Overview
As investment advisers prepare to comply with the new anti-money laundering ("AML") program and reporting requirements effective Jan. 1, 2026, it is instructive to review recent enforcement actions brought by the Securities and Exchange Commission ("SEC"). Firms that are already subject to AML program requirements, such as broker-dealers and mutual funds, have been charged with:
- Relying on general AML policies not tailored to the specific business at issue
- Failing to provide business-specific AML training to employees
- Flagging accounts for AML review but never resolving the underlying verification failures
- Failing to identify "red flags" for transactions that should have been reported in Suspicious Activity Reports ("SARs")
- Devoting insufficient resources to reviewing flagged transactions
- Filing SARs with insufficient information regarding the parties and the suspect activities
In addition, in a case filed Jan. 14, 2025, an investment adviser not yet subject to AML program requirements was charged with falsely claiming to investors in its private funds that it was confirming the beneficial owners of investors and the sources of their funds. The adviser had failed to conduct such diligence on a particular investor that was subsequently sanctioned by a foreign regulator and the assets of the fund were frozen.
In each of these enforcement actions the SEC emphasized the critical importance of AML policies and procedures reasonably designed and properly tailored to the risks presented by the registrant's business. Preparing AML compliance policies and procedures that will pass muster with the SEC will take time and careful attention.
Background
The Financial Crimes Enforcement Network's ("FinCEN") long-awaited rule extending AML and countering the financing of terrorism ("CFT") requirements to certain registered investment advisers ("RIAs") and exempt reporting advisers ("ERAs") (collectively, "Covered Advisers") goes into effect on Jan. 1, 2026 ("Final Rule"), unless otherwise delayed.1
The Final Rule requires US-based and foreign-located Covered Advisers to apply their AML/CFT program to their advisory services.2 The Final Rule requires Covered Advisers that are foreign-located to apply their AML/CFT program to advisory activities that (i) take place within the US, including through the involvement of US personnel, or (ii) are provided to a US person or a foreign-located private fund with an investor that is a US person. Covered Advisers are not required to apply their AML/CFT program to advisory services provided to mutual funds, collective investment funds or other Covered Advisers that are already subject to an AML/CFT program requirement. This Alert includes a brief overview of the Final Rule's AML/CFT requirements applicable to Covered Advisers. For more details regarding the compliance requirements, please see here for our prior Alert: https://www.srz.com/en/news_and_insights/alerts/fincen-issues-final-amlcft-program-rule-for-certain-investment-advisers.
In preparing to comply with the Final Rule, Covered Advisers should be aware that AML compliance has always been a focus of the SEC in examination and enforcement of broker-dealers. While it is unclear whether AML compliance will be a priority for the current administration, understanding the SEC's approach with broker-dealers can provide a guide as to the SEC's expectations for Covered Advisers. This Alert highlights recent SEC enforcement actions against broker-dealers and RIAs, including actions involving the SAR filing requirement and an action involving broad statements regarding AML compliance made by an RIA in its offering materials.
Summary of AML/CFT Final Rule Requirements
The Final Rule requires Covered Advisers to adopt and implement risk-based written AML/CFT compliance programs, monitor and file SARs with FinCEN, and maintain records. Covered Adviser AML/CFT programs must include (1) appropriate risk-based policies, procedures and internal controls, (2) employee training, (3) a dedicated AML/CFT compliance officer(s), (4) an independent testing function, and (5) procedures for conducting ongoing customer due diligence ("CDD") that include "understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile" and "conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information."3 However, the Final Rule does not require Covered Advisers to adopt and implement a customer identification program. FinCEN intends to address this customer identification program requirement through a separate joint rulemaking with the SEC, which was proposed on May 13, 2024, but has not yet been finalized.4 The Final Rule also requires Covered Advisers to maintain due diligence standards for correspondent accounts and private banking accounts, comply with the information sharing requirements of Section 314(a) and 314(b) of the USA PATRIOT Act, and adhere to the special measures requirements of Section 311 of the USA PATRIOT Act and Section 9714(a) of the Combating Russian Money Laundering Act.5
Summary of Recent AML-Related Enforcement Actions
While the Final Rule is not yet effective and the SEC is not currently tasked with AML examination and enforcement of Covered Advisers, recent enforcement actions related to AML compliance brought by the SEC against RIAs and broker-dealers may illustrate how the SEC will approach enforcement when the Final Rule becomes effective. These cases provide important lessons for the consequences of deficiencies in AML programs, and the importance of complying with SAR reporting requirements.
False AML-Related Statements in Offering Materials – Navy Capital Green Management, LLC
The SEC's recent action against RIA Navy Capital Green Management, LLC ("Navy Capital") foreshadows AML-related enforcement risks for Covered Advisers. On Jan. 14, 2025, the SEC charged Navy Capital6 with violating Section 206(4) of the Investment Advisers Act of 1940 ("Investment Advisers Act"), which prohibits fraudulent practices by investment advisers.7 The order found that Navy Capital misrepresented its AML compliance practices to investors and failed to meet its standards relating to private placement memoranda. As part of the settlement, Navy Capital agreed to cease and desist from further violations, be censured, and pay a $150,000 civil penalty within ten days.8
Section 206(4) of the Investment Advisers Act and Rule 206(4)-8 prohibit advisers to pooled investment vehicles from making false or misleading statements to current or prospective investors.9 The SEC's order found that between at least October 2018 and January 2022, Navy Capital falsely represented to prospective and existing private fund investors in its offering memoranda and other documents that it was using certain AML due diligence procedures not normally required for investment advisers, including a self-imposed requirement "to confirm the identity of each investor ..., including the principal beneficial owners of an investor, if applicable."10 However, Navy Capital did not adhere to these practices.
Despite promises of thorough AML checks, Navy Capital failed to verify the identities of beneficial owners and the sources of funds for investments. Navy Capital's procedures included accepting funds from entities with opaque ownership structures and potential connections to money laundering activities without conducting the due diligence they had committed to do in offering documents. Moreover, Navy Capital ignored significant red flags, such as public reports linking some investors to money laundering, and failed to perform enhanced due diligence as required by their own policies. In one instance, Navy Capital only collected AML documentation for an investor (who owned more than 50 percent of a fund) after the investor was sanctioned by foreign authorities.11 The SEC found that Navy Capital's actions constituted a violation of Section 206(4)-8 of the Investment Advisers Act.
Although not legally required to adopt the AML due diligence procedures that Navy Capital represented to be following at the time, the SEC nevertheless charged Navy Capital because it falsely told investors that it was following such procedures. The SEC further charged Navy Capital for failing to adopt written policies and procedures that were reasonably designed to ensure the accuracy of offerings and other documents. The order signals the SEC's willingness to use existing regulatory rules to enforce AML compliance even ahead of the Final Rule's implementation.
Failure to Appropriately Tailor AML Program to Regulatory Requirements – DWS Investment Management Americas Inc.
The SEC brought an action against Deutsche Bank subsidiary DWS Investment Management Americas Inc. ("DIMA")—an RIA—for causing mutual funds it advised to violate their AML obligations under the Bank Secrecy Act ("BSA").12 The mutual funds that DIMA advised approved an AML program designed for all Deutsche Bank AG's US operations, which did not address specific compliance requirements for the mutual fund business. Accordingly, such AML program was not appropriately tailored to the risks and vulnerabilities to money laundering posed by mutual funds. As a result of DIMA causing the mutual funds it advised to fail to implement an adequate AML program, DIMA was assessed a $6 million civil monetary penalty.
Failure to Adhere to AML Program Requirements – LPL Financial LLC
On Jan. 17, 2025, the SEC issued an order against LPL Financial LLC ("LPL"), a dually registered broker-dealer and investment adviser, citing several failures in its AML program, resulting in a censure, a cease-and-desist order and a civil monetary penalty of $18 million.13 LPL also agreed to continue engaging with a compliance consultant and make any necessary changes to its AML policies and procedures.
The SEC charged LPL with willfully violating Section 17(a) and Rule 17a-8 of the Exchange Act of 1934 ("Exchange Act") by failing to comply with its own AML policies and procedures. Under Section 17(a) and Rule 17a-8, broker-dealers must comply with the reporting, recordkeeping, and record retention requirements implemented under the BSA, including the customer identification program rule ("CIP Rule")14 and ongoing CDD obligations.15
Between at least May 2019 and December 2023, LPL's AML policies and procedures required the collection and screening of customer information, with customers that failed verification, or exhibited risk factors, being flagged. However, in practice, LPL staff allegedly repeatedly removed restrictions on accounts without resolving the underlying verification failures, and LPL lacked a timeline for flagged account closures, resulting in thousands of such accounts improperly remaining active. Additionally, the SEC alleged that LPL's policies and procedures failed to describe what CIP information to preserve or how it should be retained, with staff employing "ad hoc methods." Finally, LPL was also charged with failing to close accounts of customers linked to cannabis operations or located in certain foreign countries, contrary to LPL's policies and procedures. For instance, as of February 2023, 1,400 cannabis-related accounts with approximately $350 million in assets remained open.
To avoid the consequences faced by LPL, Covered Advisers should ensure their risk-based AML/CFT programs adequately and accurately describe all relevant policies and that these policies and procedures are followed by the firm.
Failure to File SARs – OTC Link LLC
Broker-dealer OTC Link LLC ("OTC Link") was charged in August 2024 with failing to file SARs in violation of Section 17(a) and Rule 17a-8 of the Exchange Act.16 Despite OTC Link's daily facilitation of thousands of high-risk microcap and penny stock securities transactions, it allegedly failed to design its transaction surveillance program in light of its specific risks. For instance, OTC Link's program lacked red flags for transactions representing a large volume of trading relative to the daily average trade volume or for transactions involving individuals subject to known criminal, civil or regulatory actions. Additionally, insufficient time was dedicated by the staff to reviewing flagged transactions. As a result, OTC Link failed to report a substantial number of suspicious transactions, with no SARs being filed between March 2020 and May 2023.
To resolve this matter, OTC Link agreed to continue retaining a third-party consultant and adopt their AML program recommendations. OTC Link also agreed to a censure, a cease-and-desist order and a civil monetary penalty of $1.19 million. Covered Advisers should consider these deficiencies in crafting their AML/CFT programs to ensure they properly maintain a SARs program tailored to their specific risks and timely file all required SARs.
Failure to Timely File SARs – Robinhood Financial LLC and Robinhood Securities, LLC
On Jan. 13, 2025, broker-dealers Robinhood Financial LLC and Robinhood Securities, LLC (collectively, "Robinhood") were charged with violating Section 17(a) of the Exchange Act and Rule 17a-8 by failing to promptly review suspicious transactions and failing to timely file SARs, in addition to other federal securities laws violations.17 The SEC alleged that Robinhood failed to update its AML program to sufficiently adapt to a growing volume of transactions, resulting in a backlog of flagged transactions for review between 2020 and 2022. As a result, despite its AML policies requiring that SAR-filing determinations be made within forty-five days of a transaction being flagged, Robinhood filed SARs an average of 125 to 198 days after the initial flagging during this period. Robinhood was ordered to pay $13 million in civil penalties to resolve the SAR-related allegations.
Failure to File Sufficiently Detailed SARs – Webull Financial LLC, Lightspeed Financial Services Group LLC, and Paulson Investment Company, LLC
On Nov. 22, 2024, the SEC charged broker-dealers Webull Financial LLC ("Webull"), Lightspeed Financial Services Group LLC ("Lightspeed"), and Paulson Investment Company, LLC ("Paulson") with filing insufficient SARs between 2018 and 2022 in violation of Section 17(a) and Rule 17a-8 of the Exchange Act.18 All three agreed to a censure, a cease-and-desist order and civil penalties. Webull was fined $125,000, while Lightspeed and Paulson were both required to pay $75,000. Webull and Paulson also agreed to hire compliance consultants and reform their AML programs.
The SEC faulted all three firms for submitting SARs that failed to identify the "who, what, when, where, and why" of the reported activity in the SAR narratives.19 Deficiencies identified by the SEC include failing to identify customer names and account numbers, omitting the names of securities at issue, and not explaining the suspiciousness of reported transactions. Covered Advisers should tailor their AML/CFT programs to properly record and include all necessary information in any SAR filing.
Takeaways and Considerations
The above enforcement actions continue to demonstrate the long-standing focus of the SEC on AML compliance and the willingness of the agency to enforce AML regulations. As Covered Advisers prepare their AML/CFT programs for compliance with the Final Rule, they should be cognizant of the SEC's activity in the AML space. Recent enforcement actions signal what the SEC may focus on when assessing how RIAs implement and maintain adequate AML/CFT programs, including that those programs are in writing, comply with all relevant regulatory requirements, and provide for the development of a customer risk profile and ongoing monitoring. Additionally, SAR programs should be risk-based, and when SARs are filed, they should be timely and include all necessary details regarding the customer and the transactions. Further, Covered Advisers must continually support their AML/CFT programs and ensure policies are followed by employees. Covered Advisers should consider the above enforcement actions when drafting their AML/CFT programs, keep the Investment Advisers Act's requirements in mind and ensure that their procedures properly describe their AML practices. These lessons will be crucial for Covered Advisers in the coming years.
Footnotes
1. Final Rule, Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 72156 (Sept. 4, 2024), available at https://www.govinfo.gov/content/pkg/FR-2024-09-04/pdf/2024-19260.pdf.
2. RIAs are exempt if they register with the SEC solely because they are (i) mid-sized advisers, (ii) multi-state advisers or (iii) pension consultants. RIAs that do not manage clients' assets as part of their advisory activities and report zero AUM to the SEC on Form ADV are also exempt.
3. Final Rule, 89 Fed. Reg. at 72193.
4. Final Rule at 72194; see also Proposed Rule, Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers, 89 Fed. Reg. 44571 (May 21, 2024), available at https://www.govinfo.gov/content/pkg/FR-2024-05-21/pdf/2024-10738.pdf.
5. Under Section 314(a), Covered Advisers will need to search their records for, and report, specified information upon FinCEN's request. Final Rule, 89 Fed. Reg. at 72204. Covered Advisers will be able to participate in information-sharing arrangements with other BSA-regulated institutions under Section 314(b). Id. Sections 311 and 9714(a) will require Covered Advisers to implement "special measures" if the Secretary of the Treasury determines a jurisdiction, institution, class of transaction or type of account is of "primary money laundering concern." Id. at 72206, 72237.
6. In re Navy Capital Green Management, LLC, SEC Release No. 6823 (Jan. 14, 2025), available at https://www.sec.gov/files/litigation/admin/2025/ia-6823.pdf; Sec. Exch. Comm'n, Press Release No. 2025-8, "SEC Charges Advisory Firm Navy Capital With Misrepresenting Its Anti-Money Laundering Procedures to Investors" (Jan. 14, 2025), available at https://www.sec.gov/newsroom/press-releases/2025-8.
7. Investment Advisers Act, Section 206(4) (15 U.S.C. § 80b–6). This action was initiated pursuant to Sections 203(e) and 203(k) of the Investment Advisers Act (15 U.S.C. § 80b–3).
8. These sanctions were imposed pursuant to the SEC's authority under Sections 203(e) and 203(k) of the Investment Advisers Act.
9. See Rule 206(4)-8 (17 C.F.R. § 275.206(4)-8).
10. In re Navy Capital Green Management, LLC, SEC Release No. 6823.
11. Id.
12. Sec. Exch. Comm'n, Press Release No. 2023-194, "Deutsche Bank Subsidiary DWS to Pay $25 Million for Anti-Money Laundering Violations and Misstatements Regarding ESG Investments" (Sept. 25, 2023), available at https://www.sec.gov/newsroom/press-releases/2023-194.
13. Sec. Exch. Comm'n, Press Release No. 2025-17, "SEC Charges LPL Financial with Anti-Money Laundering Violations" (Jan. 17, 2025), available at https://www.sec.gov/newsroom/press-releases/2025-17.
14. The CIP Rule requires that broker-dealers create and maintain customer identification programs ("CIP") that enable them to form reasonable beliefs regarding the identity of customers. 31 C.F.R. § 1023.220(a)(1)-(3). At a minimum, a broker-dealer must generally collect a customer's name, date of birth, address and identification number. Id. at § 1023.220(a)(2)(i).
15. The ongoing CDD obligations require broker-dealers to implement risk-based customer due diligence processes, which must include understanding customer relationships to develop risk profiles and conducting ongoing monitoring. 31 C.F.R. § 1023.210(b)(5).
16. Sec. Exch. Comm'n, Press Release No. 2024-96, "SEC Charges OTC Link LLC with Failing to File Suspicious Activity Reports" (Aug. 12, 2024), available at https://www.sec.gov/newsroom/press-releases/2024-96. Under the BSA and its implementing regulations, which broker-dealers must comply with under Exchange Act Rule 17a-8, transactions involving or aggregating to at least $5,000 must be reported to FinCEN where the reporting broker-dealer knows, suspects or has reason to suspect that the transaction is related to illegal activities or is aimed at evading BSA requirements. 31 C.F.R. § 1023.320(a)(2). SARs must generally be filed within thirty days of detecting the facts constituting the basis for filing the report. Id. at § 1023.320(b)(3).
17. Sec. Exch. Comm'n, Press Release No. 2025-5, "Two Robinhood Broker-Dealers to Pay $45 Million in Combined Penalties for Violating More Than 10 Separate Securities Law Provisions" (Jan. 13, 2025), available at https://www.sec.gov/newsroom/press-releases/2025-5.
18. Sec. Exch. Comm'n, Press Release No. 2024-185, "SEC Charges Three Broker-Dealers with Filing Deficient Suspicious Activity Reports" (Nov. 22, 2024), available at https://www.sec.gov/newsroom/press-releases/2024-185.
19. FinCEN has advised that SAR narratives must generally provide these "five essential elements of information" in order to be sufficient. FinCEN, "Guidance on Preparing A Complete & Sufficient Suspicious Activity Report Narrative" (November 2003), available at https://www.fincen.gov/sites/default/files/shared/sarnarrcompletguidfinal_112003.pdf; see also U.S. Sec. & Exch. Comm'n v. Alpine Sec. Corp., 354 F. Supp. 3d 396, 414, 438-39 (S.D.N.Y. 2018), aff'd, 982 F.3d 68 (2d Cir. 2020).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
