It’s not just your taxes that are due each year on April 15. For financial institutions, this coming April 15 is the date the New York Department of Financial Services’ (NYDFS’s) new Anti-Money Laundering (AML) Part 504 regulations go into effect. And it’s also the deadline for bank-regulated institutions (BRIs) and non-bank-regulated institutions (NRIs) to submit to the NYDFS their first in a series of annually recurring determinations—akin to a “board resolution” or “compliance finding”—certifying compliance with the NYDFS AML regulation.
These determinations must state that the institution’s board of directors or designated senior officer(s) reviewed the documents, reports, certifications, and opinions necessary to make such a certification; that they took all necessary steps to confirm the regulated institution is in compliance with the NYDFS AML regulations; and that, to the best of their knowledge, their institution’s transaction monitoring and filtering program is in compliance with Section 504.3.
But it doesn’t stop there. The rule includes providing proof of senior management’s real commitment to and continuous engagement in the compliance program in order to ensure that risk-based transaction monitoring and watch-list filtering programs are adequately resourced and reasonably designed to monitor and filter transactions for potential Bank Secrecy Act (BSA) and AML violations and prevent transactions with sanctioned entities.
Journey to Certification
As April 15 approaches, your regulated institution should have either completed or be close to completing the required documentation. Based on the results, observations, and findings from your formalized risk assessment, your institution should have reviewed, tailored, and calibrated its transaction monitoring and filtering program according to the risks assessed, profiled, and posed.
Also by now, your institution should have in place a program that articulates the design and parameters of monitoring and filtering rules, periodically tests for end-to-end effectiveness and documents the results, indexes any rule and threshold changes, and is subject to ongoing review to test and assess the program’s reasonableness and effectiveness.
Given that, now would be a good time to complete the following assessment:
- Has your institution already completed the necessary tasks to be able to certify by the due date, but feels it would benefit from an independent third-party validation or stress test?
- Is your institution close to completing necessary tasks to be able to certify by the due date, but facing the risk of being delayed without additional support?
- Is your institution not close enough to completing necessary steps, putting it at high risk of missing the due date and thus requiring acute, urgent, and accelerated care?
In all instances, it is not too late to engage outside assistance. There are many AML consultancies, like the team at K2 Intelligence, ready to assist both regulated and non-regulated financial institutions with regulatory compliance. These partners are frequently brought in to properly re-evaluate, and if necessary, develop and implement additional enhancements to transaction monitoring and watch-list filtering programs. They are also able to adequately prepare your board of directors or designated senior officer(s) to ensure they are equipped with the supporting materials and documentation necessary to appropriately certify compliance to the NYDFS AML Rule.
Outside consultants are able to re-evaluate and get third-party opinions on whether the supporting materials and documentation provide a substantive understanding of how your institution’s transaction monitoring and filtering program has been developed and implemented, and how effective the program has been since its implementation. And they can provide executive compliance and examination preparedness training for your board of directors or designated senior officer(s). There would be nothing worse, after years of hard work and investing resources, than having a program that is actually working reasonably effectively but then finding that insufficient documentation and a porous presentation by the board of directors or designated senior officer(s) has failed to convey it as such, thus drawing unnecessary attention.
Think of April 15 As the Beginning, Not the End
Once your institution has gone through the inaugural certification life cycle with the NYDFS and certified compliance with the NYDFS AML Rule, it is wise to take the time review the many lessons learned through the certification process and benchmark against industry best practices ahead of next year’s annual certification. We recommend the following:
- Conduct an assessment to determine if your institution is exposed to any gaps or redundancies given overlapping adherence to federal regulations (such as the customer identification program requirements under 31 C.F.R. 1010.220), customer due diligence (CDD) expectations provided in the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual, and the the U.S. Treasury Financial Crimes Enforcement Network’s (FinCEN’s) CDD Rule formalizing customer due diligence requirements, which becomes effective May 11, 2018.
- Assess what potential internal technology and operations investments, outsourcing strategies, and shared-services utility platforms can or should be explored and benchmarked against to improve going forward. This is particularly important if you were in the NRI category, based on the presumption that NRIs, given their generally limited resources, will have found it more difficult to comply with the NYSDFS AML Rule requiring them to implement such robust transaction monitoring and filter programs in such a short period of time.
- Engage consultants and legal counsel to help rationalize and quantify the potential personal liability of the board of directors or designated senior officer(s) stemming from the NYDFS’s enforcement authority and enforceable reach in implementing this annual certification requirement.
K2 Intelligence professionals—drawn from a multifaceted team comprising former regulators, law enforcement, and intelligence professionals; attorneys; compliance officers; and financial and technology experts—bring the experience, expertise, and grounding in current regulations needed to assess, review, enhance, test, and validate your compliance programs, including by conducting annual independent tests to ensure compliance with the BSA, AML regulations, and sanctions laws and regulations such as those promulgated by the Office of Foreign Assets Control (OFAC).