white puzzle piece completing regulatory compliance puzzle

5 Actions to Take Now

With the New York State Department of Financial Services (“DFS”) Part 504 regulation’s first annual compliance certification deadline approaching, financial institutions must ensure compliance as soon as possible. This piece discusses practical steps to benchmark your program against the requirements.

The International Monetary Fund estimates money laundering makes up between 2 and 5 percent of the world’s GDP — a problem the New York State Department of Financial Services (NYDFS) hopes to solve with stricter regulations.

On June 30, 2016, the NYDFS issued its final regulation, Part 504[1], related to the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) transaction monitoring and the Treasury Department’s Office of Foreign Assets Control (OFAC) filtering and screening requirements. The rule defines the essential components of monitoring and filtering programs as required by the NYDFS. While many of the requirements are not considered to be new, regulated institutions may find that additional action is necessary to ensure complete compliance and allow senior management or the board of directors to certify annually.

Whether your institution is ahead of the curve with implementation or still has a long road ahead, below are practical steps to ensure ongoing compliance with the key requirements:

Maintain a reasonably designed transaction monitoring and filtering program.

Practical Steps

  • Review your risk assessment to ensure it adequately addresses your institution’s unique risks and circumstances and reflects any changes in laws, regulations or other relevant information.
  • Based on the risks identified, review your detection scenarios to ensure the relevant risks are being addressed by your monitoring program and ensure the sanctions risks identified are addressed by your filtering program. Your technology, processes or controls for matching names and accounts must be in line with those risks.
  • Conduct and document end‐to‐end and pre‐ and post‐implementation testing of the transaction monitoring and filtering programs, including, as relevant, a review of governance, data mapping, transaction coding, detection scenario logic, model validation, data input and program output.
  • Ensure that adequate system documentation is maintained that articulates any assumptions, parameters and thresholds.
  • Documentation should also be maintained on the transaction monitoring/filtering investigative processes, as well as processes to review the current system settings, thresholds and parameters on a periodic basis.

Identify sources of data and validate the integrity, accuracy and quality of the data.

Practical Steps

  • Conduct and document an analysis to identify all the sources of data and any gaps in monitoring or filtering.
  • Conduct a validation of both the transaction monitoring and filtering program. Ensure there are documented processes in place specifying the frequency of validation and the validation criteria. Conducting the validation will allow your institution to identify any weaknesses or areas for improvement and assist with the certification process.

Achieve effective management oversight and establish vendor management processes.

Practical Steps

  • Implement or revise policies and procedures to include governance and management oversight and vendor management. This includes periodic updates to the program to ensure that changes are defined, managed, controlled, reported and audited.
  • Any updates to the transaction monitoring and filtering programs should be well documented in written form and provided to senior management and the board of directors; this will act as a record of efforts taken by the institution to comply with NYDFS Part 504.

Adopt and submit to the superintendent a board resolution or senior officer(s) compliance finding.

Practical Steps

  • Identify the appropriate person to submit the annual certification.
  • Determine the process of approving the certification document before submission and retain copies of records and supporting documents for five years.
  • In preparation for submission, provide periodic reports to the board of directors of your institution’s progress, and, as always, remember to document.

Maintain proper documentation.

Practical Steps

To the extent that you have identified areas, systems or processes requiring material improvement, updating or redesign, regulated institutions should document the identification and the remedial efforts planned and underway to address such areas, systems or processes. Such documentation must be made available for inspection by the superintendent.

Documentation is critical in complying with DFS Part 504. Implementing a tracking mechanism is an effective tool in demonstrating your institution’s compliance findings and board resolutions. When documenting weaknesses or deficiencies, ensure that you vet them, as they will need to be made available to the superintendent upon request.

The first certification deadline for a new anti-money laundering regulation is fast approaching — New York-based financial institutions are on the clock to get in compliance.

[1] http://www.dfs.ny.gov/legal/regulations/adoptions/dfsp504t.pdf


Adil Raza

Adil Raza is an Acting Director in BDO’s Risk and Regulatory Advisory practice. Mr. Raza has over seven years of experience delivering anti-money laundering and sanctions compliance services. He has extensive experience in various components of AML Compliance Programs, including Know Your Customer (KYC), Client Due Diligence (CDD), Enhanced Due Diligence (EDD), Transaction Monitoring, Suspicious Activity Reporting and AML Training.

Mr. Raza has a strong focus on working with/for banks, broker dealers and other non- bank financial institutions such a money service businesses, payment services providers, pre-paid card service providers and casinos that offer a multitude of products and services, including retail and business banking, US dollar clearing, capital markets and trade finance. Mr. Raza has also worked with numerous corporate entities in developing and enhancing their AML and OFAC compliance program. Mr. Raza has a particularly strong knowledge of AML Compliance requirements for correspondent banking activities and has helped develop and enhance AML Programs, policies and procedures to address regulatory enforcement actions in this space.

Mr. Raza has experience assessing and validating BSA/AML systems (such as Mantas, Actimize, Prime, Verafin, Bankers Toolbox and FCRM) used for transaction monitoring and OFAC filtering, to ensuring such systems capture the necessary and appropriate data in order to detect, prevent and report suspicious activities or activities with person(s) on government sanction lists. Mr. Raza has also worked on numerous alert clearing and look engagements where he managed large teams of alert review analysts.

Prior to joining BDO, Mr. Raza served as the Head of the US Financial Intelligence Unit  for the Bank of Nova Scotia (Scotiabank). Mr. Raza oversaw the transaction monitoring and suspicious activity reporting program for the US operations of the bank which includes US dollar clearing, trade finance, capital markets and precious metals trading. Mr. Raza also served as the Head of the US Financial Intelligence Unit for the Royal Bank of Scotland prior to joining Scotiabank where he oversaw the transaction monitoring program for correspondent banking and capital markets related activity.

Related Post

Got Compliance News?

We do!  Sign up for CCI’s free weekly eBlast to get GRC news, views, jobs & events delivered to your inbox once a week.  Cancel anytime.

Click to Subscribe.