The US Financial Industry Regulatory Authority has fined Credit Suisse Securities for breaking its anti-money laundering and supervisory rules while also tolerating bad data feeds.

FINRA found that Credit Suisse’s suspicious activity monitoring programme was deficient in two respects: it relied primarily on its registered representatives to identify and escalate potentially suspicious trading (especially in microcap stock transactions) which they did not always do; and it did not activate its automated surveillance system properly to look for suspicious movements of money. A significant portion of the data feeds into the system contained information with gaps in it or malfunctioned in other ways. The firm also chose not to use certain 'available scenarios' that someone-or-other had designed with the aim of identifying common suspicious patterns and activities, and it failed to do enough to investigate activity when it used others.  

FINRA found that Credit Suisse failed to review trading effectively for AML reporting purposes between January 2011 and September 2013. The firm expected its registered representatives, who served as its primary contact with its customers, to identify and report various transactions to its AML compliance department. They had to report situations that its AML policy documents described as 'red flags' and were also expected to report anything unusual. The bank then required its AML compliance department to investigate the ostensibly suspicious activity, keep notes about its findings and send off suspicious activity reports (SARs) to the Internal Revenue Service's database in Detroit if appropriate. The systems and procedures that the firm used to monitor trading for other purposes, however, were not designed to detect suspicious activity and the other departments and branches of the firm did not bother to review trading for AML reporting purposes effectively. For example, the trading of one of the firm’s customers, a New York-based hedge fund, followed patterns commonly associated with microcap fraud. It did this by depositing money into its account and then selling securities quickly, wiring the proceeds out of the account shortly afterwards. Nobody at Credit Suisse spotted this.

Credit Suisse’s reliance on representatives to 'escalate' their suspicions about trades up the chain of command was also flawed because it failed to account for the fact that most orders that the bank received from its foreign affiliates came in electronically and its sales traders did not see them.

Between January 2011 and December 2015, Credit Suisse also failed to weed out suspicious money transfers to FINRA's satisfaction. Although Credit Suisse spotted some of the deficiencies of its surveillance system on its own initiative and hired a consulting firm to help it evaluate them, FINRA believes that it was slow off the mark in resolving them, and indeed has not resolved some of them even today. It also lacked the staff to check the tens of thousands of alerts that the automated system was throwing up.  

FINRA found that Credit Suisse's compliance effort did not militate against the sale of unregistered securities adequately. Certain Credit Suisse customers deposited and sold microcap shares through the firm, which should have raised 'red flags' that indicated that the shares might have been part of an illegal distribution. These failures extended to potentially suspicious trades made in the omnibus accounts of the firm’s foreign affiliates. As a result, FINRA found that between 2011 and 2013 the firm facilitated the illegal distribution of at least 55 million unregistered shares of securities. Credit Suisse has now filled the compliance gap in this area, at least partially.