In a move that mirrors some of the actions being taken across the pond with regards to customer data infractions, the Securities and Exchange Commission (SEC) has charged US-based broker-dealer Pinnacle Capital Markets with failing to comply with a key piece of anti-money laundering (AML) legislation and forced it to pay out a US$25,000 fine. The regulator indicates that the firm failed to correctly verify the identities of its customers and document this information for a period of six years, despite having established a specific customer identification programme for this purpose. Moreover, the Financial Crimes Enforcement Network (FinCEN) has fined Pinnacle another US$25,000 for violating the Bank Secrecy Act (BSA) due to its related customer data management failings.
The SEC has also held a C level executive at the firm responsible for the failings (thus highlighting the increased liability of these individuals for data related failings) by charging Pinnacle’s managing director Michael Paciorek with causing the violations.
The fine is reminiscent of the recent fines handed out across the pond by the UK Financial Services Authority (FSA), which is also cracking down on firms’ data management practices, specifically around customer data. The regulator’s recent fining of French bank Société Générale for transaction reporting failures under MiFID is a case in point.
The SEC investigation found that, from October 2003 to August 2006, Pinnacle failed to verify the identities of 34 out of a sample of 55 of its corporate accounts. The SEC also said that from October 2003 through November 2009 it did not collect or verify identifying information for “the vast majority” of its sub-accounts. The SEC rule requires broker-dealers to identify and verify the identities of its customers and document its procedures for doing so and therefore Pinnacle was charged with failing to live up to its documented procedures.
It seems that the firm’s practice of offering direct market access (DMA) to all of its customers may be at the root of the problem. The firm, which was established in 2002, primarily offers order processing with DMA for its clients, 99% of who are based outside of the US market. According to the SEC’s order against Pinnacle, many of the firm’s foreign entity customers hold omnibus accounts at the firm through which the entities carry sub-accounts for their own corporate or retail customers. The firm treats the sub-account holders of the foreign entity omnibus accounts in the same manner as it does its regular account holders.
The vast majority of Pinnacle’s regular account holders, as well as the omnibus sub-account holders, use DMA software to enter securities trades directly and instantly through their own computers. As a result, these account holders have direct, unfiltered control over how securities transactions are effected in the accounts. The foreign entity holding the omnibus account does not intermediate these trades. The DMA software therefore allows the omnibus sub-account holders to route their securities transactions directly to the relevant market centres without intermediation, thus circumventing the required AML customer verification process.
“Left unchecked, Pinnacle’s business model yields significant money laundering risks,” says Robert Khuzami, director of the SEC’s Division of Enforcement. “If a broker-dealer provides customers with direct access to the US securities markets, it must comply with the applicable customer identification rules.”
Thomas Sporkin, chief of the SEC’s Office of Market Intelligence, adds, “DMA was a big selling point to Pinnacle’s customers. The sub-account holders of the omnibus accounts held at Pinnacle were permitted to place trades directly in their own accounts using the DMA software and functioned as customers. The customer identification rules require that they be treated as such.”
Accordingly, Pinnacle was charged with wilfully violating Section 17(a) of the Securities Exchange Act of 1934 and Rule 17a-8, which require a broker-dealer to comply with the reporting, recordkeeping and record retention requirements in regulations implemented under the BSA.
Pinnacle and Paciorek agreed to settle the SEC’s enforcement action without admitting or denying the allegations. The firm has also has agreed to certain undertakings, including extensive AML training for its employees, as well as the hiring of an independent consultant to review its AML compliance programme.