1. Home
  2. |Insights
  3. |SEC Risk Alert Provides Valuable Reminders Concerning Importance of Compliance with SAR Reporting Requirements

SEC Risk Alert Provides Valuable Reminders Concerning Importance of Compliance with SAR Reporting Requirements

Client Alert | 6 min read | 04.21.21

On March 29, 2021, the Securities and Exchange Commission’s Division of Examinations published a Risk Alert titled “Compliance Issues Related to Suspicious Activity Monitoring and Reporting at Broker-Dealers.”  The Alert identifies recurring issues that the Division has identified with the anti-money laundering (“AML”) programs of broker-dealers, particularly as these relate to the filing of suspicious activity reports (“SARs”).  It builds on similar issues that the SEC litigated and prevailed on in SEC v. Alpine Securities Corporation in the Second Circuit Court of Appeals, and is consistent with the fact that the SEC has identified AML program compliance as an examination priority in 2021, the fourth consecutive year it has done so.

With regard to SARs, the Risk Alert documents instances the SEC has seen of firms failing to appropriately detect and investigate “red flags” for potential money laundering or other financial crime, including those published in Financial Crimes Enforcement Network (“FinCEN”), SEC, and Financial Industry Regulatory Authority (“FINRA”) guidance, and to appropriately document such activity in SAR filings, especially with respect to sales of low-priced securities (often referred to as “penny stocks”). 

The Risk Alert identifies the following key issues:

AML Policies and Internal Controls

  • Failure to Identify Red Flags in AML Programs.  The Division said that a number of firms had failed to specify relevant red flags in their AML policies and procedures that should require further investigation for potential suspicious activity, and to tailor these towards addressing the risks associated with the type of activity in which the firm’s customers regularly engage.  For broker-dealers that conduct transactions in low-priced securities, these should include the specific red flags identified in guidance that FinCEN, the SEC, and FINRA have published, such as FINRA’s NTM 19-18 and 2014 guidance from the Division relating to such securities.  A complete list of relevant guidance documents appears at the end of the Risk Alert.
  • Failure to Conduct Automated Transaction Monitoring Where Appropriate and to Set Detection Scenarios Properly.  The SEC said that a number of firms with large volumes of daily trading had failed to implement automated systems to monitor and report suspicious activity associated with such trades.  Instead, such firms unreasonably relied on a manual process, and also failed to establish procedures or controls designed to identify trends or suspicious patterns across multiple accounts.  Where such firms did address low-priced securities in automated monitoring, they sometimes set the threshold for detecting suspicious transactions at $1 or below, forgetting that “penny stocks” are defined to include securities priced between $1 and $5 per share under controlling regulations.
  • Failure to Set Appropriate Reporting Thresholds.  Some firms set their SAR reporting thresholds above the $5,000 required by regulations.
  • Improper Reliance on Clearing Firms.  Some introducing firms inappropriately deferred to their clearing firms to identify and report suspicious transactions in customer accounts and failed to adopt their own procedures that take into account the high-risk nature of their customers’ activity, including trades in low-priced, unregistered securities.

Failure to Implement Procedures

A number of firms that had reasonably designed written policies and procedures “did not implement their procedures adequately and did not conduct adequate due diligence on or report suspicious activity that, per their own procedures, appeared to trigger a SAR filing requirement.”  These included:

  • Failing to file SARs “on transactions that appeared identical in nature to transactions for which the firm had routinely filed SARs, without distinguishing the transactions from those on which SARs were filed previously.”
  • Failing to reasonably use “available transaction reports and systems to monitor for suspicious activity.”
  • Failing to follow up on and investigate “red flags identified in their procedures, such as prearranged or non-competitive trading, including wash or cross trades or potential insider trading.”
  • Failing to enforce prohibitions in their own policies with respect to transactions in low-priced securities that had been imposed to avoid suspicious activity, or to investigate violations of such prohibitions to determine whether the allowed transactions had been suspicious.

Failure to Investigate Known Red Flags

Some firms failed to conduct or document diligence in response to red flags, “especially with respect to trading activity in low-priced securities,” which the SEC said were “particularly susceptible to market manipulation.”  This included failing to file SARs despite evidence of “possible improper sales of unregistered securities, and pump-and-dump schemes and market manipulations of thinly traded, low-priced securities,” and failing to investigate transactions in low-priced securities that “included one or more of the following red flags reflected in the 2014 EXAMS Risk Alert and FINRA Notice to Members 19-18.”  Such red flags include: (1) large deposits of low-priced securities followed close in time by liquidation and the wiring out of proceeds; (2) patterns of trading activity common to several customers (e.g., sales of large quantities of low-priced securities of multiple issuers); (3) trading “in thinly traded, low-priced securities that resulted in sudden spikes in price or that represented most, if not all, of the securities’ daily trading volumes”; (4) trading in stock of issuers that were shell companies, had previously been subject to trading suspensions, or whose affiliates or insiders had a history of securities law violations; (5) customers with questionable backgrounds, such as being the subject of civil or criminal penalties or regulatory enforcement; (6) trading in the stock of issuers that had been the subject of public warnings or other publicly-available information; (7) customer sales of shares of issuers subject to “simultaneous promotional activity”; (8) “[t]rading in low-priced stock by customers that were affiliates or control persons of the issuer”; and (9) “liquidations of large volumes of low-priced securities concentrated within introducing dealers or broker-dealer counterparties that firms identified as high risk” or whose activity exhibited other red flags.

Failure to File Complete and Accurate SARs

A number of firms failed to include information in structured data fields of the SAR form, and failed to include SAR narratives information relevant to the five essential elements of such narratives – who? what? when? where? and why? – for the suspicious activity being reported.  This included neglecting to include in data fields information otherwise available to the firm, such as Social Security numbers, customer loss amounts, customer disciplinary histories and account numbers, and “concerns about suspected promoters and issuers of low-priced securities,” as well as failing to provide detail sufficient to allow a complete understanding of why the reporting firm found the transactions to be suspicious, such as “[r]eporting the deposit of low-priced securities but failing to report the liquidation of the same securities shortly thereafter and the disposition of the proceeds.”  Finally, the Division noted cases of cyber intrusions and account takeover incidents where firms had failed to report relevant information such as “the method of transferring out funds, how the account was accessed, bank account information, phone/fax numbers, email addresses, and IP addresses,” all of which are required by FinCEN guidance relating to SAR reporting of “cyber-events.”

Practical Considerations

Regulated firms should ensure that they have considered these issues and addressed them in their own AML programs and SAR-related policies and procedures, paying special attention to any transactions relating to low-priced securities.  The SEC continues to focus on AML enforcement against broker-dealers and AML program and SAR failures with respect to transactions in low-priced securities, in particular.  Accordingly, firms should track and make efforts to incorporate, as appropriate to their businesses, the red flags that FinCEN, the SEC, and FINRA have established through various notices and in specific enforcement actions.  Furthermore, in light of the Second Circuit’s decision earlier this year in SEC v. Alpine Securities Corporation, firms should include enough detail to make clear the nature of the suspicious activity and the securities involved based on available information in internal records (e.g., Social Security numbers, dollar amounts, account numbers, details related to foreign customers and sub-accountholders).