Printable versionSend by emailPDF version
March 29, 2017

The New York State Department of Financial Services (NYDFS) issued Regulation 504 which went into effect on January 1, 2017. Regulated institutions are now busy developing their path to compliance, however, due to the prescriptive nature of the regulation; many organizations may find themselves unsure of how to get started.  We are pleased to offer our perspective on how to develop your path to compliance with Regulation Part 504.

Key Provisions

“Each Regulated Institution shall maintain a Transaction Monitoring Program for the purpose of monitoring transactions after their execution for potential BSA/AML violations and Suspicious Activity Reporting, which system may be manual or automated…”

“Each Regulated Institution shall maintain a Watch List Filtering Program for the purpose of interdicting transactions, before their execution, that are prohibited by applicable sanctions, including OFAC and other sanctions lists, politically exposed persons lists, and internal watch lists, which system may be manual or automated…”

“No Regulated Institution may make changes or alterations to the Transaction Monitoring and Filtering Program to avoid or minimize filing suspicious activity reports, or because the institution does not have the resources to review the number of alerts generated by a Program established pursuant to the requirements of this Part, or to otherwise avoid complying with regulatory requirements.”

Department of Financial Services Superintendent’s Regulations Part 504; § 504.3 Transaction Monitoring and Filtering Program Requirements


The Regulation
  • New York State CRR - Title 3 - Chapter 3 - subchapter C - Part 504
What's Old?
  • Regulation 504 is a culmination of guidance presented in the FFIEC manual, consent orders, examination notes and audit findings
  • Components of SR 11-7 / OCC 2011-12 (model risk management and third party vendor risk management) are discussed
  • Generally, the language in Regulation 504 reflects current BSA / AML and Sanctions industry best practices
What's New?
  • Annual certification required by Senior Compliance Officer (“Compliance Finding”) or Board of Directors (“Board Resolution”)
  • NY DFS is connecting the dots for banks by laying out specific guidelines
  • Banks need to constantly be aware and informed of emerging risks
  • Explicit mention to data management and integrity

How to Comply

While we can customize and scale services to specific needs, we undertake Part 504 compliance through a comprehensive perspective of the two primary requirements: effective transaction monitoring and watch list filtering programs. We approach both requirements by evaluating and assisting your team with:

  • Risk assessments (RA) of your institution and business units
  • Reviewing compliance with all current BSA / AML laws, regulations and alerts
  • Mapping BSA / AML risks to your institution’s businesses, products, services, and customers
  • Utilizing BSA / AML detection scenarios that are based on your institution’s RA
  • Implementing technology or tools for matching names and accounts
  • End-to-end, pre-and post-implementation testing
  • Watch list screening that reflects current regulatory requirements
  • Developing easily understandable documentation that articulates your institution’s current detection scenarios
  • Auditing investigative protocols
  • On-going analysis to assess the logic and performance of the technology for matches, watch lists, and threshold settings
  • On-going assessments of the relevancy of the transaction detection scenarios, rules, thresholds, parameters, and assumptions

A&M Solutions To...

Technology
Leveraging proprietary and complex compliance and investigative tools and through statistical data validation and analytics, we perform holistic assessments of transaction monitoring and interdiction systems allowing us to vet the integrity and accuracy of existing technology.
 
Data Management
A&M's data risk and compliance (DRC) team excels in executing end-to-end reconciliations from source, core systems, to AML Transaction Monitoring Systems which includes a unique view at controls, gaps for improvement, and persistent post project operational improvements.
 
Operations
A&M's comprehensive approach to compliance operations enables us to deliver effective solutions for all parts of your AML program, including people, processes, systems, tools, training, industry best practices, and regulations.
 
Documentation
A&M provides a certification package that maps all activities, with supporting documentation that clients can deliver to the regulators upon request.
 
Certification
A&M's Path to Compliance framework creates value for our clients by mitigating regulatory and reputational risk, lowering the cost of compliance, improving efficiency, and leveraging technology to reach your AML program goals.