Publications: A look at the reporting of suspicious trading activities

As part of the enhancements to the Bank Secrecy Act (BSA), the Patriot Act specifically required broker-dealers to implement anti-money laundering and suspicious activity reporting policies and procedures. 31 U.S.C. 5318. While continuing to impress upon the broker-dealer community the importance of strong anti-money laundering (AML) procedures, securities regulators are turning their attention to broker-dealers' procedures for filing suspicious activity reports (SARs). 31 CFR 103.19, 67 Federal Register 44,048 (July 1, 2002).

Broker-dealers, particularly "prop shops" and smaller customer-based firms, may be surprised to hear that they have to consider, and design their SAR procedures to address, more than just financial transactions. Bernie Madoff can serve as an example of circumstances in which a SAR might have been useful, but that is too obvious. The recent "flash crash" and rule proposals for transaction reporting are better examples of why securities regulators are highlighting suspicious activity reporting. See Securities and Exchange Commission (SEC) Release No. 34-62174, May 26, 2010 which proposes new SEC Rule 613 to implement a consolidated audit trail for listed equities and options. The securities and futures marketplace is bigger, faster and possibly more opaque than it has ever been, and regulators and their surveillance systems simply cannot be everywhere. In a "self-regulated" industry, regulators are not out of line asking participants to step it up a bit too. That appears to be what is happening.

Broker-dealers have been subject to suspicious activity reporting requirements for years. They are required to report a transaction (or multiple transactions) involving at least $5,000 (alone or in the aggregate) that the broker-dealer "knows, suspects or has reason to suspect:"

• involves funds or assets derived from illegal activities or is designed to conceal or disguise funds or assets derived from illegal activities;
• is designed to evade the BSA (e.g., currency or other transaction reporting requirements);
• has no business or apparent lawful purpose or is not the sort in which a particular customer would normally engage; or
• involves the use of the broker-dealer for criminal activity.

Last year, however, the BSA Advisory Group published a SAR Activity Review that, for the first time, focused on the securities and futures industries. "The SAR Activity Review Trends Tips & Issues," Issue 15, Bank Secrecy Act Advisory Group, May 2009. According to regulatory staff that contributed to the SAR Activity Review, securities examinations in this area focus on:

• whether written policies and procedures are designed for the firm and its business and include the specific requirements of 31 CFR 103.19 (the SAR requirements);
• whether the firm adequately implemented its written policies and procedures;
• what monitoring system is in place, whether it is designed to identify potential suspicious activity, whether the system documents the filing or non-filing of SARs, and what, if any, exception reports are utilized; and
• whether SARs are accurate, timely and kept confidential (firms and their personnel are prohibited from notifying non-regulatory personnel that a transaction has been reported).

According to the staff, examiners will accept a firm's decision not to file a SAR as long as the firm had reasonable, risk-based controls and a reasonable decision-making process, and the examiners find the firm's decision was reasonable under the facts and circumstances.

Examiners are likely to find many firms designed their SAR procedures hand-in-hand with their AML procedures. The guidance that the securities regulators promulgated to assist broker-dealers with implementing SAR procedures historically has been tied to AML procedures. See e.g., NASD (now, FINRA) Notice to Members 02-47, August 2002. Regulators, including in the SAR Activity Review, now are attempting to differentiate SAR procedures to encompass more than financial transactions and the related activities that would typically be used by money launderers or terrorist financiers.

In the SAR Activity Review, the SEC staff said firms have an obligation to report any suspicious transactions 'by, at or through' the firm and to monitor all aspects of their business and not just money movements. Such a broad statement should not be taken out of context. A firm may feel it is being responsive to regulators' requests by adding new broad language to its procedures, but imposing sweeping requirements on the firm's personnel may be setting a firm up for failure. Language, such as, "the chief compliance officer will review all trading activity for manipulative activity," could make it nearly impossible for a firm to comply with its own procedures.

Though securities regulators remind industry participants that their SAR procedures must address trading-related activities, there are decreasing efficiencies and benefits associated with moving too far afield from the core purpose of the statute. Suspicious activity reporting is intended primarily to advise law enforcement of criminal activity. The Financial Crimes Enforcement Network (FINCEN), the agency with whom broker-dealers file their SARs, was not formed to serve as the SEC's or the Commodity Futures Trading Commission's complaint hotline, and it too has limited resources.

What then are reasonable, risk-based controls and reasonable decision-making processes for determining whether to file a SAR? What is an effective monitoring system?

The starting point is informing personnel of relevant considerations. For example, SAR procedures should make clear that, where there is no apparent legitimate purpose for a trading activity, the situation should be elevated for consideration by compliance and supervisory personnel who determine whether a SAR is required. Trading situations may not raise money-laundering concerns but still require evaluation under the SAR requirements.

Determining when a questionable trading activity becomes a reportable suspicious activity has not been thoroughly addressed by regulators, but there is some guidance available. In the SAR Activity Review, penny stock activities were cited as a key area to consider. Citing enforcement actions in this area, the SEC staff presented egregious examples of firms turning a blind eye. (In the Matter of Park Financial Group, Inc. and Gordon C. Cantley, SEC Release No. 34-55614 (April 11, 2007) and Release No. 34-56902 (December 5, 2007); In the Matter of Ferris, Baker, Watts Inc. SEC Release 34-59372 (Feb. 10, 2009)). Affirmative monitoring (and reporting) obligations are less controversial in the penny stock arena. Penny stock schemes often involve undisclosed account beneficiaries. Thus, for nearly all firms, penny stocks should be addressed as part of SAR procedures.

Firms also should consider developing exception reports or obtaining them from their clearing firm. Broker-dealers, however, cannot rely on their clearing firms for the filing of a SAR unless it is jointly filed.

Defining the scope of relevant information within the firm permits the person ultimately responsible for filing SARs to engage in reasonable decision-making. Not all questionable trading activity is suspicious activity for purposes of SAR, but taking a fresh look at SAR procedures with trading activities in mind will help firms avoid being second-guessed during their examination process.

Reprinted with permission of the Law Bulletin Publishing Company.