Kenya Rules and Regulations (Level 3) Free Practice Test Set Two

Correct: Under SEC Rule 15c3-3, also known as the Customer Protection Rule, broker-dealers are strictly required to maintain a ‘Special Reserve Bank Account for the Exclusive Benefit of Customers’ that is separate from the firm’s proprietary accounts. The rule mandates that firms perform a specific calculation (the Reserve Formula) to determine the amount of money they must hold in this reserve account to ensure that customer assets are available for return even if the firm fails. Commingling proprietary and customer funds in a single omnibus account without maintaining the required reserve deposits is a direct violation of federal securities laws designed to protect investor liquidity and prevent the use of customer assets to fund firm operations.

Incorrect: The approach of relying on real-time ledger tracking while maintaining a single omnibus account is insufficient because SEC regulations require physical and legal segregation of funds, not just accounting-based distinctions. The approach of focusing on T+1 settlement cycles is a separate operational requirement and does not address the fundamental failure to protect customer credit balances through the Special Reserve Bank Account. The approach of seeking client consent to waive segregation requirements is legally invalid, as the protections afforded by the Customer Protection Rule are regulatory mandates that cannot be bypassed through private contractual agreements or disclosures.

Takeaway: Broker-dealers must strictly segregate customer funds from proprietary assets and maintain a Special Reserve Bank Account as required by SEC Rule 15c3-3 to ensure investor protection.

Correct: Under the Bank Secrecy Act and specifically the USA PATRIOT Act Section 312, United States financial institutions are required to perform Enhanced Due Diligence (EDD) for private banking accounts held by non-U.S. persons, which includes Politically Exposed Persons (PEPs). This regulatory framework, supported by FinCEN guidance, mandates that institutions identify the source of wealth and source of funds for such individuals to mitigate the risk of money laundering or public corruption. Furthermore, internal controls must ensure that senior management approves the commencement of these high-risk relationships to maintain institutional accountability and oversight.

Incorrect: The approach of applying standard Customer Due Diligence and deferring the risk review is insufficient because high-risk categories like PEPs require immediate EDD at the point of onboarding to assess the risk profile accurately before the bank is exposed to the funds. The approach of relying on Section 314(b) information sharing as a substitute for primary due diligence is a misunderstanding of the regulation; Section 314(b) allows for voluntary information sharing between financial institutions to identify and report suspicious activity, but it does not provide a ‘safe harbor’ to bypass independent verification requirements. The approach of solely relying on OFAC screening is inadequate because sanctions list checking is only one component of a comprehensive AML program; PEPs may not appear on an SDN list but still pose significant legal and reputational risks that require proactive source-of-wealth verification.

Takeaway: For high-risk clients such as foreign Politically Exposed Persons, U.S. regulations require Enhanced Due Diligence including source of wealth verification and senior management approval at onboarding.

Correct: The SEC’s Seaboard Report (issued under Section 21(a) of the Securities Exchange Act of 1934) establishes the framework for ‘cooperation credit’ in enforcement actions. The Commission evaluates four critical factors: self-policing (detecting the issue), self-reporting (disclosing it voluntarily and promptly), remediation (firing bad actors and fixing controls), and cooperation (providing the SEC with all relevant facts). Proactively addressing these elements is the most effective way for a firm to mitigate civil penalties and avoid more severe administrative sanctions.

Incorrect: The approach of waiting for a formal Wells Notice or subpoena is flawed because it eliminates the possibility of receiving credit for voluntary self-reporting, which is a cornerstone of the SEC’s cooperation policy. The approach of attempting to negotiate a deferred prosecution agreement based on historical compliance before finishing the internal investigation is premature, as regulators require a full accounting of the specific misconduct before discussing settlement structures. The approach of relying solely on restitution to counterparties to preclude proceedings is insufficient because restitution addresses the harm but does not satisfy the firm’s regulatory obligations regarding books and records or supervisory failures.

Takeaway: In the U.S. regulatory environment, the Seaboard Report criteria prioritize proactive self-reporting and comprehensive remediation as the primary means to mitigate enforcement penalties.

Correct: Under the Investment Company Act of 1940, specifically Section 5(b)(1), a management company is classified as ‘diversified’ if at least 75% of the value of its total assets is represented by cash, government securities, and other securities limited in respect of any one issuer to an amount not greater than 5% of the value of the total assets of the management company. Additionally, Section 13(a) of the Act stipulates that a fund cannot change its sub-classification from diversified to non-diversified, or deviate from a fundamental policy regarding industry concentration (typically 25%), without the authorization of a majority of its outstanding voting securities. Implementing automated pre-trade compliance blocks is the industry standard for mitigating the risk of inadvertent regulatory breaches that could lead to rescission of trades, regulatory fines, or loss of tax-advantaged status.

Incorrect: The approach of reclassifying the fund through an amended Form N-1A filing without prior shareholder consent is incorrect because the transition from a diversified to a non-diversified status is a change in fundamental policy that requires a shareholder vote under Section 13(a) of the Investment Company Act. The approach of relying on Subchapter M of the Internal Revenue Code’s 50% diversification test is insufficient because, while it satisfies tax requirements, it does not meet the stricter 75% diversification standard required for funds registered as ‘diversified’ under the 1940 Act. The approach of using a ‘look-through’ revenue analysis to manually reclassify industry exposure is a violation of the requirement for consistent application of industry classifications as defined in the fund’s registration statement; attempting to circumvent concentration limits through creative accounting represents a failure of the compliance and internal control framework.

Takeaway: Registered diversified investment companies in the U.S. must strictly adhere to the 75/5/10 rule and the 25% industry concentration limit, as these are fundamental policies that cannot be changed without shareholder approval.

Correct: Under the Investment Company Act of 1940, open-end management investment companies (mutual funds) are required to register with the SEC using Form N-1A, which consists of the prospectus (Part A) and the Statement of Additional Information (Part B). Furthermore, Regulation S-P (Privacy of Consumer Financial Information) mandates that financial institutions, including registered investment companies, provide a clear and conspicuous initial privacy notice to customers not later than when the customer relationship is established, which occurs when an investor purchases shares of the fund.

Incorrect: The approach of keeping the Statement of Additional Information confidential is incorrect because the SAI is a mandatory public filing that must be available to any investor upon request and is part of the fund’s formal registration statement. The approach of relying on the credit union’s registration under the Bank Holding Company Act is wrong because mutual funds are separate legal entities that must independently comply with the Investment Company Act of 1940, regardless of their sponsor’s regulatory status. The approach of assuming automatic 20-day effectiveness and bypassing the privacy notice is incorrect because the SEC typically issues comments that delay effectiveness until resolved, and Regulation S-P requires direct delivery of a privacy notice rather than just a general website posting.

Takeaway: Mutual fund registration in the United States requires filing Form N-1A with the SEC and providing an initial privacy notice to investors at the start of the customer relationship as required by Regulation S-P.

Correct: Under the Investment Advisers Act of 1940, specifically Rule 206(4)-2 (the Custody Rule), a Registered Investment Adviser (RIA) that has custody of client funds or securities must maintain them with a qualified custodian. When an RIA outsources back-office functions, it retains the fiduciary and regulatory responsibility to ensure that client assets are properly segregated and protected. The correct approach involves performing rigorous due diligence on the service provider’s internal controls (typically via a SOC 1 Type 2 report), ensuring assets are held in properly titled accounts at a qualified custodian, and engaging an independent public accountant to conduct a surprise examination to verify the existence and segregation of those assets, as required by the SEC for firms with certain types of custody.

Incorrect: The approach of relying on the service provider’s internal compliance reports and management representation letters is insufficient because it lacks the independent verification required by the Custody Rule to mitigate the risk of fraud or commingling. The approach of consolidating assets into a domestic omnibus account to simplify oversight fails to address the core requirement of ensuring that the qualified custodian provides individual account statements to clients or that the firm undergoes a surprise examination to verify those specific holdings. The approach of simply updating the Form ADV and notifying clients is a disclosure-based response that fails to fulfill the substantive safeguarding requirements of Rule 206(4)-2, which mandates active oversight and independent verification of the physical existence of assets.

Takeaway: Investment advisers in the United States remain legally responsible for the safety and segregation of client assets under SEC Rule 206(4)-2, regardless of whether custodial operations are outsourced to a third-party provider.

Correct: Under the Investment Company Act of 1940, specifically Rule 2a-5, the fund’s Board of Directors is responsible for the fair value determination process. When market quotations are not readily available, the fund must determine a fair value in good faith. Identifying a 45-day gap in valuations necessitates an immediate escalation to the Board and a retroactive materiality analysis. If the lack of updated pricing resulted in a Net Asset Value (NAV) error exceeding industry and regulatory thresholds (typically $0.01 per share or 0.5% of NAV), the fund may be required to compensate shareholders who transacted at the incorrect price to prevent dilution or unjust enrichment, while simultaneously correcting the internal control weakness.

Incorrect: The approach of adjusting only the current day’s NAV is insufficient because it fails to address the potential harm to shareholders who entered or exited the fund during the 45-day period when the price was stale. The approach of suspending all redemptions and subscriptions is an extreme measure that generally requires an order from the SEC under Section 22(e) of the Investment Company Act of 1940, and is typically reserved for emergencies where the fund cannot reasonably calculate NAV or liquidate assets. The approach of continuing to use the last known traded price is a violation of fiduciary duty and regulatory requirements, as stale prices do not represent the current fair value of the portfolio when market conditions have changed, leading to inaccurate financial reporting.

Takeaway: Investment companies must maintain rigorous fair valuation procedures for illiquid assets and perform retroactive materiality assessments whenever a pricing error or delay is discovered to protect shareholder interests.

Correct: The Central Bank of Kenya (CBK) derives its authority from the Central Bank of Kenya Act and the Banking Act to license, supervise, and regulate financial institutions. This includes the issuance of Prudential Guidelines which set the standards for internal controls, risk management, and Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) compliance. For a United States broker-dealer, this regulatory oversight is a critical component of the ‘Know Your Correspondent’ and ‘Due Diligence’ requirements under the Bank Secrecy Act (BSA) and the USA PATRIOT Act, as it ensures that the Kenyan counterparty operates within a framework aligned with Financial Action Task Force (FATF) international standards.

Incorrect: The approach suggesting the CBK acts as the sole prosecutor for financial crimes is incorrect because the CBK is a regulatory and supervisory body; criminal prosecution is the mandate of the Office of the Director of Public Prosecutions (ODPP) and investigations are handled by the Financial Reporting Centre (FRC) and the police. The approach stating the CBK maintains the primary public registry for beneficial ownership is inaccurate as beneficial ownership information in Kenya is primarily managed by the Business Registration Service (BRS) under the Companies Act, not the CBK. The approach claiming the CBK provides mandatory insurance for all foreign currency deposits is incorrect because deposit protection is the responsibility of the Kenya Deposit Insurance Corporation (KDIC), and such insurance is subject to specific coverage limits and does not eliminate the need for independent credit risk assessments by United States firms.

Takeaway: The Central Bank of Kenya exercises statutory oversight through licensing and prudential guidelines to ensure financial stability and AML compliance, which serves as the regulatory basis for international due diligence.

Correct: Under the SEC’s Regulation S-P (the Safeguards Rule) and NCUA Part 748, financial institutions are required to maintain administrative, technical, and physical safeguards to protect non-public personal information. When a sub-custodian allows unauthorized access to metadata that can identify member holdings, it constitutes a significant breakdown in the custody and data protection framework. Initiating a forensic audit is necessary to determine the scope of the exposure, while notifying the Board of Directors ensures proper governance. Furthermore, the delay in the SOC 2 report is a red flag that requires immediate escalation to determine if the credit union’s fiduciary duty to safeguard assets has been compromised, potentially triggering mandatory consumer notification requirements.

Incorrect: The approach of relying on the sub-custodian’s internal attestation is insufficient because it lacks the independent verification required for high-risk third-party relationships, especially when a formal audit report is already overdue. The approach of immediate termination of the sub-custodian agreement is professionally reckless as it could lead to a loss of market access or settlement failures, creating greater operational risk than the data exposure itself without a pre-arranged transition plan. The approach of merely requesting future security enhancements like multi-factor authentication is inadequate because it is purely prospective and fails to investigate or remediate the potential breach that has already occurred, nor does it fulfill the internal reporting obligations to the Board.

Takeaway: Custody arrangements require continuous independent verification of third-party controls, and any suspected unauthorized access must be met with immediate forensic investigation and governance escalation.

Correct: Under the Securities and Exchange Commission (SEC) Rule 15c6-1, the standard settlement cycle for most broker-dealer transactions was shortened to T+1 in May 2024. To achieve this, the industry standard requires trade affirmation, allocation, and confirmation to be completed as soon as technologically possible, specifically by the 9:00 PM ET cutoff on trade date (T). Utilizing the Continuous Net Settlement (CNS) system provided by the National Securities Clearing Corporation (NSCC), a subsidiary of the DTCC, is the primary method for firms to mitigate liquidity risk and operational friction by netting trades into a single position per security, which is essential for the compressed T+1 timeframe.

Incorrect: The approach of requesting a regulatory waiver for institutional or cross-border trades to remain on a T+2 cycle is incorrect because the SEC mandate for T+1 is broad and does not provide blanket exemptions for trade complexity or geographic location of the client. The approach of shifting equity settlements to the Fedwire Securities Service is fundamentally flawed because Fedwire is a Real-Time Gross Settlement (RTGS) system primarily used for US Treasuries and agency debt, whereas corporate equities are cleared and settled through the NSCC and DTC. The approach of maintaining manual processes while simply increasing clearing fund deposits fails to address the underlying operational requirement for timely affirmation and increases the likelihood of systemic settlement fails, which can lead to regulatory enforcement actions for failing to maintain adequate supervisory controls over settlement operations.

Takeaway: Compliance with the US T+1 settlement mandate requires the implementation of automated straight-through processing and same-day trade affirmation to ensure efficient clearing through centralized systems like the NSCC.

Correct: Under the Bank Secrecy Act (BSA) and FINRA Rule 3310, broker-dealers are required to file a Suspicious Activity Report (SAR) for any transaction or series of transactions involving at least $5,000 that the firm knows, suspects, or has reason to suspect are designed to evade BSA requirements, such as structuring. The SAR must be filed with the Financial Crimes Enforcement Network (FinCEN) within 30 calendar days after the date of initial detection of facts that may constitute a basis for filing a SAR. This requirement is distinct from the Currency Transaction Report (CTR) requirement, which is triggered by physical currency transactions exceeding $10,000.

Incorrect: The approach of only filing a Currency Transaction Report (CTR) for aggregate cash transactions exceeding $10,000 is insufficient because it fails to address the mandatory SAR filing requirement for suspicious patterns like structuring, which applies even when the $10,000 cash threshold is not met. The approach of notifying the SEC’s Office of Compliance Inspections and Examinations (now the Division of Examinations) and applying a temporary hold under FINRA Rule 2165 is incorrect because SARs must be filed through the FinCEN BSA E-Filing System, and Rule 2165 is specifically designed for the protection of specified adults from financial exploitation rather than general AML structuring. The approach of amending Form BD and contacting the FBI directly is incorrect because Form BD is used for firm registration information and does not serve as a mechanism for reporting suspicious transactions, and the primary regulatory reporting channel for such activity is FinCEN.

Takeaway: Broker-dealers must file a Suspicious Activity Report (SAR) within 30 days for transactions exceeding $5,000 that appear intended to evade Bank Secrecy Act reporting requirements through structuring.

Correct: Under the Investment Company Act of 1940, specifically Section 14(a), a registered investment company is prohibited from making a public offering of its securities unless it has a net worth of at least 100,000 USD or has made arrangements to ensure it will have that amount. Furthermore, when adding a new series to an existing open-end management company, the issuer must file a registration statement on Form N-1A. For a new series, this typically involves a filing under Rule 485(a), which requires a mandatory review period (usually 60 to 75 days) before the Securities and Exchange Commission (SEC) declares it effective. Accepting purchase payments or binding applications before the effective date violates Section 5 of the Securities Act of 1933, which prohibits the sale of securities before a registration statement is effective.

Incorrect: The approach of filing under Rule 485(b) is incorrect because that rule is reserved for routine filings, such as annual updates or non-material changes, and does not apply to the registration of a new fund series which requires a full SEC review period. The strategy of seeking an exemption under Section 3(c)(7) is inappropriate for funds designed as sub-accounts for retail variable insurance products, as these products generally require the underlying funds to be fully registered under the Investment Company Act to meet investor protection standards and tax qualification requirements. The suggestion to use ‘test the waters’ provisions under Rule 163A is legally flawed because investment companies registered under the Investment Company Act of 1940 are specifically excluded from relying on the safe harbors provided by Rule 163A for pre-filing communications.

Takeaway: New investment company series must satisfy the 100,000 USD minimum seed capital requirement and complete the formal SEC registration process on Form N-1A before accepting investor funds.

Correct: The primary role of a capital markets regulator, such as the Securities and Exchange Commission (SEC) or FINRA in the United States, is to protect investors and maintain fair, orderly, and efficient markets. This is achieved by requiring market participants to implement robust internal control systems and using enforcement authority to hold firms accountable when those systems fail to detect or prevent market manipulation, such as wash trading. Under the Securities Exchange Act of 1934 and subsequent regulations like the Dodd-Frank Act, the authority’s mandate is to oversee the integrity of the market by ensuring that firms have the necessary infrastructure to comply with federal securities laws.

Incorrect: The approach of performing independent stress testing and providing a legal safe harbor is incorrect because regulators do not certify the technical perfection of private models nor do they grant immunity from enforcement based on system certifications; firms remain responsible for their own compliance outcomes. The approach of acting as a central clearinghouse to replace firm-level surveillance is incorrect because the United States regulatory model relies on a decentralized system where individual broker-dealers and exchanges are the first line of defense, subject to regulatory oversight. The approach of guaranteeing the financial solvency of firms facing losses from technical errors is incorrect because regulators are not insurers or lenders of last resort for operational failures; their mandate is focused on market conduct and investor protection, not the financial bailouts of private entities for compliance lapses.

Takeaway: The primary role of a capital markets regulator is to ensure market integrity through the oversight of firm-level controls and the enforcement of regulations designed to prevent market abuse.

Correct: Under federal regulations such as the S.A.F.E. Mortgage Licensing Act and NCUA supervisory guidelines, individuals performing regulated functions—specifically those acting as Mortgage Loan Originators (MLOs)—must be registered with the National Mortgage Licensing System (NMLS) before engaging in those activities. Business continuity events or system outages do not provide a legal exemption from these licensing requirements. The approach of restricting unverified personnel to non-regulated administrative tasks is the only compliant path, as it prevents unauthorized activity while maintaining operational transparency through notification to the primary federal regulator (NCUA). This demonstrates a robust compliance culture that prioritizes regulatory adherence over short-term operational convenience.

Incorrect: The approach of allowing employees to work under a ‘provisional status’ based on a signed attestation is incorrect because self-certification is not a legally recognized substitute for the mandatory federal registration and background check process required by law. The approach of permitting employees to perform regulated duties as long as a registered MLO reviews the work is also flawed; federal law requires the individual actually engaging in the regulated activity (the inquiry and application stage) to be registered, not just the final reviewer. The approach of implementing a temporary waiver based on internal disaster recovery plans is invalid because internal policies cannot override federal statutory requirements or mandatory licensing regulations issued by federal authorities.

Takeaway: Federal licensing and registration requirements remain mandatory during business continuity events, requiring institutions to reassign unverified staff to non-regulated roles rather than bypassing regulatory verification processes.

Correct: Under the Securities Exchange Act of 1934 and the qualitative listing standards of major U.S. exchanges like the NYSE and NASDAQ, listed entities must maintain rigorous compliance with federal laws, including the economic sanctions programs administered by the Office of Foreign Assets Control (OFAC). Establishing an integrated compliance framework that utilizes automated real-time screening of significant shareholders and partners against the OFAC Specially Designated Nationals (SDN) list is the only way to ensure the entity does not facilitate transactions with prohibited persons. This proactive approach ensures that the fund administrator identifies potential violations immediately, allowing for asset freezing and reporting to the Treasury Department, thereby protecting the fund’s regulatory standing and its continued eligibility for exchange listing.

Incorrect: The approach of delegating the entirety of sanctions verification to transfer agents and clearing corporations is insufficient because the fund administrator and the issuer retain ultimate responsibility for the fund’s regulatory compliance; they cannot fully outsource the legal risk associated with sanctions violations. The approach of conducting manual audits of the shareholder ledger every six months is inadequate because the SDN list is updated frequently and unpredictably, and a six-month lag in detection could result in significant enforcement actions and immediate delisting for failure to maintain corporate integrity. The approach of restricting ownership based on geography or G7 membership is a flawed proxy that fails to meet the specific legal requirement to screen individual names and entities against the actual SDN list, as sanctioned individuals can reside or operate within any jurisdiction.

Takeaway: Maintaining a listing on a U.S. exchange requires continuous, automated OFAC screening to ensure that the integrity of the shareholder base meets the qualitative regulatory standards of the exchange and federal law.

Correct: The Insurance Regulatory Authority (IRA) of Kenya, established under the Insurance Act (Cap 487), is mandated to ensure the technical and financial soundness of insurers. When an insurer fails to meet the Risk-Based Capital (RBC) requirements or solvency margins, the IRA has the statutory power under Section 67C to intervene. This includes appointing a statutory manager to take control of the business, restricting the issuance of new policies to prevent further exposure to the public, and mandating a capital injection. This approach directly addresses the risk to policyholders and the stability of the insurance sector, which is the primary objective of the IRA’s supervisory framework.

Incorrect: The approach of initiating a voluntary restructuring while allowing a reduction in minimum capital requirements is incorrect because the IRA does not have the discretion to waive statutory solvency minimums in a way that compromises the protection of policyholders. The approach of seeking emergency liquidity from the Central Bank of Kenya is wrong because the CBK’s lender-of-last-resort facilities are restricted to banking institutions, not insurance companies, which must rely on shareholder capital or reinsurance. The approach of prioritizing corporate claims over individual policyholders to maintain market confidence is a violation of the principle of treating customers fairly and contradicts the IRA’s consumer protection mandate, which does not permit discrimination between classes of policyholders in a liquidity crisis.

Takeaway: The Insurance Regulatory Authority prioritizes policyholder protection and market stability through direct statutory interventions, including the enforcement of risk-based capital standards and the use of statutory management when solvency is threatened.

Correct: Under the Investment Company Act of 1940 and SEC Rule 22e-4 (the Liquidity Rule), a registered open-end fund must implement a written liquidity risk management program. This includes a 15% limit on illiquid investments and the requirement to manage the fund in a way that does not unfairly disadvantage remaining shareholders during large redemption events. While the 5% diversification rule (Section 5(b)(1)) is generally tested at the time of investment, a fiduciary must monitor the resulting portfolio composition to ensure that meeting a redemption does not leave the fund with an unmanageable concentration of illiquid assets or a profile that deviates fundamentally from its prospectus. Proper documentation of the decision-making process regarding liquidity buckets and the impact on remaining investors is essential for regulatory compliance.

Incorrect: The approach of immediately suspending redemptions is generally prohibited under Section 22(e) of the Investment Company Act of 1940 unless the New York Stock Exchange is closed or the SEC has granted a specific emergency order; it is not a standard tool for managing individual large redemptions. The strategy of liquidating only the most liquid assets to satisfy a single departing shareholder fails the fiduciary duty of loyalty to the remaining shareholders, as it degrades the liquidity profile of the remaining portfolio (often called the ‘last man standing’ problem). Relying exclusively on a line of credit to fund redemptions without adjusting the portfolio may violate Section 18 asset coverage requirements for senior securities (borrowings) and merely postpones the necessary liquidity realization, potentially burdening the fund with interest expenses that diminish the NAV for remaining holders.

Takeaway: Fiduciary duties and SEC Rule 22e-4 require fund managers to balance redemption liquidity with the protection of remaining shareholders’ interests and strict adherence to illiquid investment caps.

Correct: Under the Bank Secrecy Act (BSA) and FinCEN regulations (31 CFR 1020.320), financial institutions are required to file a Suspicious Activity Report (SAR) for any transaction that involves at least $5,000 and where the institution suspects the transaction is intended to evade reporting requirements, such as structuring cash deposits to stay below the $10,000 Currency Transaction Report (CTR) threshold. The SAR must be filed within 30 calendar days of the initial detection of the suspicious activity. Furthermore, 31 U.S.C. 5318(g)(2) strictly prohibits ‘tipping off’ the subject of a SAR, meaning the bank must maintain absolute confidentiality regarding the filing to protect the integrity of potential law enforcement investigations.

Incorrect: The approach of extending the investigation for an additional 60 days is incorrect because federal regulations mandate a 30-day filing window from the date of initial detection when a suspect is identified; delaying for further evidence would result in a compliance violation. The approach of filing a retroactive CTR is technically flawed because CTRs are required for actual currency transactions exceeding $10,000, and while the aggregate amount exceeded this, the primary regulatory concern here is the ‘structuring’ itself, which necessitates a SAR rather than a modified CTR. The approach of prioritizing an SEC whistleblower disclosure over the FinCEN filing is inappropriate because the bank’s primary institutional obligation under the BSA is to report suspicious activity directly to FinCEN, and a whistleblower report does not absolve the institution of its mandatory SAR filing requirements.

Takeaway: Financial institutions must file a SAR within 30 days of detecting suspected structuring and must ensure the client is never informed of the report to comply with anti-tipping-off provisions.

Correct: The Nairobi Securities Exchange (NSE) operates with specific market micro-structure rules designed to maintain stability, including a daily price movement limit of 10% for most listed equities based on the previous day’s weighted average price. When a security hits these limits, the Automated Trading System (ATS) will reject orders outside the permitted range. Furthermore, the Capital Markets Authority (CMA) of Kenya, as the statutory regulator under the Capital Markets Act, possesses the legal mandate to suspend trading or intervene in market operations to protect investor interests and ensure market integrity during periods of extreme volatility or technical disruption.

Incorrect: The approach of applying standard US-based market-wide circuit breakers, such as the 7%, 13%, and 20% thresholds mandated by the SEC under Regulation NMS, is incorrect because the NSE is a distinct jurisdiction with its own specific volatility controls and price bands. The approach suggesting a mandatory 48-hour pre-funding requirement in Kenyan Shillings at the Central Bank for all foreign institutional trades during volatility is a misunderstanding of the settlement process; while liquidity is necessary, such a specific regulatory pre-funding mandate for volatility events does not exist in the NSE trading rules. The approach of attributing rejections to a T+1 settlement cycle for international orders is factually incorrect, as the NSE currently operates on a T+3 settlement cycle, and settlement timing issues would typically manifest at the clearing level rather than as automated order rejections in the trading system during a price sell-off.

Takeaway: The Nairobi Securities Exchange manages market volatility through a combination of fixed 10% daily price bands and the discretionary intervention authority of the Capital Markets Authority.

Correct: Under the Bank Secrecy Act (BSA) and FinCEN regulations, financial institutions are required to file a Suspicious Activity Report (SAR) when they detect transactions that have no apparent lawful purpose or are not the sort in which the particular customer would normally be expected to engage. The threshold for mandatory SAR filing is generally $5,000 for transactions where a suspect can be identified. The process requires a thorough internal investigation, documentation of the suspicious nature of the activity (such as potential structuring or inconsistency with known business patterns), and strict adherence to the ‘no tipping off’ rule, which prohibits disclosing the existence of a SAR to the subject of the report.

Incorrect: The approach of relying solely on member-provided invoices or contracts to clear an alert is insufficient because it fails to independently verify the legitimacy of the source of funds and ignores the red flags of structuring and high-risk jurisdictional involvement. The approach of filing a Currency Transaction Report (CTR) is a fundamental regulatory error, as CTRs are specifically required for physical currency (cash) transactions exceeding $10,000, whereas wire transfers are subject to SAR and ‘Travel Rule’ requirements. The approach of seeking Board approval for immediate termination before filing regulatory disclosures is flawed because it prioritizes relationship management over federal reporting timelines and risks ‘tipping off’ the member, which is a violation of federal law.

Takeaway: AML compliance in the United States requires distinguishing between cash-based CTR filings and activity-based SAR filings while maintaining strict confidentiality to prevent tipping off the subject of an investigation.