FINRA Provides Guidance to Firms Regarding Suspicious Activity Monitoring and Reporting Obligations
http://www.finra.org/sites/default/files/notice_doc_file_ref/Regulatory-Notice-19-18.pdf
May 9, 2019
FINRA issued the Notice to provide guidance to member firms regarding suspicious activity monitoring and reporting obligations under FINRA Rule 3310 (Anti-Money Laundering Compliance Program). The guidance included ninety-seven (97) red flags organized into six sections:
- Potential Red Flags in Customer Due Diligence and Interactions With Customers (19 red flags, 10 are new)
- Potential Red Flags in Deposits of Securities (8 red flags, all are new)
- Potential Red Flags in Securities Trading (20 red flags, 18 are new)
- Potential Red Flags in Money Movements (31 red flags, 20 are new)
- Potential Red Flags in Insurance Products (5 red flags, all are new)
- Other Potential Red Flags (14 red flags, 10 are new)
The Notice provided that these red flags were in addition to the money laundering red flags that appeared in Notice to Members 02-21 (NTM 02-21) published in April 2002:
“Since NTM 02-21 was published [in April 2002], guidance detailing additional red flags that may be applicable to the securities industry have been published by a number of U.S. government agencies and international organizations. FINRA is issuing this Notice to provide examples of these additional money laundering red flags for firms to consider incorporating into their AML programs, as may be appropriate in implementing a risk-based approach to BSA/AML compliance.”
“This Notice is intended to assist broker-dealers in complying with their existing obligations under BSA/AML requirements and does not create any new requirements or expectations. In addition, this Notice incorporates the red flags listed in NTM 02-21 so that firms can refer to this Notice only for examples of potential red flags.”
So the twenty-five 2002 red flags are included, but not identified, within the ninety-seven 2019 red flags. To assist compliance professionals, I have gone through the 2002 red flags and inserted them into the 2019 red flags so that those professionals can more easily determine whether their current programs are covering off the “new” red flags.
2002 Red Flags
- The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.
- The customer wishes to engage in transactions that lack business sense or apparent investment strategy, or are inconsistent with the customer’s stated business strategy.
- The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect.
- Upon request, the customer refuses to identify or fails to indicate any legitimate source for his or her funds and other assets.
- The customer (or a person publicly associated with the customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations.
- The customer exhibits a lack of concern regarding risks, commissions, or other transaction costs.
- The customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate commercial reasons, to provide information or is otherwise evasive regarding that person or entity.
- The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry.
- The customer attempts to make frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm’s policies relating to the deposit of cash and cash equivalents.
- The customer engages in transactions involving cash or cash equivalents or other monetary instruments that appear to be structured to avoid the $10,000 government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds.
- For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or third-party transfers.
- The customer is from, or has accounts in, a country identified as a non-cooperative country or territory by the Financial Action Task Force (FATF).
- The customer’s account has unexplained or sudden extensive wire activity, especially in accounts that had little or no previous activity.
- The customer’s account shows numerous currency or cashiers check transactions aggregating to significant sums.
- The customer’s account has a large number of wire transfers to unrelated third parties inconsistent with the customer’s legitimate business purpose.
- The customer’s account has wire transfers that have no apparent business purpose to or from a country identified as a money laundering risk or a bank secrecy haven.
- The customer’s account indicates large or frequent wire transfers, immediately withdrawn by check or debit card without any apparent business purpose.
- The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose.
- The customer makes a funds deposit for the purpose of purchasing a long-term investment followed shortly thereafter by a request to liquidate the position and transfer of the proceeds out of the account.
- The customer engages in excessive journal entries between unrelated accounts without any apparent business purpose.
- The customer requests that a transaction be processed in such a manner to avoid the firm’s normal documentation requirements.
- The customer, for no apparent reason or in conjunction with other “red flags,” engages in transactions involving certain types of securities, such as penny stocks, Regulation “S” (Reg S) stocks, and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. (Such transactions may warrant further due diligence to ensure the legitimacy of the customer’s activity.)
- The customer’s account shows an unexplained high level of account activity with very low levels of securities transactions.
- The customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, for no apparent business purpose or other purpose.
- The customer’s account has inflows of funds or other assets well beyond the known income or resources of the customer.
2019 Red Flags (with references to 2002 red flags)
I. Potential Red Flags in Customer Due Diligence and Interactions With Customers
- The customer provides the firm with unusual or suspicious identification documents that cannot be readily verified or are inconsistent with other statements or documents that the customer has provided. Or, the customer provides information that is inconsistent with other available information about the customer. This indicator may apply to account openings and to interaction subsequent to account opening. (2002 red flag # 1 – The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.)
- The customer is reluctant or refuses to provide the firm with complete customer due diligence information as required by the firm’s procedures, which may include information regarding the nature and purpose of the customer’s business, prior financial relationships, anticipated account activity, business location and, if applicable, the entity’s officers and directors. (2002 red flag # 1 – The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.)
- The customer refuses to identify a legitimate source of funds or information is false, misleading or substantially incorrect. (2002 Red Flag #4 – Upon request, the customer refuses to identify or fails to indicate any legitimate source for his or her funds and other assets. Also, 2002 red flag #3 – The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect.)
- The customer is domiciled in, doing business in or regularly transacting with counterparties in a jurisdiction that is known as a bank secrecy haven, tax shelter, high-risk geographic location (e.g., known as a narcotics producing jurisdiction, known to have ineffective AML/Combating the Financing of Terrorism systems) or conflict zone, including those with an established threat of terrorism.
- The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry. (2002 red flag # 8 – The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry.)
- The customer has no discernable reason for using the firm’s service or the firm’s location (e.g., the customer lacks roots to the local community or has gone out of his or her way to use the firm).
- The customer has been rejected or has had its relationship terminated as a customer by other financial services firms.
- The customer’s legal or mailing address is associated with multiple other accounts or businesses that do not appear related.
- The customer appears to be acting as an agent for an undisclosed principal, but is reluctant to provide information. (2002 red flag # 7 – The customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate commercial reasons, to provide information or is otherwise evasive regarding that person or entity.)
- The customer is a trust, shell company or private investment company that is reluctant to provide information on controlling parties and underlying beneficiaries.
- The customer is publicly known or known to the firm to have criminal, civil or regulatory proceedings against him or her for crime, corruption or misuse of public funds, or is known to associate with such persons. Sources for this information could include news items, the Internet or commercial database searches. (2002 red flag #5 – The customer (or a person publicly associated with the customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations.)
- The customer’s background is questionable or differs from expectations based on business activities.
- The customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, with no apparent business or other purpose. (2002 red flag # 11 – For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or third-party transfers. Also 2002 red flag #24 – The customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, for no apparent business purpose or other purpose.)
- An account is opened by a politically exposed person (PEP), particularly in conjunction with one or more additional risk factors, such as the account being opened by a shell company beneficially owned or controlled by the PEP, the PEP is from a country which has been identified by FATF as having strategic AML regime deficiencies, or the PEP is from a country known to have a high level of corruption. (similar to 2002 red flag # 12 – The customer is from, or has accounts in, a country identified as a non-cooperative country or territory by the Financial Action Task Force (FATF).)
- An account is opened by a non-profit organization that provides services in geographic locations known to be at higher risk for being an active terrorist threat.
- An account is opened in the name of a legal entity that is involved in the activities of an association, organization or foundation whose aims are related to the claims or demands of a known terrorist entity.
- An account is opened for a purported stock loan company, which may hold the restricted securities of corporate insiders who have pledged the securities as collateral for, and then defaulted on, purported loans, after which the securities are sold on an unregistered basis.
- An account is opened in the name of a foreign financial institution, such as an offshore bank or broker-dealer, that sells shares of stock on an unregistered basis on behalf of customers.
- An account is opened for a foreign financial institution that is affiliated with a U.S. broker-dealer, bypassing its U.S. affiliate, for no apparent business purpose. An apparent business purpose could include access to products or services the U.S. affiliate does not provide.
II. Potential Red Flags in Deposits of Securities
- A customer opens a new account and deposits physical certificates, or delivers in shares electronically, representing a large block of thinly traded or low-priced securities.
- A customer has a pattern of depositing physical share certificates, or a pattern of delivering in shares electronically, immediately selling the shares and then wiring, or otherwise transferring out the proceeds of the sale(s).
- A customer deposits into an account physical share certificates or electronically deposits or transfers shares that:
-
- were recently issued or represent a large percentage of the float for the security;
- reference a company or customer name that has been changed or that does not match the name on the account;
- were issued by a shell company;
- were issued by a company that has no apparent business, revenues or products;
- were issued by a company whose SEC filings are not current, are incomplete, or nonexistent;
- were issued by a company that has been through several recent name changes or business combinations or recapitalizations;
- were issued by a company that has been the subject of a prior trading suspension; or
- were issued by a company whose officers or insiders have a history of regulatory or criminal violations, or are associated with multiple low-priced stock issuers.
- The lack of a restrictive legend on deposited shares seems inconsistent with the date the customer acquired the securities, the nature of the transaction in which the securities were acquired, the history of the stock or the volume of shares trading.
- A customer with limited or no other assets at the firm receives an electronic transfer or journal transfer of large amounts of low-priced, non-exchange-listed securities.
- The customer’s explanation or documents purporting to evidence how the customer acquired the shares does not make sense or changes upon questioning by the firm or other parties. Such documents could include questionable legal opinions or securities purchase agreements.
- The customer deposits physical securities or delivers in shares electronically, and within a short time-frame, requests to journal the shares into multiple accounts that do not appear to be related, or to sell or otherwise transfer ownership of the shares.
- Seemingly unrelated clients open accounts on or at about the same time, deposit the same low-priced security and subsequently liquidate the security in a manner that suggests coordination.
III. Potential Red Flags in Securities Trading
- The customer, for no apparent reason or in conjunction with other “red flags,” engages in transactions involving certain types of securities, such as penny stocks, Regulation “S” stocks and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. (Such transactions may warrant further due diligence to ensure the legitimacy of the customer’s activity.) (2002 red flag # 22 – The customer, for no apparent reason or in conjunction with other “red flags,” engages in transactions involving certain types of securities, such as penny stocks, Regulation “S” (Reg S) stocks, and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. (Such transactions may warrant further due diligence to ensure the legitimacy of the customer’s activity.)).
- There is a sudden spike in investor demand for, coupled with a rising price in, a thinly traded or low-priced security.
- The customer’s activity represents a significant proportion of the daily trading volume in a thinly traded or low-priced security.
- A customer buys and sells securities with no discernable purpose or circumstances that appear unusual. (2002 red flag #2 – The customer wishes to engage in transactions that lack business sense or apparent investment strategy, or are inconsistent with the customer’s stated business strategy.)
- Individuals known throughout the industry to be stock promoters sell securities through the broker-dealer.
- A customer accumulates stock in small increments throughout the trading day to increase price.
- A customer engages in pre-arranged or other non-competitive securities trading, including wash or cross trades, with no apparent business purpose.
- A customer attempts to influence the closing price of a stock by executing purchase or sale orders at or near the close of the market.
- A customer engages in transactions suspected to be associated with cyber breaches of customer accounts, including potentially unauthorized disbursements of funds or trades.
- A customer engages in a frequent pattern of placing orders on one side of the market, usually inside the existing National Best Bid or Offer (NBBO), followed by the customer entering orders on the other side of the market that execute against other market participants that joined the market at the improved NBBO (activity indicative of “spoofing”).
- A customer engages in a frequent pattern of placing multiple limit orders on one side of the market at various price levels, followed by the customer entering orders on the opposite side of the market that are executed and the customer cancelling the original limit orders (activity indicative of “layering”).
- Two or more unrelated customer accounts at the firm trade an illiquid or low priced security suddenly and simultaneously.
- The customer makes a large purchase or sale of a security, or option on a security, shortly before news or a significant announcement is issued that affects the price of the security.
- The customer is known to have friends or family who work at or for the securities issuer, which may be a red flag for potential insider trading or unlawful sales of unregistered securities.
- The customer’s purchase of a security does not correspond to the customer’s investment profile or history of transactions (e.g., the customer may never have invested in equity securities or may have never invested in a given industry, but does so at an opportune time) and there is no reasonable explanation for the change.
- The account is using a master/sub structure, which enables trading anonymity with respect to the sub-accounts’ activity, and engages in trading activity that raises red flags, such as the liquidation of microcap issuers or potentially manipulative trading activity.
- The firm receives regulatory inquiries or grand jury or other subpoenas concerning the firm’s customers’ trading.
- The customer engages in a pattern of transactions in securities indicating the customer is using securities to engage in currency conversion. For example, the customer delivers in and subsequently liquidates American Depository Receipts (ADRs) or dual currency bonds for U.S. dollar proceeds, where the securities were originally purchased in a different currency.
- The customer engages in mirror trades or transactions involving securities used for currency conversions, potentially through the use of offsetting trades.
- The customer appears to buy or sell securities based on advanced knowledge of pending customer orders.
IV. Potential Red Flags in Money Movements
- The customer attempts or makes frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm’s policies and procedures relating to the deposit of cash and cash equivalents. (2002 red flag # 9 – The customer attempts to make frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm’s policies relating to the deposit of cash and cash equivalents.)
- The customer “structures” deposits, withdrawals or purchases of monetary instruments below a certain amount to avoid reporting or recordkeeping requirements, and may state directly that they are trying to avoid triggering a reporting obligation or to evade taxing authorities. (2002 red flag # 10 – The customer engages in transactions involving cash or cash equivalents or other monetary instruments that appear to be structured to avoid the $10,000 government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds.)
- The customer seemingly breaks funds transfers into smaller transfers to avoid raising attention to a larger funds transfer. The smaller funds transfers do not appear to be based on payroll cycles, retirement needs, or other legitimate regular deposit and withdrawal strategies.
- The customer’s account shows numerous currency, money order (particularly sequentially numbered money orders) or cashier’s check transactions aggregating to significant sums without any apparent business or lawful purpose. (2002 red flag # 14 – The customer’s account shows numerous currency or cashiers check transactions aggregating to significant sums.)
- The customer frequently changes bank account details or information for redemption proceeds, in particular when followed by redemption requests.
- The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose. (2002 red flag # 18 – The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose.)
- Wire transfers are made in small amounts in an apparent effort to avoid triggering identification or reporting requirements. (this is similar to 2002 red flag # 21 – The customer requests that a transaction be processed in such a manner to avoid the firm’s normal documentation requirements.)
- Incoming payments are made by third-party checks or checks with multiple endorsements.
- Outgoing checks to third parties coincide with, or are close in time to, incoming checks from other third parties.
- Payments are made by third party check or money transfer from a source that has no apparent connection to the customer.
- Wire transfers are made to or from financial secrecy havens, tax havens, high risk geographic locations or conflict zones, including those with an established presence of terrorism. (2002 red flag #16 – The customer’s account has wire transfers that have no apparent business purpose to or from a country identified as a money laundering risk or a bank secrecy haven.)
- Wire transfers originate from jurisdictions that have been highlighted in relation to black market peso exchange activities.
- The customer engages in transactions involving foreign currency exchanges that are followed within a short time by wire transfers to locations of specific concern (e.g., countries designated by national authorities, such as FATF, as non-cooperative countries and territories).
- The parties to the transaction (e.g., originator or beneficiary) are from countries that are known to support terrorist activities and organizations.
- Wire transfers or payments are made to or from unrelated third parties (foreign or domestic), or where the name or account number of the beneficiary or remitter has not been supplied. (2002 red flag # 15 – The customer’s account has a large number of wire transfers to unrelated third parties inconsistent with the customer’s legitimate business purpose.)
- There is wire transfer activity that is unexplained, repetitive, unusually large, shows unusual patterns or has no apparent business purpose.
- The securities account is used for payments or outgoing wire transfers with little or no securities activities (i.e., account appears to be used as a depository account or a conduit for transfers, which may be purported to be for business operating needs). (similar to 2002 red flag # 23 – The customer’s account shows an unexplained high level of account activity with very low levels of securities transactions.).
- Funds are transferred to financial or depository institutions other than those from which the funds were initially received, specifically when different countries are involved.
- The customer engages in excessive journal entries of funds between related or unrelated accounts without any apparent business purpose. (2002 red flag #20 – The customer engages in excessive journal entries between unrelated accounts without any apparent business purpose.)
- The customer uses a personal/individual account for business purposes or vice versa.
- A foreign import business with U.S. accounts receives payments from outside the area of its customer base.
- There are frequent transactions involving round or whole dollar amounts purported to involve payments for goods or services.
- Upon request, a customer is unable or unwilling to produce appropriate documentation (e.g., invoices) to support a transaction, or documentation appears doctored or fake (e.g., documents contain significant discrepancies between the descriptions on the transport document or bill of lading, the invoice, or other documents such as the certificate of origin or packing list).
- The customer requests that certain payments be routed through nostro or correspondent accounts held by the financial intermediary instead of its own accounts, for no apparent business purpose.
- Funds are transferred into an account and are subsequently transferred out of the account in the same or nearly the same amounts, especially when the origin and destination locations are high-risk jurisdictions.
- A dormant account suddenly becomes active without a plausible explanation (e.g., large deposits that are suddenly wired out). (similar to 2002 red flag # 13 – The customer’s account has unexplained or sudden extensive wire activity, especially in accounts that had little or no previous activity.)
- Nonprofit or charitable organizations engage in financial transactions for which there appears to be no logical economic purpose or in which there appears to be no link between the stated activity of the organization and the other parties in the transaction.
- There is unusually frequent domestic and international automated teller machine (ATM) activity.
- A person customarily uses the ATM to make several deposits into a brokerage account below a specified BSA/AML reporting threshold.
- Many small, incoming wire transfers or deposits are made using checks and money orders that are almost immediately withdrawn or wired out in a manner inconsistent with the customer’s business or history; the checks or money orders may reference in a memo section “investment” or “for purchase of stock.” This may be an indicator of a Ponzi scheme or potential funneling activity. (2002 red flag # 17. The customer’s account indicates large or frequent wire transfers, immediately withdrawn by check or debit card without any apparent business purpose.)
- Wire transfer activity, when viewed over a period of time, reveals suspicious or unusual patterns, which could include round dollar, repetitive transactions or circuitous money movements.
V. Potential Red Flags in Insurance Products
- The customer cancels an insurance contract and directs that the funds be sent to a third party.
- The customer deposits an insurance annuity check from a cancelled policy and immediately requests a withdrawal or transfer of funds.
- The customer cancels an annuity product within the free-look period. This could be a red flag if accompanied with suspicious indicators, such as purchasing the annuity with several sequentially numbered money orders or having a history of cancelling annuity products during the free-look period.
- The customer opens and closes accounts with one insurance company, then reopens a new account shortly thereafter with the same insurance company, each time with new ownership information.
- The customer purchases an insurance product with no concern for the investment objective or performance.
VI. Other Potential Red Flags
- The customer is reluctant to provide information needed to file reports to proceed with the transaction.
- The customer exhibits unusual concern with the firm’s compliance with government reporting requirements and the firm’s AML policies. (similar to part of 2002 red flag #1 – The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.)
- The customer tries to persuade an employee not to file required reports or not to maintain the required records.
- Notifications received from the broker-dealer’s clearing firm that the clearing firm had identified potentially suspicious activity in customer accounts. Such notifications can take the form of alerts or other concern regarding negative news, money movements or activity involving certain securities.
- Law enforcement has issued subpoenas or freeze letters regarding a customer or account at the securities firm.
- The customer makes high-value transactions not commensurate with the customer’s known income or financial resources. (2002 red flag #25 – The customer’s account has inflows of funds or other assets well beyond the known income or resources of the customer.)
- The customer wishes to engage in transactions that lack business sense or an apparent investment strategy, or are inconsistent with the customer’s stated business strategy.
- The stated business, occupation or financial resources of the customer are not commensurate with the type or level of activity of the customer.
- The customer engages in transactions that show the customer is acting on behalf of third parties with no apparent business or lawful purpose.
- The customer engages in transactions that show a sudden change inconsistent with normal activities of the customer.
- Securities transactions are unwound before maturity, absent volatile market conditions or other logical or apparent reason. (similar to 2002 red flag # 19 – The customer makes a funds deposit for the purpose of purchasing a long-term investment followed shortly thereafter by a request to liquidate the position and transfer of the proceeds out of the account.)
- The customer does not exhibit a concern with the cost of the transaction or fees (e.g., surrender fees, or higher than necessary commissions). (2002 red flag # 6 – The customer exhibits a lack of concern regarding risks, commissions, or other transaction costs.)
- A borrower defaults on a cash-secured loan or any loan that is secured by assets that are readily convertible into currency.
- There is an unusual use of trust funds in business transactions or other financial activity.