On December 1, 2015, New York Governor Andrew Cuomo announced that the New York Department of Financial Services (NYDFS) had proposed a new anti-terrorism and anti-money laundering regulation targeted at blocking financing for terrorist organizations and other crime groups. The proposed regulation would impose enhanced BSA/AML requirements on NYDFS-regulated institutions and would require senior compliance officers to certify that their institutions are in compliance with the standards described below and would impose criminal penalties on certifying senior officers who file incorrect or false certifications.
The NYDFS issued the proposed regulation following recent investigations into terrorist financing, sanctions violations, and anti-money laundering compliance at financial institutions, which uncovered shortcomings in the transaction monitoring and filtering programs for monitoring transactions for suspicious activities. The proposed regulations are intended to address such shortcomings and impose more robust governance, oversight, and accountability within these institutions. “Money is the fuel that feeds the fire of international terrorism,” Mr. Cuomo said in a statement. “At a time of heightened global security concerns, it is especially vital that banks and regulators do everything they can to stop that flow of illicit funds.” 
The proposed regulation is applicable to all regulated institutions, including all banks, trust companies, private bankers, savings banks, and savings and loan associations chartered pursuant to the New York Banking Law, and all branches and agencies of foreign banking corporations and all check cashers and money transmitters licensed pursuant to the banking law to conduct banking operations in New York. The proposed regulation, which will be set forth in part 504 of the NYDFS superintendent’s regulations, is subject to a 45-day notice and public comment period. It shall apply to the New York fiscal year beginning with the fiscal year starting on April 1, 2017.

The key requirements of the proposed regulation include the following:

  • Transaction Monitoring System: The proposed regulation would require regulated institutions to maintain a transaction monitoring system for purposes of monitoring potential Bank Secrecy Act (BSA) and anti-money laundering (AML) violations and suspicious activity reporting. The transaction monitoring system, which may be manual or automated, must be based on a BSA/AML risk assessment of the financial institution, must reflect all current BSA/AML laws, regulations, and alerts, and must meet the attributes identified in the proposed regulations.
  • Watch List Filtering Program: The proposed regulation would also require that each regulated institution maintain a Watch List Filtering Program for the purpose of interdicting transactions, before their execution, that are prohibited by applicable sanctions, including those administered by the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) and other sanctions lists, politically exposed persons lists, and internal watch lists. Among other requirements, the Watch List Filtering Program must be based on technology or tools for matching names and accounts (including, for instance, technology based on automated tools that develop matching algorithms such as “fuzzy logic”). Further, the Watch List Filtering Program must utilize watch lists that reflect current legal or regulatory requirements, and be subject to on-going analysis to assess the logic and performance of the technology or tools for matching names and accounts, as well as the watch lists and threshold settings to see if they continue to map to the risks of the institution.
  • Annual Certification and Individual Criminal Penalties:  The proposed regulation would require regulated institutions to submit to the NYDFS by April 15th of each year a certification executed by its chief compliance officer or functional equivalent, certifying compliance with these requirements. Under the proposed regulation, a certifying senior officer who files an incorrect or false annual certification may be subject to criminal penalties for such filing. regulated institutions are subject to all applicable penalties provided for by the Banking Law and Financial Services Law for non-compliance with these requirements. The proposed regulation includes proposed text for the annual certification, including the statement that “the undersigned hereby certifies that, to the best of their knowledge, the above statements are accurate and complete”.  

While these institutions are already subject to federal and New York anti-money laundering and anti-terrorism laws and regulations, and have transaction monitoring and watch list filtering programs in place, the proposed regulation includes enhanced, more granular requirements for these programs. Importantly, the proposed regulation imposes a mandatory risk assessment (currently a common best practice) on regulated institutions which must then be used by the institutions to maintain the transaction monitoring and filtering programs.
In light of the possible codification of these rigorous requirements, regulated institutions and their senior compliance officers must examine their transaction monitoring systems and watch list filtering programs to ensure compliance the enhanced requirements.  This compliance is complimentary to adherence to anti-money laundering and OFAC regulations. regulated institutions should also assess their potential liability under the proposed regulations as the increasing focus on individual liability and criminal penalties may prove challenging for senior compliance officers of regulated institutions as a result of the annual certification requirement. This trend also is consistent with recent statements made by Sally Yates, Deputy Attorney General at the U.S. Department of Justice, in a memorandum addressing “Individual Accountability for Corporate Wrongdoing” issued on September 9, 2015 (http://www.justice.gov/dag/file/769036/download). Outlining the importance of individual liability, Deputy Attorney General Yates states that, “One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing. Such accountability is important for several reasons: it deters future illegal activity, it incentivizes changes in corporate behavior, it ensures that the proper parties are held responsible for their actions, and it promotes the public's confidence in our justice system.” Yates reiterated these points in remarks made at the American Banking Association and American Bar Association Money Laundering Enforcement Conference on November 16, 2015 (http://www.justice.gov/opa/speech/deputy-attorney-general-sally-quillian-yates-delivers-remarks-american-banking-0 ). 
For additional information regarding the proposed regulations, please seehttp://www.dfs.ny.gov/legal/regulations/proposed/rp504t.pdf.