2. 2
Regulatory Expectations
Part 504 will apply to all entities chartered, or licensed, under NY state banking law; this
includes banks, as well as, non-bank financial institutions (NBFIs).
Sarbanes-Oxley (CEO and CFO certification), Volcker (Appendix B – CEO certification), FATCA
(FATCA Responsible Officer certification)
Applicability
Similar laws
Finding
A Board resolution or “compliance finding” as set out in the appendix to the Rule must certify
that the institution has taken all steps necessary to certify the transaction monitoring and
filtering programs comply with the Final Rule.
Liability
Part 504 will hold organizations responsible for ensuring their AML/OFAC programs are
compliant with NYDFS and BSA/AML regulations. This includes that the regulation will be
enforced pursuant to the NYDFS’ “authority under any applicable laws.”
NYDFS believes that lack of robust governance, oversight and accountability at Senior levels of
the organization has contributed to shortcomings in Transaction Monitoring and OFAC Filtering
Programs.
Why now?
NYDFS recently passed Part 504, effective 1 April, 2017. Amongst other tenets, certification and personal
accountability have raised the bar for expectations and consequences for insufficiency in the realm of
AML, tantamount to other financial reporting certification requirements.
3. 3
Infraction
“[The firm] failed to ensure that the four or more
individuals responsible for AML compliance at the
Firm received appropriate BSA training. These
individuals directly supported activities related to
the Firm’s AML and CIP programs, such as
gathering customer identification information,
performing customer verification through the use
of external databases, disseminating CIP
disclosures to customers, reviewing accounts for
suspicious transactions, reviewing and/or
approving wire transfers, and maintaining records
in accordance with BSA requirements.”
Sanction/Remedy
“This comprehensive training program shall
provide for more extensive BSA/AML training for
all operational and supervisory personnel assigned
to the Bank’s BSA/AML department(s) and more
targeted training for other personnel focusing on
the individual employee’s specific duties and
responsibilities. This comprehensive training
program also shall include strategies for
mandatory attendance, frequency of training, and
timing for updating training programs and
materials.”
AML Training
Part of the Problem or Part of the Solution?
4. 4
Model-based transaction monitoring and alert prioritization can aid in
asking better questions during investigation process, and avoid many false
positives.
Increasing Alert Efficiency
Better alerts lead to more productive investigations
A typical suite of detection scenarios asks a few
simple questions, for example:
Statistical models ask more and better questions,
permit comparison
• Most are false positives
• Investigators must interpret
• Txn above
threshold?
• Recurring
relation?
• Activity burst?
• High risk
country?
• High risk
customer?
• Other?
!
!
!
• Fewer false positives
• Investigators aided in interpretation
5. 5
Investigative process – 4 steps all of which also must be auditable
and stand up to scrutiny
Changing the Investigative Process
Efficiency and Consistency Still in play to improve
case assign investigate narrate
• Static information
sources
• Facts defined without
context
• Case duplicates and
combined events
• Investigative
complexity needed not
gauged
• Exhaustive search for
information
• Time consuming copy
and paste
• Manual correlation
• Completeness differs
as does writing style
• Information pertinence
judged by investigator
• Dynamic information
integration
• Contextual awareness
helps focus attention
• Case consolidation
logic removes rework
and paints truer
picture
• Case complexity risk
scores can help with
assignment
• Automatically correlate events
and focuses investigative
attention
• Highlights missing information
• Gathers information and
presents formatted case
summaries
• Standardized case
summary and narrative
generation
• Supported by facts and
auditable
documentation
Current state of investigation
Improvement potential future state
6. 6
Poll
Which of the following deficiencies is most likely to
be cited in compliance actions over the next year?
1. Not scaling resources to keep pace with transaction
growth
2. Poor integration of relevant compliance data and
applications
3. Inconsistent application of compliance processes
4. Willful disregard for compliance activity
5. None of the above
7. 7
Challenge – “Fighting the last war”
SCALABILITY INTEGRATION CONSISTENCY
Can you grow
efficiently?
Can you minimize
evidence gathering
and preparation?
Can you
improve
accuracy with
consistency?
AUDIT-READY
Do narratives provide
transparent support
for staff, systems, and
procedures?
9. 9
Goldilocks Dilemma in 3D
SCALABILITY
• Scaling by hiring –
inefficient
• Scaling by analytics –
fragile
• Scaling by ‘the division of
labor’ – proven,
adaptable
INTEGRATION CONSISTENCY
• Consistency through
training – inefficient to
keep current
• Consistency by published
procedure – ‘memory
drift’ creates variance
• Consistency by embedded
procedure – minimizes
variance
• Integrate by centralization
– access is the issue
• Integrate by application –
custom development
• Integrate by virtualization
– machine-driven
federation
11. 11
Achieve Global Impact
Establish Scalability
Increase Certainty
Instantiate Consistent
Procedure
Efficient Operation
Deploy an Information
‘Fabric’
Constant Agility
Embrace Regulatory
Change
Select the Best Focal Point
13. 13
Key Takeaways
• Increased scrutiny and personal exposure increase
the importance of training
• Seek improvements in alert precision and
investigative process to gain efficiency
• Counter to intuition, substantial efficiency
improvements can happen amidst change