.png)
.png)
The U.S. Securities and Exchange Commission (SEC) recently issued a notice to OTC Link, slapping the company with a $1.19 million fine for failing to file a single Suspicious Activity Report (SAR) over a 38-month period. The SEC’s action underscores significant deficiencies in OTC Link’s Anti-Money Laundering (AML) program and offers critical lessons for financial firms, regardless of their regulator.
Chief Compliance Officer (CCO) Should Not Oversee AML
One of the SEC’s primary criticisms, as highlighted on page five of the notice, is the practice of assigning AML responsibilities to the Chief Compliance Officer (CCO). In the case of OTC Link, the CCO was also designated as the firm’s Anti-Money Laundering Compliance Officer. The SEC’s notice makes it clear that this dual role is problematic. If it’s deemed ineffective for a broker-dealer like OTC Link, the same applies even more so to banks. The last 19 years of AML compliance have been moving away from such split responsibilities, and now federal banking agencies and securities examiners are echoing this sentiment through consent and Compliance and Disclosure (C&D) orders. The SEC’s stance suggests that companies must reconsider and separate these roles to ensure robust compliance.
Insufficient Time Devoted to AML Functions
The SEC’s notice also reveals that the CCO at OTC Link spent just two hours per month on AML activities, despite the firm operating one of the largest alternative trading systems in the U.S. This minimal time investment is directly linked to the problem of split responsibilities, which inevitably leads to inadequate oversight in one area or another. The SEC’s findings serve as a cautionary tale for firms to ensure their AML functions receive the necessary time and attention.
Failure to Operationalize Available Guidance
The SEC order meticulously outlines all the published guidance relevant to OTC Link’s business, including FinCEN’s SAR Guidance from 2010. The SEC noted that OTC Link had access to this information but failed to operationalize it. This serves as a reminder to financial institutions that if they haven’t yet reviewed and implemented the guidance from FinCEN, they need to start immediately.
Red Flags Must Be Relevant and Operationalized
The SEC pointed out on page five of its notice that OTC Link’s AML policy included a list of red flags, but these were not pertinent to the company’s business and were not operationalized in its monitoring processes. Financial firms are reminded that their AML policies must include relevant red flags and that these indicators must be effectively integrated into their monitoring systems.
Lack of Due Diligence on Subscribers
Another critical failing highlighted by the SEC was OTC Link’s lack of due diligence on its subscribers. The company failed to screen individuals who were publicly known to have legal issues related to corruption, crime, or misuse of public funds. This oversight represents a significant gap in the firm’s AML program.
Inadequate Resources for AML Monitoring
The SEC’s notice also addressed the issue of resources, a common problem cited in enforcement actions across financial institutions. While OTC Link employed some form of automated surveillance to identify suspicious activity, the SEC found that there were not enough personnel dedicated to AML compliance. Specifically, the SEC identified only two individuals working on the issue, neither of whom had a title specifically related to AML compliance.
SEC’s Undertakings Section Offers Valuable Insights
The Undertakings section of the SEC’s notice provides valuable insights, particularly the requirement that “OTC Link shall require the Compliance Consultant to submit to the Commission’s staff a certification stating whether OTC Link cooperated with the Compliance Consultant with every report submitted.” This requirement is a noteworthy point for consideration in bank remediation matters and highlights the importance of thorough and cooperative engagement with compliance consultants during remediation processes.
The SEC’s action against OTC Link sends a strong message to financial institutions about the importance of maintaining robust and properly resourced AML programs, with clear lines of responsibility and operationalized compliance measures.
By fLEXI tEAM
Comments