NYSDFS Regulation 504 – Raising the Bar for AML Compliance

Say “Rule 504” to Chief Compliance Officers of NY Financial Institutions and it may send chills down their spine.  Recent regulatory lapses and cases involving penalties against financial institutions have prompted regulators to strengthen the supervisory mechanism and adopt stringent measures. In an already challenging regulatory climate, banks and financial institutions face strict new hurdles around anti-money laundering (AML) compliance.

The New York State Department of Financial Services (“NYSDFS”) has adopted a final regulation outlining the attributes of a risk-based transaction monitoring and filtering program that New York State-licensed institutions will be required to maintain (the “Final Rule”). The Final Rule applies to all “Regulated Institutions,” which includes all banks, trust companies, private bankers, savings banks and savings and loan associations chartered under the New York Banking Law, New York-licensed branches and agencies of foreign banking corporations, as well as New York-licensed check cashers and money transmitters.

The Final Rule 504 introduces a defined standard into the transaction monitoring and filtering program that an institution must establish in compliance with OFAC regulations. Key requirements applicable to financial institutions’ are:

• Maintain a transaction monitoring program “reasonably designed” for the purpose of monitoring transactions after their execution for potential BSA/AML violations and suspicious activity reporting.
• Maintain a filtering program which may be manual or automated, that is “reasonably designed” for the purpose of interdicting transactions prohibited by OFAC.
• Submit annually to the NYSDFS a confirmation regarding compliance with the Final Rule’s transaction monitoring and filtering program requirements; maintain all records, schedules and data supporting the adoption of the resolution or finding for five years.

While the Final Rule aims to better protect against money laundering risks and transactions with sanctioned entities, the enhanced compliance requirement and effect of the annual certification imposes additional burden on regulated institutions.  With the effective date of the final rule only a few months away, and the first annual certification due in April 2018, regulated institutions must evaluate and implement enhancements to their transaction monitoring and filtering programs to meet compliance requirements. Also as important as the program is itself, boards of directors and senior officers must also ensure that they are equipped with the supporting materials and documentation necessary to appropriately certify compliance to the NYSDFS.

The NYSDFS has stated that the Final Rule is not intended to change the substantive requirements with which regulated institutions must comply, but rather to create a more “granular framework” in implementing and maintaining a program for compliance including new requirements across transaction monitoring, sanctions screening, including elements related to data integrity, governance and oversight.

The Final Rule is another example of the NYSDFS taking an assertive role in its regulation of New York- licensed financial institutions but the rule includes various standards and requirements where the meaning is ambiguous and subjective.  This could make compliance a bit uncertain, especially in light of the intense regulatory enforcement of similar regulations. While many of the requirements of the Final Rule were measures that large New York-licensed financial institutions were already taking, deficiencies observed by the NYSDFS would typically be handled through the supervisory process. The implementation of a separate regulation suggests the NYSDFS’s desire to take on a more significant enforcement role in the area of BSA/AML and sanctions compliance.