No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Validating AML Models Under the NYDFS Part 504 AML Requirement

by Todd Pleune
March 7, 2018
in Compliance, Featured
NYDFS key on keyboard

Enhancements Needed to Address Deficiencies

April is fast approaching, and with it comes the deadline for certification with the New York State Department of Financial Services (NYDFS) Part 504 rule. The requirements pose considerable challenges for financial institutions, and any regulated institution that fails to detect or report suspicious money laundering transactions may be found to be deficient and in violation of the NYDFS Part 504 Rule. Todd Pleune, Managing Director at Protiviti details what you need to know to become compliant.

With the first deadline to certify annual compliance rapidly approaching on April 15, 2018, regulated entities are working hard to comply with the New York State Department of Financial Services (NYDFS) Part 504 rule.  This rule is a risk-based anti-terrorism and anti-money laundering regulation that requires regulated institutions to maintain effective programs to monitor transactions for potential Bank Secrecy Act (BSA) and anti-money laundering (AML) violations and filter transactions to prevent sanctions violations. Regulated entities include most financial services businesses operating in New York state, such as banks, trust companies and other lenders, branches and agencies of foreign banking corporations, check cashers and money transmitters.  The final rule was issued on June 30, 2016 and became effective on January 1, 2017, but work is still ongoing to enhance programs and processes and submit compliance findings by April 15, 2018.

Activities in progress as the deadline approaches include updating systems and processes, fine-tuning existing rules and conducting reviews and testing by independent model validation and internal audit.  While the deadline is imminent, the Rule allows regulated institutions to document the identification of areas that require material improvement, updating or redesign and the planned remediation efforts underway.  Many of these efforts are currently in progress.

Regulated institutions are required to assess the reasonableness, effectiveness and relevancy of the controls for transaction monitoring and sanction filtering models and programs. They are also required to submit documentation that articulates, among other things, current detection scenarios, name-filtering technology, underlying model assumptions, limitations, parameters, thresholds and processes.  While these systems have been in place for the past several years, enhancements to both systems and documentation are still ongoing to satisfy these requirements.

The NYDFS Part 504 requirements pose considerable challenges for financial institutions.  Any regulated institution that fails to detect or report suspicious money laundering transactions may be found to be deficient and in violation of the NYDFS Part 504 Rule.  The rule exposes boards of directors and senior officers in regulated institutions to a heightened risk of personal liability.

Rationale for the Rule

When the rule was announced, NYDFS Superintendent Maria Vullo stated, “It is time to close the compliance gaps in our financial regulatory framework to shut down money laundering operations and eliminate potential channels that can be exploited by global terrorist networks and other criminal enterprises.”   NYDFS was concerned that different types of financial institutions had various levels of compliance with existing federal regulations with respect to monitoring transactions for suspicious activities and real-time interdiction of transactions on the basis of watch lists, including Office of Foreign Assets Control (OFAC) or other sanctions lists, politically exposed person (PEP) lists and other watch lists.

To address these deficiencies, the NYDFS adopted requirements for transaction monitoring and filtering models, as well as a requirement for a certifying senior officer of a regulated institution to file an annual certification attesting to compliance with the standards described in the NYDFS Superintendent’s Regulations Part 504.  While the rule does not include criminal penalties, it is this annual certification that can expose boards of directors and senior officers in regulated institutions to a heightened risk of personal liability.

Several activities must be undertaken by regulated entities for their anti-money laundering models and processes to comply with the requirements of NYDFS Part 504 and for them to file their certification attestations with confidence.  While the particular activities are enumerated in the rule, below we discuss current enhancements being made to AML programs and model validation activities needed to provide sufficient assurance for the certification process.

Transaction Monitoring and Filtering Program Enhancements

Currently many financial institutions are enhancing their AML programs to address deficiencies identified by conducting NYDFS Part 504 gap analyses, independent assessments, federal supervisory reviews, internal audits and model validations.  Enhancements underway at several entities known to this author are to shore up gaps in data quality, documentation and system effectiveness, as well as to transition manual processes to those that are more automated.  As these enhancements are made, each entity is paying close attention to NYDFS Part 504 requirements and the compliance deadline.

AML programs and models must be based on the institution’s own risk assessments and be appropriately aligned with its risk profile.  Programs must have sufficient controls performed at appropriate intervals to address changes to the institution’s risk exposures, as well as changes in regulatory requirements and expectations.  Under the new requirements, financial institutions are required to perform end-to-end testing of their risk-based AML models. This testing can be conducted as part of a rigorous independent model validation program.

Model Validation

Banks have been subject to model validation requirements since at least 2000 and have been applying these standards to a broader set of models for the past several years. Check cashing and money services businesses, however, may need more support to ensure their models are validated. Validation requirements include replicating outputs and testing the AML system via a sophisticated process. Each institution must develop policies and procedures to govern these processes and work with experienced model validators to confirm the sufficiency of their systems and controls.

Testing of the AML scenario rules and name-matching logic validation tests should be undertaken.  Testing must ensure appropriate controls for model data accuracy, integrity and completeness.  Firms must perform ongoing analysis and testing of the AML models to assess the scenario logic, performance, model technology, assumptions and model parameter settings.

To meet the requirements with respect to model performance, regulated institutions should consider the following potential issues:

  • Lack of comprehensive AML model data assessment procedure and controls to maintain model effectiveness
  • Lack of effective end-to-end model data quality control tools
  • Inadequate independent validation procedures
  • Lack of a quantitative approach and/or the tools for AML model performance testing
  • Improper AML model use, such as for setting thresholds
  • Inadequate model risk assessments
  • Insufficient model controls that are disproportionate to inherent risk levels

When considering a provider to validate AML models, it is important to use tools that accelerate review and testing of transaction monitoring, sanction screening and other anti-money laundering models, including rule replication and threshold setting validation.  When AML models undergo independent model validation, certifying senior officers can be confident in the annual submission attesting that the institution’s models are complete, effective and sustainable.


Tags: AMLBank Secrecy Act (BSA)Office of Foreign Assets Control (OFAC)
Previous Post

10 Ways Social Media Impacts Your Risk Profile

Next Post

TRACE: How Companies Get Caught

Todd Pleune

Todd Pleune

Todd Pleune is a Managing Director in the Model Risk practice of Protiviti’s Data Management and Advanced Analytics Solution.  He focuses on risk modeling and model validation for credit, market, operational, credit and conduct risk.  Recently, Todd has applied his technical skills in these areas to model development, validation and internal audit engagements for stress testing and anti-money laundering models.  Todd has a Ph.D. in corrosion modeling from the Massachusetts Institute of Technology, where he minored in Finance at the Sloan School of Management and in Nuclear Physics including stochastic modeling.

Related Posts

Phaxis 100 dollars

AML & KYC: Addressing Key Challenges for 2023 and Beyond

by Alex Roberto
March 16, 2023

(Sponsored) In today’s world, financial criminals are often a step ahead of regulators and financial institutions who struggle to effectively...

Paul Weiss Economic Sanctions and AML Developments 2022_f

Economic Sanctions and AML Developments

by Corporate Compliance Insights
March 15, 2023

Sanctions start high and stay high 2022 Year in Review Economic Sanctions and AML Developments What’s in this report from...

money laundering concept

It Takes a Village: Preventing FinCrime Means Everybody Needs Skin in the Game

by Samar Pratt
March 15, 2023

Banks bear the brunt of consequences for financial crimes amid a huge increase in anti-money laundering fines in 2022, making...

russia sanctions

Why Russian Sanctions Require Compliance Teams to Take a Fresh Look at KYC Procedures

by Rory Doyle
February 15, 2023

The Russian invasion of Ukraine continues with no signs of a resolution, and along with the protracted conflict, the U.S....

Next Post
crime tape in an office space

TRACE: How Companies Get Caught

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT