HOUSE_OVERSIGHT_024129.jpg

As part of the Order, the Bank is required to arrange for an independent look back for suspicious activity covering areas (and presumably time frames) to be designated by the bank's Examiner-in-Charge.

• Broker-Dealers:

o E*TRADE: In January 2009, FINRA assessed a $1 million penalty against E*TRADE Securities and E* Trade Clearing LLC for failure to implement AML policies and procedures to reasonably detect and report potentially suspicious securities transactions. Alerts triggered in the automated monitoring system were limited to those with money movements, thereby eliminating detection and review of potentially suspicious matched or washed trades. The firms relied upon analysts to monitor high-volume online trading activity for potentially suspicious activity manually, without providing necessary automated monitoring tools.

Additionally, in July 2008, both firms reached a $1 million settlement with the SEC for failure to document their Customer Identification Program (CIP) and verify the identities of more than 65,000 clients from October 2003 to June 2005.

• Money Services Businesses (MSBs):

o Sigue Corporation: In January 2008, FinCEN assessed a $12 million CMP on Sigue Corporation for failure to implement an effective AML Compliance Program in all four core elements as defined in the USA PATRIOT Act: internal controls, designation of compliance officer/personnel, training, and independent testing. The U.S. Department of Justice assessed a $15 million forfeiture and entered into a Deferred Prosecution Agreement (DPA). Payment of the forfeiture satisfied the FinCEN penalty. Specific findings included the following:

▪ Lack of defined roles and responsibilities of the compliance function
▪ Failure to implement a risk-based suspicious activity monitoring program commensurate with dollar volume and geographic reach
▪ Lack of effective supervision and control over agents (e.g., agents advising customers to structure transactions to evade AML reporting requirements)
▪ Failure to investigate alerts in a timely manner
▪ Failure to file complete, accurate or timely Suspicious Activity Reports (SARs)
▪ Inadequate and untailored training program and/or training program not completed by all employees/agents
▪ Inadequate independent testing (e.g., not risk-based, insufficient testing, narrow scope) that failed to identify system problems within the AML Compliance Program

o From 2010 to 2011, seven MSBs were subject to enforcement actions primarily for failure to register with FinCEN as an MSB. All were acting as independent money transmitters. A summary of findings included the following:

▪ Failure to register as an MSB or complete biennial renewals with FinCEN
▪ Failure to implement an AML program as required for money transmitters
▪ Failure to report potentially suspicious transactions on SARs
▪ Structuring currency transactions to evade BSA reporting requirements
▪ Conspiracy to commit food stamp fraud

32. What have been the most common deficiencies in AML Compliance Programs?
Some common themes have been:

• Program Violations: Overall failures supported by "pillar" violations, i.e., the failure of an institution to address adequately its obligation to designate a qualified AML compliance officer; develop and implement appropriate policies, procedures and controls; provide adequate training; and perform periodic independent testing of its AML Compliance Program.

• Systemic and Recurring Violations: Pervasive control breakdowns

protiviti | 23

HOUSE_OVERSIGHT_024129