This enforcement case illustrates two important concerns in broker-dealer compliance. First, having a "great" compliance manual that, for example, specifies "numerous account risk factors and red flags" is worse than useless if a firm does not execute on them. It simply makes no sense to specify very detailed procedures, and then not execute upon them. Second, anything to do with penny stocks is the third rail of AML/securities law compliance. Any firm that wants to be in the business of executing or clearing penny stocks had better have a good AML program; if the expense of a good AML program can not be justified by the revenue of a penny stock business, then it is not worthwhile to be in that business. Just run a Cabinet search on FINRA enforcement releases involving "money laundering" and "penny stocks": there are 130 results (and that isn't counting actions brought by the SEC). That should highlight the risk of being in the penny stock business.