The New York State Department of Financial Services has issued a final regulation requiring financial institutions regulated in New York to implement enhanced transaction monitoring and watch list filtering programs to comply with anti-money laundering and counter-terrorist financing regulations. The regulation specifies requirements for these programs, including risk assessments, testing, documentation, ongoing analysis, and annual certification of compliance by boards of directors or senior officers. It aims to close gaps identified in some institutions' existing programs and applies to banks, trust companies, money transmitters, and other financial institutions operating in New York.
BSA Summary And Ofac Risk Assessment Considerations Of Nov 2009 Pub Aug 2010
NYDFS Finalizes AML Monitoring Rules
1. INDUSTRY
ADVISORY FROM
WASHINGTON, DC • NEW YORK, NY • DALLAS, TX
New York DFS Issues Final Regulation september 2016
Requiring AML and CFT Transaction
Monitoring and Filtering Programs
The New York State Department of Financial Services (DFS) has issued a final regulation requiring regulated financial
institutions to expand and intensify their anti-money laundering (AML) and counter-terrorist financing protections.
The regulation is more specific than current requirements stated by the Financial Crimes Enforcement Network
(FinCEN), Office of Foreign Assets Control (OFAC), or the Federal Financial Institutions Examination Council
(FFIEC). As such, it may impose significant new burdens on banks licensed in the State of New York as well as
international institutions with branches or agencies in New York. The new regulation also requires institutions to
annually acknowledge compliance with the new requirements.
However, the final regulation differs from the proposed regulation in several significant ways. Financial institutions
will not be required to designate a certifying Senior Officer responsible for certifying compliance with the rule.
Significantly, there is no longer a provision imposing criminal liability on certifying Senior Officers who file incorrect
or false annual certifications. The DFS has also removed proposed requirements that would have prohibited financial
institutions from changing the parameters of the program in order to minimize filing of suspicious activity reports or
because the institution does not have adequate resources to review all alerts generated.
This Industry Advisory summarizes the key requirements for a Transaction Monitoring and Filtering Program and its
two components—the Transaction Monitoring Program and Watch List Filtering Program.
Background and Implications
On December 1, 2015, the DFS proposed new AML and counter-terrorist financing regulations regarding transaction
monitoring and sanctions filtering requirements. Stating that “Money is the fuel that feeds the fire of international
terrorism,” New York Governor Andrew M. Cuomo described the important roles that banks and regulators play in
combating terrorism and financial crime. “Global terrorist networks simply cannot thrive without moving significant
amounts of money throughout the world. At a time of heightened global security concerns, it is especially vital that
banks and regulators do everything they can to stop that flow of illicit funds.” On June 30, 2016, Financial Services
Superintendent Maria T. Vullo announced the implementation of the new regulation, stating, “It is time to close the
compliance gaps in our financial regulatory framework to shut down money laundering operations and eliminate
potential channels that can be exploited by global terrorist networks and other criminal enterprises.”
The DFS has been seeking to address shortcomings in transaction monitoring and filtering that have emerged as a
result of recent investigations, noting a lack of robust governance, oversight, and accountability at the senior levels of
some institutions. Based on its regular examinations for the safety and soundness of regulated financial institutions,
2. INDUSTRY
ADVISORY (CONTINUED)
WASHINGTON, DC • NEW YORK, NY • DALLAS, TX
along with the investigations noted, the DFS has expressed concern that such institutions have shortcomings in their
related monitoring and filtering programs. Accordingly, the regulation aims to clarify the required attributes of a
Transaction Monitoring and Filtering Program and require the Board of Directors or Senior Officer(s) to annually
submit a Board Resolution or Compliance Finding confirming compliance with the new regulation.
The new regulation requires all financial institutions regulated by the DFS to maintain a Transaction Monitoring
Program and Watch List Filtering Program (collectively, a Transaction Monitoring and Filtering Program) with
specific characteristics, including comprehensive risk assessment, end-to-end pre- and post-implementation testing,
easily understandable documentation, ongoing analysis, and training programs.
The regulation applies to regulated institutions including banks, trust companies, private bankers, savings banks,
and savings and loan associations chartered in New York. It also covers all branches and agencies of foreign banking
corporations licensed to conduct banking operations in New York, as well as nonbank regulated institutions including
check cashers and money transmitters.
Each institution’s Transaction Monitoring Program and Watch List Filtering Program needs to be based on ongoing
comprehensive risk assessment, including an enterprise-wide Bank Secrecy Act/anti-money laundering (BSA/AML)
risk assessment that takes into account the institution’s size, businesses, services, products, operations, customers,
counterparties, and the geographies and locations of its operations and business relations.
Transaction Monitoring Program Requirements
The Transaction Monitoring Program may be manual or automated, but must:
• Be based on the institution’s risk assessment;
• Be reviewed and periodically updated to reflect changes to applicable BSA/AML laws, regulations,
and regulatory warnings, as well as other information determined by the institution to be relevant
from the institution’s related programs and initiatives;
• Appropriately match BSA/AML risks to the institution’s businesses, products, services, customers,
and counterparties;
• Use BSA/AML detection scenarios with threshold values and amounts designed to detect potential
money laundering and other suspicious or illegal activity;
• Include end-to-end, pre- and post-implementation testing of the Transaction Monitoring Program,
includinggovernance,datamapping,transactioncoding,detectionscenariologic,modelvalidation,
data input, and program output;
• Include documentation articulating the institution’s current detection scenarios and underlying
assumptions, parameters, and thresholds;
3. INDUSTRY
ADVISORY (CONTINUED)
WASHINGTON, DC • NEW YORK, NY • DALLAS, TX
• Include protocols detailing procedures and processes by which transaction monitoring alerts will
be investigated, the process for deciding which alerts will result in filings or other action, operating
areas and individuals responsible for such decisions, and documentation of investigations and the
decision-making process; and
• Be subject to ongoing analysis to assess continued relevancy of detection scenarios, underlying
rules, threshold values, parameters, and assumptions.
Watch List Filtering Program Requirements
The Watch List Filtering Program must be capable of interdicting transactions prohibited by OFAC before their
execution. It may be manual or automated, but must:
• Be based on the institution’s risk assessment;
• Be based on technology, processes, or tools for matching names and accounts (including, as
necessary, “fuzzy logic” or culture-based name conventions) based on the institution’s particular
risks, transaction types, and product profiles;
• Include an end-to-end, pre- and post-implementation testing of the Watch List Filtering Program,
including, as relevant, a review of data matching, an evaluation of whether the OFAC sanctions list
and threshold settings map to the institution’s particular risks, the logic of matching technology or
tools, model validation, data input, and program output;
• Be subject to ongoing analysis to assess the logic and performance of the technology or tools for
matching names and accounts, as well as the OFAC sanctions list and threshold settings used to
ensure that they continue to map to the risks of the institution; and
• Include documentation that articulates the intent and design of the filtering program tools,
processes, or technology.
Overall Transaction Monitoring and Filtering Program Requirements
The two programs collectively must:
• Identify all data sources that contain relevant data;
• Validate the integrity, accuracy, and quality of data to ensure the accuracy and completeness of data
flowing through the programs;
• Ensure complete and accurate transfer of data from its sources to automated systems, if automated
systems are used;
• Require governance and management oversight, including policies and procedures governing
changes to the programs such that all changes are defined, managed, controlled, reported, and
audited;