AML teams told to look for wider risks

Regulator calls for AML teams to keep tabs on cyber-security and seniors-related issues

A top regulator has urged broker-dealers to combine their anti-money laundering (AML) and other compliance efforts to help tackle issues that traditionally may not have been on AML teams’ radars, such as cyber-security and safeguarding elderly clients.

‘As the industry relies more on big data analytics for customer identification and suspicious activity identification, it’s important that firms continue to fuse their AML compliance programs with other compliance functions and not create siloes that can inhibit risk assessment and identification,’ Susan Axelrod, executive vice president of regulatory operations at the Financial Industry Regulatory Authority (Finra), told delegates at a conference in New York last week.

‘Cyber-security and senior investor protection are two examples of interrelated areas that should concern AML compliance staff.’

Specifically, Axelrod noted that firms are required to report patterns of cyber-intrusion in their suspicious activity reports (Sars), adding: ‘So it’s essential your cyber-security staff remain in close contact with your AML staff.’  

Firms should also be monitoring for elder abuse and reporting instances of it in their Sars, Axelrod said. Finra has observed an increase in the use of aggressive sales tactics by unregistered people in pump-and-dump schemes targeting elderly investors, and continues to see such activity with micro-cap securities, she noted.

There are a number of controls broker-dealers can implement to enhance protection for elderly clients from such financial exploitation, Axelrod said. For example, they can question a customer about inquiries to buy or sell penny stocks held outside the firm and can ask a customer about instructions to transfer funds to people who may be tied in some way to the issuer.

Protecting senior investors has become a major focus for Finra, the SEC and state regulators. Last October Finra proposed requiring firms to make reasonable efforts to obtain the name and contact details of a trusted contact person for a customer’s account. The self-regulatory organization (SRO) also proposed a rule that would permit firms to place a temporary hold on a disbursement of funds or securities when there is reasonable belief financial exploitation may be occurring, and to notify the trusted contact of the temporary hold.

Officials writing in the SRO’s 2017 regulatory and examination priorities letter, released last month, stated that calls to the Finra Securities Helpline for Seniors ‘have exposed troubling scenarios of senior and unsophisticated investors buying into sales pitches for speculative energy-based investments’ (CorporateSecretary.com, January 9).


EXAM FINDINGS
Even as technology provides additional ways to enhance AML-related supervisory activities, data accuracy and integrity are key to implementing a successful AML compliance program, Axelrod said. ‘We continue to see common violations related to suspicious activity reporting that are caused by bad data,’ she told attendees. ‘For example, we see gaps in data fed into automated surveillance systems and exception reports, including firms’ failure to include a certain type of account or customer in a particular alert type.’

She added that Finra officials are also seeing cases where parameters of alerts or exceptions are not sufficiently risk-based. For instance, she said, the parameters on an exception report may be set at a level that captures so many false positives it is impossible to separate the meaningful data from the useless filler, in effect rendering the exception report useless.

In some cases, firms detect suspicious activity but fail to adequately investigate it, according to Axelrod. For example, analysts may rely on outdated or inaccurate information to close out alerts, fail to ascertain the business purpose of a wire transfer exhibiting red flags, or conduct an abbreviated review of potentially suspicious activity in an effort to get through a backlog of alerts, she said. ‘It is important that firms do not [take shortcuts in] their reviews,’ she added.

Axelrod urged firms to review and test on a regular basis the information they feed into automated systems. This includes assessing whether changes to broker-dealers’ business models and risks would require corresponding changes to the parameters and scenarios in firms’ automated systems, she said.

Another area of concern is firms’ independent testing efforts. ‘Put simply, we continue to see tests that are inadequate, such as tests reflecting a review of procedures, but not implementation of those procedures,’ Axelrod said. ‘A good independent test should include testing of your suspicious activity monitoring program. An independent test is a good time to be checking your systems to ensure they are working as you believe they should be.’

0 comments

You must be registered to comment.

Please Sign In or Register.

Five best practices for information security governance

Data is everywhere: on mobile devices, in the cloud, in transit. The accumulation of data and the rise of businesses using data to better hone their practices are rapidly evolving as data comes from various platforms and in different forms. Data growth, new technologies and evolving cyber-threats create challenges for organizations looking to set the strategies, framework and policies for keeping all of that information secure.

This white paper will provide best practices and guidelines by answering the following questions:

  • How is information security governance defined?
  • What are the misconceptions about information security governance?
  • Why is information security governance important?
  • Who is responsible for information security governance?

Please click here to download the report.

Diligent

Diligent is the leading provider of secure corporate governance and collaboration solutions for boards and senior executives. More than 3,300 clients in more than 60 countries rely on Diligent to provide secure, intuitive access to their most time-sensitive and confidential information, ultimately helping them make better decisions. The Diligent Boards solution speeds and simplifies how board materials are produced and delivered via iPad, Windows and web tools. For more information, please visit diligent.com.

We use cookies to make our website function properly and deliver our services. By using our website, you agree to our use of cookies, please click here to learn how to manage and delete cookies.