How to Safeguard Your Firm from Regulatory Action

Too often in companies across the financial services sector, the financial commitment to the compliance department does not keep pace with the rate of business growth. Interactive Brokers Group – which provides automated trade execution and custody of securities, commodities and foreign exchange in over 135 markets and in scores of countries and currencies – learned recently that harsh regulatory penalties can accompany such growing pains.

Interactive Brokers, ranked by Barron’s as one of the top online brokers, agreed to pay $38 million to settle claims by a slate of U.S. regulators because of the company’s failure to maintain an adequate anti-money-laundering (AML) program for more than five years. The U.S. broker-dealer, which serves a wide range of international clients, allegedly hadn’t monitored hundreds of millions of dollars of customers’ wire transfers for money-laundering concerns and failed to report potential manipulation of microcap securities in customer accounts, according to The Wall Street Journal.

The company’s compliance breakdown has far-reaching implications. Interactive Brokers must pay penalties to the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC) and the Financial Industry Regulatory Authority (FINRA). FINRA’s action played a key role in causing the dominos to fall, with the self-regulatory organization focusing on a period from January 2013 through September 2018 – a time in which Interactive Brokers expanded widely enough to become a key competitor to the likes of Charles Schwab and Robinhood.

The company’s senior compliance management knew that resources and staffing within its AML compliance department were not growing at a comparable rate to match the number of new customers. According to FINRA, one compliance manager warned his supervisor “we are chronically understaffed” and “struggling to review reports in a timely manner.”

For a compliance manager to put pen to paper – or rather, fingers to keyboard – and write such a thing, that individual must have had many sleepless nights. It is critical for all firms to take necessary steps to keep their staffers’ nightmares from becoming reality. Senior management must react (and quickly) when compliance managers send these cries for help.

Materially increasing staffing is of course important after a business boom period, but as Interactive Brokers sadly learned, the process takes time. If the compliance professionals at the company that clears more transactions for foreign financial institutions than any other U.S. broker-dealer had to wait for more support from management, surely a firm with less financial resources may have to wait even longer. Maintaining and – if necessary – increasing resources for the compliance program is difficult for a firm of any size, especially in a challenging economy. Therefore, it is imperative that companies of all shapes and sizes do what they can with what they have to strengthen their systems.

Here are four ways firms can safeguard themselves from becoming entrenched in an AML scandal:

1. Don’t Ignore Your Customers’ Legal Woes

All three regulators involved in the Interactive Brokers case have different review periods and courses of action, but arguably, one woman was at the center of this tangled web of fines: Haena Park. The New York-based trader pleaded guilty to defrauding investors of more than $23 million and was ultimately sentenced to three years in prison in 2017. In 2018, the CFTC won a court order calling for Park and her companies to pay restitution to those defrauded investors.

Park’s problem became Interactive Brokers’ problem, as the broker-dealer supervised her accounts. If your company’s platform is being used as a conduit for criminal activity, regulatory investigations and examinations are sure to follow. Prosecutors and regulators often coordinate and cooperate as they investigate wrongdoing. The probability that the CFTC, SEC and FINRA were able to coordinate on their investigation of Interactive Brokers with Park’s prosecutors was high.

If you receive any sort of subpoena or request from a government agency regarding a criminal matter or legal action against a client, it is a clear indication to review your own systems to see if your internal controls, surveillance and monitoring tools are adequate. Cooperation with regulators and prosecutors alike will be considered if that customer’s legal woes become your own. Regulators and prosecutors encourage internal investigations and, when necessary, appropriate remediation efforts and will look favorably upon these efforts when determining the penalties imposed in a settlement. It is also critical to file SARs, if appropriate, even if you have already received requests for information from government agencies. The obligation to file a SAR is not dismissed simply because a company believes a government agency is already investigating the suspicious activity.

2. Make Sure Your Surveillance System is Appropriately Tailored to Detect Suspicious Activity

Failure to adequately report suspicious transactions is the true heart of the Interactive Brokers case. According to the SEC, Interactive Brokers failed to file more than 150 SARs regarding potential manipulation of microcap securities over a one-year period alone.

Satisfying the statutory requirement of filing SAR reports is not the end game, though. The entire point of having an AML system in place is to be able to flag suspicious activity and ultimately to close the accounts of customers involved in fraudulent or criminal behavior. This is why financial institutions invest in transaction monitoring and everything else that is now commonplace with customer due diligence, KYC checks, onboarding – it’s all to find and prevent such suspicious activity and notify regulators and law enforcement. A company cannot file these reports and weed out the wrongful activity without making the right investments to put the proper systems in place.

If you cannot afford or are going through the arduous search process of building out a strong team equipped to monitor transactions, consider contracting an external resource to handle this part of your business. When considering whom to hire, you must take stock of your company’s customer base, products and services. AML compliance programs, including monitoring systems and all policies and procedures, should be sufficiently tailored to detect suspicious activity and fraud within each company’s specific industry, whether it be money service businesses, mortgage bankers and brokers, broker-dealers or even licensed virtual currency companies.

The root cause of most AML program deficiencies is insufficient resources – which can mean resources that are entirely inadequate or resources that are not efficiently allocated. For some small- to mid-sized institutions, hiring outsourced expert consultants may be the best solution.

3. Evaluate Risk by Client Jurisdiction

More than half of Interactive Brokers’ clients hail from outside the U.S. Unequivocally, more international operations can mean more risk. When you are dealing with an international customer or client base, customer risk assessments are critical to ensure awareness and, in turn, employ appropriate due diligence for customers based in high-risk jurisdictions. According to the FINRA settlement, during its review period, approximately 55 percent of Interactive Broker’s customers were domiciled outside of the United States. Many of them were based in higher-risk jurisdictions such as Russia, Cyprus and China. The Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog, is an excellent source when preparing customer risk assessment policies and procedures. FATF sets the international standards for preventing money laundering and terrorist financing. It also monitors member countries’ progress in implementing its recommendations to prevent these illegal activities. FATF periodically publishes lists of high-risk and watchlist countries. Do you have the internal processes in place to know and recognize when you might be interacting with a suspicious entity?

4. Create a Direct Line Between Compliance and the C-Suite

The unnamed compliance manager’s emails revealed as part of the investigations are indeed striking. But perhaps what’s more surprising is that those emails seemingly went ignored by the firm’s senior management. The C-Suite needs to be reactive and responsive to the concerns of the compliance department, whether they require developing a strategy and plan for hiring or a request for some kind of assistance with report review and case management.

Internal reviews and investigations are critical to both creating and continuing that dialogue. Consider assigning these to an independent third party. While your firm may be large enough to have an independent department for these investigations, an in-house party may struggle to run investigations independently and without bias. An outside firm or consultant, in contrast, could look at your system with fresh eyes. Especially if the weak links were as plentiful and pressing as those of Interactive Brokers, this independent investigator could be a sober voice to put your company on the right path to compliance.