The New York State Department of Financial Services (NYDFS) emerged in 2016 as a leader in AML enforcement by issuing new and detailed AML regulations with the unique requirement of an individual certification of compliance.
On June 30, 2016, the NYDFS finalized a new regulation setting forth rigorous standards for monitoring and filtering programs to monitor transactions for potential AML violations and block transactions prohibited by the Office of Foreign Assets Control (OFAC). The regulation, which became effective on January 1, 2017, applies to all banks, trust companies, private bankers, savings banks, and savings and loan associations chartered under the New York Banking Law (NYBL); branches and agencies of foreign banking corporations licensed under the NYBL to conduct banking operations in New York; and check cashers and money transmitters licensed under the NYBL (collectively, the Regulated Institutions). The NYDFS regulation is instructive to all financial institutions as a benchmark for future standards potentially to be issued by other states and/or federal regulators.
The most notable provisions of the new regulation require each Regulated Institution to submit to NYDFS by April 15 of each year either a “Senior Officer Compliance Finding” or a resolution of its “Board of Directors” to certify compliance with the regulation. A “Senior Officer” is “the senior individual or individuals responsible for the management, operations, compliance and/or risk” of a Regulated Institution. The “Board of Directors” is the “governing board of every Regulated Institution or the functional equivalent if the Regulated Institution does not have a Board of Directors.” The resolution or finding must state that the Senior Officer or Board of Directors has reviewed documents, reports, certifications, and opinions of officers, employees, outside vendors, and other parties as necessary to adopt the resolution or compliance finding. A Regulated Institution must maintain for NYDFS examination, for a period of five years, all records, schedules, and data supporting adoption of the board resolution or Senior Officer Compliance Finding.
This requirement is currently unique in the AML space, and resembles executive attestations required under Sarbanes-Oxley. It may encourage similar AML requirements under federal law or the laws of other states in the future. It also is consistent with the trend of increasing emphasis on individual executive liability in corporate enforcement cases, and may create practical tensions between an institution’s board and its compliance department, because one or the other must submit the required form.
The final regulation also requires a Regulated Institution to maintain a manual or automated “Transaction Monitoring Program” and “Filtering Program” that are reasonably designed to, respectively, monitor transactions after their execution for potential AML violations and suspicious activity reporting, and interdict OFAC-prohibited transactions. The regulation lists eight attributes a Transaction Monitoring Program must have and five attributes a Filtering Program must have, to the extent applicable.
The final regulation lists eight additional requirements that must be part of both a Transaction Monitoring and Filtering Program, to the extent applicable. Among the areas covered by such requirements are data identification, validation of data integrity, accuracy and quality, data extraction and loading processes, governance and management oversight, vendor selection, and training.
If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.