Finra hits U.S. securities arm of Credit Suisse for more than $16 million for AML, SAR failures

By Brian Monroe
bmonroe@acfcs.org
December 8, 2016

The chief self-regulatory body of the United States securities sector penalized the domestic operation of Swiss banking group more than $16 million for broad failures in its financial crime compliance program, particularly how the operation identified and escalated suspicious activity in the riskiest areas of the market.

The Financial Industry Regulatory Authority (Finra) fined Credit Suisse Securities LLC $16.5 million for “significant deficiencies” in its anti-money laundering (AML), noting that the operation’s suspicious activity monitoring program had several fatal flaws along with a general lack of understanding of the risks tied to microcap securities, also referred to as penny stocks.

In its investigation, Finra found that Credit Suisse relied too heavily on registered representatives to uncover and escalate instances of suspicious activity in the securities markets overall and also in microcap trading, a known high-risk area and examiner focal point strewn with a wide array of fraudulent practices.

In practice, however, high-risk activity was “not always escalated and investigated, as required,” according to Finra.

Part and parcel of the problem was that what many consider the electronic heard of an AML program, the firms automated surveillance system, that looks for aberrant trading activity and screens for preprogrammed red flags, was “not properly implemented.”

The issue was that a “significant portion of the data feeds into the system were missing information or had other issues that compromised the system’s effectiveness,” according to the penalty order.

The firm also “chose not to utilize certain available scenarios designed to identify common suspicious patterns and activities, and it failed to adequately investigate activity identified by the scenarios that the firm did utilize,” problems that persisted for more than two years, according to examiners.

FINRA found that from January 2011 through September 2013, Credit Suisse failed to effectively review trading for AML reporting purposes.

The firm expected its registered representatives, who were the primary contact with the customers, to identify and report to its AML compliance department activity or transactions that were unusual or suspicious based on “red flags” described in Credit Suisse’s AML policies.

Its AML compliance department was then required to investigate the potentially suspicious activity, document its findings and file Suspicious Activity Reports (SARs) where appropriate, according to Finra.

However, the “systems and procedures the firm used to monitor trading for other purposes were not designed to detect potentially suspicious activity in order to cause the filing of a SAR, where appropriate, and the other departments and branches of the firm did not effectively assume responsibility for reviewing trading for AML reporting purposes.”

For example, the trading of one of the firm’s customers, a New York-based hedge fund, followed patterns commonly associated with microcap fraud, such as depositing and then quickly selling, with the proceeds being wired out of the account shortly thereafter.

However, “no one at the firm reviewed the activity in the account for AML purposes,” according to Finra.

The regulator also found that from January 2011 through December 2015, Credit Suisse failed to effectively review potentially suspicious money transfers, again due to issues tied to the transaction monitoring system.

Those problems were exacerbated by a lack of training.

The firm’s procedures “failed to instruct its representatives, prior to executing trades in microcap securities, how to determine whether those securities were registered or subject to an exemption from registration.”

These failures extended to another very risky area in the securities sector, omnibus accounts, in this case, those tied to foreign affiliates.

As a result, Finra found that from 2011 to 2013, the firm facilitated the “illegal distribution of at least 55 million unregistered shares of securities. The firm subsequently implemented additional procedures limiting the trading of microcap securities.”

The size of the penalty also directly related to the responsiveness, or lack thereof, from Credit Suisse and a dearth of resources devoted to the remediation project.

Finra found that Credit Suisse “did not have adequate staffing to review the tens of thousands of alerts the automated system generated in any given year,” resulting in persisting compliance issues and missed alerts.

“Although Credit Suisse self-identified some of the deficiencies and retained a consulting firm to assist in evaluating them, the firm initially failed to devote adequate resources to resolve the issues in a timely fashion, and some of the deficiencies remain unresolved today.”