In what appears to be a flurry of updates and newly-issued regulatory guidance (see Steele’s coverage of OFAC guidance and DOJ’s Evaluation of Corporate Compliance Programs), the Financial Industry Regulatory Authority (“FINRA”) has just issued Regulatory Notice 19-18 (the “Notice”) to provide guidance to member firms regarding suspicious activity monitoring and reporting obligations under FINRA Rule 3310 (Anti-Money Laundering Compliance Program).

The Notice was published to assist broker-dealers in complying with their existing obligation under Bank Secrecy Act and Anti-Money Laundering (“BSA/AML”) requirements.  The Notice provides a summary of the requirements under FINRA Rule 3310:

to develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the member’s compliance with the requirements of the Bank Secrecy Act (31 U.S.C. 5311, et seq.), and the implementing regulations promulgated thereunder by the Department of the Treasury…[and] (a) Establish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of transactions required under 31 U.S.C. 5318(g) and the implementing regulations thereunder.

In sum, broker-dealers subject to FINRA Rule 3310 must monitor for and report suspicious activity. The question arises as to what types of activity broker-dealers must monitor for, and what activity would be considered suspicious, to result in the filing of a Suspicious Activity Report (“SAR.”)

In 2002, FINRA published a list of money laundering red flags in Notice to Members 02-21.  Since then, guidance has been published by various government organizations outlining additional red flags applicable to the securities industry.  The purpose of the recently issued Notice is to provide examples of these additional red flags for broker-dealers to consider as part of their AML programs, incorporate into policies and procedures, and determine what further actions to take (additional customer due diligence, investigations, SAR filings, etc.). The Notice indicates that the document is not creating new requirements or expectations, but enhancing its previously issued guidance.

The Notice indicates that the red flag list is not exhaustive and cautions that this does not guarantee compliance with AML program requirements or provide a safe harbor from regulatory responsibility.

Interestingly, the Notice specifically addresses “digital assets” as an emerging area of risk and notes that regardless of whether these assets are determined to be securities, broker-dealers must follow BSA/AML and SAR filing requirements.

The Notice takes the format of listing potential red flags, with some examples and explanations, for the following six (6) topics:

  1. Potential Red Flags in Customer Due Diligence and Interactions with Customers
  2. Potential Red Flags in Deposits of Securities
  3. Potential Red Flags in Securities Trading
  4. Potential Red Flags in Money Movements
  5. Potential Red Flags in Insurance Products
  6. Other Potential Red Flags

Overall, nearly 100 unique red flags are identified. While there may be a category that does not apply to all broker-dealers (such as insurance products, if not offered), many of these categories will apply to all firms.  All firms have customer due diligence programs and participate in money movements and securities deposits or trading. Regardless, it would be prudent for all broker-dealers to review these flags and see which would potentially be applicable.

The Notice and red flags highlight the importance of whether the customer and/or the transaction makes sense.  Does the activity fit with the anticipated activity? Has the customer been rejected or terminated by another financial services firm?  Is there something unusual about the information the customer has provided or the attempted transaction?

Several red flags that are particularly interesting:

I. 11.  The customer is publicly known or known to the firm to have criminal, civil, or regulatory proceedings against him or her for crime, corruption or misuse of public funds, or is known to association with such persons. Sources for this information could include news items, the Internet or commercial database searches.

II. 6. The customer’s explanation or documents purporting to evidence how the customer acquired the shares does not make sense or changes upon questioning by the firm or other parties. Such documents could include questionable legal opinions or securities purchase agreements.

III. 17. The firm receives regulatory inquiries or grand jury or other subpoenas concerning the firm’s customers’ trading.

VI. 2. The customer exhibits unusual concern with the firm’s compliance with government reporting requirements and the firm’s AML policies.

VI. 4. Notifications received from the broker-dealer’s clearing firm that the clearing firm had identified potentially suspicious activity in customer accounts. Such notifications can take the form of alerts or other concern regarding negative news, money movements or activity involving certain securities.

Taken together, these red flags indicate the important role of conducting proper due diligence and using negative news when reviewing the activity of a potential or existing client. Firms must use technology and tools available to them to conduct investigations of their client base. Furthermore, clients are becoming smarter and more savvy and may even ask about the specifics AML program of a broker-dealer.

In conjunction with the other regulatory guidance that has recently been published, it is evident that there is a push for regulated entities (whether financial institution or multi-national corporations) to not only have a compliance program, but to have one that is adequate and effective.  These guidance documents are useful tools for entities to use when creating risk-based AML programs.