The SEC slapped Merrill Lynch with a $7.5 million civil penalty for failing to file suspicious activity reports, the second time in three years the firm has been dinged for essentially the same problem.
The fine, announced on June 29, covers violations stretching from April 2020 through September 2024. That is a four-and-a-half-year window during which Merrill allegedly missed flagging suspicious client transactions that should have been reported to authorities.
What went wrong, again
The root of the problem is almost comically straightforward. Merrill relied on Bank of America’s transaction monitoring software, which used a risk-scoring system to determine which client activities warranted closer scrutiny. The system set a threshold, and anything that scored below it simply did not get flagged.
Suspicious Activity Reports, or SARs, are a cornerstone of anti-money laundering compliance. Financial institutions are required to file them when they spot transactions that could involve fraud, money laundering, terrorist financing, or other illicit behavior.








