FINRA's action against the online brokerage Scottrade yesterday provides a warning to all firms that allow online trading — if you don't provide surveillance of account activity, you too may be punished.
FINRA fined Scottrade $600,000 for failing to establish and implement an adequate anti-money laundering program to detect and trigger reporting of suspicious transactions as required by the Bank Secrecy Act and FINRA rules.
FINRA requires brokerage firms to establish and implement anti-money laundering policies, procedures and internal controls reasonably designed to detect and cause the reporting of any suspicious transactions that could be related to possible violations of laws or regulations — regardless of whether those transactions are associated with suspicious movement of funds into or out of accounts.
"Each firm's AML program must be tailored to its business model, including the technological environment in which the firm operates," said Susan L. Merrill, FINRA executive vice president and Chief of Enforcement. "In this case, despite the large volume of on-line trading at Scottrade, the firm failed to establish any systematic or automated surveillance until 2005. Then, the automated system the firm implemented remained inadequate because it focused only on suspicious trading that was accompanied by suspicious money movement."
Specifically, FINRA found that between April 2003 and April 2008, Scottrade failed to establish and implement an adequate AML program tailored to its business model, which primarily consists of providing an on-line platform for customers trading in securities. In 2003, Scottrade handled about 49,000 customer trades per day, and its volume grew to about 150,000 daily trades in 2007. Among the risks inherent to Scottrade's brokerage model and the firm's substantial trading volume are an increased risk of identity theft, account intrusions and the use of customer accounts to launder money using securities or other financial instruments, or to violate securities laws.
FINRA has advised firms that in designing their AML program, they should consider factors such as their size, location, business activities, the types of accounts they maintain and the types of transactions in which their customers engage. FINRA also has instructed on-line firms such as Scottrade to consider conducting computerized surveillance of account activity to detect suspicious transactions.
From April 2003 through January 2005, Scottrade did not have any systematic or automated program designed to detect potentially suspicious money movement or securities transactions. Instead, the firm used a manual system to monitor accounts for suspicious activities. This system relied almost exclusively on internal personnel, including branch, cashiering and margin employees, to identify and refer potentially suspicious activity to the firm's risk management department for further review.
Until June 2004, Scottrade's AML compliance officer/director of risk management was the sole employee specifically charged with investigating referrals to determine whether activity was "suspicious" and therefore reportable. In June 2004, the firm hired a risk management analyst to assist with this review. Neither the compliance officer, the analyst nor anyone else at Scottrade specifically monitored transactions for potentially suspicious trading activity. FINRA found that the sheer volume of on-line trading, along with the firm's reliance on inadequate internal resources, rendered the lack of an automated system to detect suspicious activity unreasonable.
In February 2005, Scottrade implemented a proprietary, automated system to monitor for suspicious transactions that was inadequate because it was primarily designed to monitor for and detect suspicious money movement.
Under Scottrade's automated filter-based system, when suspicious activity triggered one of the filters, it generated an alert to the AML analysts responsible for investigating the alerts. The analysts only reviewed for potentially suspicious trading activity if there was money movement into or out of an account that independently triggered one of the filters. On average, 1,300 alerts were generated monthly, but not all alerts were reviewed. In September 2006, the firm implemented a proprietary volume report for purposes of detecting "pump-and-dump" account intrusions and unauthorized trading activity resulting from such account intrusions. Scottrade did not utilize this volume report to detect suspicious trading activity by bona fide account holders.
FINRA also found that Scottrade's AML procedures failed to provide adequate written guidance to its employees as to how to detect or review transactions for potentially suspicious activity and failed to provide adequate written guidance to its AML analysts for detecting and investigating potential suspicious trading.
In concluding this settlement, Scottrade neither admitted nor denied the charges, but consented to the entry of FINRA's findings.