profile after it detected a deviation from the customer’s
anticipated activity as reflected on new account
documentation. Similarly, in an October 2016 UK case,
a financial institution failed to perform adequate due
diligence by neglecting to provide its staff with guidance
on what constitutes “sufficient” due diligence before
opening a new account and by improperly documenting
the purpose and intended nature of new business
relationships or anticipated activity.
• Inadequate Resources for AML Program. In a number
of cases, financial institutions failed to allocate adequate
resources or tools for AML surveillance. This inevitably
impacted the regulatory staff’s ability to review and
investigate alerts as well as to conduct risk assessments
and sufficient due diligence. Regulators also found
violations where a financial institution collected data
for business development purposes but failed to use
the same data to monitor AML compliance.
Identification and Timely
Reporting of Potential Violations
In both the US and the UK, financial institutions are subject
to reporting obligations and must report any transaction they
know, suspect, or have reason to suspect involves funds
derived from illegal activities or is being conducted to disguise
funds from illegal activities. In addition, a reporting requirement
may be triggered if the suspected activity is designed to
evade reporting or recordkeeping requirements; has no
apparent business or lawful purpose; is outside of the activity
expected from the account and the institution; or involves
use of the financial institution to facilitate criminal activity.
Failure to file a Suspicious Activity Report (SAR) can lead to
criminal liability in the UK for individuals. Financial institutions
in the UK also must be cognizant of regulatory obligations
under the Financial Conduct Authority’s Principle 11 (which
requires open cooperation with regulators)
12 and Supervision
Manual (SUP) 15 (which sets out procedures for notifications
to the Authority).
In many recent cases, financial institutions identified the
suspicious activity but failed to timely file a SAR. One US
financial institution investigated a Ponzi scheme for two
years without filing a SAR and only did so after the scheme
was reported in the media; another had a SAR committee
that never met to review and discuss possible filings. In a
recent UK case, a Money Laundering Reporting Officer
(MLRO) noticed low levels of SAR reporting by staff, but
the bank did not carry out a proper investigation of why
this might be. Following regulatory intervention, more than
200 additional SARs had to be filed.
There also were cases in which financial institutions failed
to detect and investigate red flags, meaning the reporting
stage was never reached. A number of US cases involved
11 U.S. 31 CFR §§ 1020.320, 1021.320, 1022.320, 1023.320.
12 FCA Handbook, PRIN 2. 1.
13 FCA Handbook, SUP 15.
transactions of microcap securities, which the regulators
posited were red flags warranting further review. In one
instance, a financial institution failed to detect and investigate
the sale of more than 73 billion shares of microcap securities
over an 18-month period to determine if the sale constituted
an illegal unregistered distribution. In another instance, a
financial institution failed to collect any identification
information from a client who had been the subject of 15
prior SARs and five Currency Transaction Reports.
A Growing Trend
The US and the UK regulators have brought recent actions against
officers charged with AML compliance (for example, Anti-Money
Laundering Compliance Officers, Money Laundering Reporting
Officers, and Chief Compliance Officers), charging them with
failure to establish and implement AML systems reasonably
designed to achieve and monitor compliance with regulatory
and legal requirements and with failure to establish and
implement reasonable procedures to identify and investigate
“red flags” indicating suspicious activity.
The Financial Industry Regulatory Authority (FINRA) took the
lead in the US against individuals by initiating nine actions, with
penalties ranging from $5,000 to $30,000, and suspensions
“US- and UK-regulated financial institutions,
as well as their senior management and
AML officers, can expect to come under