The Securities and Exchange Commission’s (SEC) Division of Examinations (EXAMS) recently issued a risk alert detailing compliance concerns related to anti-money laundering (AML) obligations of broker-dealers. The risk alert chronicles various compliance deficiencies observed during recent examinations of broker-dealers’ suspicious activity monitoring and reporting obligations under the Bank Secrecy Act (BSA) and related regulations.
Broker-dealers are among those types of financial institutions that are subject to AML regulations, which are primarily administered by the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury. While FinCEN is the administrator and lead regulator of the AML regulations, the SEC has broad jurisdiction over broker-dealers and enforces their compliance with the AML regulations.
Chief among a broker-dealer’s obligations under the AML regulations is the requirement to report “any suspicious transaction that it believes is relevant to the possible violation of any law or regulation” through a Suspicious Activity Report (SAR). While FinCEN’s regulations list specific types of conduct that must be reported based on dollar amount and nature of the activity, the SEC and other regulators, such as the Financial Industry Regulatory Authority (FINRA), have increasingly taken a broad view of the expansive range of activities for which broker-dealers should file SARs.1
While the risk alert relays a number of broad-based principles to ensure compliance with various requirements under the AML regulations, it highlights in particular the SEC’s ongoing focus on monitoring trading in low-priced securities, or so-called “penny stocks” or “microcap securities.” The risk alert follows recent, widely publicized market volatility in these securities connected to social media promotion of these stocks, including the recent “meme stock” phenomenon, which involves dramatic upticks in the trading volume and price of securities or other instruments that appear to be primarily driven by social media sentiment, with no clear connection to issuer or market fundamentals.
Broker-dealers should review the risk alert to ensure their awareness of the SEC’s current focus on AML compliance, especially against the backdrop of current events involving the intersection of penny stock trading and social media activity. We note in particular three thematic areas of focus contained in the alert: first, concerns about trading in penny stocks; second, obligations to monitor trading against simultaneous promotional efforts of that stock; and third, monitoring and reporting trading based on the individuals connected to that activity.
Penny Stock Trading
Nearly all of the risk alert’s broad categories of BSA-related compliance deficiencies include at least one, and often more, example that involves trading in penny stocks. The risk alert provides five examples of inadequately designed SAR monitoring and reporting policies and procedures; within those examples, connection to trading in penny stocks plays a central role, as the SEC highlights firms’ failure to tailor their AML compliance programs to detect red flags and address risks related to trading activity in penny stocks. For example, the risk alert notes the choice by some broker-dealers to use dollar thresholds for monitoring that did not align with the full scope of the regulatory definition of “penny stock.” In addition, the risk alert’s highlighting of firms’ “unreasonable reliance” on the use of manual review of trading instead of automated systems for trading in large volumes also speaks to the firms’ obligations related to penny stocks because such securities are often traded in vast quantities.
The risk alert also emphasizes how surges in penny stock trades should raise related concerns—including sales of unregistered securities and pump-and-dump schemes—that often involve penny stocks. Specifically, the SEC faults broker-dealers for failing to respond to, and treat as suspicious activity, red flags related to trading in penny stocks, including:
- Large deposits followed by immediate liquidation of penny stocks.
- Patterns of trading activity, including large sales of penny stocks of multiple issuers by the same customers.
- Trading representing most, if not all, volume in thinly traded penny stocks that causes sudden spikes in the price of those securities.
- Trading in issuers that are the subject of published warnings from over-the-counter quotation systems because the issuers were not in compliance with SEC reporting obligations.
Moreover, the SEC’s examples of broker-dealers that file inaccurate or incomplete SARs include scenarios involving trading in low-priced securities, where the broker-dealer does not disclose relevant facts known to the firm, including:
- Not disclosing concerns about suspected promoters and issuers of penny stocks.
- Reporting a deposit of penny stocks but not reporting the subsequent liquidation of those stocks or failing to report multiple deposits in the same security.
The risk alert makes clear that broker-dealers should be reviewing, and adjusting as necessary, their policies, procedures, and controls to detect suspicious activity around penny stocks and that they should be monitoring and reporting on such activity as well. Looking at the SEC’s mandate more broadly, the risk alert’s detailing of examples of various suspicious activities involving penny stocks underscores the intersection of the SEC’s historic concerns with penny stock trading with current events involving social-media-driven trading and how this remains an area ripe for enforcement. This focus has been borne out in recent trading halts and other regulatory actions against schemes involving penny stock activity.
Monitoring Trading Activity Against Current Events
Although not addressed in great detail, the risk alert notably highlights examples that indicate focus by the SEC on how broker-dealers monitor trading activity against publicly available information, including known promoters or issuers of penny stocks, and transaction activity linked to “simultaneous promotional activity” evidenced in publicly available information.
Affiliations with Disreputable or Conflicted Individuals
The risk alert also displays the SEC’s focus on the related requirement for broker-dealers to understand the backgrounds of their associated persons and customers under the AML regulations and to report suspicious activity that takes this information into account. The risk alert lists a number of red flags that the EXAMS staff believes should have triggered a more detailed review and SAR filing that relate to the character or ties of relevant individuals. The red flags enumerated in the risk alert include affiliates or officers with a history of securities law violations, customers with “questionable backgrounds” that may include being the subject of criminal, civil, or regulatory actions, or trading by customers that were affiliates or control persons of the issuer.
The SEC’s focus on these character-related red flags illustrates another core obligation of broker-dealers under the AML regulations, which is to serve as a gatekeeper for those who would access the securities markets through the broker-dealer firm and to use information known or reasonably available to them to inform their AML systems and any resulting SAR reports.
Takeaways About Possible Future Enforcement
The SEC’s approach to enforcement is certain to change under the Biden Administration and presumptive future chairman Gary Gensler. The issuance of the risk alert highlights AML-related violations as an ongoing source of future enforcement actions against broker-dealers. At a minimum, the risk alert underscores the need for broker-dealers to remain vigilant about their AML obligations in the new Administration. As evidenced in past actions, the costs of failed compliance uncovered through regulatory enforcement actions remain considerable, and negative outcomes can include publicized investigations and settlements that frequently involve high-dollar fines and costly required overhauls, including “SAR lookbacks,” which require the regulated entity to conduct time-consuming retrospective reviews of years of transactional activity to determine in hindsight whether SARs should have been filed on given activities. Although the scope of a SAR lookback can be narrow or broad, any lookback necessarily involves a significant dedication of resources and attention and consultation with third-party experts. The findings of an initial lookback sometimes require an even deeper, more targeted investigation into an entity’s transactional history, tying up an entity for years.
That the risk alert—which incorporates findings from several years of exams under the previous Administration—was issued during the honeymoon period of the incoming Biden Administration indicates that broker-dealers and other industry participants should expect AML compliance and SAR reporting obligations to be a focus of the SEC as they tighten the clamp more broadly on the securities industry. As it has in the past, SEC staff will of course focus on activities that intersect with well-publicized current events that could impact public confidence in the securities markets, and the SEC will likely look to broker-dealers involved in those events to test their controls around policing suspicious activities conducted on broker-dealer platforms.
1 In addition to the risk alert, broker-dealers should review other recent regulatory guidance, for example, FINRA’s Regulatory Notice 19-18, which highlights a range of examples of what sorts of activity may trigger a firm’s SAR filing obligations.