The U.S. Securities and Exchange Commission on Monday imposed a $7.5 million civil penalty on Bank of America’s Merrill Lynch unit for failing to properly investigate and file required Suspicious Activity Reports over more than four years.

Merrill Lynch neither admitted nor denied the SEC’s findings. The violations spanned April 2020 to September 2024 and involved shortcomings in the firm’s anti-money laundering compliance program under the Bank Secrecy Act.

Monitoring System Shortcomings

Merrill relied on Bank of America’s transaction monitoring software, which grouped potentially suspicious events and assigned risk scores.

The firm primarily reviewed only those event groups scoring 20 or higher for possible SAR filings, according to the SEC order.

Internal analyses at the firm had identified that some lower-scoring events would have warranted reports if reviewed. Despite this, those events were often excluded from deeper investigation.

The regulator said this approach resulted in numerous missed SAR filings that should have been submitted to the Treasury Department’s Financial Crimes Enforcement Network.

Also Read: New Trick Scammers Are Using to Sweep Clean Americans’ Bank Accounts, How to Protect Your Money

Remedial Actions Taken

In December 2023, Merrill lowered the threshold for internal reviews of suspicious events. The firm then filed additional reports and cooperated fully with the SEC investigation, the agency noted in its settlement order.

The SEC cited this cooperation and the remedial steps as factors in determining the size of the penalty.

Bank of America Statement

Bank of America, headquartered in Charlotte, North Carolina, said in a statement that it maintains rigorous anti-money laundering practices.

The bank added that it continues to review and enhance its monitoring systems to better detect and report suspicious activity.

Also Read: American Bank Worth Ksh103 Trillion to Open Branch in Kenya

SAR filings serve as a key tool for detecting potential money laundering, terrorist financing, and other financial crimes. Broker-dealers are required to monitor client transactions and file reports when activity appears suspicious.

Similar enforcement actions have targeted other major broker-dealers in recent years. The SEC and FinCEN have emphasized that institutions must not rely blindly on scoring models without validating their effectiveness through internal testing.

The settlement does not include any admission of broader systemic failures or client harm. No individuals were charged in the matter.

Bank of America reported the settlement in its regulatory disclosures. Shares of Bank of America traded with little immediate reaction following the announcement.

This enforcement action arrives as financial regulators increase focus on technology-driven compliance tools across Wall Street. Automated systems now handle millions of daily transactions, but gaps in their configuration can still lead to regulatory violations.

The $7.5 million fine will be paid to the SEC. Merrill Lynch agreed to retain an independent compliance consultant if required by other regulators, though the SEC order did not mandate additional external oversight beyond existing obligations.