Intesa Sanpaolo IMI Securities
The findings stated that the firm initially had no systems to monitor for suspicious activity involving equity trading. Although the firm later implemented new monitoring systems, these systems were not reasonably designed to detect red flags typically associated with low-priced securities transactions. The findings also stated that the firm’s written AML procedures did not accurately reflect the firm’s actual AML monitoring procedures and also failed to discuss significant red flags associated with low-priced securities trading. In addition, the written AML procedures instructed firm employees to send SARs to a third-party site that was no longer in use.
The findings also included that the firm failed to detect or investigate suspicious activity involving low-priced securities transactions. Despite red flags of suspicious activity, the firm failed to detect or investigate them or file SARs when it would have been appropriate to do so. FINRA found that the firm failed to timely address deficiencies in its AML program identified in audits.
An internal audit of the firm’s AML program resulted in recommendations that the firm make changes to its AML program, including by updating its written AML procedures to accurately reflect the firm’s actual procedures for monitoring suspicious activity and by implementing an enhanced AML program. However, the firm failed to implement these recommendations. A subsequent internal audit rated the firm’s AML risk as “high” and reiterated the recommendations made in the initial audit. Nonetheless, the firm failed to revise its written AML procedures and enhance its AML monitoring procedures until later.
FINRA also found that the firm failed to establish and implement due diligence policies, procedures and controls for foreign financial institutions (FFIs). The firm failed to obtain required information concerning the nature of the anticipated trading activity in the accounts of many of its FFI customers. Due to these failures, the firm was unable to reasonably assess the degree of money-laundering risk posed by these accounts.
In addition, the firm did not initially complete a formal risk assessment of its customers that were FFIs located in countries or overseas jurisdictions known for heightened money-laundering risk, despite repeated recommendations from its internal auditors to do so. Even after the firm completed risk assessments of its customers, it failed to implement controls over the accounts of FFIs targeted to any specific risk posed by the accounts.
The firm also failed to periodically review FFI account activity, including to determine if the activity was consistent with each account’s stated purpose.