The Securities and Exchange Commission has announced settled charges against Merrill Lynch, Pierce, Fenner & Smith Incorporated, alleging that the broker-dealer failed to file numerous Suspicious Activity Reports, or SARs, from April 2020 through September 2024.

Merrill Lynch agreed to pay a $7.5 million civil penalty to resolve the SEC’s findings, without admitting or denying the allegations. The case adds to a growing wave of regulatory scrutiny around anti-money laundering controls, transaction monitoring systems, and whether major financial institutions are properly identifying and reporting suspicious client activity.

According to the SEC, Merrill relied on Bank of America Corporation’s enterprise-wide Bank Secrecy Act and Anti-Money Laundering program to help meet Merrill’s own independent SAR-filing obligations. The SEC stated that Bank of America used transaction-monitoring software to group potentially suspicious events and assign those event groups risk scores.

The SEC alleged that only event groups above a certain risk-score threshold were investigated for possible SAR filings, even though internal analyses showed that some lower-scored groups would have resulted in SAR filings if they had been investigated. As a result, the SEC found that Merrill failed to file numerous SARs during the relevant period.

(Sources: SEC Administrative Proceeding, Reuters, Barron’s)

For investors, the Merrill Lynch matter is not just a back-office compliance issue. Suspicious Activity Reports are part of the financial system’s defense against money laundering, fraud, market abuse, and other illicit activity. When a broker-dealer’s monitoring system fails to escalate transactions that may require review, it raises broader questions about supervision, controls, and risk management.

This case also follows the recent EagleBank DOJ resolution involving alleged Bank Secrecy Act failures and a long-running check-kiting scheme. Together, the matters show that regulators are continuing to examine whether banks and broker-dealers are maintaining effective AML programs, responding to internal red flags, and making sure compliance systems are not merely formalities.

The SEC found that Merrill violated Section 17(a) of the Securities Exchange Act of 1934 and Rule 17a-8, which requires broker-dealers to comply with Bank Secrecy Act reporting, recordkeeping, and record-retention requirements. Merrill agreed to a cease-and-desist order, a censure, and the $7.5 million penalty.

For investors and clients, repeated compliance breakdowns at major financial institutions can matter because they may signal deeper weaknesses in oversight. A firm’s ability to detect suspicious activity, investigate red flags, and comply with reporting obligations is part of the larger compliance framework that protects markets and customers.

AML failures may also become relevant in securities disputes when investors suffer losses connected to inadequate supervision, suspicious transactions, unsuitable activity, account intrusions, unauthorized transfers, or other misconduct that should have been flagged earlier.

Sonn Law Group continues to monitor SEC, FINRA, DOJ, and other regulatory actions involving broker-dealers, investment advisers, banks, and financial institutions. Investors who suffered losses after suspicious account activity, inadequate supervision, or compliance failures may have legal options.