The SEC recently brought another enforcement action this time against GWFS Equities Inc. (GWFS), a Colorado-based registered broker-dealer, for violating the federal securities laws governing the filing of Suspicious Activity Reports (SARs)...
The Securities and Exchange Commission (SEC) recently brought another enforcement action this time against GWFS Equities Inc. (GWFS), a Colorado-based registered broker-dealer, for violating the federal securities laws governing the filing of Suspicious Activity Reports (SARs). The company will pay a $1.5 million penalty and agreed to certain AML remedial efforts to settle allegations of SAR violations relating to the failure to report several cyber-related events, specifically account takeover activity where cybercriminals attempt intrusions into a customer’s account in order to steal the customer’s funds. Of the SAR reports that GWFS did file, the SEC found that they lacked key information the broker-dealer was required to report about the suspicious activity and suspicious actors. Interestingly, no members of the SAR committee or the firm’s BSA officer were held personally accountable.
Kurt L. Gottschall, Director of the SEC’s Denver Regional Office, in a press statement declared:
“Across the financial services industry, we have seen a large increase in attempts by outside bad actors to gain unauthorized access to client accounts. By failing to file SARs and by omitting information it knew about the suspicious activity it did report, GWFS deprived law enforcement of critical information relating to the threat that outside bad actors pose to retirees’ accounts, particularly when the unauthorized account access has been cyber-enabled.”
According to the SEC’s Order, during a three-year period, GWFS was aware of increasing attempts by external bad actors to gain access to the retirement accounts of individual plan participants. The Order further provides that GWFS was aware that the bad actors attempted or gained access by using improperly obtained personal identifying information of the plan participants, and that the bad actors frequently were in possession of electronic login information such as user names, email addresses, and passwords.
According to the SEC, GWFS failed to file approximately 130 SARs, including in cases when it had detected external bad actors gaining, or attempting to gain, access to the retirement accounts of participants in the employer-sponsored retirement plans it serviced. Further, the SEC determined that of the 297 SARs that were filed, GWFS did not include the “five essential elements” of information it knew and was required to report about the suspicious activity and suspicious actors, including cyber-related data such as URL addresses and IP addresses.
Despite investigating account takeover incidents, compiling specific, “detailed information about the underlying suspicious activity, including: when and how the suspicious actor took control, or attempted to take control, of the plan participant’s account; identifying information regarding the suspected bad actors, IP addresses and email addresses linked to the bad actors; and details regarding how the bad actors used misappropriated funds once they had been improperly withdrawn from the GWFS plan participants’ accounts,” and sharing it with GWFS’ SAR Committee and BSA Officer, the firm failed to include it in its SAR narratives. “GWFS filed hundreds of SARs that disclosed only that an unauthorized person had accessed a plan participant’s account—and omitted any details about the bad actor or the bad actor’s activity.”
SAR Reporting Obligations
The Bank Secrecy Act (BSA), along with its implementing regulations, require various U.S. financial institutions to file a SAR when they detect a known or suspected violation of federal law meeting applicable reporting criteria. Entities that may be required to file SARs include banks, financial holding companies, casinos, money services businesses, broker-dealers, insurance companies, mutual funds, and residential mortgage lenders and originators.
SARs are used to report a wide range of suspicious activity affecting depository institutions. Examples include cash transaction structuring, money laundering, check fraud and kiting, computer intrusion, wire transfer fraud, mortgage and consumer loan fraud, embezzlement, misuse of position or self-dealing, identity theft, and terrorist financing.
The BSA and its implementing regulations require that broker-dealers file SARs with the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) to report a transaction (or pattern of transactions of which the transaction is a part) conducted or attempted by, at, or through the broker-dealer involving or aggregating funds or other assets of at least $5,000 that the broker-dealer knows, suspects, or has reason to suspect:
Involves funds derived from illegal activity or is conducted to disguise funds derived from illegal activities;
Is designed to evade any requirement of the BSA;
Has no business or apparent lawful purpose and the broker-dealer knows of no reasonable explanation for the transaction after examining the available facts; or
Involves use of the broker-dealer to facilitate criminal activity.
When filing a SARs, financial institutions must provide certain information. The guidance for preparing SARs from FinCEN instructs SAR filers to “provide a clear, complete, and concise description of the activity, including what was unusual or irregular that caused suspicion” in the narrative and to “include any other information necessary to explain the nature and circumstances of the suspicious activity.”
FinCEN also advises that in order to be effective tools for law enforcement and fulfill their intended purpose, SAR narratives should include “the five essential elements of information – who? what? when? where? and why? – of the suspicious activity being reported.” When the reported transaction involves a cyber intrusion, broker-dealers must also include cyber-related data, such as URL addresses and IP addresses. The failure to file a complete SAR is a violation of Section 17(a) of the Exchange Act and Rule 17a-8 thereunder.
Enforcement Precedents
Prior to the GWFS action, on August 10, 2020, the SEC accepted a settlement offer of administrative cease and desist proceedings against Interactive Brokers, LLC[1], for a litany of violative conduct involving BSA evasions, failures to file SARs for U.S. microcap securities, and failure to recognize red flags of suspicious activity.
On December 17. 2018, the SEC accepted a settlement offer of administrative cease and desist proceedings against UBS Financial Services, Inc.[2], relating to deficiencies in the firm’s AML program and risk assessments which resulted in failures to file SARs on fund movements.
2021 SEC Priorities Have Been Announced.
The SEC’s 2021 Examination Priorities, Division of Entities FY 2021 guidelines contained a section on Anti-Money Laundering, reminding financial institutions of their Bank Secrecy Act (BSA)[3] obligation to establish “AML programs[4]…tailored to address risks associated with the firm’s location, size and activities…” (p. 27). Such programs must include monitoring for suspicious activities and filing of SARs “where appropriate” with FinCEN.
Based on the importance of these requirements, the Division noted that compliance with AML obligations by broker-dealers and RICs remains a priority.
On January 5, 2021, the SEC Division of Examinations issued its AML Source Tool for broker-dealers “Source Tool”, what I (and other counsel) consider as an indispensable reference tool and for all financial institution organizations general counsel, AMLCOs, CCOs and members of risk management departments and committees. Although specifically tailored by the SEC for broker-dealers[5], other financial institutions will find this Source Tool to be valuable in periodic assessments of changing regulatory requirements and enhancements to firm policies and procedures. The SEC Risk Alerts are another useful resource in addition to the list of contact personnel available for advice.
Additionally, the SEC has “spotlighted” cybersecurity on its website and a recent Rule 24A Report describes facts and circumstances of e-mail compromises. In 2014, the SEC issued Risk Alert Guidance and more recently focused on IT security as a holistic, corporate culture matter, with “operational resiliency” being a critical objective. (See SEC Report, January 2020).
On June 30, 2021, FinCEN’s Office of Strategic Communications published the first government-wide priorities for AML and countering the financing of terrorism (AML/CFT) policy, titled “AML/CFT Priorities”.
“the priorities highlight key treat trends as well as informational resources that can assist covered institutions in managing their risks. Compiled with the Department of Treasury’s 2020 Illicit Finance Strategy and 2018 National Risk Assessment, the priorities aim to help covered institutions assess their risks, tailer their AML programs, and prioritize resources.”
Key Takeaways
The SEC’s most recent enforcement actions highlight the importance of establishing and maintaining robust SAR-related policies, procedures, standards, and training and the intersection with AML compliance. The SEC and FinCEN have issued important tools for use in both AML programs and BSA compliance. The prevalence of cyber intrusions constitute a “red flag” that broker-dealers and other entities mandated to file SARs reports should review their SARs reporting and AML program, to ensure that they are reporting all of the required information on SARs, specifically as it pertains to the method and manner of cyber-intrusions and schemes to “take over” firm and/or customer accounts, including the method of transferring out funds, how the account was accessed, bank account information, phone/fax numbers, email addresses, and IP addresses.
Penalties for violations are significant, and the potential for SARs and AML program “gate keepers” to be held accountable remains a possibility.
Given the extensive legislative, regulatory and enforcement efforts involving both BSA and AML responsibilities, financial institutions should remain proactive in their oversight and changes to policies, procedures, systems and training of human resources.
If you have questions, please contact us
If you have any questions or if you would like to discuss these issues further, please contact Paul A. Lieberman or the Scarinci Hollenbeck attorney with whom you work, at (201) 896-4100.
[2] SEC Release No. 84828; A.P. File No. 3-18931; UBS Financial Services, Inc. consented to a Civil Money Penalty on the U.S. Department of Treasury FinCEN Case No. 2018-03.
[3] See, 31 U.S.C. §§ 5311 et. seq.; BSA Rules adopted by FinCEN are found at 31 C.F.R.ChX; see also 31 C.F.R. §§ 1023 et. seq. involving broker-dealers.
[4] See, 31 U.S.C. § 5318(g) and implementing regulations; 31 C.F.R. § 1023.210.
[5] See, FINRA AML Compliance Rule/Guidance: FINRA Rule 3310; AML FAQs; NJM 18-19 Amendments to Rule 3310.
Does Your Homeowners Insurance Provide Adequate Coverage?
Your home is likely your greatest asset, which is why it is so important to adequately protect it. Homeowners insurance protects you from the financial costs of unforeseen losses, such as theft, fire, and natural disasters, by helping you rebuild and replace possessions that were lost While the definition of “adequate” coverage depends upon a […]
Understanding the Importance of a Non-Contingent Offer
Making a non-contingent offer can dramatically increase your chances of securing a real estate transaction, particularly in competitive markets like New York City. However, buyers should understand that waiving contingencies, including those related to financing, or appraisals, also comes with significant risks. Determining your best strategy requires careful analysis of the property, the market, and […]
Fred D. Zemel Appointed Chair of Strategic Planning at Scarinci & Hollenbeck, LLC
Business Transactional Attorney Zemel to Spearhead Strategic Initiatives for Continued Growth and Innovation Little Falls, NJ – February 21, 2025 – Scarinci & Hollenbeck, LLC is pleased to announce that Partner Fred D. Zemel has been named Chair of the firm’s Strategic Planning Committee. In this role, Mr. Zemel will lead the committee in identifying, […]
Novation Agreement Process: Step-by-Step Guide for Businesses
Big changes sometimes occur during the life cycle of a contract. Cancelling a contract outright can be bad for your reputation and your bottom line. Businesses need to know how to best address a change in circumstances, while also protecting their legal rights. One option is to transfer the “benefits and the burdens” of a […]
What Is a Trade Secret? Key Elements and Legal Protections Explained
What is a trade secret and why you you protect them? Technology has made trade secret theft even easier and more prevalent. In fact, businesses lose billions of dollars every year due to trade secret theft committed by employees, competitors, and even foreign governments. But what is a trade secret? And how do you protect […]
What Is Title Insurance? Safeguarding Against Title Defects
If you are considering the purchase of a property, you may wonder — what is title insurance, do I need it, and why do I need it? Even seasoned property owners may question if the added expense and extra paperwork is really necessary, especially considering that people and entities insured by title insurance make fewer […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Failing to Understand Your SAR Reporting Obligations Can Result In Costly Penalties
Author: Scarinci Hollenbeck, LLC
The SEC recently brought another enforcement action this time against GWFS Equities Inc. (GWFS), a Colorado-based registered broker-dealer, for violating the federal securities laws governing the filing of Suspicious Activity Reports (SARs)...
The Securities and Exchange Commission (SEC) recently brought another enforcement action this time against GWFS Equities Inc. (GWFS), a Colorado-based registered broker-dealer, for violating the federal securities laws governing the filing of Suspicious Activity Reports (SARs). The company will pay a $1.5 million penalty and agreed to certain AML remedial efforts to settle allegations of SAR violations relating to the failure to report several cyber-related events, specifically account takeover activity where cybercriminals attempt intrusions into a customer’s account in order to steal the customer’s funds. Of the SAR reports that GWFS did file, the SEC found that they lacked key information the broker-dealer was required to report about the suspicious activity and suspicious actors. Interestingly, no members of the SAR committee or the firm’s BSA officer were held personally accountable.
Kurt L. Gottschall, Director of the SEC’s Denver Regional Office, in a press statement declared:
“Across the financial services industry, we have seen a large increase in attempts by outside bad actors to gain unauthorized access to client accounts. By failing to file SARs and by omitting information it knew about the suspicious activity it did report, GWFS deprived law enforcement of critical information relating to the threat that outside bad actors pose to retirees’ accounts, particularly when the unauthorized account access has been cyber-enabled.”
According to the SEC’s Order, during a three-year period, GWFS was aware of increasing attempts by external bad actors to gain access to the retirement accounts of individual plan participants. The Order further provides that GWFS was aware that the bad actors attempted or gained access by using improperly obtained personal identifying information of the plan participants, and that the bad actors frequently were in possession of electronic login information such as user names, email addresses, and passwords.
According to the SEC, GWFS failed to file approximately 130 SARs, including in cases when it had detected external bad actors gaining, or attempting to gain, access to the retirement accounts of participants in the employer-sponsored retirement plans it serviced. Further, the SEC determined that of the 297 SARs that were filed, GWFS did not include the “five essential elements” of information it knew and was required to report about the suspicious activity and suspicious actors, including cyber-related data such as URL addresses and IP addresses.
Despite investigating account takeover incidents, compiling specific, “detailed information about the underlying suspicious activity, including: when and how the suspicious actor took control, or attempted to take control, of the plan participant’s account; identifying information regarding the suspected bad actors, IP addresses and email addresses linked to the bad actors; and details regarding how the bad actors used misappropriated funds once they had been improperly withdrawn from the GWFS plan participants’ accounts,” and sharing it with GWFS’ SAR Committee and BSA Officer, the firm failed to include it in its SAR narratives. “GWFS filed hundreds of SARs that disclosed only that an unauthorized person had accessed a plan participant’s account—and omitted any details about the bad actor or the bad actor’s activity.”
SAR Reporting Obligations
The Bank Secrecy Act (BSA), along with its implementing regulations, require various U.S. financial institutions to file a SAR when they detect a known or suspected violation of federal law meeting applicable reporting criteria. Entities that may be required to file SARs include banks, financial holding companies, casinos, money services businesses, broker-dealers, insurance companies, mutual funds, and residential mortgage lenders and originators.
SARs are used to report a wide range of suspicious activity affecting depository institutions. Examples include cash transaction structuring, money laundering, check fraud and kiting, computer intrusion, wire transfer fraud, mortgage and consumer loan fraud, embezzlement, misuse of position or self-dealing, identity theft, and terrorist financing.
The BSA and its implementing regulations require that broker-dealers file SARs with the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) to report a transaction (or pattern of transactions of which the transaction is a part) conducted or attempted by, at, or through the broker-dealer involving or aggregating funds or other assets of at least $5,000 that the broker-dealer knows, suspects, or has reason to suspect:
Involves funds derived from illegal activity or is conducted to disguise funds derived from illegal activities;
Is designed to evade any requirement of the BSA;
Has no business or apparent lawful purpose and the broker-dealer knows of no reasonable explanation for the transaction after examining the available facts; or
Involves use of the broker-dealer to facilitate criminal activity.
When filing a SARs, financial institutions must provide certain information. The guidance for preparing SARs from FinCEN instructs SAR filers to “provide a clear, complete, and concise description of the activity, including what was unusual or irregular that caused suspicion” in the narrative and to “include any other information necessary to explain the nature and circumstances of the suspicious activity.”
FinCEN also advises that in order to be effective tools for law enforcement and fulfill their intended purpose, SAR narratives should include “the five essential elements of information – who? what? when? where? and why? – of the suspicious activity being reported.” When the reported transaction involves a cyber intrusion, broker-dealers must also include cyber-related data, such as URL addresses and IP addresses. The failure to file a complete SAR is a violation of Section 17(a) of the Exchange Act and Rule 17a-8 thereunder.
Enforcement Precedents
Prior to the GWFS action, on August 10, 2020, the SEC accepted a settlement offer of administrative cease and desist proceedings against Interactive Brokers, LLC[1], for a litany of violative conduct involving BSA evasions, failures to file SARs for U.S. microcap securities, and failure to recognize red flags of suspicious activity.
On December 17. 2018, the SEC accepted a settlement offer of administrative cease and desist proceedings against UBS Financial Services, Inc.[2], relating to deficiencies in the firm’s AML program and risk assessments which resulted in failures to file SARs on fund movements.
2021 SEC Priorities Have Been Announced.
The SEC’s 2021 Examination Priorities, Division of Entities FY 2021 guidelines contained a section on Anti-Money Laundering, reminding financial institutions of their Bank Secrecy Act (BSA)[3] obligation to establish “AML programs[4]…tailored to address risks associated with the firm’s location, size and activities…” (p. 27). Such programs must include monitoring for suspicious activities and filing of SARs “where appropriate” with FinCEN.
Based on the importance of these requirements, the Division noted that compliance with AML obligations by broker-dealers and RICs remains a priority.
On January 5, 2021, the SEC Division of Examinations issued its AML Source Tool for broker-dealers “Source Tool”, what I (and other counsel) consider as an indispensable reference tool and for all financial institution organizations general counsel, AMLCOs, CCOs and members of risk management departments and committees. Although specifically tailored by the SEC for broker-dealers[5], other financial institutions will find this Source Tool to be valuable in periodic assessments of changing regulatory requirements and enhancements to firm policies and procedures. The SEC Risk Alerts are another useful resource in addition to the list of contact personnel available for advice.
Additionally, the SEC has “spotlighted” cybersecurity on its website and a recent Rule 24A Report describes facts and circumstances of e-mail compromises. In 2014, the SEC issued Risk Alert Guidance and more recently focused on IT security as a holistic, corporate culture matter, with “operational resiliency” being a critical objective. (See SEC Report, January 2020).
On June 30, 2021, FinCEN’s Office of Strategic Communications published the first government-wide priorities for AML and countering the financing of terrorism (AML/CFT) policy, titled “AML/CFT Priorities”.
“the priorities highlight key treat trends as well as informational resources that can assist covered institutions in managing their risks. Compiled with the Department of Treasury’s 2020 Illicit Finance Strategy and 2018 National Risk Assessment, the priorities aim to help covered institutions assess their risks, tailer their AML programs, and prioritize resources.”
Key Takeaways
The SEC’s most recent enforcement actions highlight the importance of establishing and maintaining robust SAR-related policies, procedures, standards, and training and the intersection with AML compliance. The SEC and FinCEN have issued important tools for use in both AML programs and BSA compliance. The prevalence of cyber intrusions constitute a “red flag” that broker-dealers and other entities mandated to file SARs reports should review their SARs reporting and AML program, to ensure that they are reporting all of the required information on SARs, specifically as it pertains to the method and manner of cyber-intrusions and schemes to “take over” firm and/or customer accounts, including the method of transferring out funds, how the account was accessed, bank account information, phone/fax numbers, email addresses, and IP addresses.
Penalties for violations are significant, and the potential for SARs and AML program “gate keepers” to be held accountable remains a possibility.
Given the extensive legislative, regulatory and enforcement efforts involving both BSA and AML responsibilities, financial institutions should remain proactive in their oversight and changes to policies, procedures, systems and training of human resources.
If you have questions, please contact us
If you have any questions or if you would like to discuss these issues further, please contact Paul A. Lieberman or the Scarinci Hollenbeck attorney with whom you work, at (201) 896-4100.
[2] SEC Release No. 84828; A.P. File No. 3-18931; UBS Financial Services, Inc. consented to a Civil Money Penalty on the U.S. Department of Treasury FinCEN Case No. 2018-03.
[3] See, 31 U.S.C. §§ 5311 et. seq.; BSA Rules adopted by FinCEN are found at 31 C.F.R.ChX; see also 31 C.F.R. §§ 1023 et. seq. involving broker-dealers.
[4] See, 31 U.S.C. § 5318(g) and implementing regulations; 31 C.F.R. § 1023.210.
[5] See, FINRA AML Compliance Rule/Guidance: FINRA Rule 3310; AML FAQs; NJM 18-19 Amendments to Rule 3310.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
