As each new year begins, securities industry participants eagerly await the Financial Industry Regulatory Authority (FINRA) annual Report on Examination Findings and Observations and FINRA’s annual Risk Monitoring and Examination Priorities Letter. This year, FINRA replaced these two documents with a single 2021 Report on FINRA’s Examination and Risk Monitoring Program (the FINRA Report), issued on February 1, 2021.
Not surprisingly, the FINRA Report devotes an entire section solely to anti-money-laundering (AML) regulatory obligations and related considerations. In that section, the FINRA Report is chock full of findings, considerations, emerging risks, and effective practices. While all of the items are important enough to be included within the FINRA Report, one theme, risk assessment, carries prominently throughout the AML portion of the FINRA Report.
Assessing and Identifying Risks
When it comes to AML, the FINRA Report sends a consistent theme to firms: Know your firm risk and address that risk when implementing the components of your AML program requirements.
While this theme is nothing new to industry participants, the less obvious message from the FINRA Report may be that the risks you think are in scope for your firm may not necessarily be the same ones FINRA believes are your firm’s risks. The FINRA Report specifically identifies AML risks it believes firms need to consider and address, and firms should carefully hold that list up against their own risk assessments.
Market and Trading Risks
Over the years, FINRA has issued guidance, settlements, and regulatory priorities letters flagging a host of market- and trading-related risks for firms to consider in implementing monitoring programs to identify suspicious trading activity for potential AML escalation (e.g., cross-trades, wash trades, and low-priced security deposits/liquidations, to name a few). This guidance remains intact, but this year two additional market-related activities are specifically highlighted in the FINRA Report: (a) foreign national and entity nominee account activities and (b) the formation and initial public offerings of special purpose acquisition companies (SPACs).
Foreign National And Entity Nominee Accounts
The FINRA Report indicates that foreign national and entity nominee accounts have been used to invest solely in initial public offerings (IPOs) and subsequent after-market trading in one or more exchange-listed issuers based in restricted markets, particularly in China. The red flags associated with this activity within these account types can transcend other activities within the same account types, making the risks identified below important more generally with these account types.
For example, with foreign national and entity nominee accounts, firms should be looking at the risks that
- the owners of the accounts may be acting at the direction of others
- multiple accounts being opened using the same foreign bank for the source of funds may be suspicious and require enhanced scrutiny
- multiple accounts with the same employer and same email domain should be evaluated as potentially suspicious
- limit orders (multiple and similar) are being identified if they are placed by the accounts at the same time
FINRA’s identification of risks associated with trading in issuers based in restricted markets including China comes at the same time that the SEC has issued a risk alert addressing the impact of the U.S. government’s executive order prohibiting transacting in certain securities and derivatives of Communist Chinese military companies. Together, these suggest that firms should be taking a careful assessment of their risk in these areas. While the FINRA Report speaks in term of a specific fact scenario related to trading in restricted markets in China, what the FINRA Report seems to be addressing more broadly is the need for firms to be vigilant in designing and implementing reasonable monitoring tools that identify risky behaviors associated with trading in restricted or emerging markets.
Special Purpose Acquisition Companies
With the rise in the formation of SPACs, FINRA is focused on these vehicles. What may be a surprise to firms engaged in the formation and IPOs of SPACs, however, is that FINRA’s focus is on AML.
The FINRA Report details a number of risks that firms should look to with SPACs. They include
insider trading – specifically possession of and trading by underwriters and SPAC sponsors with material nonpublic information related to, among other things, SPAC acquisition targets, including private placement offerings with rights of first refusal provided to certain investors prior to the acquisition
misrepresentations and omissions in offering documents and communications
fees associated with SPAC transactions
control of funds raised in SPAC offerings
Given the increased regulatory interest in SPACs, this is an opportunity for firms involved in SPACs to look closely at these identified risks and assess how reasonably to incorporate them into their AML monitoring tools.
Account Onboarding Risk
Client account onboarding risk is not new; however, the FINRA Report informs firms that they should be looking to implement additional precautions at the account onboarding stage. Some fairly prescriptive practices identified in the Report include
use of technology to detect indicators of automated scripted attacks in the digital account application process
review of account application fields for commonalities among multiple applications
implementation of limits on automated approval of multiple accounts opened by a single customer
Money Movement Risk
Not unlike account onboarding, money movement risk has long been addressed by FINRA in prior guidance. The FINRA Report, however, suggests firms take additional steps to enhance existing practices to address what they view as known risks with money movements. They include
confirm customers’ identities verbally
enhance client verification protocols, including the use of multifactor authentication and other third-party verification services (early warning systems)
monitor outbound money movement requests post-ACH setup
The FINRA Report is signaling a need to have robust efforts surrounding money movements as well as more real-time assessments to identify potentially suspicious activity.
Beyond the specific risks that the FINRA Report details, it reminds firms of the importance of meaningful risk assessments based upon a host of factors. While it is not new to inform firms to update risk assessments based on their business lines, products, and customers, the FINRA Report reflects FINRA’s view that AML independent tests and audits are underutilized in serving as tools for firms to update their risks.
For example, the independent test or audit may identify risks that presented themselves for the first time at the firm. Missing these opportunities could expose the firm to ongoing risks without adequate transaction monitoring leading to potential gaps in suspicious activity reporting.
The FINRA Report also highlights the need for firms also to use their internal risk assessments as tools to inform the focus of their independent AML tests. Tailored independent tests that address the risks of the particular firm are likely better to identify and assist the firm. Generic AML program testing can provide value; however, the FINRA Report suggests that more tailored testing based of the firm’s risk assessment will be more in line with regulatory expectations.
The FINRA Report provides firms with a comprehensive set of expectations designed to assist firms’ focus on key areas of regulatory concern within AML programs. Given that AML program requirements are risk-based, the repeated theme of appropriate and tailored risks for a firm’s AML program throughout the FINRA Report should prove helpful. Specific and tailored risk assessments that evolve with the firm’s business, customers, and activities are likely to enable firms better to manage their AML program regulatory obligations.
Sidley Austin LLPはクライアントおよびその他関係者へのサービスの一環として本情報を教育上の目的に限定して提供します。本情報をリーガルアドバイスとして解釈または依拠したり、弁護士・顧客間の関係を結ぶために使用することはできません。
弁護士広告 - ニューヨーク州弁護士会規則の遵守のための当法律事務所の本店所在地は、Sidley Austin LLP ニューヨーク：787 Seventh Avenue, New York, NY 10019 (+212 839 5300)、シカゴ：One South Dearborn, Chicago, IL 60603、(+312 853 7000)、ワシントン：1501 K Street, N.W., Washington, D.C. 20005 (+202 736 8000)です。