For the second time in five years, a subsidiary of Wells Fargo has been charged by the Securities and Exchange Commission (SEC) with failing to file suspicious activity reports (SARs) in a timely manner due to deficiencies in the system it used to flag transactions.

The SEC said Wells Fargo Advisors, a brokerage firm owned by Wells Fargo, failed to promptly file 34 SARs from 2017-21. Without admitting or denying the charges, Wells Fargo agreed to pay a $7 million fine, to be censured, and to cease and desist from future violations.

The SEC’s order said delays in the filing of SARs stemmed from two separate issues with the firm’s internal anti-money laundering (AML) transaction monitoring system.

The system “failed to adequately monitor, detect, and report certain transactions in its customers’ brokerage accounts involving wire transfers to or from certain foreign countries determined to be at a high risk or moderate risk for money laundering, terrorist financing, or other illegal monetary movements,” the agency said.

In 2017, Wells Fargo Advisors settled charges with the SEC for similarly failing to file at least 50 SARs in a timely manner by paying a $3.5 million fine.

Compliance lessons: The first issue with late-filed SARs allegedly revolved around codes the firm assigned to countries considered high or moderate risk for potential illegal activity, including money laundering and terrorist financing. The AML transaction monitoring system used country codes based on the standards established by the National Geospatial Intelligence Agency, while the firm’s enterprise-wide AML and Bank Secrecy Act (BSA) compliance program utilized country codes based on a standard established by the International Organization for Standardization (ISO). The AML system cross-referenced the codes when monitoring wire transfers to foreign countries.

In January 2019, Wells Fargo Advisors implemented a new AML monitoring system, the SEC stated. An examination conducted by the Financial Industry Regulatory Authority (FINRA) in September 2019 found the firm’s AML monitoring system failed to cross-reference the ISO codes, resulting in a failure to generate alerts for more than 1,708 transactions to countries considered high or moderate risk for money laundering/terrorist financing activity. Those countries included Costa Rica, Turkey, Honduras, the British Virgin Islands, Antigua, the Cayman Islands, Ukraine, and Guernsey.

According to the BSA, SARs are supposed to be filed within 30 days to the Treasury Department’s Financial Crimes Enforcement Network. On average, the SARs on transactions flagged by the FINRA examination were filed 157 days late, and in seven cases, more than 200 days late, according to the SEC.

Another unrelated failure in the AML system was reported to the SEC by Wells Fargo Advisors in December 2021. From 2017-19, wire transfer data was not appropriately processed on dates where there was a bank holiday without a corresponding brokerage holiday. The firm failed to generate 658 alerts on 11 days over this period, leading to the filing of nine SARs filed between 536 and 1,209 days late.

Wells Fargo responded by engaging in remedial measures that included reviewing and correcting the issues and “coordinating responsibility between compliance and technology personnel in the implementation of future AML system upgrades,” the SEC stated. The firm retained an outside consultant to review its AML and BSA transaction monitoring system and procedures and recommend enhancements concerning “architecture, testing, and governance for AML and BSA transaction monitoring.” The firm provided the consultant’s report to the SEC, as well as the results of its internal investigations and other key documents.

Wells Fargo response: A spokeswoman for Wells Fargo Advisors issued a statement that the matter at issue “refers to legacy issues that impacted a transaction monitoring system and the issues were resolved promptly upon discovery.”