The Bank of America subsidiary is paying $13 million to the SEC and another $13 million to FINRA on allegations that it mismanaged its anti-money laundering (AML) responsibilities.
Merrill Lynch, Pierce, Fenner & Smith Inc. has been fined a total of $26 million — $13 million by the SEC and another $13 million by the Financial Industry Regulatory Authority (FINRA) — for mismanaging its anti-money laundering (AML) responsibilities, especially after becoming part of Bank of America in 2009.
In response to the fines and a censure, the firm, a registered broker-dealer and an investment adviser that is now a subsidiary of Bank of America, has submitted a formal letter of acceptance, waiver and consent (AWL) to FINRA and begun corrective actions, which are specified below.
The firm also neither formally admits nor denies the SEC’s and FINRA’s allegations, which include so-called “potentially suspicious” activities at two southern-border bank branches.
From at least 2011 to 2015, Merrill Lynch had AML policies and procedures in place that “were not reasonably designed to account for the additional risk associated with the additional services offered by certain of its retail brokerage accounts,” the SEC says in its Dec. 21, 2017 cease-and-desist order.
In addition, according to the SEC, from approximately 2006 through approximately May 2015, “Merrill Lynch did not apply its Mantas automated monitoring to certain accounts. These accounts included retirement accounts, managed accounts and securities-based loan accounts.
“From 2011 through 2013, managed accounts, securities-based loan accounts, and the accounts pledged to them engaged in approximately 12 million transactions moving approximately $105 billion to and from accounts at Merrill Lynch, via checks, ATM withdrawals, cash deposits, wires, and ACH [Automated Clearing House] transactions during that time period,” according to the SEC. “The number and dollar amount of these transactions increased each year and accounted for approximately 6% of all movements of un-invested funds at Merrill Lynch.”
The FINRA AWL offers the following example of BofAML’s subsequent failure to “identify and investigate … certain high-risk counterparties and entities,” including transactions from a Venezuelan electronics importer to employees of the Syrian embassy in that country:
“[A]n account opened by a purported electronics importer based in Venezuela (which the Firm designated as a high risk jurisdiction) sent and received multiple wires from other high risk jurisdictions and questionable individuals….
“Among those transactions were wires to and from employees of the Syrian embassy in Venezuela and wires sent to a Venezuelan military general accused in media reports of accepting bribes from a known drug trafficker. Nevertheless, these wires resulted in only one scored event. Therefore, this activity was not investigated.”
The AWL also takes note of “potentially suspicious money movement” at Merrill bank branches in San Diego, McAllen, Texas, and New York City.
In fact, in 2011, Merrill Lynch was also “censured and fined” by FINRA for “failing to enforce its anti-money laundering compliance program and written procedures by accepting third-party checks for deposit into a customer’s account which, contrary to the procedures, did not identify that customer by name,” according to Merrill’s AWL letter. “As a result, one of its customers, a registered representative at another member firm, was able to move over $9 million of misappropriated funds through his Merrill Lynch cash management brokerage accounts.” In that 2011 instance, the fine Merrill Lynch paid was $400,000.
Subsequently, because of the deficient AML policies and procedures outlined by the SEC, Merrill Lynch allegedly “failed to adequately monitor for, detect, and report certain suspicious activity related to transactions or patterns of transactions in its customers’ accounts.”
Central to the SEC and FINRA findings are alleged deficiencies in Mantas, the “automated monitoring tool to detect potential money laundering activity” Merrill Lynch employed before October 2010. “Mantas generated alerts based on specified scenarios adopted by Merrill Lynch, such as rapid movement of funds or internal journal-entry transfers between unrelated accounts,” according to the AWL, which specifies that “[d]ifferent types of alerts were assigned different scores based on the perceived AML risk of the activity, and when alerts reached a predetermined total score, Merrill Lynch staff reviewed the alerts to determine whether the activity in the account warranted further investigation that could lead the Firm to file a suspicious activity report (SAR) with the Financial Crimes Enforcement Network (FinCEN).”
FTF News contacted two officials at Oracle, the database and systems software company that owns Mantas and has renamed it Oracle Financial Services Software, asking for comment about the SEC and FINRA allegations. By deadline, neither an Oracle media relations official nor an Oracle investor relations official had replied.
In 2010 — after BofA acquired Merrill — Mantas was incorporated into BofA’s own “enterprise-wide, proprietary system called Event Processor,” according to the FINRA AWL. “Mantas events were combined into Event Groups with events (generated by Mantas or other AML detection channels) that had previously arisen over the past 13 months in the same or related accounts at Merrill Lynch or elsewhere in BAC [i.e., the Bank of America Corporation].
“The Event Groups were scored based on the AML risk posed by the activity and customers identified in the Group. When an Event Group reached a predetermined risk-based threshold, the Event Group was promoted to an investigation to be reviewed by staff. If an Event Group did not reach the requisite threshold, no analyst or investigator would necessarily review the Event Group and potentially suspicious activity identified by that Event Group could go undetected.”
The following year there was a recognition inside the new BofAML that the “Mantas system was generating too many ‘false positives’ — investigations arising solely from Mantas alerts that did not result in the filing of SARs,” according to the AWL addressed to FINRA. “The Firm’s initial solution was to change the way Mantas events were generated, scored, and investigated. In September 2011, Merrill Lynch decided, while those changes were being implemented, not to open any investigations on Event Groups that solely consisted of Mantas events. Therefore, Event Groups generated only from Mantas events would not trigger additional review.”
The protocol then became that an additional review would be opened “only if an Event Group contained at least one event from a detection channel other than Mantas.”
Subsequently, “Merrill Lynch did not re-open 646 pre-existing Mantas-only investigations, did not rescore the Mantas events occurring prior to January 2012 under the old or new criteria, and did not include Mantas events generated prior to the end of January 2012 in Event Processor scores going forward. In all, the Firm did not investigate 1,015 Event Groups that would have been investigated during the period that it altered the scoring of Mantas events.”
Merrill’s Event Processor [EP], the firm acknowledges, “minimized certain potentially suspicious activity or prevented other such activity from being detected and reported.”
In fact, in the AWL, BofAML acknowledges that the firm “only reviewed these [suspicious] events in 2014, after the investigation that led to this settlement [with the SEC and FINRA] had begun.”
“At the time of this decision, the most senior AML risk governance committee at Merrill Lynch expected that impacted Mantas events would be reprocessed into EP (and rescored) after the completion of the relevant changes to the way Mantas events were generated and scored,” according to the AWL. “On December 5, 2011, a junior Merrill Lynch governance committee determined not to re-ingest and rescore Mantas events but instead to retire all open Mantas events, effectively contravening the approach adopted by the senior AML risk governance committee, without reengaging that committee in the discussion.”
The SEC also lists the following “remedial” measures undertaken by Merrill:
- Beginning in approximately May 2015, Merrill Lynch began monitoring accounts with Mantas;
- In approximately 2014 and 2015, Merrill Lynch reprocessed and rescored all the Mantas events whose scores had been affected by the Fall 2011 scoring decisions, and investigated all the Mantas-event-only cases that had been closed at that time. This resulted in approximately 1,015 investigations. In 2015, Merrill Lynch subsequently filed seven SARs on approximately $57,000,000 in transactions in roughly 20 accounts.
- In June 2015, Merrill Lynch changed the scoring for two high risk transaction scenarios so that events for transactions fitting these scenarios would score for each such transaction and not just once. In addition, in 2015, Merrill Lynch began using a separate BofA automated system to also monitor all movement of funds in Merrill Lynch retail brokerage accounts for potentially suspicious activity;
- In August 2015, Merrill Lynch modified EP to be able to link accounts and group events appropriately arising out of … customers’ U.S. dollar-denominated and foreign currency-denominated accounts;
- In August 2014, Merrill Lynch implemented a “Continuous Suspicious Activity Event” risk factor, which created a case whenever any AML event occurs on the same party and of the same type as contributed to a SAR filed within the preceding 90 days. This was in addition to the ability of AML investigators to elect a 90-day review in appropriate circumstances;
- Merrill Lynch made enhancements to the workstation used by investigators in order to provide more visibility into transactions occurring in an account.
- Merrill Lynch also enhanced research tools for AML investigators, added procedures for investigators relating to potential red flags for money laundering, provided multiple training sessions to investigators regarding various money laundering schemes, and established additional training programs for future AML investigators.
Merrill Lynch has been a FINRA-regulated firm since January 26, 1937, it recounts in its AWL to FINRA, noting that it has “more than 33,000 registered individuals in more than 3,100 branch offices, servicing tens of millions of customers. During 2013, Merrill Lynch customers moved more than $547 billion in funds into and out of Merrill Lynch brokerage accounts.”
FTF News contacted two Merrill officials for comment, particularly for an explanation of how suspicious activities happened to occur at branches in San Diego and McAllen, Texas, as well as in New York City — presumably the very areas where anti-money-laundering oversight should have been focused.
By deadline there was no reply.
Need a Reprint?