UBS Pays $15 Million for AML Compliance Deficiencies
UBS Group agreed to pay a combined $15 million penalty to the US Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”)and the SEC for regulatory deficiencies in its anti-money laundering compliance program.
UBS is required to pay $5 million to the Treasury Department; $5 million to the SEC and another $5 million to FinCEN.
UBS’ broker-dealer unit, UBS Financial Services, Inc. (“UBSFS”), violated the Bank Secrecy Act and failed to file suspicious activity reports (“SARs”) for nearly a 13-year period. UBSFS provided clients with “banking-like services,” such as wire transfers, check writing and ATM withdrawals for brokerage accounts.
Additionally, FinCEN cited UBSFS for failing to assign adequate personnel to investigate and respond to alerts concerning possible suspicious transactions. As a result, UBSFS had increasing delays in conducting appropriate follow-up investigations. UBSFS processed hundreds of transactions that revealed red flags associated with shell-company activity and failed to monitor foreign currency wire transfers (including sender and recipient information and country of origin and destination) worth tens of billions of dollars that occurred through commodities and retail brokerage accounts.
FINRA cited as examples foreign currency wires to and from accounts that did not capture the number and identity of customers, the dollar value of the transfers, whether the transfers involved third parties and whether the transfers involved high-risk jurisdictions. USBFS identified the problems in 2012 but took over five years to implement a reasonable monitoring system. Since 2017, USBFS has made significant investments in AML staffing and technology.
With respect to the SEC settlement (here), USB was cited for its failure to file suspicious activity reports (“SARs”) for certain transactions or patterns of transactions occurring in non-resident alien (“NRA”) customer accounts in a San Diego, California branch office.
During a two-year period, 2011 to 2013, the San Diego branch had nearly 6000 NRA accounts. Some NRA account customers lives in high-risk money laundering countries such as Mexico, Venezuela and Panama. Over this two year period, customers moved over $9 billion through the NRA accounts at the San Diego branch.
The transaction patterns for these accounts were not identified for follow up investigation despite the fact that certain NRA customers used multiple accounts with common ownership or control to move funds in suspicious patterns. In some cases, the accounts were used as intermediaries between other financial institutions with no apparent business or lawful purpose. USBFS did not adequately surveil these accounts because its parameters for detecting suspicious activity were too narrow for the circumstances.
For example, USBFS had an alert designed to capture all incoming transactions that aggregated $100,000 or more if 90 percent of that amount was withdrawn from the account in a 5-day period by wire transfer, check, account transfer or ATM withdrawals. The SEC cited this parameter as too narrow.
In certain NRA accounts, alerts were triggered for certain transactions but no follow up investigation occurred. These fund movements often involved round-dollar amounts, sometimes large, with multiple transactions involving transactions between accounts with common ownership or control. USBFS analysts were cited for focusing on individual transactions and failing to identify multiple transactions that were part of a pattern of activity.
The SEC cited five specific examples of activity patterns that should have resulted in a SARs filing. One included an off-short personal holding company that received several times a week, large round dollar wire deposits. The funds were either wired out to related enetiies at other financial institutions or journaled to the beneficial owner’s individual account at UBSFS, and then withdrawn via checks or wires to other financial institutions. There was no securities activity in either the personal holding company account or individual account. The activity did not generate an alert in the AML monitoring system.