On Dec. 1, 2015, the New York Department of Financial Services (“NYDFS”) issued a proposed regulation (the “Proposed Regulation”) that would require all depository institutions, trust companies, foreign bank branches or agencies, money transmitters and check cashers chartered or licensed under New York law (each, a “Regulated Institution”)[1] to maintain a “Transaction Monitoring Program” and a “Watch List Filtering Program” (collectively, a “Transaction Monitoring and Filtering Program”) to detect potential violations of applicable anti-money laundering (“AML”) laws and regulations[2] and sanctions programs administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”).[3]

The Proposed Regulation would also require a Regulated Institution’s senior compliance officer (or functional equivalent) to certify annually to the NYDFS each April 15 that the Regulated Institution is in compliance with the Proposed Regulation (“Annual Certification”). Specifically, the Annual Certification would require the senior compliance officer to certify to the best of their knowledge that “they have reviewed, or caused to be reviewed” the Transaction Monitoring and Filtering Program and that “the Transaction Monitoring and Filtering Program complies with all the requirements of [the Proposed Regulation].”[4] An officer who is deemed to have filed an “incorrect or false Annual Certification” maypersonally be subject to criminal penalties.[5]

Scope of Transaction Monitoring and Filtering Program

Generally, the Proposed Regulation requires that the Transaction Monitoring and Filtering Program reflect the Regulated Institution’s risk assessment and current legal and regulatory requirements; include end-to-end, pre- and post-implementation testing; be subject to on-going analysis to assess whether the program maps to the identified risks; and include easily understandable documentation articulating the program’s detection scenarios and the underlying intent and design of the program.[6] In addition, the Transaction Monitoring and Filtering Program must identify relevant data sources; provide for validation of data integrity, accuracy and quality; develop a vendor selection process (if applicable); be subject to governance and management oversight; and provide for funding and staffing by qualified and trained personnel.[7]

Transaction Monitoring Program for Potential AML Violations. For the purpose of monitoring transactions for potential violations of AML laws and regulations, as well as suspicious activity reporting, the Transaction Monitoring Program must reflect “any relevant information available from the institution’s related programs and initiatives, such as ‘know your customer due diligence,’ ‘enhanced customer due diligence’ or other relevant areas, such as security, investigations and fraud prevention” and “include investigative protocols detailing how alerts generated by the [program] will be investigated, the process for deciding which alerts will result in a filing or other action, who is responsible for making such a decision, and how investigative and decision-making process will be documented.”[8]

Watch List Filtering Program for Potential OFAC Violations. With respect to the filtering of transactions for potential sanctions programs violations, the Proposed Regulation requires each Regulated Institution to maintain a Watch List Filtering Program “for the purpose of interdicting transactions, before their execution, that are prohibited by applicable sanctions, including OFAC and other sanctions lists, politically exposed persons lists, and internal watch lists.”[9]  Thus, NYDFS is mandating that the program be capable of real-time transaction interdiction.

The Proposed Regulation also states that “no Regulated Institution may make changes or alterations to the Transaction Monitoring and Filtering Program to avoid or minimize filing suspicious activity reports, or because the institution does not have the resources to review the number of alerts generated . . . , or to otherwise avoid complying with regulatory requirements.”[10]

Notable Observations

The requirements of the Proposed Rule are more prescriptive than the federal AML laws and regulations, and in some instances appear to conflate OFAC requirements with AML requirements (e.g., with respect to politically exposed persons). OFAC regulations do not specifically require transaction filtering programs. Nor do federal regulations prescribe specific elements for a transaction monitoring program, although guidance on transaction monitoring is set forth in the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual.[11] However, such federal banking law guidance is not applicable to money transmitters and check cashers.

Further, the Annual Certification requirement for senior compliance officers (or functional equivalent) is unprecedented in the AML and sanctions area, and introduces a mechanism to hold senior compliance officers individually liable for the shortcomings of a Regulated Institution’s Transaction Monitoring and Filtering Program. While the Proposed Regulation does not explicitly set forth the criminal penalties that could apply in the case of a false certification, it references Section 672 of the New York Banking Law, which makes it a felony for any employee of a corporation subject to the New York Banking Laws to make a false entry in any book, report or statement with intent to deceive a corporate officer or state regulator.[12] 

The regulation will be published in an upcoming edition of the New York State Register, commencing a 45-day notice and comment period. The effective date would be immediate on issuance of the final rule. A copy of the Proposed Regulation can be found here and the press release regarding the Proposed Regulation can be found here.