S.C. 1841) or savings and loan holding company, as defined in Section 10(n) of the Home Owners' Loan Act (12 U.S.C. 1467a(n)); A pooled investment vehicle that is operated or advised by an excluded FI; An insurance company that is regulated by a State; A foreign financial institution established in a jurisdiction where the regulator of such institution maintains beneficial ownership information regarding such institution; 39

40 Customer Due Diligence/Beneficial Ownership Exemptions Covered FIs are exempt from the requirements to identify and verify the identity of the BOs only to the extent the FI opens an account for a legal entity customer that is: At the point-of-sale to provide credit products, including commercial private label credit cards, solely for the purchase of retail goods and/or services at these retailers, up to a limit of $50,000; To finance the purchase of postage and for which payments are remitted directly by the FI to the provider of the postage products; To finance insurance premiums and for which payments are remitted directly by the FI to the insurance provider or broker; To finance the purchase or leasing of equipment and for which payments are remitted directly by the FI to the vendor or lessor of this equipment. 40

41 Customer Due Diligence/Beneficial Ownership Limitations on Exemptions: The exemptions do not apply to transaction accounts through which a legal entity customer can make payments to, or receive payments from, third parties. If there is the possibility of a cash refund on the account activity identified in relevant sections, then BO of the legal entity customer must be identified and verified by the FI as required in the rule, either at the time of initial remittance, or at the time such refund occurs. 41

42 Customer Due Diligence/Beneficial Ownership Recordkeeping requirements: a covered FI must establish procedures for making and maintaining a record of all information obtained under the procedures implementing the BO rule. Retention of records requirements: a covered FI must retain the identification records for five years after the date the account is closed, and verification records shall be retained for five years after the record is made. Reliance on another FI requirements: a covered FI may rely on the performance by another FI (including an affiliate) with respect to any legal entity customer of the covered FI that is opening, or has opened, an account or has established a similar business relationship with the other FI to provide or engage in services, dealings, or other financial transactions. 42

43 Customer Due Diligence/Beneficial Ownership Appropriate risk-based procedures for conducting ongoing customer CDD, to include: Understanding the nature and purpose of the customer relationships; and Conducting ongoing monitoring to identify and report suspicious transactions and on a risk basis, to maintain and update customer information. 43

44 AML Summary Summary of AML program requirements for covered FIs: Establishment of policies, procedures and internal controls; Independent testing; Designation of a compliance officer or individual(s) responsible for day-today compliance; Training for appropriate personnel; and Appropriate risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships and to conduct ongoing monitoring to identify and report suspicious transactions, and, on risk basis, to maintain and update customer information. 44

45 CIP-Related Violations Case Examples FINRA Letter of Acceptance, Waiver and Consent No (5/18/16) Raymond James & Associates, Inc. In re Morgan Stanley Smith Barney, LLC (CFTC Administrative Order 9/15/14) Each of these cases highlight a failure of in some element of an entity s CIP with respect to formulation or execution that in some cases resulted in compliance personnel being held personally accountable. 45

46 CIP-Related Violations Case Examples FINRA Letter of Acceptance, Waiver and Consent No (5/18/16) Raymond James & Associates, Inc. (RJA) RJA and affiliate fined $17 million for AML-related violations including a failure to establish and maintain an adequate Customer Identification Program as part of the firm s AML program. RJA s AML Chief Compliance Officer (AMLCO) fined $25,000 and suspended for three months. From 2006 to 2014, two relevant RJA affiliates experienced significant growth, going from 2,398 registered persons in 190 branches 5,294 personnel in 445 branches. The two RJA entities, however, did not dedicate resources to match the firms growth with reasonable AML compliance systems and procedures. RJA s AML compliance officer failed to establish AML compliance programs tailored to each firm s business and instead relied on a patchwork of written procedures and systems across several departments to detect suspicious activity. These systems and procedures were not coordinated to allow the firms to link patterns and trends of suspicious conduct leaving certain risk areas and certain red flags unchecked. 46

47 CIP-Related Violations Case Examples RJA did not have single written procedures manual describing its AML procedures; rather to the extent written procedures existed addressing supervision related to AML, they were scattered through various departments. RJA Entity #1 unreasonably delegated its CIP responsibilities to RJA Entity #2 and therefore did not have an adequate CIP. There was not any formal agreement between the two entities detailing how and when RJA Entity #2 would provide a CIP service to the other RJA Entity. The AMLCO was aware that RJA Entity #2 was providing this service but was not involved in establishing the scope or parameters of RJA Entity 2 s CIP; RJA Entity #1 also relied on RJA Entity #2 to audit the former s compliance with its CIP. RJA failed to verify CIP information in a reasonable and timely matter; RJA also had a backlog of CIP exceptions that it failed to review. As a result, RJA violated 31 C.F.R and FINRA Rules 3310(b) and As noted, the AMLCO was suspended for three months from association with any FINRA member and agreed to pay a $25,000 fine. 47

48 CIP-Related Violations Case Examples In re Morgan Stanley Smith Barney, LLC (MSSB) (CFTC Administrative Order 9/15/14) Registered FCM fined $280,000 for failing to follow its CIP and enhanced due diligence (EDD) procedures along with record-keeping failures. MSSB handled accounts held by fraudulent SureInvestment entities and Benjamin Wilson who were engaged in a $35 million Ponzi scheme. In 2013, Wilson pled guilty to criminal charges brought by the U.K. Financial Conduct Authority. Neither Wilson nor any of the SureInvestment entities previously had an account at MSSB. Based on SureInvestment s representations, MSSB understood that SureInvestment planned to initially fund the account with $100 million. Two SureInvestment entities were located in the high-risk jurisdiction of the British Virgin Islands (BVI) and therefore should have been subject to EDD procedures. 48

49 CIP-Related Violations Case Examples Pursuant to the EDD and CIP process, specific types of documents were required from SureInvestment in order for MSSB to open the accounts. One of the documents produced by SureInvestment was a 2008 audit of a separate Surelnvestment entity domiciled in the BVI. Though this entity was not seeking to open an account, MSSB incorporated the audit into its account verification process for the other Surelnvestment entities. 49

50 CIP-Related Violations Case Examples The 2008 audit received by MSSB on its face contained several suspicious irregularities. The audit contained numerous typos throughout the document. SureInvestment also produced similar audits from 2006 and 2007 which contained the same typos as the 2008 version. A 2009 audit was never produced even though other materials provided by SureInvestment to MSSB reflected operations by the audited entity through at least November A simple internet search would have revealed that neither the SureInvestment entity that was the subject of the audits nor the purported BVI auditing firm and its principals actually existed. Wilson provided MSSB with prospectuses and similar documents regarding the non-existent SureInvestment entity claiming a compounded average return on investment from 2003 to 2009 of 2,850%, with profits earned in 72 of the 76 months or trading including a string of 45 consecutive profitable months. 50

51 CIP-Related Violations Case Examples Summary/Takeaways: Documents provided in response to CIP requirements should be examined with care. Red flags in CIP-provided documents need to be investigated. 51

52 Part II Objectives & Outline Learning Objectives 1. Knowledge of SAR filing, recordkeeping and confidentiality requirements 2. Familiarity with Office of Foreign Assets Control (OFAC) requirements 3. Learn from case summaries Segment Outline 1. SAR Filing/Recordkeeping/Security Overview (LO 1) 2. Case summaries of sample cases that highlight SAR filing failures (LO 3) 3. Introduction of OFAC requirements (LO 2) 4. Case summaries of sample cases that highlight failures to meet OFAC requirements (LO 3) 52

53 SAR Filing Section Overview SAR Filing Requirements SAR Recordkeeping and Retention of Records Requirements Confidentiality of SARs Other Considerations Sources SAR Rule for BDs (31 C.F.R ) and for FCMs and IBs (31 C.F.R ) FINRA Rule 3310 NFA Compliance Rule 2-9 Interpretive Guidance 53

54 SAR Filing Requirements SAR Filing Rule for BDs (31 C.F.R ) and FCMs and IBs (31 C.F.R ) Triggering events: a transaction requires reporting if it is conducted or attempted by, at, or through a BD, FCM or IB, it involves or aggregates funds or other assets of at least $5,000, and the BD, FCM or IB knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part): Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation; Is designed, whether through structuring or other means, to evade any requirements of this chapter or of any other regulations promulgated under the BSA; Has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the BD, FCM or IB knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or Involves use of the BD, FCM or IB to facilitate criminal activity. 54

55 SAR Filing Requirements When to file a SAR: A SAR shall be filed no later than 30 calendar days after the date of the initial detection by the reporting BD, FCM or IB of facts that may constitute a basis for filing a SAR under the rule. If no suspect is identified on the date of such initial detection, a BD, FCM or IB may delay filing a SAR for an additional 30 calendar days to identify a suspect, but in no case shall reporting be delayed more than 60 calendar days after the date of such initial detection. In situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, the BD, FCM or IB shall immediately notify by telephone an appropriate law enforcement authority in addition to filing timely a SAR. BDs, FCMs and IBs wishing voluntarily to report suspicious transactions that may relate to terrorist activity may call FinCEN's Financial Institutions Hotline at in addition to filing timely a SAR. 55

56 SAR Filing Requirements Exceptions: a BD, FCM or IB is not required to file a SAR to report when: A robbery or burglary committed or attempted of the BD that is reported to appropriate law enforcement authorities, or for lost, missing, counterfeit, or stolen securities with respect to which the BD files a report pursuant to the reporting requirements of 17 C.F.R f-1. A robbery or burglary committed or attempted of the FCM or IB that is reported to appropriate law enforcement authorities. A violation otherwise required to be reported of any of the Federal securities laws or rules of an SRO by the BD or any of its officers, directors, employees, or other registered representatives, other than a violation of 17 C.F.R a-8 or 17 C.F.R , so long as such violation is appropriately reported to the SEC or an SRO. A violation otherwise required to be reported under the CEA (7 U.S.C. 1 et seq.), the regulations of the CFTC (17 C.F.R. Chapter I), or the rules of any registered futures association or registered entity as those terms are defined in the CEA, 7 U.S.C. 21 and 7 U.S.C. 1a(29), by the FCM or IB or any of its officers, directors, employees, or associated persons, other than a violation of 17 C.F.R. 42.2, as long as such violation is appropriately reported to the CFTC or a registered futures association or registered entity. 56

57 SAR Filing Requirements Retention of records requirements: A BD, FCM or IB shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of filing the SAR. Supporting documentation shall be identified as such and maintained by the BD, FCM or IB, and shall be deemed to have been filed with the SAR. A BD shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the BD for compliance with the BSA, upon request; or to any SRO that examines the BD for compliance with the requirements of this section, upon the request of the SEC. An FCM or IB shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the FCM or IB for compliance with the BSA, upon request; or to any registered futures association or registered entity (as defined in the Commodity Exchange Act, 7 U.S.C. 21 and 7 U.S.C. 1(a)(29)) (collectively, an SRO) that examines the FCM or IB for compliance with the requirements of this section, upon the request of the CFTC. 57

58 SAR Filing Requirements Confidentiality of SARs requirements. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized under certain circumstances as specified in the applicable rules of construction. Prohibition on disclosures by BDs, FCMS and IBs: no BD, FCM or IB, and no director, officer, employee, or agent of any BD, FCM or IB, shall disclose a SAR or any information that would reveal the existence of a SAR. Any BD, FCM or IB, and any director, officer, employee, or agent of any BD, FCM or IB that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing the rule and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto. 58

59 SAR Filing Requirements Confidentiality Rules of Construction: provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, the regulations should not be construed as prohibiting the disclosure by a BD, FCM or IB, or any director, officer, employee, or agent of a BD, FCM or IB, of: A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the BD, FCM or IB for compliance with the BSA; Or to any SRO that examines the BD, FCM or IB for compliance with the requirements of this section, upon the request of the SEC or CFTC. 59

60 SAR Filing Requirements Confidentiality Rules of Construction (permissible disclosures): The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures: To another FI, or any director, officer, employee, or agent of a FI, for the preparation of a joint SAR; or In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B); or The sharing by a BD, FCM or IB, or any director, officer, employee, or agent of the BD, FCM or IB, of a SAR, or any information that would reveal the existence of a SAR, within the BD s FCM's or IB's corporate organizational structure for purposes consistent with Title II of the BSA as determined by regulation or in guidance. 60

61 SAR Filing Requirements Confidentiality Rules of Construction Prohibition on disclosures by government authorities: A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the BSA. Official duties shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 C.F.R

62 SAR Filing Requirements Prohibition on disclosures by SROs: Any SRO registered with or designated by the SEC or CFTC, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR except as necessary to fulfill self-regulatory duties upon the request of the SEC or CFTC, in a manner consistent with Title II of the BSA. Self-regulatory duties shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding. 62

63 SAR Filing Requirements Limitation on liability: A BD, FCM or IB, and any director, officer, employee, or agent of any BD, FCM or IB, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by the BSA. 63

64 SAR Filing Requirements Compliance: BDs, FCMs or IBs shall be examined by FinCEN or its delegatees for compliance with regulations. Failure to satisfy regulatory requirements may be a violation of the BSA and applicable regulations. 64

65 SAR Filing Violations Case Examples Albert Fried & Company (SEC Administrative Order 6/1/16) In re Oppenheimer & Co. Inc. (SEC Administrative Order 1/27/15) Each highlights SAR filing failures and sample red flags missed in different contexts. 65

66 SAR Filing Violations Case Examples Albert Fried & Company (SEC Administrative Order 6/1/16) From at least August 2010 through October 2015, Albert Fried & Company, LLC (Albert Fried), a registered BD, failed to file SARs over a five-year period when it knew, suspected, or had reason to suspect that certain transactions involved the use of this BD to facilitate fraudulent activity or had no business or apparent lawful purpose. Albert Fried was ordered to: cease and desist from committing or causing any violations and any future violations of Section 17(a) of the Exchange Act and Rule 17a-8; censured; and fined $300,

67 SAR Filing Violations Case Examples Albert Fried s AML policies and procedures listed a number of specific examples of suspicious activities that should have triggered internal reviews and, in a number of instances, SAR filings including: Trading that constitutes a substantial portion of all trading for the day in a particular security; Heavy trading in low-priced securities; and Unusually large deposits of funds or securities. 67

68 SAR Filing Violations Case Examples Albert Fried also failed to respond to or investigate other suspicious activity such as: Sales were often in large volumes and constituted a substantial percentage of the daily market volume in the security. On more than one occasion, a single customer s trading in a security on a given day exceeded 80% of the overall market volume. In another instance on three of the four days in which one customer sold a particular security, the customer s trading accounted for more than 59% of the daily market volume ranging from 59.07% to 77.65%. These liquidations were coupled with other indicia that should have further heightened suspicion and raised concerns for Albert Fried. Its customers were trading in certain issuers that were delinquent in their SEC filings or that had ongoing penny stock promotional campaigns, executive employees with histories of securities fraud, or significant accumulated deficits. 68

69 SAR Filing Violations Case Examples In other instances, Albert Fried became aware of additional suspicious transactions or other red flags related to its customers subsequent to their suspicious penny stock trading including: Albert Fried received regulatory inquiries and grand jury subpoenas. Other BDs rejected Albert Fried s attempts to transfer its customer s securities. Immediately following the liquidation of an issuer s securities, an Albert Fried customer transferred the entirety of its cash proceeds out of its Albert Fried account. Albert Fried became aware of a customer s executive being charged with criminal securities fraud charges. Albert Fried knew or should have known that the SEC suspended trading in a security that was recently liquidated by its customer. Albert Fried failed to properly evaluate its customers already suspicious high volume trading in light of these red flags. 69

70 SAR Filing Violations Case Examples Despite the express requirement to do so under its policies, Albert Fried never conducted a documented risk assessment and review of its customer trading in the wake of regulatory and criminal inquiries concerning certain customers conduct. In determining whether to file a SAR, Albert Fried relied on its deposit security request process, which was aimed at reviewing deposits for unregistered offerings, but did not conduct separate AML reviews concerning the suspiciousness of its customers systematic sale of low-priced securities shortly after they were deposited. Albert Fried s lack of scrutiny contravened its written policies, which required it to detect and investigate suspicious transactions and to file SARs, if necessary. 70

71 SAR Filing Violations Case Examples In re Oppenheimer & Co. Inc. (SEC Administrative Order 1/27/15) Between July 2008 and May 2009, Oppenheimer executed sales of billions of shares of penny stock for an account in the name of its customer, Gibraltar Global Securities, Inc. (Gibraltar) a BD licensed in the Bahamas. Although Gibraltar purportedly maintained a proprietary account, Oppenheimer knew that Gibraltar was actually executing transactions and providing brokerage services for its customers, many of whom were U.S. persons. Oppenheimer was ordered to pay a $10 million fine to the SEC (and $10 million to FinCEN in a parallel case) for failing to file SARs among other violations. 71

72 SAR Filing Violations Case Examples Through Oppenheimer s conduct, Gibraltar acted as a broker in the United States even though it was not registered with the SEC as required by the federal securities laws. Although Gibraltar was exempt from paying U.S. taxes on its own profits from sales of securities in the U.S., it used its exempt status as a means to enable its U.S. customers to avoid paying taxes. 72