New York’s 504: BSA/AML Requirements You May Want to Start Wearing

If you’re a fashion fanatic and you want to get a jump on what will be hot next season, you’d probably want to look to the current fashion trends in New York. After all, New York, New York is known as one of the fashion capitals of the world. Now, if you’re in charge of BSA/AML compliance at your financial institution, your regulators will not be amused if you’re behind on anti-money laundering efforts, even if your compliance team looks ready to walk the runway. They’ll expect you to make sure that your institution is dressed in the latest and greatest practices, procedures, and equipment to detect and monitor suspicious activity. To do a good job of that, it’s helpful to know what’s on the horizon for anti-money laundering efforts.

Like future fashion trends, the future of financial regulation can often be seen in recent regulatory changes from New York, as well as certain states like California. Oftentimes, regulatory updates from these states set a precedent for federal regulations (think UDAAP and the Servicemembers Civil Relief Act).

Last year, New York State regulators released a final anti-terrorism and anti-money laundering regulation that requires institutions to maintain programs to monitor and filter transactions for potential Bank Secrecy Act (BSA) and anti-money laundering (AML) violations and prevent transactions with sanctioned entities. The regulation went into effect earlier this year and those changes will certainly be watched by many groups including, no doubt, federal regulators. For BSA, while you may not be subject to the specific New York changes, it makes a lot of sense to evaluate yourself against these heightened standards. Let’s get into the specifics.

Transaction Monitoring Program

Regulated institutions are required to implement and maintain a transaction monitoring program that looks at transactions for potential BSA/AML reporting. This program needs to have the following eight core attributes:

  1. It must be based on the institution’s risk assessment
  2. It must be periodically reviewed and updated to reflect changes in BSA/AML laws and regulations
  3. It must appropriately match BSA/AML risks to the institution’s products and services. These attributes clearly emphasize the need for a tailored BSA/AML risk assessment geared to your institution’s specific risk factors. The days of cookie cutter risk assessments are coming to an end.
  4. It needs BSA/AML detection scenarios with threshold values
  5. It needs end-to-end, pre- and post-implementation testing
  6. It should include thorough documentation
  7. It must include processes and protocols showing how alerts will be handled
  8. It must be subject to an on-going analysis

Now, perhaps more than ever, testing and having independent validation of your AML system is critical to meeting the technical aspect, but also the performance monitoring aspects, which provide the foundational support for those systems.

Watch List Filtering Program

Along with the transaction monitoring program, the regulation requires institutions to implement and maintain a watch list filtering program that intercepts transactions prohibited by OFAC. This program needs to have the following five core attributes, many of which match those covered under BSA/AML:

  1. It must meet the institution’s risk assessment level
  2. It needs to be based on technology, processes or tools for matching names and accounts
  3. It needs end‐to‐end, pre‐ and post‐implementation testing
  4. It must be subject to on‐going analysis to assess the logic and performance of the technology or tools for matching names and accounts
  5. It should include documentation that articulates the intent and design of the Filtering Program tools, processes or technology.

While independent AML System validation has been emphasized over the past five years, expect similar rising pressures on OFAC systems.

Additionally, each program will require periodic validation, management policies, and regular training for personnel associated with BSA/AML and OFAC programs.

Of course, there is no guarantee that these rules from New York will be adopted on a federal level. However, the principles promoted are logical and you can expect that regulators will put a premium on BSA/AML compliance program strength to ensure financial institutions stay focused on detecting and reporting potential financial crimes being attempted through their organizations. Reviewing your key risk assessments, promoting a strong validation effort and ensuring sound understanding throughout your organization will go a long way toward making sure your institution’s BSA/AML program is dressed for success, regardless of where your financial institution is located.