Proposed NYDFS BSA/AML Rules Add Fines and Jail Time for Noncompliance

As 2015 came to a close, Governor Andrew Cuomo of New York City rattled the cages of financial services executives by holding them accountable for the integrity of their anti-money laundering systems1. This is a serious proposal, ensuring the competence of chief compliance officers’ (CCOs) oversight, accountability and governance with the threat of possible jail time and hefty fines.

Under the proposed rule published by the New York Department of Financial Services (NYDFS), CCOs would be responsible for enforcing key requirements to prevent, detect and deter future money transfers and money laundering tactics. "Money is the fuel that feeds the fire of international terrorism," said Governor Cuomo. "Global terrorist networks simply cannot thrive without moving significant amounts of money throughout the world. At a time of heightened global security concerns, it is especially vital that banks and regulators do everything they can to stop that flow of illicit funds."2

The proposed rules would apply to or impact the entities chartered or licensed under the New York Banking Law, including banks, branches, agencies of foreign banks, trust companies, private bankers, saving banks, saving and loan associations, check cashers and money transmitters.

The proposed requirements have a strict focus on transaction monitoring, watchlist filtering process improvement enhancements and mandatory annual certifications. Transaction monitoring and watchlist filtering should sound very familiar, because both are considered standard components of a BSA/AML program. However, the NYDFS proposes more details and granularity within the program, extending far beyond current rules.

The proposed rules may cause implementation issues for CCOs because of the uncertainty of the meaning of each requirement. I would assume all entities will submit many questions requesting clarification on technical and systematic terms, such as end-to-end pre- and post-implementation testing process, decision-making on how alerts are filed and actioned, BSA/AML risk mappings, investigative protocols, etc. Different entities tend to manage risk differently, meaning each covered entity has its own risk aggregating scoring methodologies and triggers alerts differently than others based on its definition of the severity of risk. For example, the proposed regulation would limit or not permit the covered entities to change or alter the transaction monitoring and filtering programs regarding suspicious activity reporting due to a minimal staff and bandwidth. Should the proposed rules take effect, it will be interesting to see how covered entities implement and comply with the rule’s mandates while also meeting their own governance and working group committees’ requirements

Lastly, CCOs would be required to attest to annual certifications of their entities’ anti-money laundering program. It is important to note that, unlike the transaction monitoring and watchlist procedures, this attestation rule has no equivalent or counterpart in any federal or BSA/AML laws. Instead, the NYDFS modeled the rule on the federal Sarbanes-Oxley Act, referencing the internal controls certifications required by Section 302 of that act.3 This immediately triggers concerns for CCOs, because the rule subjects officers to criminal penalties if they submit incorrect or false information. The rule states that officers must attest to the best of their knowledge that all BSA/AML systems and programs are compliant with the proposed rule, which raises the question of whether officers would be criminally prosecuted if they believed they submitted accurate and true information.

Capco is a thought leader in the area of managing regulatory change, and our teams have a wealth of experience executing on regulatory changes for our clients, from people, process and technology perspectives. Our robust and actionable risk model plays a key role in identifying organizational money laundering and terrorist financing risks throughout multiple lines of businesses, using a qualitative and quantitative risk scoring model. Our analytical model enables our clients to visualize and understand areas of weakness and helps drive remediation strategies as we assist with people, process and technology change. As the proposed rules evolve and are approved, Capco will be ready to help our clients understand, navigate and ultimately comply with their requirements and asks leading up to the implementation date.

In addition, our Data Analytics group built an AML tool, coined Holmes, which performs real-time assessment of the likelihood, scale and impact of the quantitative and qualitative risks. Holmes can assist in quickly and efficiently determining the appropriate level of AML and CTF risks supported by custom data models, enriching existing datasets with up to 300 additional sources of internal and external data, providing intelligent alert routing and management while drastically reducing false-positive rates.