New AML Compliance to Require Transaction Monitoring, Filtering Program
The New York Department of Financial Services (NYDFS) will require transaction monitoring and filtering as of January 1, 2017.
New York-regulated financial institutions are starting to re-evaluate their approach to anti-money laundering (AML) compliance to meet the new rule adopted by The New York Department of Financial Services (NYDFS) on June 30, 2016 (taking affect January 1, 2017), which will require transaction monitoring and filtering. While NYDFS rules apply specifically to New York State, many compliance programs operate at the enterprise level, thus requiring those financial institutions to make changes to comply.
One factor to note is how explicit these new rules are; as opposed to federal rules which call for a risk-based assessment, the NYDFS rules call for specific measures of transaction monitoring and filtering. While still including the term “risk-based”, the new requirements leave little room for interpretation.
BANKING DIVISION TRANSACTION MONITORING AND FILTERING PROGRAM REQUIREMENTS
(a) Each Regulated Institution shall maintain a Transaction Monitoring Program reasonably designed for the purpose of monitoring transactions after their execution for potential BSA/AML violations and Suspicious Activity Reporting, which system may be manual or automated, and which shall include the following attributes, to the extent they are applicable:
- end‐to‐end, pre‐and post‐implementation testing of the Transaction Monitoring Program, including, as relevant, a review of governance, data mapping, transaction coding, detection scenario logic, model validation, data input and Program output;
(b) Each Regulated Institution shall maintain a Filtering Program, which may be manual or automated, reasonably designed for the purpose of interdicting transactions that are prohibited by OFAC, and which shall include the following attributes, to the extent applicable:
- end‐to‐end, pre‐ and post‐implementation testing of the Filtering Program, including, as relevant, a review of data matching, an evaluation of whether the OFAC sanctions list and threshold settings map to the risks of the institution, the logic of matching technology or tools, model validation, and data input and Program output;
(c) Each Transaction Monitoring and Filtering Program shall require the following, to the extent applicable:
- identification of all data sources that contain relevant data;
- validation of the integrity, accuracy and quality of data to ensure that accurate and complete data flows through the Transaction Monitoring and Filtering Program;
- data extraction and loading processes to ensure a complete and accurate transfer of data from its source to automated monitoring and filtering systems, if automated systems are used;
- governance and management oversight, including policies and procedures governing changes to the Transaction Monitoring and Filtering Program to ensure that changes are defined, managed, controlled, reported, and audited;
- vendor selection process if a third party vendor is used to acquire, install, implement, or test the Transaction Monitoring and Filtering Program or any aspect of it;
These AML compliance requirements intend to fix shortcomings in the oversight, accountability and governance of potential violations and suspicious activity. As these rules require that the board, or senior officials, to sign off the monitoring and filtering, those responsible for compliance need to ensure the model, technology, processes, testing and governance are in place.
Stiff Penalties for Violating AML Laws
The State of New York is getting especially vigilant when it comes to AML compliance. Recently, the NYDFS fined Mega Bank USD $180 million for violating New York’s AML laws and regulations.
“DFS will not tolerate the flagrant disregard of anti-money laundering laws and will take decisive and tough action against any institution that fails to have compliance programs in place to prevent illicit transactions,” stated Maria Vullo, Superintendent Financial Services at NYDFS.
These new AML requirements, along with stricter standards being pursued by FinCEN regarding beneficial ownership, require compliance departments to re-examine their procedures. Are there gaps in their current processes? Are all their processes properly documented and up-to-date? Is the training, support and funding in place to ensure compliance on an ongoing basis?
A bigger question might be, do institutions even change their venue, as opposed to staying under NYDFS jurisdiction? However, one can speculate that these rules are a forbearer of what is to come in federal, or other jurisdictions. Changing venues is a stop-gap measure that will push the issue down the road, not solve it.
Effective GRC Strategy
The most effective way to consider transaction monitoring and filtering is not as a burden, but rather as an effective governance, risk and compliance (GRC) strategy. Transaction monitoring and filtering is a tool to reduce fraud, mitigate risk and improve operational control. All the NYDFS requirements are, in fact, financial institution best practices: robust corporate governance, clear management oversight, effective employee training, proper internal controls, ongoing monitoring, accurate reporting, and substantial customer due diligence. The payoffs in ethical operation improvements and bottom-line performance gains more than justify the concentrated efforts that full implementation requires.
AML regulations differ from country to country and may differ, in a global bank’s implementation, even for the same individual. An AML solution that is flexible, comprehensive, and provides user control over rules and thresholds, is crucial. The bank needs the ability to apply the most appropriate rules and adjust settings to avoid, or at least reduce, annoying false positives.
Is your financial institution (FI) set when it comes to operating a successful AML watchlist? Is your watchlist screening efficient, comprehensive, cost-effective and reliable? According to the Financial Crime Survey 2016 done by Operational Risk magazine and BAE systems there is an “increasing development and focus of sanctions regimes introduced by governments around the world to target organized crime and stem the funding of terrorism.”