On January 26, 2015, the Financial Crimes Enforcement Network (FinCEN), in cooperation with the US Securities and Exchange Commission (SEC), issued a $20 million civil penalty against securities broker- dealer Oppenheimer & Co., Inc. (Oppenheimer) for violations of the Bank Secrecy Act (BSA) from 2008 through May 2014. Of the $20 million penalty assessed, $10 million is concurrent with penalties, disgorgement and prejudgment interest imposed by the SEC
According to FinCEN, Oppenheimer failed to establish and implement adequate policies, procedures and internal controls reasonably designed to detect and report suspicious activity related to penny stock transactions in customer accounts. FinCEN identified 16 customers who engaged in patterns of suspicious trading. The government noted numerous red flags that should have prompted further inquiry by Oppenheimer. Specifically, the majority of suspicious sales revealed the same two fraud indicators: (1) the securities at issue were penny stocks for which no registration statement was in effect for the sale, and (2) the customers were repeatedly depositing large blocks of securities, selling them shortly after the deposit and immediately transferring the proceeds out of their Oppenheimer accounts. Emphasizing the inherent risk associated with penny stocks, FinCEN noted that while Oppenheimer’s written policies acknowledged the risks and rated them as high, its personnel failed to conduct adequate monitoring of customer trading in penny stocks for suspicious activity.
FinCEN also highlighted shortcomings in Oppenheimer’s compliance structure by summarizing the firm’s handling of its account for Gibraltar Global Securities, Inc., a Bahamas-based broker-dealer. Oppenheimer’s written AML policy required special due diligence on foreign financial institutions (FFI) and restricted activity in accounts held by FFIs except in very limited circumstances. According to FinCEN, Oppenheimer had designated Gibraltar as a high-risk account in 2007 because it was a foreign broker- dealer. However, despite Gibraltar’s “high-risk” designation, Oppenheimer took no steps to assess Gibraltar’s risk as an FFI and failed to conduct adequate due diligence when Gibraltar opened the account. Moreover, despite Oppenheimer’s having policies in place requiring its AML unit to conduct periodic reviews of FFI accounts, Oppenheimer failed to implement such policies, resulting in a failure to adequately monitor Gibraltar’s transactions.
In addition to deficiencies in due diligence, FinCEN sharply criticized “information silos,” which contributed to Oppenheimer’s failure to detect and report suspicious activity. Specifically, Oppenheimer’s compliance function isolated groups of personnel within the same department who were responsible for reviewing different information or activity. As a result, critical information was not shared across the institution and often not elevated to the Chief AML Compliance Officer.
Oppenheimer was also found to have violated rules imposing special measures under the USA PATRIOT Act. Under the Act, the Director of FinCEN is given the authority to issue rules imposing “special measures” against the “primary money laundering concern” if she believes that reasonable grounds exist for concluding that a foreign jurisdiction, institution, class of transaction or type of account is of “primary money laundering concern.” Between March 2006 and March 2007, FinCEN imposed special measures against three FFIs of primary money laundering concern. Oppenheimer was obligated to notify its correspondent accounts of the special measures against the FFIs and failed to send the required notices. According to the assessment, Oppenheimer was initially unaware of its duty to notify correspondent accounts of the special measures, and then failed to act, upon being notified of the requirement. FinCEN acknowledged that no determination had been made as to whether Oppenheimer actually did business with an FFI designated as a primary money laundering concern.
FinCEN’s assessment references prior civil monetary penalties imposed against Oppenheimer, including a $2.8 million in 2005 imposed by FinCEN and the New York Stock Exchange for failing to implement an adequate AML program and failing to identify and report suspicious activity. In addition, Oppenheimer was previously fined $1.4 million by the Financial Industry Regulatory Authority (FINRA) for violations of securities laws and anti-money laundering failures. In a press release issued by FinCEN, Director Jennifer Shasky Calvery noted the previous enforcement actions and stated “[i]t is clear that their compliance culture must change.” FinCEN recently issued an advisory on “promoting a culture of compliance,” which lays out expectations for compliance, including board engagement and information sharing.
Finally, the assessment addressed the willfulness standard for proving civil violations of the BSA. FinCEN specifically noted that the government need only show “reckless disregard” or “willful blindness” with respect to the AML deficiencies, as opposed to actual knowledge. According to FinCEN, it is not necessary for the entity to have an improper motive or bad purpose (such as compliance compromised by revenue considerations) in order to impose a civil penalty.