Enforcement News: SEC Settles Charges With Broker-Dealer For Failing to File Suspicious Activity Reports

• Posted on: Aug 30 2023

By: Jeffrey M. Haber

A suspicious activity report (“SAR”) is a document that financial institutions, broker-dealers, and those associated with their business, must file with the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) whenever money laundering or fraud is suspected.

In May 2021, this Blog wrote about an enforcement action the Securities and Exchange Commission (“SEC”) brought against a broker-dealer for failing to file SARs in connection with retirement accounts it serviced (here). As we typically do, in that article, we discussed the legal principles that governed the SEC’s action. For the convenience of our readers, we reprint that discussion below. 

SARs are governed by the Bank Secrecy Act (“BSA”) and implementing regulations promulgated by FinCEN. The law requires broker-dealers to file SARs with FinCEN to report a transaction (or pattern of transactions of which the transaction is a part) conducted or attempted by, at, or through the broker-dealer involving or aggregating funds or other assets of at least $5,000 that the broker-dealer knows, suspects, or has reason to suspect: (1) involves funds derived from illegal activity or is conducted to disguise funds derived from illegal activities; (2) is designed to evade any requirement of the BSA; (3) has no business or apparent lawful purpose and the broker-dealer knows of no reasonable explanation for the transaction after examining the available facts; or (4) involves use of the broker-dealer to facilitate criminal activity.¹ 

FinCEN’s regulations require that: “A suspicious transaction shall be reported by completing a Suspicious Activity Report.”² FinCEN instructs SAR filers to “provide a clear, complete, and concise description of the activity, including what was unusual or irregular that caused suspicion” in the narrative and to “include any other information necessary to explain the nature and circumstances of the suspicious activity.”³ To be effective, the SAR should describe “the five essential elements of information – who? what? when? where? and why? – of the suspicious activity being reported.”⁴ 

When a SAR is filed “it must include information about each of the Five Essential Elements of the suspicious activity.”⁵ When a SAR “lack[s] basic information regarding the Five Essential Elements … [the] SAR [i]s deficient as a matter of law.”⁶ 

FinCEN has provided additional instruction regarding the obligations of financial institutions to report cyber-related events. In December 2011, for example, FinCEN issued an advisory to alert financial institutions to the increased threat of cyber account takeover activity.⁷ 

FinCEN advised that “[c]ybercriminals are increasingly using sophisticated methods to obtain access to accounts” and these “attacks aim to deliberately exploit a customer’s account and, in many instances, to gain seemingly legitimate access to another customer’s account.”⁸ In order to assist financial institutions with identifying and reporting account takeover activity where cybercriminals attempt intrusions into a customer’s account in order to steal the customer’s funds, FinCEN also set forth detailed instruction for reporting account takeovers that emphasizes the importance of reporting cyber-related information—including cyber-event data, such as URL address and IP addresses with timestamps, as well as email addresses and other electronic identifying information—in the event of a cyber-enabled account takeover.⁹ 

Rule 17a-8 promulgated pursuant to Section 17(a) of the Securities Exchange Act of 1934 (“Exchange Act”) requires broker-dealers registered with the Commission to comply with the reporting, record-keeping, and record retention requirements of the BSA. The failure to file a SAR as required by the SAR Rule—including omitting from a filed SAR “a clear, complete, and concise description of the activity, including what was unusual or irregular that caused suspicion” or failing to “identify the five essential elements of information – who? what? when? where? and why? – of the suspicious activity being reported”—is a violation of Section 17(a) of the Exchange Act and Rule 17a-8 thereunder.¹⁰ 

In the Matter of Archipelago Trading Services, Inc.

On August 29, 2023, the SEC announced (here) that it brought charges against Archipelago Trading Services Inc. (“ATSI”), a Chicago-based broker-dealer, for failing to file hundreds of SARs between August 2012 and September 2020. The charges were related to transactions in over-the-counter (“OTC”) securities executed on ATSI’s alternative trading system (“ATS”).¹¹ ATSI agreed to pay $1.5 million to settle the charges.

According to the SEC’s order (here), ATSI’s sole line of business was to operate an OTC equity securities ATS, known as Global OTC, which was used by broker-dealers to execute trades in OTC securities. Global OTC played a significant role in executing trades of microcap and penny stock securities, which are not listed on any national exchange and tend to be high-risk securities. Despite thousands of high-risk microcap and penny stock securities transactions executed daily on Global OTC, the SEC found that ATSI failed to establish an anti-money laundering surveillance program for its transactions until September 2020.¹² Therefore, said the SEC, ATSI failed to surveil approximately 15,000 transactions executed on Global OTC for possible red flags regarding suspicious manipulative trading activity, including possible spoofing, layering, wash trading, and pre-arranged trading. As a result, the SEC found that ATSI failed to file at least 461 SARs, most of which involved microcap or penny stock securities.    

Commenting on the action, Daniel R. Gregus, Director of the SEC’s Chicago Regional Office stated: “All SEC-registered broker-dealers have the responsibility to comply with the requirements of the Bank Secrecy Act, including the obligation to file SARs. When firms like ATSI fail to investigate red flags, especially those involving higher-risk microcap and penny stock securities, they put the investing public at risk.” 

The SEC’s order found that ATSI violated Section 17(a) of the Exchange Act and Rule 17a-8 promulgated thereunder. Without admitting or denying the SEC’s findings, ATSI agreed to a censure and a cease-and-desist order in addition to the $1.5 million penalty.

Footnotes:

1. 31 C.F.R. § 1023.320(a)(2) (the “SAR Rule”).
2. 31 C.F.R. § 1023.320(b)(1).
3. See FinCEN, FinCEN Suspicious Activity Report (FinCEN SAR) Electronic Filing Instructions (October 2012) (here).
4. See, e.g., FinCEN, Guidance on Preparing a Complete & Sufficient Suspicious Activity Report Narrative, at 3 (Nov. 2003) (here).
5. See SEC v. Alpine Sec. Corp., 308 F. Supp. 3d 775, 804 (S.D.N.Y. 2018) [here], aff’d, 982 F.3d 68 (2d Cir. 2020).
6. Id. at 800.
7. FinCEN, Account Takeover Activity, FIN-2011-A016 (Dec. 19, 2011) (here).
8. Id.
9. See FinCEN, Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime, FIN2016-A005 (Oct. 25, 2016) (here); see also Frequently Asked Questions (FAQs) regarding the Reporting of Cyber-Events, Cyber-Enabled Crime, and Cyber-Related Information through Suspicious Activity Reports (SARs) (Oct. 25, 2016).
10. See Alpine Sec. Corp., 308 F. Supp. 3d at 798–800.
11. OTC securities are securities that are not listed on a national securities exchange. The securities at issue in ATSI were primarily microcap and penny stock securities. The term “microcap stock” generally refers to securities issued by companies with a market capitalization of less than $250 to $300 million. See, e.g., U.S. Securities and Exchange Commission, Microcap Stock: A Guide for Investors (Sept. 18, 2013) (here); U.S. Securities and Exchange Commission, Investor Bulletin, Microcap Stock Basics (Sept. 30, 2016) (here). The term “penny stock” generallyrefers to a security issued by a very small company that trades at less than $5 per share (here). See Section 3(a)(51) of the Exchange Act and Rule 3a51-1 thereunder.
12. ATSI updated its systems after receiving a deficiency letter from the SEC’s Division of Examinations in May 2020. ATSI updated its AML Policies in August 2020.

Jeffrey M. Haber is a partner and co-founder of Freiberger Haber LLP complex commercial litigation.

This article is for informational purposes and is not intended to be and should not be taken as legal advice.