Date: July 11, 2016
On June 30, 2016, the New York banking regulator issued new rules that puts pressure on boards and senior management of financial institutions to make sure they don’t do business with sanctioned entities and other bad actors.
The Rule (Part 504) Banking Division Transaction Monitoring and Filtering Program Requirements and Certifications from the New York Department of Financial Services requires financial institutions operating in the state to issue annual certifications at board level or have a senior officer confirm that internal anti-money laundering, anti-terrorism, and sanctions programs meet certain standards. Financial institutions will also have to make sure their ant-money laundering technology works effectively, and uses up-to-date watch lists issued by US Treasury, so they don’t do business with sanctioned entities and persons.
The rule should catch the attention of AML/sanctions compliance officers and senior management of financial services businesses, well beyond banks. The rule applies to banks, trust companies, private bankers, savings banks, and savings and loan associations, and branches and agencies of foreign banking associations. The rule also applies to the non-bank financial services sector, including check cashers and money transmitters.
The rule, which was issued on June 30, 2016, will be effective January 1, 2017.
Filtering program requirements and annual certifications
The new rule has two important sections:
1. Paragraph 504.3: Transaction Monitoring and Filtering Program Requirements.
Transactions monitoring programs are tools uses by financial services to detect and prevent money laundering and other financial crime. The rule says that these systems must be risk based, calibrated, documented, tested and supported by investigation tools. Similar requirements apply to sanctions filtering programs. For example, the sanctions filtering programs must be subject to an evaluation whether US Treasury’s OFAC sanctions lists and threshold settings map to the risks of the institution, and undergo an ongoing analysis to assess the logic and performance of the technology and tools for matching names and accounts, as well as OFAC sanctions lists. The regulator also expects institutions to have effective ongoing third party oversight programs in place, including of third party vendors the financial institution uses to maintain updates to the OFAC sanctions lists used in the filtering programs
2. Paragraph 504.4: Annual Certifications
Each covered institution is required to submit an annual “certification” to the New York regulator. It must be signed by the board of directors, or equivalent body if there is none, or a send a filing signed by a senior individual responsible for the management, operations, compliance and/or risk. The filing will confirm that they reviewed all relevant documentation; have taken all necessary steps to comply with the requirements of the regulation; and believe, to the best of their knowledge, the systems are operating in accordance with the requirements.
The first board resolution or senior officer filing is due April 15, 2018.
Shortcomings in automated tools triggered the rule
Financial institutions have invested heavily in automated tools to support compliance with the money laundering and sanctions laws. These automated programs filter names of customers against “do not touch” lists, and help detect unusual transactions that may indicate money laundering or terrorist financing. However, the New York regulator believes the new rule is necessary because of shortcomings in transaction monitoring and filtering systems, such as selection or inadequate management of sanctions lists used by the filtering system. Often these shortcomings are the result of lack of robust governance, oversight and accountability at senior levels of financial institutions. An example is the largest sanctions case in history, where the French bank BNP Paribas forfeited nearly $9 billion in 2014 for violating US sanctions.
The new rule only affects financial institutions in the state of New York, but is a strong reminder of the current regulatory environment for sanctions compliance and a growing focus on personal accountability.