On March 5, 2010, a Financial Industry Regulatory Authority (“FINRA”) Hearing Panel (“Hearing Panel”) issued a decision in which it found that the anti-money laundering (“AML”) procedures implemented by Alabama-based Sterne, Agee & Leach, Inc. (“Sterne” or the “Firm”), a regional clearing firm, from April 2002 through July 2005, and in most respects, for the period from July 2006 to April 2007,were reasonably designed to achieve and monitor compliance with the AML laws, as required by NASD Conduct Rule 3011.1 The Hearing Panel found that Sterne violated NASD Conduct Rules 3011 and 2110 and MSRB Rule G-41 in certain respects, and for these deficiencies, imposed a fine of $40,000.
[Note: During the relevant time period, Sterne was a registered broker-dealer with the Securities and Exchange Commission (“SEC”) and a member of FINRA. In 2005 and 2006, the Firm cleared for about 80 introducing firms and engaged in approximately 75,000 transactions per month. The focus of the allegations related to its clearing business.]
This decision is significant because it addresses what constitutes a “reasonable” AML program and discusses the factors that may support a finding of reasonableness.
FINRA’s Department of Enforcement filed a complaint against Sterne on Aug. 5, 2008 (“Complaint”), charging Sterne with violating NASD Conduct Rules 3011 and 2110 and MSRB Rule G-41, as follows:
- From April 24, 2002, through July 11, 2005, Sterne failed to develop and implement an adequate AML program because (i) the AML monitoring system was insufficiently automated to detect suspicious activities, (ii) the AML procedures provided insufficient guidance to operational personnel regarding detecting and escalating suspicious activity for review, and (iii) the AML training program was inadequate; and
- From July 1, 2006, through April 20, 2007, the design and implementation of Sterne’s AML program has deficient because of its inadequate procedures for (i) reviewing physical securities certificates, (ii) monitoring journal transfers, and (iii) identifying direct foreign financial institution accounts, and for its failure to (iv) have written procedures to comply with Section 312 enhanced due diligence (“EDD”) requirements, (v) identify certain accounts of foreign banks and obtain certifications from and send Section 311 notices to those foreign banks, and (vi) implement customer identification procedures (“CIP”) for delivery versus payment (“DVP”) accounts.
I. The Firm’s AML Program Between April 2002 and July 2005 Was Adequate and Reasonable The central issue in the Complaint—the one underlying FINRA’s allegation that Sterne’s AML program was not adequate—was that from April 24, 2002 (when broker-dealers were first required to implement AML programs) through July 11, 2005, Sterne’s AML program could not reasonably assure compliance with the requirements of the Bank Secrecy Act (“BSA) and NASD Conduct Rule 3011(a) because Sterne “had no meaningful way to monitor and potentially identify suspicious activity for its introduced accounts” in that Sterne largely used a manual system, which did not adequately detect suspicious activity. For this time period, the Complaint alleged a violation only with respect to Sterne’s clearing business.
FINRA further alleged that Sterne’s procedures failed to provide sufficient guidance on how to identify and review transactions for AML issues and how to escalate a review when AML issues are identified, and that the firm’s AML training was inadequate.
The Hearing Panel found that FINRA failed to meet its burden of proof to show that Sterne violated Conduct Rule 3011 by failing to establish and implement policies and procedures that can reasonably be expected to detect and cause the reporting of suspicious activity and transactions.
The Hearing Panel found that Sterne “made substantial efforts to design and implement an effective AML program” during this time period, and that the program could “‘be reasonably expected to detect and cause the reporting of suspicious activity and transactions.’” Specifically, during the period between April 2002 and July 2005, the Hearing Panel made the following findings regarding Sterne’s AML program:
- Sterne’s overall program was well-organized and the firm had a full-time AML compliance officer;
- The Firm’s system of monitoring for potential suspicious activity included operational personnel in various departments conducting manual reviews of: all deposit activity, wire activity, journal activity, fund disbursements, incoming wires, foreign accounts and new accounts;
- The Firm’s written AML policies and procedures included a list of about 25 red flags that the Hearing Panel found sufficiently specific to enable operational personnel to identify the account activity that raised them;
- The Firm’s AML monitoring process was not purely manual but evolved into a mix of manual and automated processes based on its needs for monitoring its clearing business; and
- The Firm’s AML training included general online training and, for certain personnel, it also included training by management, live seminars and workshops, conference calls, phone-in workshops, webcasts and additional AML reading materials, among other things.
Sterne’s system of monitoring for suspicious activity was reasonable. The Hearing Panel noted that there is little guidance on the degree of automation required under the BSA and Conduct Rule 3011 as part of a “reasonable AML program for a securities firm for 2002 through 2005.” Furthermore, the Hearing Panel noted that, in the April 2002 Notice to Members 02-21, FINRA advises that clearing firms should have automated systems, but does not discuss the type or degree of automation. Thus, FINRA did not show that it was unreasonable for Sterne not to have had a more automated system during the relevant time period.
Also, the AML software on the market during the relevant time period was expensive and burdensome. Based on a risk-based assessment, it was appropriate for Sterne to consider the cost of implementation in determining whether specific AML detection methods were required. FINRA also failed to show that Sterne’s AML monitoring and reporting procedures were not appropriate for the level of risk associated with its clearing business.
Finally, Sterne’s compliance efforts reasonably could be expected to and, in fact, did, detect suspicious activity. Its operations personnel were assigned sufficiently defined tasks to identify the types of red flags that were related to their specific duties, and they brought potential red flags to the attention of their supervisors and, as appropriate, the AML compliance officer. The only transactions that FINRA identified as suspicious were, in fact, detected by Sterne, which filed two SARs regarding them. Thus, FINRA did not show that Sterne’s procedures were inadequate to detect potential red flags.
Sterne’s written AML program had adequate procedures describing how to identify, review and escalate suspicious activity. Although FINRA alleged that Sterne’s written AML procedures provided insufficient guidance for its employees to identify and review transactions for AML issues, the Hearing Panel disagreed, finding that Sterne’s written procedures adequately described how to identify and review potential suspicious transactions and how to escalate red flags for further review. Sterne’s AML procedures identified the various departments that would review the transactions and the issues for which each department would conduct a review. The descriptions were reasonably specific and, together with the list of red flags, provided employees with sufficient direction as to how to identify red flags. Further, the AML procedures set forth the escalation procedures for bringing AML issues to the AML compliance officer’s attention. Thus, FINRA did not identify any missing AML procedures, or show, by a preponderance of the evidence, that Sterne’s written AML procedures provided inadequate guidance to the staff.
Sterne’s AML training program was reasonable. Regarding the allegations in the Complaint that Sterne’s AML training was inadequate, particularly because it allegedly failed to address the method for identifying red flags and the respective roles of employees with specific AML responsibilities, the Hearing Panel found that FINRA’s contention that there should have been more specialized training for certain employees was unfounded. The AML training video and supplemental information provided by vendors Bisys and eMind and the less formal guidance provided to employees was more than sufficient to educate the operations staff on their AML responsibilities. The Hearing Panel concluded by noting that the employees’ duties were sufficiently narrow and their attendance at departmental meetings where AML issues were discussed was sufficiently regular that they did not need additional training in order to spot red flags appropriate to their departments.
The Hearing Panel also found that FINRA failed to show that the three Sterne managers identified in the Complaint were not adequately trained to perform their AML duties. Finally, the Hearing Panel found that Sterne’s failure to ensure that the five employees in its Margin Department attended AML training in 2003 was insufficient to support a finding that its AML program was, overall, inadequate.
II. From July 2006 through April 2007, Sterne Violated, in Certain Respects but Not in Others, Conduct Rules 3011 and 2110 and MSRB Rule G-41
While finding that Sterne’s overall AML program was reasonable from July 1, 2006, through April 20, 2007, the Hearing Panel fined the firm $40,000 for certain deficiencies in the AML program which violated Conduct Rules 3011 and 2110, and MSRB Rule G-41.The Hearing Panel found the following procedures to be sufficient:
Sterne’s procedures for reviewing physical securities certificates were reasonable. The Hearing Panel found that, although Sterne did not have written AML procedures for monitoring suspicious activity related to physical securities certificates, its procedures for reviewing physical securities certificates were reasonable because it was the firm’s practice to review all securities deposited in client accounts. Although FINRA identified a January 2009 Regulatory Notice 09-05 stating that the opening of a new account into which a customer delivers physical securities representing a large block of thinly traded or low-priced stocks might be a red flag indicating an illegal, unregistered stock distribution, FINRA did not show that there were any regulatory notices identifying the deposit of physical securities as a red flag that should have been included in a firm’s AML procedures in 2007. Further, FINRA did not identify any specific money laundering activities that were unlikely to be detected by Sterne’s procedures.
Sterne’s procedures for monitoring journal transfers were reasonable. Sterne’s 2006 and 2007 AML manuals provided that employees in the Margin Department should notify the AML compliance officer if they noticed any out-of-the-ordinary activity involving money journals or security journals. The manuals also provided that excessive journal transfers between unrelated accounts, absent an apparent business purpose, are a red flag. In addition, although it was not an AML-specific policy or part of Sterne’s written AML procedures, the firm’s general written policy prohibited journal transfers. Finally, the Hearing Panel noted that FINRA did not identify any procedures that were missing from Sterne’s written AML procedures that would have been necessary to provide employees with the information needed to do their AML duties. For these reasons, the Hearing Panel found that Sterne’s written procedures for journal transfers were adequate and provided sufficient guidance to the staff in the detection of possible money laundering activity, especially given Sterne’s general prohibition against such transfers.
Sterne’s procedures for identifying direct foreign financial accounts were reasonable. The Hearing Panel found that, although Sterne failed to identify the accounts of some foreign financial institutions, its procedures were reasonably designed to detect such accounts, and that FINRA failed to show that Sterne’s procedures were inadequate to inform the staff of their AML duties regarding the identification of such accounts.
Notwithstanding the Hearing Panel’s finding that Sterne’s overall AML program was reasonable from July 1, 2006, through April 20, 2007, it fined the Firm $40,000 for the following deficiencies in the AML program which violated Conduct Rules 3011 and 2110, and MSRB Rule G-41:
Sterne’s procedures for obtaining certifications from certain foreign banks and sending them § 311 notifications were deficient in their implementation. Sterne’s implementation of AML procedures for obtaining certifications from, and sending § 311 notifications to, foreign banks was deficient because it did not follow these procedures for certain foreign banks. The Hearing Panel determined that, given that certain foreign financial institutions may pose a particular risk of money laundering, a fine was appropriate for this failure.
Sterne’s AML procedures did not have written procedures regarding § 312 compliance. The Hearing Panel found that Sterne’s AML program was deficient because the firm lacked written procedures for complying with § 312, notwithstanding that brokers have, since 2006, been required to implement § 312 procedures and notwithstanding that such procedures were explicitly addressed in the NASD’s 2002 Notice to Members 02-21, which states: “Regardless of whether final regulations have been promulgated, the minimum due diligence requirements set forth in Section 312 … become effective on July 23, 2002.” By failing to include procedures for compliance with § 312, the Hearing Panel concluded that Sterne’s AML procedures violated the NASD Conduct Rules 3011 and 2110 and MSRB Rule G-41.
Sterne’s AML procedures failed to implement CIP for DVP accounts. The most serious deficiency in Sterne’s AML Procedures for 2006 and 2007, the Hearing Panel found, was the firm’s failure to follow its own customer identification procedures (“CIP”) for delivery versus payment (“DVP”) accounts. Citing, among other things, the SIA’s “Preliminary Guidance for Deterring Money Laundering Activity,” the Hearing Panel found that Sterne’s failure to implement its CIP for DVP accounts was unreasonable because it was required by the BSA, as well as by Sterne’s own procedures. Because of this failure, Sterne violated the NASD Conduct Rules 3011 and 2110 and MSRB Rule G-41.
Because there is no Sanction Guideline directly applicable to violations of NASD Conduct Rule 3011, to determine the appropriate sanctions amount, the Hearing Panel considered the FINRA Sanction Guidelines, which recommend a fine of $1,000 to $25,000 for deficient written supervisory procedures. The Hearing Panel decided that it should determine the fine for each violation individually, rather than determining one overall fine. Accordingly, the Hearing Panel concluded that, for the deficiencies in Sterne’s AML program during 2006 and 2007,the Firm should pay:
- $5,000 for failing to identify and obtain certifications from certain foreign banks;
- $10,000 for failing to have written procedures for compliance with Section 312; and
- $25,000 for failing to follow its customer identification procedures for DVP accounts.