Practical Steps for Compliance with NYDFS Regulation Part 504

5 Actions to Take Now

With the New York State Department of Financial Services (“DFS”) Part 504 regulation’s first annual compliance certification deadline approaching, financial institutions must ensure compliance as soon as possible. This piece discusses practical steps to benchmark your program against the requirements.

The International Monetary Fund estimates money laundering makes up between 2 and 5 percent of the world’s GDP — a problem the New York State Department of Financial Services (NYDFS) hopes to solve with stricter regulations.

On June 30, 2016, the NYDFS issued its final regulation, Part 504[1], related to the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) transaction monitoring and the Treasury Department’s Office of Foreign Assets Control (OFAC) filtering and screening requirements. The rule defines the essential components of monitoring and filtering programs as required by the NYDFS. While many of the requirements are not considered to be new, regulated institutions may find that additional action is necessary to ensure complete compliance and allow senior management or the board of directors to certify annually.

Whether your institution is ahead of the curve with implementation or still has a long road ahead, below are practical steps to ensure ongoing compliance with the key requirements:

Maintain a reasonably designed transaction monitoring and filtering program.

Practical Steps

• Review your risk assessment to ensure it adequately addresses your institution’s unique risks and circumstances and reflects any changes in laws, regulations or other relevant information.
• Based on the risks identified, review your detection scenarios to ensure the relevant risks are being addressed by your monitoring program and ensure the sanctions risks identified are addressed by your filtering program. Your technology, processes or controls for matching names and accounts must be in line with those risks.
• Conduct and document end‐to‐end and pre‐ and post‐implementation testing of the transaction monitoring and filtering programs, including, as relevant, a review of governance, data mapping, transaction coding, detection scenario logic, model validation, data input and program output.
• Ensure that adequate system documentation is maintained that articulates any assumptions, parameters and thresholds.
• Documentation should also be maintained on the transaction monitoring/filtering investigative processes, as well as processes to review the current system settings, thresholds and parameters on a periodic basis.

Identify sources of data and validate the integrity, accuracy and quality of the data.

Practical Steps

• Conduct and document an analysis to identify all the sources of data and any gaps in monitoring or filtering.
• Conduct a validation of both the transaction monitoring and filtering program. Ensure there are documented processes in place specifying the frequency of validation and the validation criteria. Conducting the validation will allow your institution to identify any weaknesses or areas for improvement and assist with the certification process.

Achieve effective management oversight and establish vendor management processes.

Practical Steps

• Implement or revise policies and procedures to include governance and management oversight and vendor management. This includes periodic updates to the program to ensure that changes are defined, managed, controlled, reported and audited.
• Any updates to the transaction monitoring and filtering programs should be well documented in written form and provided to senior management and the board of directors; this will act as a record of efforts taken by the institution to comply with NYDFS Part 504.

Adopt and submit to the superintendent a board resolution or senior officer(s) compliance finding.

Practical Steps

• Identify the appropriate person to submit the annual certification.
• Determine the process of approving the certification document before submission and retain copies of records and supporting documents for five years.
• In preparation for submission, provide periodic reports to the board of directors of your institution’s progress, and, as always, remember to document.

Maintain proper documentation.

Practical Steps

To the extent that you have identified areas, systems or processes requiring material improvement, updating or redesign, regulated institutions should document the identification and the remedial efforts planned and underway to address such areas, systems or processes. Such documentation must be made available for inspection by the superintendent.

Documentation is critical in complying with DFS Part 504. Implementing a tracking mechanism is an effective tool in demonstrating your institution’s compliance findings and board resolutions. When documenting weaknesses or deficiencies, ensure that you vet them, as they will need to be made available to the superintendent upon request.

The first certification deadline for a new anti-money laundering regulation is fast approaching — New York-based financial institutions are on the clock to get in compliance.

[1] http://www.dfs.ny.gov/legal/regulations/adoptions/dfsp504t.pdf