On June 30, 2016, the New York Department of Financial Services (NYDFS) issued a final regulation obliging regulated institutions to meet enhanced requirements for transaction monitoring and filtering programs aimed at preventing Bank Secrecy Act (BSA)/anti-money laundering (AML) violations and transactions with sanctioned entities (the “Final Rule”). The Final Rule also requires regulated institutions to submit an annual board resolution or senior officer(s) certification to the NYDFS Superintendent to confirm compliance.
Who is Covered by the Final Rule?
The Final Rule applies to both bank and non-bank regulated institutions chartered or licensed under New York law, including banks, trust companies, savings and loan associations, check cashers and money transmitters.
The Transaction Monitoring Program
Regulated institutions are required to maintain a monitoring program that is reasonably designed to monitor transactions after their execution for potential BSA/AML violations and suspicious activity reporting. The program, which may be manual or automated, must be based on the institution’s risk assessment and appropriately match BSA/AML risks to the institution’s businesses, products, services and customers and counterparties.
The transaction monitoring program must meet several minimum requirements, as applicable, including: (1) reviews and periodic updates at risk-based intervals to reflect changes to applicable BSA/AML laws, regulations and regulatory warnings; (2) detection scenarios with threshold values and amounts to detect potential money laundering or other suspicious or illegal activities; (3) end-to-end, pre- and post-implementation testing; and (4) protocols that set forth how alerts generated by the transaction monitoring program will be investigated.
Watch List Filtering Program
Regulated institutions must also maintain a reasonably designed filtering program to interdict transactions prohibited by economic and trade sanctions issued by the U.S. Treasury’s Office of Foreign Assets Control (OFAC). The filtering program must be based on the institution’s risk assessment and technology, processes or tools for matching names and accounts reflecting the institution’s transaction and product profiles. Further, the program must incorporate, as applicable: (1) end-to-end, pre- and post-implementation testing; (2) ongoing analysis; and (3) documentation that articulates the intent and design of the filtering program tools, processes or technology.
Both the transaction monitoring and watch list filtering programs are subject to a number of additional requirements relating to data sourcing and integrity, governance, vendor selection, training, remediation, and other obligations.
Final Certification Requirement
The Final Rule also specifies that each regulated institution must adopt and submit to the Superintendent of NYDFS either a board of directors’ resolution or senior officer(s) compliance finding by April 15 of each year. The board or senior officer(s) must certify that:
- They have reviewed documents, reports, certifications and opinions of such officers, employees, representatives employees, outside vendors and other individuals or entities as necessary to adopt the board resolution or senior officer compliance finding;
- They have taken all steps necessary to confirm that the regulated institution has a Transaction Monitoring and Filtering Program that complies with the provisions of Section 504.3 of the Final Rule; and
- To the best of their knowledge, the Transaction Monitoring and the Filtering Program complies with Section 504.3 of the Final Rule.
In addition, regulated institutions must maintain schedules and data supporting the adoption of the board resolution or senior officer(s) compliance finding for a period of five years.
When Does the Final Rule Take Effect?
The Final Rule takes effect on January 1, 2017. However, regulated institutions will be required to prepare and submit annual board resolutions or senior officer(s) compliance findings starting April 15, 2018.