Anti-Bribery and Corruption March 13, 2026

SEC and FinCEN Hit Broker-Dealer for Sweeping AML Compliance Failures

By Lauren Mann, Garen S. Marshall and Justin Givens

On March 6, 2026, the SEC and FinCEN announced parallel enforcement actions against a New York-based registered broker-dealer for systemic anti-money laundering (“AML”) failures, imposing combined penalties of $80 million – the largest ever imposed against a broker-dealer for BSA violations. FinCEN’s $80 million headline penalty includes credits of $20 million each to the SEC and FINRA, with $35 million payable directly to the Treasury; the SEC separately imposed a $20 million penalty and a censure. This alert summarizes the key findings, penalties, and practical takeaways for broker-dealers and other financial institutions.

Key Takeaways

Broker-dealers in higher-risk markets (i.e., over-the-counter (“OTC”), microcap, and penny stocks) face steep consequences for underinvesting in AML surveillance.

Unreviewed surveillance reports can constitute willful BSA and Exchange Act violations.

Customer due diligence (“CDD”) must be individualized and risk-based, not simply a box-checking exercise.

Firms that acknowledge AML deficiencies to regulators – whether in examination responses, corrective action plans, or consent agreements – but fail to follow through with meaningful remediation can expect regulators to treat those unaddressed findings as evidence of willfulness and an aggravating factor in penalty calculations.

Facially adequate AML infrastructure – such as collecting onboarding documents, generating surveillance reports, and cataloguing exception data – may be treated as no controls at all absent meaningful analysis, effective critical review, and timely follow-up on flagged activity.

Key Regulatory Findings

Inadequate AML Program

Both actions center on the broker-dealer’s underinvestment in AML controls relative to the risks of its OTC business. Key surveillance reports were not reviewed, reports that were reviewed relied on arbitrary filters and unreasonable thresholds that rendered them ineffective, and just four employees – none with AML experience or formal training – were responsible for over 100 unique surveillance reports.

Customer Due Diligence Failures

The firm risk-rated account types rather than individual customers, treated CDD as a document-collection exercise rather than an analytical tool, and failed to verify beneficial ownership or resolve obvious inconsistencies.

Failure to File Suspicious Activity Reports

These failures resulted in at least 160 unfiled SARs across dozens of OTC securities and thousands of suspicious transactions.

Sanctions and Remedial Measures

FinCEN imposed an $80 million penalty ($5 million suspended pending a SAR Lookback), with $20 million each credited to the SEC and FINRA, leaving $35 million payable directly to Treasury. The SEC separately ordered a $20 million penalty and a censure.

The FinCEN order requires the firm to complete a SAR Lookback Review by an independent consultant, deliver a report to FinCEN within 180 days, and file SARs on all covered transactions within 90 days after that. The firm must also cooperate with regulators on an ongoing basis and retain all relevant records for six years.

The SEC credited several remedial steps: additional AML compliance staffing, updated exception reports, revised SAR processes, retention of third-party consultants, new supervision and review protocols, and new trade surveillance tools. FinCEN, however, noted that most of these measures came late and their effectiveness remains unproven.

Practical Implications and Recommendations

Broker-dealers and other financial institutions – particularly those in higher-risk product areas – should be confident the following controls are both in place and followed:

Conduct a holistic review of AML controls. Firms should assess whether surveillance reports use risk-based parameters, staffing and expertise match the complexity of surveillance obligations, and quality control programs can catch gaps before regulators do. As this action illustrates, the mere existence of surveillance reports and exception-tracking systems is insufficient; regulators will expect firms to demonstrate that flagged activity is subject to meaningful analysis, timely investigation, and appropriate escalation.

Strengthen CDD processes. CDD programs must go beyond document collection to include individualized, risk-based assessments at onboarding and on an ongoing basis. This includes verifying beneficial ownership, investigating red flags, and updating customer risk profiles when anomalies arise.

Remediate regulatory findings promptly. Regulators will treat a history of acknowledged-but-un-remediated deficiencies as evidence of willfulness and an aggravating factor in penalty determinations.

Conclusion

With $80 million in combined penalties, these parallel actions rank among the most significant AML enforcement actions against a broker-dealer in recent years. The message is clear: regulators will hold firms accountable for prolonged underinvestment in AML infrastructure, and the cost of inaction far exceeds the cost of compliance. Notably, these actions also underscore that merely having the basic infrastructure in place (i.e., collecting onboarding documents, generating surveillance reports, cataloguing exception data) is not enough; without meaningful analysis, effective critical review, and timely follow-up, those facially adequate controls may be treated as no controls at all. Firms should treat this as an occasion to pressure-test their own programs and to remediate gaps before regulators find them.

McGuireWoods will continue to monitor developments in AML enforcement involving broker-dealers, including any further actions stemming from the SEC and FinCEN’s parallel proceedings, related regulatory guidance on surveillance staffing and CDD expectations, and broader BSA compliance trends affecting firms in the OTC, microcap, and penny stock markets. For questions about AML program design and governance, SAR filing obligations, customer due diligence processes, or regulatory examination and enforcement response strategies, please contact the authors of this article or another McGuireWoods attorney with whom you work.

Fraud, Deception and False Claims February 26, 2026

DAAG Provides Views on FCA Enforcement Focus: Targeting Discrimination, Not DEI Programs Per Se

By Edwin O. Childs, Brett Barnett, John Adams, Jack White, Brandi G. Howard, Elissa Baur, John S. Moran, Michael J. Podberesky, Jason M. Vespoli, Maura Naehr, Sophie Marsh and John Sullivan

At the Federal Bar Association’s 2026 Qui Tam Conference on February 19, 2026, Brenna Jenny, Deputy Assistant Attorney General (DAAG) in the U.S. Department of Justice’s (DOJ) Commercial Litigation Branch, delivered a keynote speech on enforcement priorities under the False Claims Act (FCA) with respect to diversity, equity, and inclusion (DEI) programs. Jenny’s reported remarks provided insight into DOJ’s enforcement priorities and viewpoints on FCA enforcement. A key takeaway from Jenny’s presentation is that, from her perspective, DOJ is not investigating federal contractors and grant recipients for having DEI programs, but rather for potentially engaging in discrimination throught their implementation of those programs. She emphasized that companies can engage in discrimination with or without DEI programs and can also operate DEI programs without engaging in discrimination.

Enforcement and Prosecution Policy and Trends, Securities and Commodities February 18, 2026

When AI Isn’t Privileged, Confirmed: SDNY’s Written Opinion Elaborates on Confidentiality, Work Product, and Waiver

By Garen S. Marshall, David Hirsch, Aaron R. Marienthal, Jeffrey P. Ehrlich, Elizabeth Peters and Alice Moscicki

On February 10, 2026, U.S. District Judge Jed Rakoff of the Southern District of New York issued a bench ruling holding that a defendant’s use of generative AI to analyze legal exposure is not protected under attorney-client privilege or the work product doctrine. See When AI Isn’t Privileged: SDNY Rules Generative AI Documents Not Protected. On February 17, 2026, Judge Rakoff issued a written opinion confirming the bench ruling and adding important analysis. This client alert outlines what the written opinion adds on confidentiality, work product, and waiver, and details the practical implications and open questions left by Judge Rakoff’s opinion.

Enforcement and Prosecution Policy and Trends, Miscellaneous February 17, 2026

OFAC Enforcement Action Against Academic Institution Provides Important Compliance Guidance

By Patrick Rowan, Alex J. Brackett, Farnaz Farkish Thompson and Sarah Wake

On February 12, 2026, Treasury’s Office of Foreign Assets Control (OFAC) announced the settlement of an enforcement action against IMG Academy (“IMG”) that highlighted the sanctions risks that U.S. academic institutions face and the steps OFAC recommends the institutions to take the address the risks. The enforcement action stemmed from IMG accepting tuition payments from two Specially Designated National (“SDN”) individuals who had been sanctioned under the Foreign Narcotics Kingpin Designation Act for providing support to a sanctioned Mexican Drug Trafficking Organization (“MDTO”).

IMG is an elite sports training and boarding school for grades 6-12 that is located in Bradenton, Florida. IMG’s student body includes athletes from all over the world. In two separate instances, SDNs enrolled their children in IMG’s boarding programs, entering into yearly tuition contracts for each academic year. One child of an SDN attended IMG for five academic years, from 2018 until graduation in 2023. The other child attended IMG for two academic years, from 2020 to 2022. Tuition for each child was around $100,000 a year.

Enforcement and Prosecution Policy and Trends, Securities and Commodities February 13, 2026

When AI Isn’t Privileged: SDNY Rules Generative AI Documents Not Protected

By Garen S. Marshall, David Hirsch, Aaron R. Marienthal, Jeffrey P. Ehrlich, Elizabeth Peters and Alice Moscicki

Executive Summary

Independent, unsupervised use of generative AI to analyze legal exposure may not be privileged. A federal court held that a defendant’s AI prompts and outputs relating to a criminal investigation of his conduct were not protected after they were seized pursuant to a search warrant.

Platform terms matter. If an AI provider reserves rights to retain, train on, or disclose user inputs, courts may find confidentiality—and therefore privilege—compromised.

Structure AI use under counsel’s direction. The ruling leaves open whether counsel-directed enterprise AI use on a secure platform with strong confidentiality terms may be treated differently. Governance and process may be outcome-determinative.

Government Contracts January 22, 2026

DoW Announces Line-by-Line Review of Certain 8(a) Contracts Amid Government-wide Scrutiny of the 8(a) Program

By Edwin O. Childs, Brett Barnett, Michael J. Podberesky, Abram J. Pafford, John Adams, Jack White, Elissa Baur, Benjamin L. Hatch, Michael Scoville, John S. Moran, James Dougherty, Jason M. Vespoli, Michael A. Brody and McGuireWoods LLP

On January 16, 2026, the Secretary of War Pete Hegseth posted a video on social media announcing that the Department of War will conduct a “line‑by‑line review of every small business, sole source, 8(a) contract that is over $20 million,” focusing on impermissible pass‑throughs to large businesses. This action by the DoW aligns with broader federal investigations and audits of the 8(a) program.

Fraud, Deception and False Claims January 12, 2026

Creation of DOJ Fraud Division Signals Increased White-Collar Enforcement

By Brett Barnett, Edwin O. Childs, John Adams, Ryan Buchanan, Alex J. Brackett, Mindy Sauter, Michael J. Podberesky, Stephen Weiss, David Pivnick, Shalika Shah Kotiya, Brandi G. Howard, Jack White, M. Cole Davidson and Steven McCool

On Jan. 8, 2026, the White House announced the establishment of the DOJ’s Division for National Fraud Enforcement. The Trump administration stated that the new division will “combat the rampant and pervasive problem of fraud in the United States” and “enforce the Federal criminal and civil laws against fraud targeting Federal government programs, Federally funded benefits, businesses, nonprofits, and private citizens nationwide.” This announcement expands upon the Trump administration’s efforts to use the False Claims Act in connection with increased enforcement in areas including DEI initiatives, healthcare fraud and cybersecurity issues. While the creation of the new division accompanied no change in law, federally funded entities should be aware that it may signal increased white-collar enforcement mirroring the administration’s policy priorities.

To learn more, see our post at The FCA Insider.

Anti-Money Laundering, Compliance, Enforcement and Prosecution Policy and Trends January 6, 2026

FinCEN Announces Data-Driven Operation Targeting Southwest Border MSBs

By Jeffrey M. Hanna, Salwa S. Kamal and Vanessa Chen

On December 22, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced a multifaceted data-driven operation to address potential money laundering, focused on more than 100 U.S. money services businesses (MSBs) operating along the southwest border. MSBs are non-bank financial institutions that provide certain financial services, including money transmission, check cashing, and foreign currency exchange. This operation will focus on MSBs’ potential non-compliance with the Bank Secrecy Act (BSA) and other regulations by examining Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs), which MSBs and other financial institutions must submit under BSA regulations.

Because MSBs operating along the southwest border face heightened risk of “cartel-related money laundering,” including the use of proceeds from drug trafficking, human smuggling, and terrorism, this operation is consistent with President Trump’s designation of certain international criminal cartels and organizations as foreign terrorist organizations.

Anti-Money Laundering October 23, 2025

Reducing BSA Compliance Obligations? A Look at the Senate’s STREAMLINE Act

By Jeffrey M. Hanna and Chelsea Smith Press

The Senate has introduced the Streamlining Transaction Reporting and Ensuring Anti-Money Laundering Improvements for a New Era Act, or the STREAMLINE Act, an initiative led by Senate Banking Committee Chairman Tim Scott and Senator John Kennedy, with support from several Republican co-sponsors.

For the first time in over five decades, the bill would modernize key components of the Bank Secrecy Act (“BSA”). Some key proposed changes include: (1) increasing the reporting thresholds, (2) instituting periodic inflation adjustments, and (3) requiring Treasury to update and rationalize reporting processes and related form. Industry groups, including the American Bankers Association and leading credit unions and community banking associations, have expressed support.

This article summarizes the bill’s core provisions that may impact banks, credit unions, money services businesses, and businesses that engage in large cash transactions.

Anti-Money Laundering, Compliance, Enforcement and Prosecution Policy and Trends October 16, 2025

FinCEN Eyes Easing Compliance Burdens on Financial Institutions

By Jeffrey M. Hanna, Elissa Baur and Patrick A. Wallace

The Financial Crimes Enforcement Network (“FinCEN”) has recently taken two steps in furtherance of the Trump Administration’s deregulatory agenda. In late September, FinCEN posted a notice to the Federal Register soliciting comments on a proposed “Survey of the Costs of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Compliance” to be completed by non-bank financial institutions (“NBFIs”). On October 9, FinCEN published a series of frequently asked questions (“FAQs”) aimed at clarifying the requirements around filing suspicious activity reports (“SARs”). Both actions point to an effort to ease compliance costs and align compliance efforts with law enforcement priorities.

Subject to Inquiry

THE LATEST ON GOVERNMENT INQUIRIES AND ENFORCEMENT ACTIONS