Of Counsel
07 Jul 2016

In this exclusive Of Counsel piece, Julie Copeland and Mirella A. de Rose of Lewis Baach pllc, take a look at the “ABCs” of compliance.

Compliance in the modern world can seem complicated.   Financial institutions have compliance manuals with many pages of procedures; the manuals and pages are multiplied (sometimes exponentially) if the institutions operate in multiple jurisdictions.     There are complex computer programs, with electronic filters and daily updates to “black lists.”  And then there is the human component, with requirements for intervention, exercise of judgment, and management oversight.     The very basics of compliance can get lost in this morass of mind-numbing procedures and detailed instructions.

But many anti-money laundering (AML) enforcement actions illustrate the importance of an institution wide focus, not on these complexities, but on common sense fundamentals on compliance.  Below, using examples from the recent high profile enforcement actions, we go back to compliance primary school, with the “ABCs” of compliance.


On May 24, 2016, the Monetary Authority of Singapore (MAS) shut down the Singapore branch of the Swiss bank BSI AG for “control lapses and gross misconduct” relating to its anti-money laundering program.  At the same time, the Swiss regulator, FINMA, agreed that all of BSI’s assets would be absorbed by the Swiss bank EFG with the understanding that the transfer needed to be accomplished within a year and that no senior members of BSI management would remain at the institution.  Among the many lapses that the regulators cited were the Bank’s failure to question a $20 million deposit that was called a “gift” and a $98 million deposit without an explanation about its commercial rationale.  In each of these instances, the Bank was criticized for failing to question transactions or to determine the rationale for the transactions.  Such questioning is one of the basic tenets of an anti-money laundering program.

Similarly, in the recent action by the U.S. Securities and Exchange Commission (SEC) against broker-dealer Albert Fried & Co. (AF), the SEC cited numerous instances where the firm ignored red flags and therefore, failed to file Suspicious Activity Reports (SARs) as it was required to do.  Among the instances of activity that should have triggered red flags, according to the SEC, were high volume trading in penny stocks and an instance in which one customer’s trading in one day constituted more than 80% of the overall market volume in that stock on that day.  Additional red flags involved the rejection by other broker-dealers of AF’s attempts to transfer its customers’ securities; a customer’s liquidation of securities immediately followed by the transfer out of the account of all the cash proceeds from the liquidation; and the fact that the SEC suspended trading in a security that was recently liquidated by a customer.

AF also ignored both regulatory guidance by the U.S. Treasury Department’s enforcement agency, FinCEN, and the National Association of Securities Dealers about transactions in penny stocks and the recent action by the Financial Industry Regulatory Authority (FINRA) against Brown Brothers Harriman.  In February 2014, FINRA fined Brown Brothers $8 million because its AML program failed to detect suspicious transactions in penny stocks.  The AML officer for Brown Brothers was also fined $25,000 and suspended from associating with the firm for one month.


Recent actions by FINRA against Raymond James Financial (RJ) and by the SEC against AF both illustrate that the perils of an institution’s failure to follow its own policies and procedures.

Section 312 of the USAPATRIOT Act requires that a firm such as RJ has procedures in place to conduct due diligence on foreign correspondent accounts.  To comply with Section 312, RJ developed a special form to be completed for each such client.  Completion of the form required the provision of the information necessary under Section 312, including information about the client’s business, markets serviced, client base, types of expected activity and the nature of the account.  However, FINRA found that RJ did not consistently implement its own due diligence procedures and in fact failed to complete this form for several of its correspondent banking clients.

Similarly, in the AF case, the SEC noted that the firm “despite an express requirement to do so under its policies,” never conducted a documented risk assessment and review of its customers’ trading in the wake of regulatory and criminal inquiries concerning certain customers’ conduct.  Furthermore, AF’s policies and procedures required the firm to file SARs for suspicious activities including “trading that constitutes a substantial portion of all trading for the day in a particular security,” “heavy trading in low-priced securities,” and “unusually large deposits of funds or securities.”  Beginning in 2010, several of AF’s customers deposited hundreds of millions of penny stock shares and sold them in large volumes, often accounting for significant percentages of the overall market volume for those securities.  The SEC found that the firm “failed to … implement its own policies … related to high-volume sales of penny stocks and other red flags related to certain of its customers’ transactions.”  Based on the firm’s own policies, the firm should have filed SARs for these transactions.

In each of these cases, the regulatory authorities cited multiple deficiencies in each firm’s AML program.  But a failure to follow internal policies gives regulators an easy place to begin their criticism because it suggests that the institution has recognized the risk, and is consciously avoiding it.


In the action against BSI in Singapore, the MAS cited the fact that the Bank had gone through three previous exams that identified deficiencies in its AML program.  After the first exam, the lapses were rectified.  But the second and third exams, especially the third, uncovered what the MAS called “multiple breaches of anti-money laundering regulations and a pervasive pattern of non-compliance.” Thus, the action by the MAS to withdraw the Bank’s license to operate took into account the “repetitive lapses” as well as other factors.

Similarly, in the RJ case, FINRA noted that in 2012, the company signed a Letter of Acceptance, Waiver and Consent  involving censure and a fine for its failure to implement polies and procedures “reasonably designed to detect and cause the reporting of suspicious transactions” in connection with a client’s Ponzi scheme.  As part of that settlement, RJ agreed to undertake a review of its anti-money laundering compliance program and procedures.

Yet, four years later, RJ found itself in the cross-hairs of its regulator for the same problem: failing to develop and implement an AML program that was reasonably designed to detect and report suspicious activity.  This time, however, RJ was fined a total of $17 million (as opposed to the previous fine of $400,000), and the AML officer was held personally responsible and sanctioned as well.  Finally, RJ was required to conduct a comprehensive review of its AML program within six months of the date of the settlement and provide a written report to FINRA summarizing the findings and recommendations of the review, which clearly would have required the retention (and cost) of a third-party to conduct the review.

Each of the cases discussed here present numerous other lessons to be learned, which shall be the subject of another note.  But each case highlights the need to pay attention to the very basics of an AML program.




As with all legal structures, the fundamentals are important, because they are the foundation on which the AML program is built.   A faulty foundation is likely to result in more complex failures over time.  Given the risks to financial institutions, which are subject to regular, intensive examination aimed at identifying compliance weaknesses, investment in getting the basics right will have long term benefits for the AML program and the institution as a whole.

Advance your CPD minutes for this content, by signing up and using the CPD Wallet


You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.