No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

NYS DFS Part 504 AML Regulation

by Sujata Dasgupta
May 5, 2017
in Compliance, Featured
hundred dollar bills drying on a clothesline

Are Banks Bracing for Tougher Compliance?

Every new AML regulation – or update – is meant to prompt banks and financial institutions to improve their compliance efforts. The latest announcement by the New York State Department of Financial Services (NYS DFS), enacting Part 504, is another such regulatory measure. Initially the impact will be felt only in New York, but we suspect its effects will be felt broadly very soon.

Anti-money laundering (AML) has assumed immense importance in the banking and financial services industry globally over the last decade and a half. Banks and financial institutions (FIs) have been strengthening their AML policies, governance and oversight, procedures and platforms to track and report money laundering. AML regulations and guidelines are constantly reviewed by a multitude of regulatory bodies, both global and local. Moreover, compliance by banks and FIs are strictly monitored to prevent money laundering in general and terrorist financing in particular. Regulators are concerned not just about the end reporting of suspicious activities, but also the process followed to arrive at that report, so that they are repeatable and maintain the same level of accuracy.

The latest announcement by the New York State Department of Financial Services (NYS DFS), imposing Part 504 – Banking Division Transaction Monitoring and Filtering Program Requirements & Certifications[1] – is another such regulatory measure. This regulation came into effect on January 1, 2017 with the first annual AML certification required to be submitted by regulated institutions in April 2018. This paper attempts to examine the new rule closely and in particular, the manner in which it impacts banks and FIs in New York, as well as the other states in the U.S. We also explore the possible challenges in implementing the rule, strategic alternative options banks and FIs can adopt, whether this new rule could pave the way for a similar AML rule globally and initiatives banks and FIs can undertake to strengthen their AML programs proactively by leveraging emerging digital technologies in this space.

Decoding Part 504 – Closing Compliance Gaps or Introducing Tougher Norms?

Every new AML regulation, or update to an existing one, is meant for banks and FIs to be going a notch higher in terms of compliance – be it around restructuring of the governance and oversight framework, compliance parameters and processes or reporting requirements. Serious shortcomings were discovered during the NYS DFS’ investigation of AML programs of various regulated FIs, their transactions, filtering systems and processes. Accordingly, the NYS DFS’ Part 504 rule was formulated to close such compliance gaps and overcome improper governance and oversight. Part 504 also introduced an annual resolution by the board of directors, or compliance findings by the Chief Compliance Officer or an equivalent executive of the FI, to bring about accountability of senior executives in ensuring compliance with the transaction monitoring and filtering program requirements of the Part 504 Final Rule.

A thorough risk assessment of the regulated institutions forms the bedrock of complying with this new rule, as all transaction monitoring and filtering programs need to be based on such a risk profile. A periodic review and end-to-end testing of these programs must also be undertaken according to the FIs’ risk category (i.e., more frequently for high-risk institutions, less frequently for medium- and low-risk ones). This is required to assess the effectiveness and relevance of the programs on a continuous basis and fine-tune them as required. These terms impose significant responsibilities on the FIs, who now have to commit enormous efforts and resources to meet these requirements for compliance.

The rule specifically stipulates the attributes required to be included in the FIs’ transaction monitoring and filtering programs to make them more robust and watertight, while at the same time allowing flexibility to the institutions to frame policies and design their AML programs based on their own risk profiles.

FIs need to have adequate documentation in place for all processes, suspicious activity detection scenarios, thresholds, protocols around alerts, investigation and disposition and process for decision-making on investigation results, to name a few. While some FIs may already have such documentation in place, the rest of them will now have to take up this mammoth activity on a priority basis, as the rule has already taken effect as of January 1, 2017.

The most critical clause, however, remains the Annual Board Resolution or Senior Officer Compliance Findings, which requires every regulated FI to certify on an annual basis that it is compliant with the new rule and has taken all necessary steps to confirm this. Though named as a ‘Board Resolution’ or ‘Findings,’ in essence it is a certification required from senior executives of the FI, thus making them personally liable for breach of compliance to the rule, as an incorrect certification could cause criminal penalties to be imposed on such executives.

Can NYS DFS’ Part 504 Trigger Similar Compliance Rules Globally?

New York is the first U.S. State to have come up with Part 504 Rule, possibly because of the massive transaction volume that flows though this state and therefore needs strict monitoring. Given that New York City is one of the world’s largest financial hubs, the sheer transaction sizes can be overwhelming, going up to several hundreds or even thousands of million U.S. dollars per transaction! In comparison, California is the largest U.S. state in terms of population as well as number of financial transactions, but the transaction sizes (amount per transaction) may still not compare to New York’s. No wonder then that NYS DFS became the pioneer in bringing about stricter discipline in the compliance offices in their jurisdiction – much more is at stake in every transaction here!

The Part 504 compliance rule will be binding on institutions regulated by NYS DFS within the State of New York. Obviously, institutions outside the purview of this state have no reason to worry about this regulation. However, with AML compliance norms only getting more stringent by the day, other U.S. states and global regulators can also be expected to impose the rules on all institutions going forward as part of routine compliance. New York’s regulated institutions may be the first ones to go through this new compliance, and their success or failure, challenges, initiatives and efforts will have a huge role to play in rolling out norms similar to Part 504 across the U.S. and globally.

While banks and FIs in other states and countries might just be watching the formalization of this new rule from the sidelines, some within the jurisdiction of NYS DFS might also decide to shift headquarters to another state so they need not comply with Part 504. Though such relocation remains a strategic, yet operationally challenging alternative, most regulated institutions have already embarked on the compliance journey (i.e., to take up all activities with respect to aligning their AML policies, governance and oversight, procedures and platforms and so on) to track and report money laundering with the new Part 504 Rule.

How Banks and FIs Can Strengthen Their Compliance Frameworks

Part 504 was announced on June 30, 2016 with the rule coming into effect from January 1, 2017, thus giving regulated institutions six months to plan and implement systems in compliance with the new rule. The first annual certification would be mandatory from April 2018, 15 months after the rule became effective. In the meantime, institutions can adequately test their systems to accommodate for the new compliance rule and qualify for the annual certification.

Institutions in other states and countries may well take this as a guideline for strengthening their own AML programs, as a rule that has been set rolling in New York today may well be unfolded to other jurisdictions globally in the near future. All banks and FIs, irrespective of jurisdictions, need to review their existing compliance frameworks and proactively make all efforts to strengthen their systems and processes involved in compliance. This should include:

  • Strengthening processes – Banks/FIs need to mandatorily embark on enterprisewide AML risk assessment of the institution and align transaction-monitoring and filtering programs to the institution’s risk. Periodic review of the program must be set at intervals based on this risk level to assess the program performance and make changes if required. They also need to build exhaustive documentation of scenarios, thresholds and parameters to detect suspicious behavior, detailed alert investigation and reporting protocols, if not in place already.
  • Upgrading systems and technology – Money-laundering behavior is getting more complex with time, so its monitoring and detection have also evolved through high-end technologies. While many large Banks are in the transition process, others need to move from manual and rule-based AML monitoring systems to automated, risk-based robust AML platforms. Such platforms should be enabled for real-time suspicious alert generation, analytics-based anomalous behavior detection and workflow-based case management. The institution must also conduct end-to-end testing of the detection scenarios and model validation of the platform at predetermined frequencies to assess their effectiveness.
  • Digital initiatives – Rule-based scenarios for AML are getting redundant, as criminals and offenders find ways to bypass such rules and yet launder money. AML platforms can now be strengthened by using machine learning algorithms, also known as cognitive computing, which can detect outliers and suspicious behavior patterns even when they do not breach any AML scenario. Screening and filtering against watchlists, PEP lists, negative news and adverse media and their disposition have largely been a manual activity so far. But with steep spike in customer base and transaction volume in banks, such screening and filtering products are now being equipped with artificial intelligence (AI) for quicker and more accurate results. Banks with mature AML programs can enhance their compliance effectiveness by investing in such digital initiatives.

[1] Department of Financial Services Superintendent’s Regulations, Part 504 Banking Division Transaction Monitoring and Filtering Program Requirements and Certifications, published on June 30, 2016. Ref: http://www.dfs.ny.gov/legal/regulations/adoptions/dfsp504t.pdf


Tags: AML
Previous Post

Using Technology to Educate (Not Regulate)

Next Post

Is Lasting Change Coming for FX Market Practices?

Sujata Dasgupta

Sujata Dasgupta

Sujata Dasgupta is the Global Head of the Financial Crimes Compliance Advisory Services at Tata Consultancy Services Ltd. and is based out of Stockholm, Sweden. She is an experienced industry consultant in banking risk and compliance (R&C), with a demonstrated history of working in banking, IT services and consulting, having worked for global banking clients in all major financial hubs, viz. New York, London, Singapore, Hong Kong, Frankfurt and now Stockholm. She also authors articles on risk and compliance in international banking R&C journals. Sujata can be reached on LinkedIn at www.linkedin.com/in/sujata-dasgupta-69473a20/.

Related Posts

Phaxis 100 dollars

AML & KYC: Addressing Key Challenges for 2023 and Beyond

by Alex Roberto
March 16, 2023

(Sponsored) In today’s world, financial criminals are often a step ahead of regulators and financial institutions who struggle to effectively...

Paul Weiss Economic Sanctions and AML Developments 2022_f

Economic Sanctions and AML Developments

by Corporate Compliance Insights
March 15, 2023

Sanctions start high and stay high 2022 Year in Review Economic Sanctions and AML Developments What’s in this report from...

money laundering concept

It Takes a Village: Preventing FinCrime Means Everybody Needs Skin in the Game

by Samar Pratt
March 15, 2023

Banks bear the brunt of consequences for financial crimes amid a huge increase in anti-money laundering fines in 2022, making...

russia sanctions

Why Russian Sanctions Require Compliance Teams to Take a Fresh Look at KYC Procedures

by Rory Doyle
February 15, 2023

The Russian invasion of Ukraine continues with no signs of a resolution, and along with the protracted conflict, the U.S....

Next Post
man looking through magnifying glass

Is Lasting Change Coming for FX Market Practices?

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT