Speech by SEC Staff:
Keynote address at the SIFMA Anti-Money Laundering Seminar
Carlo V. di Florio1
Director, Office of Compliance Inspections and Examinations
U.S. Securities and Exchange Commission
New York, NY
March 3, 2011
Good morning everyone.
Thank you for inviting me to speak at this important event. Anti-money laundering (“AML”) compliance is, for reasons that I will discuss in a few minutes, a topic of keen interest for the SEC’s National Exam Program. Today I would like to address four topics. First, I’d like to review overall developments at the SEC over the past year. Second, I would like to give you an overview of the exciting changes in our National Exam Program. Third, I will profile our new exam focus on enterprise risk management and related issues around governance and internal controls. Last but not least, I will highlight some of the anti-money laundering issues that are of concern to the National Exam Program. The views that I express here today are of course my own and do not necessarily reflect the views of the Commission or of my colleagues on the staff of the Commission.
In addition, some of what I will speak to today is predicated on passage of a budget which provides the SEC with the resources needed to carry out both our longstanding core mission as well as our new responsibilities for derivatives, hedge fund advisers and credit rating agencies. The 2012 budget proposed by the President last month will do that. But, as you are all aware, we have been operating under a continuing resolution which has hampered some activities.
Overall Developments at the SEC
The SEC reinvigorates itself. In 2010, under Chairman Schapiro’s leadership, the SEC took significant steps to reform its procedures, revamp its systems, bring more complex enforcement actions, better target its examination efforts and adopt a series of rules intended to protect investors and promote fairness in the markets. In addition, it began working to fulfill its obligations under the recently-enacted Dodd-Frank Wall Street Reform and Consumer Protection Act.
As part of our effort to become one SEC, break down silos and create a strong culture of teamwork and collaboration, Chairman Schapiro has brought on new leadership in virtually every office and division at the Commission. The Commission has created an entirely new division of Risk, Strategy and Financial Innovation, which has been a great partner for my office. Risk Fin, as we call it, has raised our knowledge and awareness of new and emerging risks, increasing our awareness of how these risks impact our strategies and our programmatic areas, and showing how we can better target limited resources by adopting a risk-focused examination strategy.
The Commission has also been raising its own standards. For the first time the Commission has its own Chief Operating Officer who is seeking greater operational efficiency and effectiveness. It has a new CFO who is focused on new controls and systems around financial management, as well as a new Director of IT bringing critical technology to the agency so we can modernize and execute our regulatory mission more effectively.
Enforcement. Before I provide an overview of changes in Exams, let me touch on some of the key changes that are happening in Enforcement. There has been a tremendous effort under Director Rob Khuzami to reinvigorate the Enforcement division. As you all know, enforcement is tackling some big, tough cases and not shying away from challenging issues. Many of these cases are resulting from referrals from the National Exam Program. Just recently, for example, three AXA Rosenberg entities were charged in a settled action with securities fraud for concealing a significant error in the computer code of the quantitative investment model that they use to manage client assets. The Commission alleged that the error caused $217 million in investor losses, which AXA Rosenberg agreed to pay back to harmed clients. In addition, AXA Rosenberg paid a $25 million penalty.
Enforcement has also introduced new cooperation tools, similar to those used by criminal authorities, to secure the cooperation of persons who are on the “inside.” The agency has adopted a formal policy to offer individuals who cooperate reduced or foregone charges and sanctions in connection with Commission investigations and related enforcement actions.
Enforcement has also created five new specialized units with which we work very closely. These units are focused on asset management, structured products, market abuse, municipal securities, and the Foreign Corrupt Practices Act areas.
One other important change has been the creation of the new Office of Market Intelligence in Enforcement. OMI is the steward in the agency for our new consolidated system and platform for tips, complaints, and referrals. Much of the criticism that came from the Madoff or Stanford cases had to do with not effectively sharing information within the SEC, whether it was between offices and divisions or between regional offices or between silos within a particular program. Now all tips, complaints and referrals get logged into one centralized system. That means that when information regarding a registrant is coming in from several different sources or regions, it can be assembled into a single risk profile. While a single, isolated tip might not reveal the magnitude of a problem, a comprehensive profile in a single location will help us see the whole picture, and become more effective in our risk assessment and surveillance efforts.
Dodd-Frank Implementation. Let me just touch briefly on Dodd-Frank, particularly how it is impacting us in the National Exam Program and how it will undoubtedly impact many of you. First, there is significant transfer of responsibility through Dodd-Frank from the SEC to the states with regard to investment advisers with assets under management of under $100 million. The Commission staff is working very closely with NASAA and the states to ensure smooth and effective transition. At the same time, on the private fund side a significant number of hedge funds and private equity firm advisers are becoming new registrants. The Commission is seeking to ensure that it has the talent, the skills, the ability, and the tools to understand how it can effectively examine those critical sectors that have come into the portfolio. The Commission also has a whole new regulatory regime in the previously unregulated area of derivatives and swaps that requires SEC rulemaking, as well as examination responsibility around five entirely new categories of registrants: Securities-based swap dealers, major securities-based swap participants, securities-based swap execution facilities, securities-based swap clearing agencies, and securities-based swap data repositories. There are also a host of new responsibilities in the municipal securities market.
Section 922 of Dodd-Frank provides that the Commission shall pay awards to eligible whistleblowers who voluntarily provide the SEC with original information that leads to a successful enforcement action yielding monetary sanctions of over $1 million. The award amount is required to be between 10 percent and 30 percent of the total monetary sanctions collected in the Commission’s action or any related action such as in a criminal case. A whistleblower may be eligible to receive an award for original information provided to the Commission on or after July 22, 2010, but before the whistleblower rules become effective, so long as the whistleblower complies with all such rules once effective. The Dodd-Frank Act also expressly prohibits retaliation by employers against whistleblowers and provides those employees with a private cause of action in the event that they are discharged or discriminated against by their employers in violation of the Act. The Commission has published proposed rules to implements this provision.
National Exam Program
In 2010 the Office of Compliance Inspections and Examinations (“OCIE”) undertook a comprehensive self-assessment of our strategy, structure, people, processes and technology. We identified numerous improvements and have initiated a transformation plan to implement these improvements in a structured and phased manner. Some highlights are noted below.
A. Strategy- Clarifying OCIE’s Mission and Risk-Focusing our National Exam Program
First, OCIE is building a reformed, integrated National Exam Program that ensures consistency, effectiveness and efficiency. Second, we are implementing an enhanced risk-focused exam strategy that will enable us to better allocate and leverage our limited resources. We have identified four key objectives to support this mission through our exam program:
- First, improve industry compliance with the securities laws and industry governance, risk management and compliance practices through exams and industry dialogues and outreach programs, as well as making sure that we are coordinating our message with the policy divisions of the SEC
- Second, identify and prevent fraud through risk-targeted exams and better coordination with the Division of Enforcement in the identification, investigation and enforcement of fraud actions
- Third, monitor new and emerging risks to investor protection and market integrity through joint initiatives with our new Division of Risk, Strategy and Financial Innovation. This includes the development of new risk assessment and surveillance models and risk analytics
- Fourth, inform policy as the eyes and ears of the SEC in the field, through structured involvement in the rule-making process from start to finish, and with a dedicated policy support teams on key regulatory reform rules, studies and initiatives.
B. Structure ― Strengthening Expertise in Critical Risk Areas
We are implementing our National Exam Program in ways that will facilitate teamwork and collaboration, and drive greater consistency, scale and accountability. Here are a few examples:
- We have put a new national governance model in place that includes regional leadership in key strategic planning, policy setting and performance management initiatives
- We have a new Risk Analysis and Surveillance Unit to enhance our ability to identify the highest risk firms we should be examining and the highest risk issues to focus on in our exams of those firms
- We have launched new Specialization Working Groups dedicated to enhancing our ability to identify, understand and proactively examine new and complex industry developments. These groups are already informing our risk assessments, exam modules, training programs and inspections. The initial specialized groups are focused in the following areas:
- New and structured products
- Equity market structure and trading practices
- Fixed income securities, including municipal securities
- Microcap fraud
- Marketing and sales practices.
- We are also looking at how best to staff exams to assign skills sets most effectively to address the specific risks in an exam profile, including deploying joint IA/BD teams to apply lessons learned from the Madoff fraud, or dealing with issues regarding dual registrants.
While our structural improvements are comprehensive, they are also designed to achieve specific outcomes. For instance, in addition to facilitating better teamwork and collaboration with the policy divisions, the governance structure also strengthens the OCIE/Enforcement partnership and speeds alerts, information hand offs, and transitions from OCIE Exam staff to the Enforcement Division, transforming the lines of communication and accountability.
C. People — Recruiting Specialists, Improving Training and Strengthening Culture
Our initiatives regarding people have been focused on increasing performance by recruiting new skill sets that are critical to supervising our modern capital markets, building a leading practice training program, introducing mentoring, and building a culture of high-performance, teamwork and accountability.
- We have recruited New Senior Specialized Examiners to strengthen our expertise and skills sets in key risk areas, including: complex structured products, risk management, valuation, trading practices, portfolio management and technology.
- We are working on a new Certified Examiner Training program that establishes consistent baseline technical training and certification standards across the country
- We are strengthening management skills and practices through our Successful Leaders training program
- We are launching a mentoring program to support the professional development of our examiners and leverage the expertise and experience of our most seasoned examiners.
D. Process — Streamlining Processes to Drive Consistency, Effectiveness and Efficiency
We have re-engineered our exam process end-to-end to streamline and focus on those activities that add the most value. With this process re-engineering we have designed a more risk-focused exam process, enhanced pre-exam preparation, improved multidisciplinary staffing, increased field supervision and strengthened our agility and ability to allocate resources to their highest and best use. In addition, we have introduced a number of new mechanisms to drive standardization, consistency and accountability across our National Exam Program. Here are some examples of these improvements:
- An updated, central National Exam Operations Manual
- Our first automated National Exam Workbook to drive consistency, effectiveness, efficiency and accountability in the exam process nation-wide
- OCIE’s first Chief Compliance Officer to enhance and monitor compliance with our own policies and procedures, like we expect of our registrants
- Increased presence of supervisors in the field and involvement senior staff on exams
- Use of targeted scope correspondence exams to touch a greater percent of the registrant population and to risk-assess registrants with better speed and focus.
E. Technology-Automating the Exam Process to Keep Pace with New Developments
We have focused our technology improvement initiatives on automating our exam process end-to-end, including risk assessment and surveillance; exam preparation; all key activities associated with exam execution, such as trade analysis; work paper management and data analytics and reporting. Here are some of our technology initiatives:
- We’ve set up our first Technology Committee to oversee our technology resources and strategy.
- We plan to have a dedicated Senior Technology Officer who will develop a comprehensive technology strategy, technology architecture and implementation plan to automate and strengthen our exam program.
- We’ve added new risk assessment and surveillance technologies
- We’re automating our Exam Workbook
- We’ve developed automated tools to enhance trade analysis
- We’ve developed management information systems that support key performance indicator monitoring and reporting.
Governance, Enterprise Risk Management and Internal Control
We are also focusing our exams on risk management as it pertains to corporate governance, enterprise risk management (ERM) and registrants’ internal controls. In doing so, we will be coordinating closely with our regulatory partners – other federal financial regulators, FINRA and the states. In a time of resource constraints we hope to realize three benefits from this approach: (i) this will keep us focused on the most significant risks; (ii) by focusing on a somewhat smaller but high-priority range of issues in each exam we will be able to extend our resources further; and (iii) engaging firms at a higher level of management will have a more effective impact on a firm’s culture.
The financial crisis revealed just how dramatically risk management failures can harm investors, jeopardize market integrity and hinder capital formation. It also revealed the interdependence between various risk categories (e.g., liquidity, funding, market, credit, operational, compliance and reputation risks), and demonstrated how that interdependence can accelerate risk concentration and harm to investors and markets. Finally, the financial crisis revealed the need for better oversight of risk at the board and senior management levels, and the need for stronger independence, standing and authority among risk management, control and compliance functions.
From an exam perspective, this involves understanding each registrant’s business model, products and asset classes, and evaluating the risks and conflicts that are inherent in that business model. It also means seeking an understanding of what kind of risk management governance and compliance control frameworks registrants have put in place to mitigate and manage that risk profile. I want to emphasize that we are keenly aware of the lessons learned from the financial crisis, as well as from Madoff, where we were roundly criticized for losing the forest for the trees by honing in on some issues and missing broader, systemic and far more serious problems in the organization.
In addition to looking at key risk management issues, such as executive compensation incentives, new product review, and model validation, our examiners will also seek to understand how effectively the firm is managing key risk and control processes. For example, in the anti-money laundering area as in other risk areas we will generally want to understand how risk management is embedded in key business processes and decision-making at five levels:
- How do the business units of an entity ensure they are taking and managing risks effectively at the product and asset class level in accordance with the risk appetite and tolerances set by the board and senior management of the whole organization?
- How are key AML and other risk management, control and compliance functions structured and resourced to ensure they are effectively embedded in the business process, while having the necessary independence, standing and authority to be effective in helping the organization identify, manage and mitigate risk?
- How is senior management ensuring effective oversight of AML risk management and embedding AML risk management together with other enterprise risk management elements in key business processes?
- How does the internal audit process independently verify and provide the board and senior management with assurance regarding the operating effectiveness of AML risk and other risk management, compliance and control functions?
- How is the board of directors (if one exists in the organization) staffed and structured to ensure it can effectively set risk parameters for AML risk and other risks, foster an effective risk management culture, oversee risk-based compensation systems and effectively oversee the risk profile of the firm?
We will incorporate a strategic dialogue of the enterprise risk management framework into our exams so we can effectively distinguish the forest from the trees and then dive into targeted exams in focused risk areas such as AML to test effectiveness.
Anti-Money Laundering Issues of Concern to the National Exam Program
A. AML and Fighting Fraud
The National Exam Program takes very seriously its role in examining registered entities for compliance with anti-money laundering obligations. We have found that anti-money laundering efforts closely complement anti-fraud efforts, as money laundering is often a key component of more wide-ranging wrongdoing, including securities fraud. Fraud and money laundering are sometimes thought of as two separate realms, but they are often part and parcel of one criminal enterprise. When fraudulent activity occurs, integrating the illicit gains into the financial system is often an essential step. Those of you on the front lines of anti-money laundering compliance understand what FinCen Director James Fries described recently as “the logic of close coordination among those with anti-money laundering and anti–fraud responsibilities.” By ensuring that regulated financial institutions have robust and effective anti-money laundering programs, we increase the difficulty of executing many fraudulent schemes, and increase the likelihood that fraud will be uncovered.
This nexus between deterring money laundering and fighting fraud is borne out by data from FinCEN about the types of SARs filed. According to FinCEN data, out of the total SARs filed by securities or futures firms between 2003 and the first half of 2010, 38 per cent involved some type of suspected fraud, theft or manipulation. That is a high batting average as a source for potential fraud cases. A recent change to the SAR filed by broker-dealers also illustrates this nexus, as a check-box was added to the form to indicate if the filing registrant suspects that the person or entity that is the subject of the report is involved in a Ponzi scheme.
Not only is AML compliance helpful in fighting fraud, but it also helps to make our National Exam Program more effective. SARs are a very useful tool in informing our risk-based approach. The number of SARs filed by broker-dealers has climbed steadily over the years, from 6000 in 2006 (when the Commission signed a Memorandum of Understanding with FinCen) to over 18,000 in 2009 (full 2010 numbers are not available yet). This has provided valuable data points for our risk-based approach, enabling us to focus our exam resources more effectively.
A Commission enforcement action brought last year involving Leeb Brokerage Services (“Leeb”), a now defunct brokerage firm, is another illustration of the relationship between AML compliance and compliance with the federal securities laws generally.2 The staff alleged in that case that three registered representatives and two supervisors at Leeb allowed customers to routinely deliver large blocks of privately obtained penny stocks into their accounts at the firm, which were then sold to the public without any registration statements being in effect. While Leeb had an AML program on paper, the staff alleged that Leeb’s personnel completely flouted that program in practice by, among other things, failing to conduct a reasonable inquiry before allowing the public sale of large blocks of penny stocks. Also, the staff alleged that Leeb officials ignored red flags associated with these transactions, such as a customer incorporated in Nevis, who submitted orders through its traders in Costa Rica, generating more than $30 million in sales proceeds all of which was wire transferred to an account in Lichtenstein, a tax haven. As is often the case when AML requirements are flouted, if firms and their employees take their obligation to file SARs seriously, it greatly increases the chance that significant wrongdoing in the market would be exposed at an earlier stage.
I would like to highlight two particular areas where the Commission staff has particular concerns with anti-money laundering programs of broker-dealers.
Direct market access. The first is the obligation of firms to monitor the activities of those to whom the firm provides direct market access. Simply put, a firm cannot wash its hands of someone once it has provided them with access to the markets. Last November the Commission adopted Exchange Act Rule 15c3-5, which applies to broker-dealers with direct access to securities trading on an exchange or alternative trading system, including those that provide sponsored or direct market access to customers or other persons. These broker-dealers are required to establish, document and maintain a system of risk management controls and supervisory procedures that are reasonably designed to manage the financial, regulatory and other risks of this business activity, including to ensure compliance with all regulatory requirements that are applicable in connection with market access. This obligation highlights the need for broker-dealers to monitor the activities of any persons to whom the firm provides opportunities for direct market access, and to determine which of the full range of a broker-dealer’s AML obligations may be triggered by the relationship. This includes having adequate customer procedures and risk management controls to ensure that those requirements are being properly applied. Unfortunately, despite what may be clear red flags or other indicators that would suggest the need for further due diligence on a customer or the customer’s activities, some firms take the position that they have only a very limited responsibility to monitor the ultimate persons or entities to which they provide access. I believe such a position is inconsistent with the requirements of the BSA, and in particular the SAR rule, which requires the reporting of certain transactions conducted “by, at, or through” the broker-dealer—which is certainly the case with sponsored access transactions.
Master-subaccounts. The Commission staff is also particularly concerned with consistent application of AML requirements in the context of master/subaccount arrangements. These are arrangements in which a master account is opened at a broker-dealer (“Master account”), typically by a limited liability company (“LLC”), and in many cases numerous other individuals or entities (“members”). The Master account, in turn, establishes multiple corresponding sub-accounts for the underlying members, essentially for tracking purposes, which are generally managed and monitored internally solely by the Master account owner.3 The members, who are usually unregistered, may then engage in day trading or other leveraged trading activity, via systems or other access provided by the Master account owner.
Several problems may arise in these arrangements. The respective registered introducing and/or clearing firm holding the Master account, although generally aware of the sub-account structure, may view the Master account and all of its sub-accounts on an aggregate level only, rather than monitor subaccount activity that may reveal suspicious activity. While the level of oversight appropriate for subaccount activity will of course vary with the firm’s analysis of the risk the master-subaccount (“MSA”) arrangement poses, it is my view that a firm cannot simply turn a blind eye to an MSA’s subaccount activity under all or even most circumstances.
Depending on the structure of the MSA arrangement, I believe it may also be appropriate for firms to treat the beneficial owners of subaccounts as customers, including for purposes such as the Customer Identification Program (“CIP”) rule. While there are legitimate business reasons for the MSA structure, and appropriate means of overseeing their activity, by shielding the identities and activities of members at the sub-account level, the master/subaccount structure may facilitate, or conceal, market, AML or sales practice abuses Finally, there is also the possibility that the Master account, and potentially certain sub-accounts, may need to be separately registered as broker-dealers. This structure would not allow these entities to circumvent the various financial/operational requirements applicable to a registered brokerage firm, such as minimum net capital requirements and customer protection obligations.
B. AML Exam Priorities
In FY 2010, the SEC and SROs conducted approximately 1900 examinations of broker-dealers that included an AML review. Out of this total, approximately 871 broker-dealers were cited for deficiencies—a rate of about 46%. The most common deficiencies cited in these examinations were:
- Independent Test: includes deficiencies for no test, insufficient test, unqualified or non-independent tester, or failure to follow-up on test results;
- Suspicious Activity Reporting: includes failure to file, failure to file completely and accurately, failure to file timely, failure to maintain confidentiality;
- CIP (violations include: failure to collect identifying information, failure to verify identification, failure to maintain required records, and implementation inconsistent with policies and procedures); and
- Policies and Procedures related to any AML rules (not only do firms have to comply with the rules, but the Bank Secrecy Act and implementing regulations and SRO program rules require them to have procedures that detail how they will comply with the rules—this element is oftentimes lacking in some form in a firm’s AML program).
For FY2011, we will likely focus on the following areas, among others, with respect to our AML examinations: (i) clearing firms with weak AML standards that are exploited by introducing firms; (ii) firms offering foreign customers direct access to US markets; (iii) BD monitoring of securities received through a “free-delivery account”; (iv) BD compliance with FINRA outsourcing guidance; and (v) BD reliance on IA customer-identification programs. I should also note that even in examinations that are not primarily AML-focused, most of our examinations typically include a review of AML compliance. In addition, as mutual fund groups are examined, transfer agents that provide service to the fund groups will be examined, and this is also likely to contain an AML component.
C. Other developments
Pinnacle Capital Markets case. In addition to the Leeb case mentioned above, I should highlight an important Commission enforcement action from this past year that illustrates some of my earlier points. On September 2, 2010, the SEC charged Pinnacle Capital Markets in a settled action with failing to comply with Rule 17a-8 under the Exchange Act, which requires a broker-dealer to comply with the reporting, recordkeeping, and record retention requirements in regulations under the BSA, including the requirements in the CIP rule.4 According to the SEC’s order against Pinnacle, many of the firm’s foreign entity customers held omnibus accounts at Pinnacle, through which the foreign entity’s customers participated in the US securities markets. The Order found, however, that Pinnacle treated these omnibus subaccount holders in the same manner as it did its regular account holders, allowing them to use direct market access software to enter securities trades directly and instantly through their own computers. The Order found that the foreign entity holding the omnibus account did not intermediate the trades. The order also found that Pinnacle’s documented procedures differed materially from its actual procedures, and that Pinnacle willfully violated Section 17(a) of the Exchange Act and Rule 17a-8 thereunder.
One key lesson of this case is that your procedures have to not only be in accord with legal requirements, but you also have to actually do what your procedures say. Moreover, simply calling something an “omnibus” arrangement doesn’t make it so. Examiners will look through so-called “omnibus” arrangements where there is no intermediation of the transactions by the entity that opened the omnibus account.
No-Action letter to SIFMA on IA performing CIP for B-D’s customers On January 11, 2011, the staff of the Division of Trading and Markets issued a letter to SIFMA extending for two years its position that it will not recommend enforcement action to the Commission if a broker-dealer relies on an investment adviser to perform specified aspects of the BD’s customer identification program, subject to the conditions enumerated in the letter. The letter is the latest in a line of similar letters dating back to 2004. Among other conditions in the letter, the investment adviser
- must be registered with the Commission,
- must have its own AML program,
- must promptly disclose to the BD potentially suspicious or unusual activity detected as part of the CIP being performed in order to enable the BD to file a suspicious activity report if the BD believes such a filing would be appropriate, and
- must promptly provide its books and records relating to its performance of CIP to regulators and law enforcement agencies.
The letter also provides some guidance regarding a provision that has appeared in past iterations of the letter, namely that the broker-dealer’s reliance on the adviser must be reasonable under the circumstances. Because the conditions outlined in the current letter may require some broker-dealers wishing to rely on it to become compliant with its terms, the relief granted by the prior iteration of the letter was extended until May 11, 2011; after that date the terms of the current letter will be in effect.
Multi-agency guidance on beneficial ownership. On March 5, 2010, the Commission, along with FinCEN and the federal banking regulators, jointly issued “Guidance on Obtaining and Retaining Beneficial Ownership Information.” The guidance focuses on obtaining and retaining beneficial ownership information for certain accounts and customer relationships. Among other things, the Guidance reminds financial institutions that their customer due diligence program should be commensurate with the financial institution’s anti-money laundering risk. The guidance also notes that as part of the financial institution’s AML compliance program, a financial institution should establish and maintain customer due diligence procedures that are reasonably designed to identify and verify the identity of beneficial owners of an account, as appropriate, based on the institution’s evaluation of risk pertaining to the account. Because the guidance clarifies and consolidates existing regulatory expectations for financial institutions, there were no changes to the National Exam Program’s AML examination manual after its issuance.
Some of what the Commission staff has heard after the guidance was issued suggests that some broker-dealers may be taking an overly narrow or mechanical view of their responsibilities under the BSA. No matter what specific requirements of the BSA or a particular rule are, there is ALWAYS the overarching requirement to have a program that, at minimum, includes the establishment and implementation of policies and procedures reasonably designed to detect and cause the reporting of suspicious activity. I don’t view this as being possible without a firm’s having policies and procedures that allow it to know who its customers are, and what kind of activities it can reasonably expect them to engage in. That knowledge must be kept up to date through the life of your relationship with your customer. This is not a new concept. Whether under the label of customer due diligence, or “know your customer,” this regulatory expectation is broad and fundamental, and no specific BSA obligation should be understood to narrow or dispense with it. In this regard, I point you to the 2008 Guidance for Deterring Money Laundering and Terrorist Financing Activity by the SIFMA AML committee, which notes that
a firm’s AML program should be designed to permit the firm to make a reasonable risk based determination as to its customers, its customers’ source of income and the customers’ expected activity. In assessing the risks associated with particular customers or transactions, the firm should first evaluate its business to ascertain those areas in which the likelihood of suspicious or potentially illegal activity may be greater. Such an evaluation should serve as the basis for determining the amount of customer due diligence and documentation that is necessary and the extent of the monitoring that such customers or accounts may require.5
Confidentiality of SARs. FinCen adopted new rules last November to clarify the confidential nature of SARs. Among other things, the guidance expanded on previous guidance that interpreted a provision in the SAR confidentiality rules to permit the sharing of SARs with head offices and parent companies. The most notable aspect of the guidance is that it clarifies that entities subject to oversight by SROs such as FINRA are permitted to provide SARs to the SRO’s examiners if the federal regulatory agency with jurisdiction over the SRO directs it.
Thank you for giving me your attention this afternoon. I would now be happy to take some questions.
1 The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private statements by its employees.
2 In the Matter of Ronald S. Bloomfield, et al., Sec. Act Rel. No. 9121, Exch. Act Rel. No. 61988, Admin. Proceeding File No. 3-13871 (April 27, 2010).
3 Furthermore, under the master/subaccount structure, some of the members for whom sub-accounts have been established may themselves be unregistered LLC entities which, in turn, may also receive funds from other underlying members in the same manner as the Master account did, thus creating a cascading waterfall effect that could result in additional layers of master/subaccount structures.
4 In the Matter of Pinnacle Capital Markets LLC and Michael A. Paciorek, Sec. Exch. Act Rel. No. 62811, Admin. Proceeding File No. 3-14026, (Sept. 1, 2010).
5 Securities Industry and Financial Markets Association Guidance for Deterring Money Laundering and Terrorist Financing Activity (2008), available at http://www.amlcft.com/sifma%202008%20guidance.pdf.