You are here

Client Alert: Overview of the New York State Department of Financial Services’ Transaction Monitoring and Watch List Filtering Programs

(New York Codes, Rules and Regulations Title 3 Section 504) 

Taking effect January 1, 2017, the New York State Department of Financial Services will require two new programs as a result of investigations into compliance of regulated institutions. These new programs will apply to those institutions that have applicable Bank Secrecy Act (BSA) and Anti- Money Laundering (AML) regulations. According to the New York State Department of Financial Services Superintendent Maria T. Vullo, the goal of this new regulation “is to close the compliance gaps in the financial regulatory framework, to shut down money laundering attempts and operations, and eliminate any potential channels that have the potential to be exploited by global terrorist networks and other criminal enterprises”.

This Regulation consists of a Transaction Monitoring Program and a Watch List Filtering Program. The Transaction Monitoring Program will be able to detect and flag suspicious transactions and alert institutions to further investigate these findings. The Watch List Filtering program will further identify the suspicious activity and compare the transactions to specific sanction lists such as, the politically exposed persons lists, Office of Foreign Assets Control (OFAC) lists, and internal watch lists.

As part of the Regulation, the relevant regulated institutions are required to review their Transaction-Monitoring and Filtering Programs annually to ensure that they are reasonably designed to comply with the risk-based safeguards. As of April 15, 2018, The New York State Department of Financial Services will require an annual certification made by the Board of Directors or a Senior Officer(s) to further verify that these programs have been put in place and adhere to the guidelines set forth below. The time gap between when the new regulation takes effect (January 1, 2017) and the annual certification begins (April 15, 2018), allows institutions to implement them for over a year before a certification of effectiveness is required.

What is a Relevant “Regulated Institution”?

The Regulation categorizes institutions into three categories. The first category is “Bank Regulated Institutions”, which refers to all New York state-chartered banks, trust companies, private bankers, and savings/loan associations, as well as all branches and agencies of foreign banking corporations licensed to conduct banking in New York. The second category is “Nonbank Regulated Institutions”, referring to all check cashers and money transmitters’ license pursuant to the Banking Law. The third category, “Regulated Institutions”, denotes both Bank Regulated Institutions and Nonbank Regulated Institutions.

What are the Transaction Monitoring Program Requirements?

Specifically, each institution shall maintain a practically designed Transaction Monitoring Program to review transactions for any potential BSA/AML violations and Suspicious Activity Reporting. The Transaction Monitoring Program will be based on the institution’s risk assessment and other relevant information. The institution must review its Transaction Monitoring Program and periodically update the Program at risk-based intervals to analyze and reflect any changes applicable to the BSA/AML laws, regulations and any regulatory warnings, as well as any other information that is determined by the institution to be relevant to its related programs and initiatives. Additionally, the institution must continue to evaluate and validate its Transaction Monitoring Program to assess the continued relevancy of the detection scenarios, the underlying rules, threshold values, parameters and assumptions.

The Program may be either manual or automated. At the minimum, the Transaction Monitoring Program shall contain the following elements, to the extent that they are applicable to the institution:

  1. An appropriate way to match BSA/AML risks to the institution’s business, products, services, customers/counterparties;
  2. Contain BSA/AML detection scenarios with threshold values and amounts designed to detect potential money laundering or other suspicious or illegal activities;
  3. Contain end-to-end, pre- and post- implementation testing of the Transaction Monitoring Program, including as deemed relevant, a review of governance, data mapping, transaction coding, detection scenario logic, model validation, data input and program output;
  4. Create and maintain documentation that articulates and evidences the institution’s current detection scenarios and the underlying assumption, parameters and thresholds;
  5. Create and maintain protocols setting forth how alerts generated by the Transaction Monitoring Program will be investigated; including describing the process for deciding which alerts will result in a filing or other action; the operating areas and individuals responsible for making such a decision; and how the investigative and decision process will be documented.

What are the Watch List Filtering Program Requirements?

Each relevant regulated institution shall maintain a practically designed Watch List Filtering Program, based on the risk assessment of the specific institution, for the purpose of blocking transactions that are prohibited by federal economic and trade sanctions. The Watch List Filtering Program uses technology and other relevant processes and/or tools for matching names and accounts, in each case based on the institution’s particular risks, transaction and product profiles. Additionally, each institution’s  Watch List Filtering Program will be subject to on-going analysis, in order to assess the logic and performance of the technology and/or tools for matching names and accounts, as well as the OFAC sanctions list and the threshold settings to see if they continue to map to the risks of the institution effectively.

The Program may be either manual or automated. At the minimum, the Watch List Filtering Program shall contain the following elements, to the extent that they are applicable to the institution:

  1. Contain end-to-end, pre- and post-implementation testing of the Filtering Program, including, as relevant, a review of data matching, an evaluation of whether the OFAC sanctions list and threshold settings map to the risks of the institution, the logic of matching technology or tools, model validation, and data input and program output;
  2. Create and maintain documentation that articulates the intent and design of the Filtering Program tools, processes or technology.

How Does the New York Department of Financial Services Validate the Performance of each Program?

In addition to each Program’s specific requirements, both the Transaction Monitoring and the Watch List Filtering Program shall contain the following, to the extent that they are applicable to the institution:

  1. Identification of all data sources utilized by the Programs that contain relevant information;
  2. A process of validation of the integrity, accuracy and quality of data to ensure that accurate and complete data flows through the Programs;
  3. Data extraction and loading processes to ensure a complete and accurate transfer of data from its source to automated monitoring and filtering systems, if automated systems are used;
  4. Governance and management oversight, including policies and procedures governing changes to the Programs to ensure that changes are defined, managed, controlled, reported and audited;
  5. Funding to design, implement and maintain a Transaction Monitoring and Filtering Program that complies with the requirements of the regulation;
  6. Utilization of qualified personnel or outside consultant responsible for the design, planning, implementation, operation, testing, validation and on-going analysis  of the Transaction Monitoring and Filtering Program, including automated systems if applicable, as well as case management, review and decision making with respect to generated alerts and potential filings; and
  7. Periodic training with respect to the Transaction Monitoring and Filtering Program.
  8. If a third party vendor is used to acquire, install, implement or test the Transaction Monitoring and Filtering Program or any aspect of them; documentation and analysis of the vendor selection process.

How does the New York State Department of Financial Services Ensure Compliance with the Regulation?

To ensure compliance with all of the above requirements, the New York State Department of Financial Services mandates that each regulated institution shall adopt and submit to the Superintendent an annual certification of compliance with the Transaction Monitoring Program and the Watch List Filtering Program, by April 15th of each year starting in 2018. The annual certification may be either a Board Resolution by the Board of Directors or a document prepared by a Senior Officer(s) certifying the institution’s compliance.

The mandatory annual certification must include resolution or findings that contain documents, reports, certifications and opinions by officers and other relevant parties that have been reviewed by the Board of Directors or a Senior Official to certify that compliance of this regulation has been met. An additional requirement states that institutions must maintain supporting data for the certification, for review by the Department of Financial Services, for five years. Additionally, each institution must maintain for examination by the Department of Financial Services all records, schedules, and data supporting adoption of the board resolution or senior officer compliance finding for a period of five years.

View the NYDFS Annual Board Resolution or Senior Officer(s) Compliance Finding for BSA/AML and OFAC Transaction Monitoring and Filtering Program form here.

View the full regulation, including the above requirements, here.

For more information about this topic, please contact Stephen King, JD, AMLP, Director of Regulatory Compliance Services, at 617-428-5448 or sking@wolfandco.com.