The New York State Department of Financial Services has issued a final regulation requiring financial institutions regulated in New York to implement enhanced transaction monitoring and watch list filtering programs to comply with anti-money laundering and counter-terrorist financing regulations. The regulation specifies requirements for these programs, including risk assessments, testing, documentation, ongoing analysis, and annual certification of compliance by boards of directors or senior officers. It aims to close gaps identified in some institutions' existing programs and applies to banks, trust companies, money transmitters, and other financial institutions operating in New York.

1. INDUSTRY
ADVISORY FROM
WASHINGTON, DC • NEW YORK, NY • DALLAS, TX
New York DFS Issues Final Regulation september 2016
Requiring AML and CFT Transaction
Monitoring and Filtering Programs
The New York State Department of Financial Services (DFS) has issued a final regulation requiring regulated financial
institutions to expand and intensify their anti-money laundering (AML) and counter-terrorist financing protections.
The regulation is more specific than current requirements stated by the Financial Crimes Enforcement Network
(FinCEN), Office of Foreign Assets Control (OFAC), or the Federal Financial Institutions Examination Council
(FFIEC). As such, it may impose significant new burdens on banks licensed in the State of New York as well as
international institutions with branches or agencies in New York. The new regulation also requires institutions to
annually acknowledge compliance with the new requirements.
However, the final regulation differs from the proposed regulation in several significant ways. Financial institutions
will not be required to designate a certifying Senior Officer responsible for certifying compliance with the rule.
Significantly, there is no longer a provision imposing criminal liability on certifying Senior Officers who file incorrect
or false annual certifications. The DFS has also removed proposed requirements that would have prohibited financial
institutions from changing the parameters of the program in order to minimize filing of suspicious activity reports or
because the institution does not have adequate resources to review all alerts generated.
This Industry Advisory summarizes the key requirements for a Transaction Monitoring and Filtering Program and its
two components—the Transaction Monitoring Program and Watch List Filtering Program.
Background and Implications
On December 1, 2015, the DFS proposed new AML and counter-terrorist financing regulations regarding transaction
monitoring and sanctions filtering requirements. Stating that “Money is the fuel that feeds the fire of international
terrorism,” New York Governor Andrew M. Cuomo described the important roles that banks and regulators play in
combating terrorism and financial crime. “Global terrorist networks simply cannot thrive without moving significant
amounts of money throughout the world. At a time of heightened global security concerns, it is especially vital that
banks and regulators do everything they can to stop that flow of illicit funds.” On June 30, 2016, Financial Services
Superintendent Maria T. Vullo announced the implementation of the new regulation, stating, “It is time to close the
compliance gaps in our financial regulatory framework to shut down money laundering operations and eliminate
potential channels that can be exploited by global terrorist networks and other criminal enterprises.”
The DFS has been seeking to address shortcomings in transaction monitoring and filtering that have emerged as a
result of recent investigations, noting a lack of robust governance, oversight, and accountability at the senior levels of
some institutions. Based on its regular examinations for the safety and soundness of regulated financial institutions,

2. INDUSTRY
ADVISORY (CONTINUED)
WASHINGTON, DC • NEW YORK, NY • DALLAS, TX
along with the investigations noted, the DFS has expressed concern that such institutions have shortcomings in their
related monitoring and filtering programs. Accordingly, the regulation aims to clarify the required attributes of a
Transaction Monitoring and Filtering Program and require the Board of Directors or Senior Officer(s) to annually
submit a Board Resolution or Compliance Finding confirming compliance with the new regulation.
The new regulation requires all financial institutions regulated by the DFS to maintain a Transaction Monitoring
Program and Watch List Filtering Program (collectively, a Transaction Monitoring and Filtering Program) with
specific characteristics, including comprehensive risk assessment, end-to-end pre- and post-implementation testing,
easily understandable documentation, ongoing analysis, and training programs.
The regulation applies to regulated institutions including banks, trust companies, private bankers, savings banks,
and savings and loan associations chartered in New York. It also covers all branches and agencies of foreign banking
corporations licensed to conduct banking operations in New York, as well as nonbank regulated institutions including
check cashers and money transmitters.
Each institution’s Transaction Monitoring Program and Watch List Filtering Program needs to be based on ongoing
comprehensive risk assessment, including an enterprise-wide Bank Secrecy Act/anti-money laundering (BSA/AML)
risk assessment that takes into account the institution’s size, businesses, services, products, operations, customers,
counterparties, and the geographies and locations of its operations and business relations.
Transaction Monitoring Program Requirements
The Transaction Monitoring Program may be manual or automated, but must:
• Be based on the institution’s risk assessment;
• Be reviewed and periodically updated to reflect changes to applicable BSA/AML laws, regulations,
and regulatory warnings, as well as other information determined by the institution to be relevant
from the institution’s related programs and initiatives;
• Appropriately match BSA/AML risks to the institution’s businesses, products, services, customers,
and counterparties;
• Use BSA/AML detection scenarios with threshold values and amounts designed to detect potential
money laundering and other suspicious or illegal activity;
• Include end-to-end, pre- and post-implementation testing of the Transaction Monitoring Program,
includinggovernance,datamapping,transactioncoding,detectionscenariologic,modelvalidation,
data input, and program output;
• Include documentation articulating the institution’s current detection scenarios and underlying
assumptions, parameters, and thresholds;

3. INDUSTRY
ADVISORY (CONTINUED)
WASHINGTON, DC • NEW YORK, NY • DALLAS, TX
• Include protocols detailing procedures and processes by which transaction monitoring alerts will
be investigated, the process for deciding which alerts will result in filings or other action, operating
areas and individuals responsible for such decisions, and documentation of investigations and the
decision-making process; and
• Be subject to ongoing analysis to assess continued relevancy of detection scenarios, underlying
rules, threshold values, parameters, and assumptions.
Watch List Filtering Program Requirements
The Watch List Filtering Program must be capable of interdicting transactions prohibited by OFAC before their
execution. It may be manual or automated, but must:
• Be based on the institution’s risk assessment;
• Be based on technology, processes, or tools for matching names and accounts (including, as
necessary, “fuzzy logic” or culture-based name conventions) based on the institution’s particular
risks, transaction types, and product profiles;
• Include an end-to-end, pre- and post-implementation testing of the Watch List Filtering Program,
including, as relevant, a review of data matching, an evaluation of whether the OFAC sanctions list
and threshold settings map to the institution’s particular risks, the logic of matching technology or
tools, model validation, data input, and program output;
• Be subject to ongoing analysis to assess the logic and performance of the technology or tools for
matching names and accounts, as well as the OFAC sanctions list and threshold settings used to
ensure that they continue to map to the risks of the institution; and
• Include documentation that articulates the intent and design of the filtering program tools,
processes, or technology.
Overall Transaction Monitoring and Filtering Program Requirements
The two programs collectively must:
• Identify all data sources that contain relevant data;
• Validate the integrity, accuracy, and quality of data to ensure the accuracy and completeness of data
flowing through the programs;
• Ensure complete and accurate transfer of data from its sources to automated systems, if automated
systems are used;
• Require governance and management oversight, including policies and procedures governing
changes to the programs such that all changes are defined, managed, controlled, reported, and
audited;

4. INDUSTRY
ADVISORY (CONTINUED)
WASHINGTON, DC • NEW YORK, NY • DALLAS, TX
• Require a vendor selection process if a third party vendor is used to acquire, install, implement, or
test any aspect of the Transaction Monitoring and Filtering Program;
• Be adequately funded to ensure design, implementation, and maintenance of programs that are
compliant with the regulation;
• Designate qualified internal personnel or external consultants to be responsible for the design,
planning, implementation, operation, testing, validation, and ongoing analysis of the program,
including automated systems if applicable, as well as case management, review, and decision-
making with regard to generated alerts and potential filings; and
• Provide for periodic training of all stakeholders with regard to the Transaction Monitoring and
Filtering Program.
To the extent that a regulated financial institution has identified areas, systems, or processes that require material
improvement, updating, or redesign, the institution is required to document the identification and remedial efforts
planned or undertaken to address those areas, systems, or processes.
By April 15 of each year, the institution must adopt and submit to the DFS a Board Resolution or Senior Officer(s)
Compliance Finding in a prescribed form stating that the institution has taken all steps necessary to confirm that
it has a compliant Transaction Monitoring and Filtering Program and that, to the best of the Board of Director’s or
Senior Officer(s)’s knowledge, the institution is in compliance with the new regulation.
The new regulation is effective January 1, 2017. Regulated institutions must commence filing the required Board
Resolution or Senior Officer(s) Compliance Findings beginning on April 15, 2018.
This Advisory was provided by Steven M. Reback
Steven Reback, Director with Treliant Risk Advisors, assists clients with a wide range of regulatory, Anti-Money
Laundering (AML), and compliance concerns. He can be reached at sreback@treliant.com
Treliant Risk Advisors releases an Industry Advisory as pertinent issues affecting the financial services industry arise.
To subscribe to Treliant’s Industry Advisory and Treliant’s quarterly newsletter, New Coordinates, please Contact Us at
www.treliant.com/Contact-Us.
© September 2016 Treliant Risk Advisors, LLC