Anti-money laundering (AML) has assumed immense importance in the banking and financial services industry globally over the last decade and a half. Banks and financial institutions (FIs) have been strengthening their AML policies, governance and oversight, procedures and platforms to track and report money laundering. AML regulations and guidelines are constantly reviewed by a multitude of regulatory bodies, both global and local. Moreover, compliance by banks and FIs are strictly monitored to prevent money laundering in general and terrorist financing in particular. Regulators are concerned not just about the end reporting of suspicious activities, but also the process followed to arrive at that report, so that they are repeatable and maintain the same level of accuracy.
The latest announcement by the New York State Department of Financial Services (NYS DFS), imposing Part 504 – Banking Division Transaction Monitoring and Filtering Program Requirements & Certifications – is another such regulatory measure. This regulation came into effect on January 1, 2017 with the first annual AML certification required to be submitted by regulated institutions in April 2018. This paper attempts to examine the new rule closely and in particular, the manner in which it impacts banks and FIs in New York, as well as the other states in the U.S. We also explore the possible challenges in implementing the rule, strategic alternative options banks and FIs can adopt, whether this new rule could pave the way for a similar AML rule globally and initiatives banks and FIs can undertake to strengthen their AML programs proactively by leveraging emerging digital technologies in this space.
Every new AML regulation, or update to an existing one, is meant for banks and FIs to be going a notch higher in terms of compliance – be it around restructuring of the governance and oversight framework, compliance parameters and processes or reporting requirements. Serious shortcomings were discovered during the NYS DFS’ investigation of AML programs of various regulated FIs, their transactions, filtering systems and processes. Accordingly, the NYS DFS’ Part 504 rule was formulated to close such compliance gaps and overcome improper governance and oversight. Part 504 also introduced an annual resolution by the board of directors, or compliance findings by the Chief Compliance Officer or an equivalent executive of the FI, to bring about accountability of senior executives in ensuring compliance with the transaction monitoring and filtering program requirements of the Part 504 Final Rule.
A thorough risk assessment of the regulated institutions forms the bedrock of complying with this new rule, as all transaction monitoring and filtering programs need to be based on such a risk profile. A periodic review and end-to-end testing of these programs must also be undertaken according to the FIs’ risk category (i.e., more frequently for high-risk institutions, less frequently for medium- and low-risk ones). This is required to assess the effectiveness and relevance of the programs on a continuous basis and fine-tune them as required. These terms impose significant responsibilities on the FIs, who now have to commit enormous efforts and resources to meet these requirements for compliance.
The rule specifically stipulates the attributes required to be included in the FIs’ transaction monitoring and filtering programs to make them more robust and watertight, while at the same time allowing flexibility to the institutions to frame policies and design their AML programs based on their own risk profiles.
FIs need to have adequate documentation in place for all processes, suspicious activity detection scenarios, thresholds, protocols around alerts, investigation and disposition and process for decision-making on investigation results, to name a few. While some FIs may already have such documentation in place, the rest of them will now have to take up this mammoth activity on a priority basis, as the rule has already taken effect as of January 1, 2017.
The most critical clause, however, remains the Annual Board Resolution or Senior Officer Compliance Findings, which requires every regulated FI to certify on an annual basis that it is compliant with the new rule and has taken all necessary steps to confirm this. Though named as a ‘Board Resolution’ or ‘Findings,’ in essence it is a certification required from senior executives of the FI, thus making them personally liable for breach of compliance to the rule, as an incorrect certification could cause criminal penalties to be imposed on such executives.
New York is the first U.S. State to have come up with Part 504 Rule, possibly because of the massive transaction volume that flows though this state and therefore needs strict monitoring. Given that New York City is one of the world’s largest financial hubs, the sheer transaction sizes can be overwhelming, going up to several hundreds or even thousands of million U.S. dollars per transaction! In comparison, California is the largest U.S. state in terms of population as well as number of financial transactions, but the transaction sizes (amount per transaction) may still not compare to New York’s. No wonder then that NYS DFS became the pioneer in bringing about stricter discipline in the compliance offices in their jurisdiction – much more is at stake in every transaction here!
The Part 504 compliance rule will be binding on institutions regulated by NYS DFS within the State of New York. Obviously, institutions outside the purview of this state have no reason to worry about this regulation. However, with AML compliance norms only getting more stringent by the day, other U.S. states and global regulators can also be expected to impose the rules on all institutions going forward as part of routine compliance. New York’s regulated institutions may be the first ones to go through this new compliance, and their success or failure, challenges, initiatives and efforts will have a huge role to play in rolling out norms similar to Part 504 across the U.S. and globally.
While banks and FIs in other states and countries might just be watching the formalization of this new rule from the sidelines, some within the jurisdiction of NYS DFS might also decide to shift headquarters to another state so they need not comply with Part 504. Though such relocation remains a strategic, yet operationally challenging alternative, most regulated institutions have already embarked on the compliance journey (i.e., to take up all activities with respect to aligning their AML policies, governance and oversight, procedures and platforms and so on) to track and report money laundering with the new Part 504 Rule.
Part 504 was announced on June 30, 2016 with the rule coming into effect from January 1, 2017, thus giving regulated institutions six months to plan and implement systems in compliance with the new rule. The first annual certification would be mandatory from April 2018, 15 months after the rule became effective. In the meantime, institutions can adequately test their systems to accommodate for the new compliance rule and qualify for the annual certification.
Institutions in other states and countries may well take this as a guideline for strengthening their own AML programs, as a rule that has been set rolling in New York today may well be unfolded to other jurisdictions globally in the near future. All banks and FIs, irrespective of jurisdictions, need to review their existing compliance frameworks and proactively make all efforts to strengthen their systems and processes involved in compliance. This should include:
 Department of Financial Services Superintendent’s Regulations, Part 504 Banking Division Transaction Monitoring and Filtering Program Requirements and Certifications, published on June 30, 2016. Ref: http://www.dfs.ny.gov/legal/regulations/adoptions/dfsp504t.pdf
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Sujata Dasgupta is a risk and compliance consultant with 17 years of global experience in banking, IT services and consulting. She is currently working with Tata Consultancy Services Ltd (TCS), in Bangalore, India. She has worked with premier international banks in some of the major financial hubs globally, such as New York, London, Singapore, Hong Kong and Frankfurt, on large regulatory transformation programs, leading domain teams on KYC/CDD, AML and regulatory reporting engagements. In her present assignment with TCS, she drives innovative digital solution offerings for banks in the area of financial crimes compliance covering KYC, AML, fraud control and regulatory compliance.