Stepping into new territory, on May 22, 2006, the SEC for the first time brought an enforcement action under the USA PATRIOT Act against the Los Angeles brokerage firm of Crowell, Weedon & Co. The action, which was settled, arose from Crowell, Weedon’s failure to properly document the procedures it used to verify the identity of its customers and to make and keep certain reports and records to facilitate the prevention, detection, and prosecution of international money laundering and the financing of terrorism. Specifically, rather than implementing and documenting an effective system of identifying brokerage customers, Crowell, Weedon merely relied on the representations of its registered representatives who claimed to have personal knowledge of each of the 2,900 customers that opened accounts between October 2003 and April 2004.
Section 17(a) of the Securities Exchange Act of 1934 (hereinafter "Exchange Act"), 15 U.S.C 78(q)(b), and Exchange Act Rule 17a-8 thereunder, 17 C.F.R. 240.17a-8, require a broker-dealer to comply with the reporting, recordkeeping and record retention requirements contained in the Bank Secrecy Act, 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, and 31 U.S.C. 5311-5332. Pursuant to these statutes, the Secretary of the Treasury and the SEC enacted the customer identification program ("CIP") rule, 31 C.F.R. 103.122, which requires broker-dealers to establish, document, and maintain procedures for identifying customers and verifying their identities. These procedures are to be incorporated into the broker-dealer’s overall anti-money laundering ("AML") program, required by SRO rules as well as by banking and Treasury regulations.
The Commission’s Action
In its Order Instituting Cease-and-Desist Proceedings, Making Findings, and Imposing a Cease-and-Desist Order Pursuant to Section 21C of the Securities Exchange Act of 1934, SEC Administrative Proceeding File No. 3-12300 (May 22, 2006), the Commission found that Crowell, Weedon had a documented AML program that consisted of ten pages of procedures. As part of that program, the firm had procedures concerning "Customer Identification and Verification" and a section with procedures requiring employees to "Know Your Customer." These portions of Crowell, Weedon’s AML program purported to describe the firm’s CIP.
The procedures set forth in the "Know Your Customer and Customer Identification and Verification" sections of Crowell, Weedon’s CIP specified that the firm would verify the identity of each new customer using both documentary and non-documentary methods. The documentary methods included reviewing, for an individual, an unexpired government-issued identification such as a driver’s license or passport evidencing nationality and residence, and bearing a photograph or similar safeguard. For an entity, Crowell, Weedon employees were to review documents showing the existence of the entity such as articles of incorporation, a government-issued business license, a partnership agreement, or a trust instrument. Non-documentary methods for customer verification included contacting the customer, comparing the information provided by the customer with information obtained from a consumer reporting agency, public database or other source, checking references with other financial institutions, or obtaining a financial statement. Such non-documentary methods were, under the AML procedures, to be used in every instance where the customer was unable to present an unexpired government-issued ID, when the Crowell, Weedon employee was unfamiliar with the documents presented by the customer, where the customer and the firm did not have face-to-face contact or where other circumstances were present that increased the risk that the firm would not be able to verify the true identity of the customer through documentary means.
According to Crowell, Weedon’s procedures, all methods used to verify the identity of the firm’s new customers were to be documented. Detailed records were to be kept concerning the type of documentation used in verification and, with respect to non-documentary verification, the methods and results of the firm’s verification efforts were to be recorded and retained.
Despite the procedures purportedly put in place by the firm, between October 2003 and April 2004 Crowell, Weedon opened approximately 2,900 new customer accounts without following the procedures set forth in the CIP. Rather than reviewing photo identifications or relying on the non-documentary procedures to verify customer identities, the firm relied on its registered representatives’ merely indicating that they had personal knowledge of the customer. Although the firm had, prior to October 2003, contracted with a vendor to verify the identities of its customers, that vendor, due to a technical problem, was unable to perform that function when the CIP rule went effective. As a result of its failure to accurately document its CIP procedures, Crowell, Weedon was found to have violated Section 17(a) of the Exchange Act and Rule 17a-8 thereunder and, by consent, was ordered to cease and desist from future violations.
The Commission, the NASD, and other SROs have in recent years been aggressively undertaking examinations and enforcement investigations concerning regulated entities’ compliance with AML regulations. This has become much more of a priority since 9/11 and the passage of the USA PATRIOT Act. Although some of the provisions of the USA PATRIOT Act, such as the CIP rules, are not difficult to incorporate into a firm’s compliance manual and AML procedures, it can be much more difficult and time-consuming to assure that those portions of the compliance manual and AML procedures are consistently followed by the firm’s employees. In the current regulatory era, however, the SEC and the SROs will not hesitate to bring an enforcement action against any firm that fails to assure that customers are who they say they are, or that fails to comply with requirements meant to prevent money laundering and the financing of terrorism.