According to FINRA, Osaic Institutions, Inc. (formerly Infinex Investments, Inc.) was censured, fined $650,000, and required to comply with undertakings for failing to establish and implement adequate policies and procedures to detect and report suspicious transactions and for failing to conduct ongoing customer due diligence.

The firm's written AML program was derived from a generic template that was not tailored to the firm's specific business activities. The program provided incomplete guidance on how to detect and investigate red flags of suspicious activity. Critically, the procedures included no guidance on escalating or investigating potentially suspicious activity, including cyber-events, for the purpose of determining whether to file a Suspicious Activity Report (SAR). SARs are critical tools that help law enforcement detect and investigate money laundering, terrorist financing, and other financial crimes.

Osaic Institutions relied on AML exception reports to surveil for potentially suspicious trades and money movements. However, the firm's implementation of this surveillance was seriously flawed. Either the reports did not monitor for numerous red flags relevant to the firm's business, or the firm failed to review or timely review the reports. In total, the firm failed to review at least 30 individual AML exception reports and failed to timely review at least 121 individual reports.

The firm also failed to investigate certain activity for potential SAR filings and did not review attempted but unsuccessful cyber-events to determine whether SAR filings were warranted. Cyber-events can be indicators of account compromise or other suspicious activity requiring reporting.

Additionally, the firm failed to include in its AML program risk-based procedures for conducting ongoing customer due diligence. The firm's policies and procedures were silent on the obligation to maintain and update customer information on a risk basis. As a result, the firm did not develop risk profiles for domestic customers and did not create risk profiles for foreign customers until December 2023, at which time it simply designated all foreign accounts as high-risk without meaningful differentiation. The firm conducted no risk-based ongoing customer due diligence for either domestic or foreign accounts until implementing changes.

Ultimately, the firm implemented procedures for reviewing AML exception reports, but only after FINRA's examination revealed the deficiencies. This case underscores that broker-dealers play a critical frontline role in preventing financial crimes.