On December 19, 2018, federal prosecutors in the Southern District of New York announced the first-ever criminal charge against a U.S. broker-dealer for a Bank Secrecy Act (BSA) violation.1 The charge against Central States Capital Markets, LLC (CSCM), which the government agreed to dismiss upon completion of a deferred prosecution agreement, stems from serious gaps in CSCM’s anti-money laundering (AML) compliance program: CSCM failed to follow its own customer due diligence procedures, ignored known red flags when opening accounts and failed to adequately employ its monitoring system to capture and report suspicious transactions.

The investigation was prompted by CSCM’s willful failure to file a suspicious activity report (SAR) concerning the illegal activities of its customer, Scott Tucker (Tucker). Tucker and his attorney, Timothy Muir (Muir), operated a nationwide internet payday lending enterprise, which extended small, short-term, high-interest loans with rates as high as 70 percent or more.2 To circumvent state usury laws, Tucker entered into sham relationships with Native American tribes in order to conceal his ownership and control of the companies involved, and to gain the protection of the tribes’ sovereign immunity, which generally prevents states from enforcing their laws against the tribes. In October 2017, Tucker and Muir were convicted of racketeering, wire fraud, and money laundering for their roles in this scheme.

The government’s investigation of Tucker revealed that CSCM, Tucker’s broker-dealer, was aware of multiple red flags leading up to, during and after the opening of accounts used in the scheme but failed to file a SAR. CSCM opened accounts for the supposedly tribal companies (the Tribal Companies) but routinely took direction for those accounts from Tucker and his brother and failed to follow its own customer due diligence (CDD) procedures when it neglected to verify in writing Tucker’s authority to represent the companies. Even before opening the accounts, Tucker had informed the CEO of CSCMthat he was involved in the payday lending business and had approached Native American tribes to gain the protection of sovereign immunity. CSCM also learned that Tucker had been convicted of fraud, was reportedly involved in a “rent-a-tribe” scheme and was the subject of an action by the Federal Trade Commission (FTC) but nevertheless failed to investigate further when Tucker provided assurances that these matters would be resolved.

After onboarding the Tribal Companies’ accounts, CSCM also failed to properly monitor account activity. The company never tuned its tool for transaction monitoring, Actimize, for the specific, risk-based needs of CSCM and instead relied on Actimize’s default factory settings. Between 2011 and 2015, even with those default settings, Actimize generated 103 alerts indicating possible suspicious activity, but CSCM failed to take any action to investigate the alerts.

CSCM also failed to use an Actimize function that would have enabled it to identify third-party wire transfers to CSCM account holders. In a three-month period, between December 21, 2012, and March 13, 2013, 18 wire transfers totaling more than $40 million, in round dollar amounts, were sent from accounts in the names of Tribal Companies at a Florida bank to Tucker’s personal CSCM account. CSCM never investigated any of these transactions.

In response to the criminal charge, CSCM entered into a deferred prosecution agreement with the government, accepting responsibility for its actions in a detailed stipulated statement of facts, agreeing to forfeit $400,000 and making a commitment to enhance its BSA/AML controls. CSCM also entered into a cease and desist order with the U.S. Securities and Exchange Commission3 that included a censure and a requirement that CSCM retain a compliance consultant to monitor its BSA/AMLcompliance program over a two-year period.

* * *

This criminal charge is a reminder that all financial institutions4 governed by the BSA, including but not limited to banks, broker-dealers, futures commission merchants, introducing brokers in commodities and insurance companies, may be subject to criminal charges when systemic AMLprogram failures related to suspicious activity are present. This case reaffirms the need for financial institutions with BSA obligations to ensure that they are effectively monitoring, detecting and reporting suspicious activity to the government. Financial institutions should make concerted efforts to develop and establish robust internal BSA/AML compliance programs. Such programs should include reasonably effective and consistently monitored automated and manual tools to detect suspicious activity, employee training, controls for detecting suspicious activities and transactions, and regular internal audits. The prosecution of CSCM demonstrates that when financial institutions do not effectively meet their BSA obligations, criminal charges can follow.