Speech by SEC Staff:
|The Securities and Exchange Commission (Commission or SEC), as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or the staff of the Commission.|
Good morning. I am honored to be with you again this year as part of the Securities Industry Association's annual conference on money laundering.
A great deal has happened since we were together at last year's conference. The terrible events of September 11th touched all of us. Securities firms located in the Twin Towers lost employees and colleagues. Exchanges were disrupted by debris and fire. Clearing operations were interrupted by breaks in phone lines. And the SEC's NY Regional Office -- located in the Twin Tower complex -- was destroyed in the aftermath of the disaster.
The tragedy of September 11 brought us together - industry and regulators alike - in a cooperative spirit that has been unequalled during my professional experience. As colleagues, we worked and pulled together to bring the markets - the lifeblood of our nation's economy - back to life.
In the aftermath of the September 11th tragedy, the Patriot Act was passed by Congress and signed by President Bush.1 It has given us all new responsibilities - and a quick timeframe to learn our new roles. In some cases, the Act builds on the traditional strengths of the securities industy, with its emphasis on compliance procedures and knowing customers. In other cases, the Act requires us to do things somewhat differently. As we enter this new world -- life after the passage of the Patriot Act -- we need to work together with the same cooperative spirit that marked our activities after September 11th.
Before going any further, let me acknowledge the role that is already being played by the SIA in helping to implement the Patriot Act. In addition to organizing this conference, the SIA has issued to its members a helpful memorandum containing Preliminary Guidance for Deterring Money Laundering Activity.2 I commend the SIA for their constructive approach. Likewise, those of you who are here today from the securities industry are also to be commended. As you consider how to augment your firm's compliance program to cover the requirements of the Patriot Act, you are also contributing towards the larger goal of denying the use of our financial system to criminals who are terrorists and money launderers.
Today, as we move forward together to implement the Patriot Act, I would like to share with you some of the things the SEC staff has learned during the last year, as we partnered with the securities self-regulatory organizations (SROs) in a "sweep" aimed at examining and encouraging anti-money laundering compliance programs in the securities industry. Hopefully, some of the things we learned from these examinations will be helpful to you as you work to enhance your own anti-money laundering compliance programs.
Last year at this conference, I announced that staff from the SEC's Office of Compliance Inspections and Examinations (OCIE) already had begun to undertake a number of examinations of broker-dealers to learn about their existing money laundering compliance programs.3 Together with the New York Stock Exchange, Inc. (NYSE) and the National Association of Securities Dealers, Inc. (NASD), SEC staff collaborated on a joint examination module and conducted a joint training program for SEC and SRO examiners. Following the training program, SEC and SRO examiners conducted examinations of 26 broker-dealers. The sweep included a wide spectrum of firms -- large and small, introducing and clearing, as well as some on-line firms.
We are grateful for the cooperation of the firms we visited, and their assistance in increasing our knowledge and understanding of anti-money laundering techniques.
Our preliminary assessment is no surprise. We found that, even before enactment of the Patriot Act, some of the largest firms already had in place sophisticated anti-money laundering compliance programs. While our experience at mid-sized and smaller firms was much more uneven, in general we found that most firms we visited had an awareness of the issues and problems posed by money laundering, and had begun to engage in discussions regarding how to augment or improve their compliance programs.
We also came away from our exams with some more practical ideas of what works for some of these firms, as well as some notions of practices that are not as effective. As you know from my speech last year, we understand that anti-money laundering compliance is not a "one-size-fits-all" proposition. The Patriot Act itself, as well as the SRO rules on anti-money laundering procedures, give firms some flexibility to design programs that fit their businesses, and the potential money laundering risks posed by their business model. It is my hope that sharing our insights and experience with what works and what doesn't, will help you move from thinking about the goal of your anti-money laundering program, to making it a reality in practice. I also hope that by focusing on the practical today, I can speed you towards meeting the Act's timeframes for compliance.
In our "sweep," we generally focused on the following areas:
Let me give you some of our findings in each of these areas.
In the area of suspicious activity detection and reporting, we found the following:
Comprehensive Monitoring Systems. We found that comprehensive, and in many instances automated, systems used to monitor suspicious activity indicative of money laundering seemed to be the most effective means to detect such activity. The most successful reviewed individual customer activity and generated exception reports based on unique or aberrant activity. Effective monitoring systems generally take into account many different factors in determining whether an activity is suspicious. Some of these factors include the following:
Less effective monitoring systems were seen at firms that either did not have suspicious activity detection systems in place or presented their existing anti-fraud systems as anti-money laundering systems. While existing anti-fraud systems may be important as a base for detecting fraudulent activity, they cannot be relied upon to do "double duty" for anti-money laundering purposes without review and adjustment. Surveillance reports that are geared toward detecting fraud - such as forgery and check kiting - and do not also provide meaningful review of structured transactions or other types of suspicious activity simply can't do the job.
Screening Wire Transfers. We found that reviewing individual wire transfers -- in and of themselves -- in many cases did not constitute a meaningful exercise. Firms with more successful programs had well-trained firm personnel that were educated on what to look for when screening money movements, such as: rapid journaling of assets between related accounts, transaction patterns where no securities investments were made before funds were wired out of the account, and several ostensibly unrelated entities sharing addresses. One firm utilized a computer system that detected patterns in wire activity and flagged accounts with multiple transfers to an unrelated account and large wires in and out with little or no corresponding securities purchases or sales. In addition, the more successful firms had the capability to conduct a historical review of account activity before processing a wire transfer.
Watch Lists. Firms with successful programs were able to keep identified lists of clients who had previously exhibited suspicious behavior. This enabled those firms to concentrate resources on monitoring those accounts for further evidence of suspicious activity.
Use of Margin Departments. A practice by broker-dealers that seemed to work was using their margin departments in some capacity in their anti-money laundering efforts, whether as the primary anti-money laundering function at the firm or as a supplement to their dedicated anti-money laundering compliance group. Some firms used their margin departments to screen wire transfers for suspicious activity. Names on incoming and outgoing wires were automatically checked against the OFAC list4 and addresses were checked against the FATF list of nations with weak money laundering controls.5
Suspicious Activity Reports (SARs). Firms with effective programs were actively filing SARs with FinCEN6. Even though some of these firms were not required to file SARs by law, the filing of SARs evidenced a commitment to detecting and reporting suspicious activity. Likewise, firms with effective programs had a set procedure in place for following-up once a suspicious activity was detected. These firms had clear lines of authority and clear policies as to when a SAR needed to be filed. Some firms even had a committee that met to discuss whether to file a SAR.
In the area of due diligence with respect to account opening, we found the following:
Review of New Account Documentation. We found that firms with less effective programs had new account documents that were either incomplete or contained contradictory or illegible information. These firms presumably had a harder time fulfilling their existing "know your customer" requirements. A review of new customer/account documentation with an eye towards the new Patriot Act requirements would seem to be a prudent course for firms to follow.
Background Screening. Firms with more successful approaches to customer due diligence had comprehensive programs in place for vetting their customers. These firms either used in-house personnel or outside vendors to conduct appropriate background checks on new accounts (such as, checks against the OFAC list, review of social security numbers (SSN), credit histories, etc.). Some firms have new account systems that scan the firm's database for all new accounts opened and for all account changes. More flexible systems permit firms to add names to the vendor's standard OFAC database, and can identify why a name has been "hit"-- that is, if it is on the OFAC list or for another reason. This enables firms to add additional names to the standardized list of names, such as those provided by the SEC, for example.7 Similarly, firms that had filed SARs could add names to enhance the firms' own monitoring capabilities. The most advanced firms also had personnel in place to conduct additional due diligence if the screening resulted in a "hit." Likewise, firm personnel also were used to conduct additional due diligence if a new account originated in a FATF country or another country of high-risk.
Corporate Client Reviews. Here, we found that the most successful firms had procedures in place to verify information concerning new corporate client accounts, including reviewing Articles of Incorporation, Bylaws, Corporate Resolutions, Minutes of Board Meetings, etc. Going forward, we note that the Patriot Act pays special attention to due diligence for accounts of foreign clients. We will look critically at any firm that facilitates the opening of offshore corporate accounts or trusts by clients to provide anonymity for customers. Firms should not help create situations where the true beneficial owners of accounts are never memorialized on new account forms or provided to clearing brokers for account screening.
In the area of supervision, we found the following:
Comprehensive Supervisory Policies. We found that having one overall comprehensive supervisory policy relating to anti-money laundering seemed to be the most effective way to promote proper supervision of all departments that could be affected by possible money laundering activity. Likewise, we found that having separate discrete anti-money laundering policies and procedures for different areas or departments tended to create a disparate overall policy with respect to anti-money laundering and provided for a less cohesive overall policy and supervision.
Documentation of Procedures and Supervisory Policy. We found that more successful firms formalized and documented their anti-money laundering procedures and supervisory policies in writing, and made them part of the firm's overall procedures. One firm even had its anti-money laundering procedures on its internal web site. Circulating inter-office memos may be an appropriate way to address new developments or react to new regulatory requirements. However, if firms do not formalize the procedures addressed in the inter-office memos, the memos may not be viewed as established firm practice.
Dedicated Anti-Money Laundering "Teams." One practice that seemed to work well was when a broker-dealer had dedicated compliance personnel to focus on combating potential money laundering activity within a firm. We found that firms with strong anti-money laundering programs had dedicated anti-money laundering teams that spent their time analyzing exception reports that isolated potentially suspicious activity, and then conducting follow-up investigations on these activities. In some cases, the investigative team would forward their findings to a risk management department for resolution. The most effective dedicated teams, however, worked alongside traditional supervisory personnel, such as branch office managers, who were also tasked with notifying the anti-money laundering team of any indication of suspicious activity. In these circumstances, the anti-money laundering team was not only generating its own surveillance leads, but was also fielding tips from branch offices as well as from other divisions within the firm. While we understand that the "team" approach may not work for smaller broker-dealers, the use of a dedicated staff for anti-money laundering surveillance is an approach that should be carefully considered.
In the area of training, we found the following:
New Employee Training Programs. We found that providing anti-money laundering training to all new employees, as part of their initial training on firm policies and procedures, seemed to be an effective training tool. The most effective training programs incorporated real world examples, which allowed new employees to anticipate possible money laundering scenarios that they could face in day-to-day responsibilities.
Ongoing Training Programs. We found that the firms with the strongest programs provided separate money laundering training to each department in the firm, at all levels and sites. Training for each department was geared to possible scenarios posed by the department's activities, and analyzed how the particular department could be used to prevent and detect money laundering. This approach also ensured that money laundering training was not just being covered at the headquarters site, but also was getting out to a firm's many branches and lower level employees. Resources such as help desks, anti-money laundering videos and designated anti-money laundering specialists helped guide employees with money laundering issues after the formal training program had been completed. Providing an Intranet resource dedicated to anti-money laundering issues also seemed to be a helpful training tool for employees.
In reviewing BSA compliance, we found the following:
No-cash policy. One policy that seemed to be particularly effective was that many firms refused to accept cash as payment for securities transactions. This protects firms from the risks associated with accepting cash as payment for securities transactions. In addition, this alleviates the burden of having to file numerous Currency Transaction Reports (CTRs). However, even firms that do not accept cash have to be familiar with BSA requirements for foreign bank accounts and wire transfers.
Importance of Staff Training. We found that successful firms took the time to train responsible staff for BSA compliance to be well versed and trained in the complexities of the Act. It is important for firm compliance employees to know the difference between CTRs and SARs, and when to correctly file each such report.
Cohesive Policies. We found that the most successful firms already had cohesive procedures in place to comply with the reporting and recordkeeping requirements of the BSA. Such procedures detailed the compliance requirements for the various BSA requirements, including the Travel Rule and the requirement that they notify Treasury when they maintain foreign bank accounts. Simply restating the requirements of the BSA in a firm's written supervisory procedures was not viewed as helpful.
In this area, the SEC/SRO exam teams reviewed the activities of several clearing firms to assess what type of anti-money laundering measures were being applied to clearing services performed for introducing broker-dealers. In particular, the staff reviewed the types of reports clearing firms provided to introducing broker-dealers, and whether they could be used to detect money-laundering activity. In this area, we found the following:
Need for Increased Cooperation and Due Diligence. In this area, we found need for great improvement. In many cases, small firms do not have separate margin departments, and appear to rely on their clearing firms to perform the anti-money laundering function for the introducing firm. However, oftentimes there was little or no discussion in allocation agreements with respect to the responsibilities of the introducing broker and the clearing broker as to anti-money laundering compliance. Moreover, some introducing firms did not appear to have an understanding of the procedures or exception reports that their clearing brokers offered that would enable them to monitor their customers for anti-money laundering activities. Relying on a clearing firm to perform this function without having an understanding of the procedures that a clearing firm has in place, and without creating mechanisms to share and analyze information only known to one side of the relationship, was not viewed by examiners as an effective practice to detect and deter possible money laundering.
We understand that this issue is a tough one for some of you. However, the reality is that both introducing and clearing brokers have independent obligations to comply with anti-money laundering laws. An introducing firm cannot just assume that its clearing firm is monitoring client account activity for anti-money laundering purposes. Clearing firms cannot just assume that, since they don't have customer account opening information, they have no responsibility. Introducing and clearing firms need to work together so that each firm can comply with its own independent anti-money laundering obligations. Introducing and clearing firms should be reviewing their allocation agreements, clearly specifying the responsibilities to be performed by each party, determining exception reports that are useful, and creating lines of communication. The introducing/clearing relationship must not create a gap in the industry's monitoring for money laundering purposes. Both introducing and clearing brokers need to enact the appropriate anti-money laundering procedures to comply with the Patriot Act and applicable SRO rules.
As you can see, the best practices that have emerged in this area do not represent rocket science. They are very practical, matter-of-fact suggestions that involve similar issues and considerations to implementing any other broker-dealer compliance program. In the coming months, the SEC and SROs will be incorporating anti-money laundering reviews into their routine broker-dealer examination programs. We expect that our examination program -- just like your firm's compliance program -- will have to be fine-tuned and reviewed, on a "rolling" basis, as new requirements are issued by the Treasury Department, and required to be established and implemented by firms.
We understand that there is a fair degree of anxiety over the approach that our examiners will take as the Patriot Act regulatory regime is "rolled out." We expect that we will be learning together what works, and what doesn't. We believe that the Patriot Act gives firms significant flexibility to design procedures and systems that reflect their firms' business. Just like last year, we will be looking at whether a firm has policies, procedures, and internal controls relating to money laundering, and whether its system for monitoring potential money laundering activities is appropriate to its business.
We understand that some of the requirements imposed by the Patriot Act are new, require action on a quick timeframe, and may involve complex, and possibly costly, changes to your current systems. But we are in this together for the long haul, and believe that doing it right is important. So, while we fully intend to have a strong examination program focusing on firms' anti-money laundering compliance programs, at the same time, you can expect us to be reasonable -- thoughtful, perhaps, critical even -- but reasonable as we review the status of your program.
So, what can you expect if your firm is visited by the SEC or an SRO over the coming months for an anti-money laundering examination?
If your firm has systems and controls well in place, be prepared to demonstrate how they work. Have you considered how your business is susceptible to possible money laundering activity? How well do you know your individual and corporate customers? What are you doing to detect and report potential money laundering behavior? Have you been filing CTRs and SARs, as appropriate? What are you doing to comply with OFAC? Are your employees trained and on the lookout for possible suspicious behavior? Do your procedures, controls, and testing functions reflect the Act's requirements? Does your program cover all the elements required by applicable SRO rules?9
If you are not as far along, expect to be asked some fundamental questions. We will ask you for a timetable for implementation, and we will make plans to follow-up on your progress. This is not to say that you can expect to satisfy an examiner with words - or even written plans. We will be citing deficiencies, and, in appropriate cases, will make referrals to enforcement authorities. But if you have established your program, and have a reasonable timetable for implementation, we will work with you.
As I said at the outset, life after the Patriot Act is going to be somewhat different for all of us. However, let me reassure you that we share common goals going forward. Over the next few months, the SEC will continue to work closely with the Treasury Department to help devise ways to creatively meet the challenges posed by implementation of the Patriot Act. At the same time, it will be your job to integrate the Patriot Act's requirements into your firms' compliance systems. Working together, we need to address the very real, and terrifying challenges posed by the use of our financial systems by terrorists and money launderers. We need to work together, and cooperate in the best spirit of September 11th, for this new era to work.
|1||See Pub. L. No. 107-56, 115 Stat. 272 (2001). Among other things, the Patriot Act calls for broker-dealers to monitor and report suspicious transactions, to establish anti-money laundering compliance programs, to verify customer identity and engage in special due diligence for certain customers, and to close accounts with foreign shell banks that are not affiliated with a supervised bank.|
|2||See SIA, Preliminary Guidance for Deterring Money Laundering Activity (Feb. 2002).|
|3||See "Money Laundering: It's on the SEC's Radar Screen," Remarks by Lori A. Richards, Director, SEC Office of Compliance Inspections and Examinations, at the Conference on Anti-Money Laundering Compliance for Broker-Dealers, organized by the Securities Industry Association (May 8, 2001), available at www.sec.gov/news/speech/spch486.htm.|
|4||OFAC refers to the Office of Foreign Assets Control, which is a part of the U.S. Treasury Department. Various executive orders prohibit transactions with designated individuals and embargoed countries. Master lists of embargoed countries and certain designated individuals are maintained on OFAC's web site at www.treas.gov/ofac, and updated frequently.|
|5||FATF refers to the Financial Action Task Force, which was created at the 1989 Economic Summit of the G-7 countries and has over 29 representatives. FATF has created a list of countries that have been designated as non-cooperative with international anti-money laundering principles. See the FATF website at: www1.oecd.org/fatf/ncct-em.htm.|
|6||FinCEN refers to the Financial Crimes Enforcement Network, which is a part of the U.S. Treasury Department.|
|7||On October 18, 2001, the SEC requested securities firms to voluntarily review a confidential "control list" prepared by the FBI against their customer account information. See Securities Exchange Commission Press Release No. 2001-115 (October 18, 2001).|
|8||See 31 U.S.C. 5311 et seq.|
|9||The NASD and the NYSE have proposed rules relating to anti-money laundering compliance programs, which the Commission has approved. See Securities Exchange Act Release No. 45798 (April 22, 2002) (SR-NASD-2002-24 and SR-NYSE-2002-10). The NASD has also issued guidance to its members on anti-money laundering compliance programs. See Special NASD Notice to Members 02-21.|
|Home | Previous Page||