In June 2026, Wealth Management firm, Merrill Lynch, agreed to pay $7.5 million to settle charges from the U.S. Securities and Exchange Commission (SEC). The firm’s apparent Anti-Money Laundering (AML) failures add to its long-standing history of consistent regulatory penalties.
The SEC stated that the firm did not file numerous Suspicious Activity Reports (SARs) in the period of April 2020 and September 2024. Unfortunately, the firm leaned on Bank of America’s group-level AML program, which was simply not enough. It did not fully satisfy their AML obligations as a registered entity.
What Happened to Merrill Lynch in June 2026?
Merrill Lynch broke reporting and record keeping requirements as they failed to file SARs as per the Bank Secrecy Act (BSA) rules. As a result, the firm accepted the cease-and-desist order, censure, and civil penalty without admitting or denying the SEC findings.
This case is centered on critical AML controls around reporting. If there is even a hint of suspicious activity, it becomes the firm’s responsibility to find, review, and escalate the risk within the required framework. For financial institutions, they need to be able to put policy into practice with real customer activity.
Why Does the Merrill Lynch SEC Fine Matter?
The Merrill Lynch SEC fine is important because regulators want entity-specific AML controls. This is especially important when a firm operates inside a larger financial group. Even though a parent-company’s AML framework may provide structure, regulated entities under it need controls that reflect their own customers, products, and risk exposure.
Moreover, they must have their own reporting rules and supervisory expectations. The SEC’s findings focused on the gap between group-level AML reliance and broken-dealer-specific obligations.
However, this enforcement shows a regulatory trend across several jurisdictions. For example, the Central Bank UAE placed a $5.4 million AML fine on the branch of a foreign bank and their money laundering reporting officer (MLRO) over similar failures in their compliance processes.
A Recent Fine With a Longer Penalty History
This fine is one in a series of regulatory penalties that Merrill Lynch has faced over the years. Their previous AML fine cases were due to SARs, trade reporting, derivatives reporting, and investor protection issues.
These multiple fines were due to enforcement actions spanning across different regulators, jurisdictions, business lines, and time periods. Yet, the latest SEC AML fine adds to a much broader pattern of significant penalties.
In summary, AML compliance must be operational, tailored, and audit-ready. Financial institutions must connect customer due diligence, sanctions, PEP, and many more AML solutions into one singular process. Today, written policies are not enough if teams cannot evidence how risks were detected, investigated, and reported.
Find out more AML news in ComplyCube’s Trust Edition newsletter. We explore the latest in developments across identity verification and AML globally.
