Finra hands down historic $17 million penalty against Raymond James for systemic AML gaps

ACFCS Compliance. Businessman is pressing on the virtual screen and selecting Compliance.

The chief self-regulatory body of the nation’s securities’ sector penalized Raymond James $17 million for longstanding and systemic financial crime compliance failures and individually fined the firm’s former compliance officer $25,000, a record fine that more than doubled the next highest sanction.

The Financial Industry Regulatory Authority (Finra) this week fined Raymond James & Associates, Inc. (RJA) and Raymond James Financial Services, Inc. (RJFS), a total of $17 million for widespread failures related to the firms’ anti-money laundering (AML) programs.

RJA’s former AML Compliance Officer, Linda Busby, who helmed the position from 2002 to 2013, was also fined $25,000 and suspended for three months. The action reveals a disconnect between the firm’s overall growth and expansion of compliance resources. The action noted that for much of the period, there was only one or two compliance officers, and at most six staff.

The penalty also illustrates the complexity of crafting compliance programs for securities operations, which often have attenuated chains of individuals involved in trading, such as introducing brokers, clearing brokers and others with differing levels of responsibility, insight and understanding of AML rules and customers’ expected and aberrant activities.

The penalty and its size were “not something surprising,” said Kim Manchester, Managing Director of Toronto-based ManchesterCF, a financial crime advisory and training firm. The compliance issues “had a long lineage. This has been on its regulatory radar for some time and [the company] reacted poorly and didn’t give AML compliance the gravitas it deserved.”

The FINRA settlement revealed “infraction after infraction” that went uncorrected. “The regulator had to put its foot down,” he said, noting that hefty remediation engagements can easily be more than four times the cost of the original penalty.

The weighty action is also further evidence of Finra taking a more aggressive stance against firms of all sizes for lax compliance processes and not shying away from sanctioning individuals, even compliance staff.

For example, in two disciplinary reports covering September and October, Finra sanctioned five firms and nearly a dozen individuals for AML and other supervisory failures, of which six of those individuals were the designated chief or financial crime compliance officer.

“Raymond James had significant systemic AML failures over an extended period of time, made even more egregious by the fact the firm was previously sanctioned in this area,” said Finra Executive Vice President and Chief of Enforcement, Brad Bennett, in a statement.

“The monitoring for suspicious transactions is an essential part of protecting our financial system and firms must allocate adequate resources to their AML compliance efforts. This case demonstrates that when there are broad-based failures within specific areas of responsibility, we will seek individual liability where appropriate,” he said.

Overworked, understaffed program

With so many transactions and such a small staff – in many instances that would have to go through certain transaction logs manually, Raymond James missed clearly illegal activity, such as “journaling,” where a trader wires funds from a customer account to their personal account.

RJA and RJFS’ significant growth between 2006 and 2014 was “not matched by commensurate growth in their AML compliance systems and processes,” according to Finra.

That resulted in a situation where the firm was “unable to establish AML programs tailored to each firm’s business, and forced them instead to rely upon a patchwork of written procedures and systems across different departments to detect suspicious activity,” according to Finra.

One key issue made clear in the enforcement action is that the compliance team was “completely understaffed,” said Chris Focacci, the Chief Information Officer at New Jersey-based TransparINT, a compliance technology firm, noting that regulators are more willing to levy a penalty when there are festering problems already identified in multiple prior exam cycles.

With so much growth in brokers and transactions, “only having one or two people, they are already set up to fail,” he said. “What we don’t know is if the compliance officer knew how understaffed they were and tried to get more money. But I am sure the analysts knew they were understaffed” because they would be so busy and possibly overwhelmed.

Here is a look at Finra’s top three AML-related penalties:

Raymond James                                                 May 2016                                  $17 million

Brown Brothers Harriman & Co.              February 2014                         $8 million

Cantor Fitzgerald & Co.                                   December 2015                       $6 million

Weak CDD, missed red flags

In the penalty, which detailed extensive program faults tied to transaction monitoring, investigations, training, policies, customer risk ranking and escalation procedures, RJA was fined $8 million and RJFS was fined $9 million.

These failures were “particularly concerning given that RJFS was sanctioned in 2012 for inadequate AML procedures and, as part of that settlement, had agreed to review its program and procedures, and certify that they were reasonably designed to achieve compliance,” according to Finra. That penalty was $400,000.

During its investigation, FINRA found that the firms failed to “conduct required due diligence and periodic risk reviews for foreign financial institutions, and that Busby failed to ensure that RJA’s reviews were conducted.”

RJFS also failed to establish and maintain an adequate Customer Identification Program, while also was not adequately detecting or investigating “red flags.”

Businessman is pressing on the virtual screen and selecting Compliance.

Here are some telling snapshots from the enforcement action and road map for financial crime compliance professionals:

  • A patchwork of written procedures and systems across different departments to detect suspicious activity. These systems and procedures were not coordinated to allow the firms to link patterns.
  • During the Relevant Period, the RJA AML Department, a firm of over 5,000 registered representatives responsible for providing clearing services to over 30 introducing firms, consisted of between two and six employees.
  • RJFS’s and RJA’s staffing of their AML Departments was inadequate in light of the extensive responsibilities assigned to the few individuals, including the labor-intensive manual reviews, particularly in light of the firms’ growth during the Relevant Period.
  • RJA did not have a single written procedures manual describing its AML procedures; rather to the extent written procedures existed addressing supervision related to AML, they were scattered through various departments.
  • Although RJA and RJFS each maintained written procedures detailing guidelines for when a SAR should be filed, neither firm had reasonable procedures for monitoring and reporting continued or repeated suspicious activity in customers’ accounts after a SAR filing.
  • In addition, neither RJA nor RJFS had surveillance reports or procedures in place to reasonably monitor for high-risk incoming wire activity, such as third-party wires and wires received from known money laundering or high-risk jurisdictions.
  • Even when the exception reports or other surveillance identified red flags, RJA, Busby, and RJFS failed to reasonably investigate many instances in order to determine whether a SAR should be filed.

AML program improvements underway

In a bid to bolster their compliance countermeasures, Raymond James’ AML program has “undergone significant resource, process and technology enhancements” more matched to the firms growth, said Steve Hollister, a Raymond James spokesman, in a statement to news outlets.

The firm has increased its AML staff, recruiting a new chief anti-money laundering officer, and has upgraded to a new monitoring software system to detect suspicious activity, he said. Raymond James has also begun the process of exiting its U.S. third-party foreign correspondent business, excluding operations in Europe and Canada, Hollister said.

Though it’s clear that banking and securities regulators are focusing more on penalizing individuals in significant AML enforcement actions, there are many factors outside the control of the AML compliance function that can hamstring a program, Manchester said, including a lack of budget, resources or expertise.

“AML is a cost function, not a revenue generator,” he said, adding that from the perspective of ill-informed senior management, the program must be “run as lean as possible.”
That can result in situations where an AML compliance officer could see program gaps and bring the issues to the attention of senior management, but gets rebuffed.

AML compliance professionals are often told to “make do with what they’ve got and put their best foot forward,” Manchester believes.

If the tone from the top allows such dynamics, the financial institution could face a future regulatory reckoning.  “In the modern world, that day of reckoning could cost millions, if not billions.  Running lean on compliance could drive a financial institution into the ground, a very expensive proposition.”

Transaction systems, human element nexus

Some top executives at financial institutions, whether they are banks, broker dealers or others, believe that if they have some kind of automated AML transaction monitoring system and it is “spitting out alerts, we are fine. But where the rubber meets the road is where people have to read the alerts. They are human beings, not machines and can be overworked, under-trained or just have a bad day,” Focacci said.

The penalty also detailed “a systemic failure of policies,” Focacci said, noting that would make it harder for staffers and rank-and-file staff to know what to do in certain instances in terms of depth of due diligence or identifying and escalating aberrant or suspicious client activities.

In fact, a significant portion of the enforcement action centers on “failings by the human element,” he said, with compliance staffers getting alerts but not properly processing them or escalating issues to another group, and additionally not following up if the other groups actually did anything further.

“The bigger question is are there more of these problems that will come out as time goes on,” Focacci said. “These issues are probably not that unusual, and when you look deeper, they might even be worse at other firms. I would not be surprised to see more of these types of fines when you peel back the layers at other companies.”

Finra By the Numbers

3,600 employees dedicated to market integrity and investor protection

16 offices across the U.S.

More than 800 fraud cases referred for prosecution in 2015

$191.7M in fines and restitution levied in 2015

42 billion on average—and up to 75 billion—transactions processed every day

641,157 brokers under FINRA’s supervision

In 2015, through our aggressive vigilance, we brought 1,512 disciplinary actions against registered brokers and firms. We levied $95.1 million in fines. And we ordered $96.6 million in restitution to harmed investors. We also referred more than 800 fraud and insider trading cases to the SEC and other agencies for litigation and/or prosecution.