Continued Individual Liability Under the Bank Secrecy Act: The SEC Targets Two AML Compliance Officers and One CEO for Alleged AML/BSA Violations
Two Have Settled, but One AML CO Will Contest the Case
A recent anti-money laundering (“AML”) enforcement action reminds us of the increasing risk of individual liability for alleged violations of the Bank Secrecy Act (“BSA”).
Specifically, the Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) announced last week that Aegis Capital Corporation (“Aegis”), a New York-based brokerage firm, admitted that it failed to file Suspicious Activity Reports (“SARs”) on numerous transactions. Although most of the attention regarding this enforcement action has focused on Aegis, the more interesting development here is the role of individuals — particularly a contested action filed against a former AML compliance officer who has declined to settle and who apparently is proceeding to trial on these allegations before a SEC Administrative Law Judge (“ALJ”). This should be a litigation to watch.
Allegations of AML Violations by the Institution
Under the BSA, broker-dealers must report suspicious transactions via SARs filed with the Financial Crimes Enforcement Network (“FinCEN”). Section 17(a) of the Securities Exchange Act of 1934, and Rule 17a-8 promulgated thereunder, require broker-dealers to comply with the recordkeeping, retention and reporting duties of the BSA. More generally, both the BSA and FINRA Rule 3310 require broker-dealers to maintain AML/BSA compliance programs.
The SEC press release alleges that the SEC found that Aegis failed to file SARs on suspicious transactions that raised red flags indicating that the transactions potentially were related to the market manipulation of low-priced securities. The SEC’s order also set forth its finding that Aegis willfully violated a SEC financial recordkeeping and reporting rule. Aegis agreed to pay a $750,000 penalty and retain a compliance expert. Aegis further settled in a related action with FINRA for an additional $550,000 penalty, resulting in a total monetary penalty of $1.3 million against the institution.
The FINRA press release contains greater detail of the alleged misconduct by Aegis, and highlights the risks associated with disregarding internal red flags, particularly when the transactions at issue involve foreign financial institutions:
FINRA found that Aegis’ supervisory system for trading in delivery versus payment (DVP) accounts was not reasonably designed to satisfy its obligation to monitor and investigate trading in DVP accounts, particularly in low-priced securities transactions. In a DVP account, customers buy and sell securities that are not held at the brokerage firm executing the trades, and the purchases and sales of those shares are then effected through the brokerage firm. During its investigation, FINRA found that Aegis failed to adequately monitor or investigate the trading in seven DVP customer accounts that liquidated billions of shares of low-priced securities, generating millions of dollars in proceeds for its customers. Several of these customers were foreign financial institutions that effected transactions on behalf of their underlying customers, all of whom were unknown to Aegis. The firm did not identify these trades as suspicious even after its clearing firm alerted Aegis to AML red flags and specific suspicious low-priced securities transactions. These violations were accompanied by a failure to implement an adequate AML program tailored to detect red flags associated with these sales.
Highlighting the increasing role of AML in the securities industry, FINRA further noted in its press release that its 2018 Regulatory and Examination Priorities Letter highlighted AML as an area of particular concern and noted that FINRA will be assessing the adequacy of firms’ AML programs and their ability to detect and report suspicious transactions. As we have blogged, the SEC Office of Compliance Inspections and Examinations (OCIE) likewise has declared that one of its 2018 exam priorities is the scrutiny of AML programs.
The AML Enforcement Spotlight on Individuals: Two Have Settled, but One Will Contest
The SEC has alleged that a former Aegis AML compliance officer, Eugene Terracciano, failed to file SARs on behalf of Aegis, thereby aiding and abetting and causing Aegis’ violations. In particular, the SEC claims that Terracciano failed to file SARs on transactions in which Aegis’ customers were:
(i) selling large quantities of low-priced securities that comprised a significant percentage of the issuers’ daily trading volume and outstanding float;
(ii) trading shares of issuers who had changed names and business lines;
(iii) selling substantial shares of low-priced securities during periods of spikes in price and volume of the issuers’ securities and during paid promotional campaigns; and/or
(iv) trading in shares of issuers’ that had little or no market activity until the promotions began.
As noted, the SEC will try Terracciano’s case before a SEC ALJ. This forum will differ from U.S. District Court, where the Department of Justice, litigating on behalf of FinCEN, tried the most high profile individual AML enforcement action to date against Thomas E. Haider, the former Chief Compliance Officer of MoneyGram International. Ultimately, Haider agreed to pay a $250,000 penalty and accepted a three year injunction barring him from any compliance employment for any money transmitter. It will be interesting to see how this litigation unfolds in the ALJ SEC system, which has been criticized as lacking adequate procedural protections and being slanted towards the SEC, and which may be unconstitutional under the Appointments Clause – an issue that the Supreme Court is poised to decide.
Separately, the SEC alleged that Aegis’ former AML compliance officer Kevin McKenna and Aegis CEO Robert Eide aided and abetted the firm’s violations. Without admitting the SEC’s findings, Eide agreed to pay a $40,000 penalty; McKenna agreed to pay a penalty of $20,000 and also agreed to a prohibition from serving in a compliance or AML capacity in the securities industry (with a right to reapply). Although the CEO has paid the higher monetary penalty, he — unlike the AML CO — has not suffered an industry prohibition, thereby highlighting the enhanced risks faced, somewhat ironically, by those working in compliance.
This is not the first time that the SEC has brought an AML-based enforcement action against an individual. For example, in January 2017, the SEC instituted administrative and cease and desist proceedings against a New York based broker-dealer and its chief compliance and AML officer for alleged violations of the BSA and securities law. The order alleged that AML officer was personally responsible for monitoring customer transactions for suspicious activity and ensuring the firm’s compliance with SAR reporting requirements. Despite having an AML program, the AML officer and company allegedly failed to file SARs for dozens of potentially illegal stock sale transactions by its customers, for a total allegedly exceeding $24.8 million in proceeds. FINRA also pursued AML violations against an individual in February 2014.
None of the individuals, however, contested these actions. How the litigation involving Mr. Terracciano plays out may have potential implications for other AML compliance officers and executives — not only in the securities industry, but also for banks, money transmitters, and other financial institutions.