Preventing money from getting to terrorists is a chief goal of AML programs. But at a basic level an AML program is only as strong as its budget, regardless of how good the CCO is. Can we hold CCOs criminally accountable for AML program success when they often don’t control their budget size?
When the SEC implemented the Sarbanes-Oxley Act requirement for CEO and CFO certifications on filings in 2002 there was a robust debate concerning its pros and cons. The provision increases risk for CEO and CFOs in failing to maintain accurate books, but the enforcement of this provision is limited by the difficult-to-prove “knowing” standard.
New York is now proposing to implement a new certification requirement, modeled after Sarbanes-Oxley, aimed at compliance officers. The recently announced regulations will require compliance officers to certify that their organization is in compliance with a list of AML requirements, including a transaction monitoring program and a watch list filtering program. The New York Department of Financial Services (“NYDFS”) will implement the regulations.
The regulations are aimed at a worthy goal – stopping the flow of illicit funds to criminals and terrorists. At a time when countries around the world are struggling to control terrorism, no one can contest that AML program strength is more important than ever. In fact, a recent New York Times article drew a direct connection between the NYDFS’ new regulations and last month’s terrorist attacks in Paris.
These requirements also include a focus on individual accountability, mirroring the DOJ’s recent focus on holding individuals accountable as we saw with the distribution of the Yates memo. But in order to be successful, accountability has to be imposed on the right people.
Mike Volkov discussed one of the intrinsic problems with such the NYDFS’ new certification requirements – compliance officers often exercise little control over their budget. Frequently, a compliance department is forced to do the best that it can with too few resources. With so little budgetary control it seems harsh to hold chief compliance officers personally accountable, both legally and civilly, for failures.
This problem is supported by a recent survey conducted by NAVEX Global where 46% of the 321 respondents reported no dedicated budget for third party due diligence – a key component of most compliance programs. I’ve also seen this disconnect in practice, as those responsible for compliance struggle to secureresources to carry out the objectives they have been tasked with. Often the difference between a “paper” compliance program and one with “substance” can lie in the amount of resources a compliance department has to implement its goals. While it is simplistic to say that it all comes down to the money, in many respects that is true. Companies need to put their budget where their mouth is.
With the NYDFS’ new certification requirement, we will be holding compliance officers accountable, including criminally, for failing to implement an adequate transaction monitoring and filtering program. Will the NYDFS’ new requirement be enough to push compliance officers to demand a budget adequate to accomplish their tasks? Or will it simply leave compliance officers to take the fall for budgetary decisions they have no part in? Only time will tell.