On June 30, 2016, the New York Department of Financial Services (“NY DFS”) adopted a final anti-terrorism and anti-money laundering regulation (the “Final Regulation”) that requires institutions subject to regulation by the NY DFS to maintain programs to monitor and filter transactions for potential Bank Secrecy Act (“BSA”) and anti-money laundering (“AML”) violations and prevent transactions with sanctioned entities.

Of particular significance is that under the Final Regulation, which will be effective January 1, 2017, relevant regulated NY DFS institutions are required to review their transaction-monitoring and filtering programs and ensure that they are reasonably designed to comply with risk-based safeguards. These institutions also must adopt (at the institution’s option) an annual board resolution or senior officer compliance finding to certify compliance with the Final Regulation beginning April 15, 2018. The resolution or finding must state that documents, reports, certifications and opinions of officers and other relevant parties have been reviewed by the board of directors or senior official to certify compliance with the Final Regulation.

The proposed version of the Final Regulation, which was issued on December 1, 2015, included a much more draconian requirement that a senior financial executive annually deliver an unqualified certificate to the NY DFS that his or her institution “has sufficient systems in place to detect, weed out, and prevent illicit transactions” and that he or she has reviewed the compliance programs of the regulated Institution, or caused them to be reviewed, and that such programs comply with all of the requirements of the proposed regulation. The provisions of the proposed regulation are discussed in the December 22, 2015 Orrick Alert.

The NY DFS noted in its announcement of the Final Regulation that: “The risk-based rule adopted by DFS today takes into consideration comments that were submitted by the financial services industry and others during the extended comment period for the previously-proposed regulation, which ended March 31, 2016.”

Institutions must maintain supporting data for the certification, for review by NY DFS, for five years.

The key requirements of the Final Regulation include the following:

Annual Board Resolution or Senior Officer Compliance Finding

To ensure compliance with the requirements, each regulated institution shall adopt and submit to the Superintendent a board resolution or senior officer compliance finding by April 15 of each year. Each regulated institution shall maintain for examination by DFS all records, schedules and data supporting adoption of the board resolution or senior officer compliance finding for a period of five years.

Maintain a Transaction Monitoring Program

Each relevant regulated institution shall maintain a reasonably designed program for the purpose of monitoring transactions after their execution for potential BSA/AML violations and Suspicious Activity Reporting. The system, which may be manual or automated.

Maintain a Watch List Filtering Program

Each relevant regulated institution shall maintain a reasonably designed filtering program for the purpose of interdicting transactions that are prohibited by federal economic and trade sanctions.