New York Department of Financial Services Issues Proposed Transaction Monitoring and Filtering Program Requirements and Annual Senior Compliance Officer Certification

SUMMARY

The New York Department of Financial Services (the “NYDFS”) yesterday issued a proposed regulation (the “Proposed Regulation”) that sets forth, for financial institutions chartered or licensed under the New York Banking Law (a “Regulated Institution”), the attributes of a transaction monitoring and filtering program to ensure compliance with applicable federal Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) laws and regulations and sanctions administered by the Office of Foreign Assets Control (“OFAC”). In addition, the Proposed Regulation would require a senior compliance officer of each Regulated Institution to make an annual certification as to an institution’s compliance with the requirements of the regulation, with the potential for criminal penalties for the officer if the certification is “incorrect or false.” The effective date would be immediate on final issuance and would apply to all “state fiscal years” beginning April 1, 2016. Comments are due 45 days after publication in the New York State Register.

PROPOSED REGULATION

Broadly, under the Proposed Regulation, a Regulated Institution would be required:

  • To maintain a Transaction Monitoring Program for the purpose of monitoring transactions for potential BSA/AML violations and suspicious activity reporting that includes certain attributes specified in the Proposed Regulation. The attributes of the Transaction Monitoring Program include technical requirements for monitoring systems, as well as requiring that the systems reflect an institution’s risk assessment, customer risk ratings, and Know Your Customer information;
  • To maintain a Watch List Filtering Program for the purpose of interdicting transactions, before their execution, that are prohibited by applicable sanctions, including OFAC and other sanctions lists, politically exposed persons lists, and internal watch lists, that includes the attributes specified in the Proposed Regulation; and
  • To ensure that the Transaction Monitoring and Filtering Programs use all relevant data sources, provide for validation of data quality, are subject to governance and management oversight (including governance over changes to the programs), and are appropriately funded and staffed by trained personnel.1

The Proposed Regulation also states that Regulated Institutions would not be permitted to make changes or alterations to the Transaction Monitoring and Filtering Programs to avoid or minimize the filing of suspicious activity reports, or because the institution does not have the resources to review the number of alerts generated by a Program or otherwise avoid complying with regulatory requirements. The regulators have recently brought enforcement actions against banks premised on such “tuning” of BSA/AML systems.

The attributes of the Transaction Monitoring and Filtering Programs extend well beyond formal requirements published by federal authorities, but are generally consistent with regulatory expectations reflected in the FFIEC BSA/AML Examination Manual2 and recent enforcement actions by the federal banking agencies and FinCEN for banks and branches of foreign banks.3

Notably, however, the Proposed Regulation introduces an annual certification requirement for senior compliance officers, which poses an unprecedented element of risk for these officers. The Proposed Regulation, including the form of certification, would require the senior compliance officer to certify that the Transaction Monitoring and Filtering Programs requirements are satisfied, and that the certifying officers would face potential criminal penalties in the event of an “incorrect” or “false” certification. Although the Proposed Regulation refers to “incorrect” or “false” certifications without qualification, the proposed form of certification includes a qualifier that the information provided is to the officer’s “best knowledge.” At the same time, however, the Proposed Regulation does not explicitly provide an “intent” standard for the imposition of criminal penalties.

Clients interested in further information concerning the Proposed Regulation, and BSA/AML and sanctions developments generally, are encouraged to contact the Sullivan & Cromwell lawyers identified at the end of this memorandum.