December 7, 2015
(Updated January 5, 2016)
On December 1, 2015, New York Governor Andrew M. Cuomo announced that the New York State Department of Financial Services ("DFS") had proposed a new anti-money laundering ("AML") and anti-terrorist financing rule applicable to DFS-regulated institutions, to be set forth in Part 504 of the DFS Superintendent’s Regulations. The proposed rule was published in the New York State Register on December 16, 2015. As proposed, the rule would continue an aggressive enforcement strategy initiated by former DFS Superintendent Benjamin Lawsky. Under Superintendent Lawsky, financial institutions, mostly non-U.S. banks with New York-regulated branches, were threatened with the loss of their New York banking licenses. Since 2011, DFS has imposed nearly $8.5 billion in penalties on financial institutions.
Under the proposed rule, DFS-regulated institutions would be required to maintain a transaction monitoring program to detect potential violations of the Bank Secrecy Act ("BSA") and other AML laws and to identify and report suspicious activity. In addition, regulated institutions would be required to maintain a watch list filtering program to identify and interdict transactions prohibited by applicable sanctions and terrorist financing rules, including those promulgated by the U.S. Department of the Treasury’s Office of Foreign Assets Control ("OFAC"), politically exposed person ("PEP") lists, and other internal watch lists.
The proposed rule would require an annual certification by the Chief Compliance Officer, or functional equivalent, of covered institutions. This certification would state that, to the best of the officer’s knowledge, the institution’s "Transaction Monitoring and Filtering Program complies with all the requirements" of the rule. The proposed rule states that an "incorrect or false" certification could lead to criminal penalties for the officers making the certification, citing Section 672 of the New York Banking Law. As discussed in the commentary below, the proposed certification is the most controversial aspect of the proposal.
Former Superintendent Lawsky previewed the proposed rule in a February 2015 speech, when he suggested that DFS was considering measures to improve monitoring and filtering systems and hold more financial industry executives responsible for compliance failures. Superintendent Lawsky described state bank supervisors as important counterparts to federal financial regulators, suggesting that state governments could "serve as incubators for new approaches to vexing policy problems," which could subsequently be adopted by other states or the federal government. In this regard, he pointed to New York’s efforts to "move towards individual accountability" in the resolution of settlements with financial institutions, an approach that also has been taken by federal regulators and enforcement agencies.
The proposed rule would apply broadly to "Regulated Institutions," including banks, trust companies, Article IV private bankers, savings banks, savings and loan associations, money transmitters, check cashers, and non-U.S. bank branch and agency offices, in each case chartered or licensed under the New York Banking Law. The intended purpose of the proposed rule, including its specific requirements for transaction monitoring and watch list filter programs, is to address serious shortcomings revealed during recent investigations.
Comments must be received by February 1, 2016.
Transaction Monitoring Program
The proposed rule would require regulated institutions to maintain a transaction monitoring program for potential violations of BSA/AML laws and suspicious activity reporting, which should at a minimum:
Most components of the rule proposed by DFS are consistent with U.S. federal regulatory requirements and guidance as well as industry best practices. Nevertheless, certain DFS requirements would present challenges, particularly with respect to model validation, where the regulators’ expectations are not necessarily clear or well understood by the industry. Some requirements subject to certification may present additional challenges or may not be reasonable for smaller banking institutions and foreign bank operations, money transmitters, and check cashers; one may contrast the certification proposal with the certification requirement under the Volcker Rule, which applies only to sizeable institutions.
Watch List Filtering Program
Under the proposed DFS rule, regulated institutions must also maintain a watch list filtering program for the purpose of interdicting transactions, before their execution, that are prohibited by applicable sanctions, including those administered by OFAC. The proposal would go further by requiring that the programs identify and interdict transactions with PEPs and persons on internal watch lists. The requirement to interdict all PEPs presents additional compliance challenges for regulated institutions given the significant volume of individuals who may fall in this category and may not be reasonable for smaller financial institutions.
This system may be manual or automated, and must:
The proposed rule would require each transaction monitoring and filtering program to include the following attributes:
No regulated institution may make changes or alterations to the transaction monitoring and filtering program to avoid or minimize filing suspicious activity reports, or because the institution does not have the resources to review the number of alerts, or otherwise avoid complying with regulatory requirements.
Under the proposed rule, each subject institution would be required to submit to the DFS by April 15th of each year a certification duly executed by its chief compliance officer or functional equivalent that, to the best of his or her knowledge, the institution’s transaction monitoring and filtering program complied with all the requirements of the regulation. This certification requirement is reminiscent of those under the Sarbanes-Oxley Act and the Volcker Rule. Unlike the Volcker Rule, however, the proposed DFS certification goes to actual compliance with the regulation’s requirements, not the existence of a program that is "reasonably designed" to achieve compliance. The "reasonably designed" formulation in the final Volcker regulations responded to industry concerns about the collateral effects of requiring certification that compliance had actually been achieved, given the breadth of the Volcker Rule’s requirements – a breadth that is certainly analogous to New York’s proposal.
In addition, DFS states that "false or incorrect" certifications could lead to criminal penalties. Although the proposed rule is silent on the state of mind necessary for such criminal penalties, Section 672 of the Banking Law, which is cited as legal authority for aspects of the proposed rule, and which imposes criminal penalties for the making of false entries in bank books, requires an intent to deceive. Presumably, the DFS would see itself acting within the authority of Section 672 and therefore imposing a state of mind requirement, but that is not clear on the face of the proposal.
If the overall objective of the proposed DFS rule is for regulated institutions to develop and implement effective risk-based measures that are reasonably designed to detect and prevent money laundering and terrorist financing, the certification component could prove to be counterproductive. As many recent high-profile BSA/AML/OFAC enforcement actions demonstrate, compliance officers do not operate in a vacuum and do not have unfettered control over the resources (personnel and technology) that support the institution’s program or the customer risk assumed by the business.
Instead of helping compliance officers do a better job, the certification requirement proposed by DFS could drive many dedicated and competent compliance professionals away from New York financial institutions or to non-compliance positions. In the current regulatory environment, the rewards are small for compliance officers in comparison to the pressures and risks. Tension is already running very high among compliance professionals in the wake of the assessment of a civil money penalty by the Financial Crimes Enforcement Network against the former compliance officer of MoneyGram, the FINRA penalties assessed against BSA/AML officers of securities broker-dealers, and the September 2015 memorandum issued by Deputy Attorney General Sally Yates regarding individual accountability in cases of corporate wrongdoing.
 New York Register, Department of Financial Services, Proposed Rule Making, Regulating Transaction Monitoring and Filtering Systems Maintained by Banks, Check Cashers and Money Transmitters, I.D. No. DFS-50-15-00004-P (Dec. 16, 2015), at 9.
 Press Release, Governor Cuomo Announces Anti-Terrorism Regulation Requiring Senior Financial Executives To Certify Effectiveness of Anti-Money Laundering Systems, New York Department of Financial Services (Dec. 1, 2015), available at http://www.dfs.ny.gov/about/press/pr1512011.htm; New York Department of Financial Services Superintendent’s Regulations, Banking Division Transaction Monitoring and Filtering Program Requirements and Certifications (Dec. 1, 2015), available at: http://www.dfs.ny.gov/legal/regulations/proposed/rp504t.pdf.
 Superintendent Benjamin M. Lawsky’s Remarks at Columbia Law School, Financial Federalism: The Catalytic Role of State Regulators in a Post-Financial Crisis World (Feb. 25, 2015), available at http://www.dfs.ny.gov/about/speeches/sp150225.htm.
 DFS has for some time placed significance on individual responsibility, including its June 2014 settlement with the French bank BNP Paribas, which required the bank’s Chief Operating Officer, Senior Advisor and Head of Compliance, and Head of Ethics and Compliance for North America, among others, to step down.
Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, or the authors:
Amy G. Rudnick – Washington, D.C. (+1 202-955-8210, firstname.lastname@example.org)
Judith A. Lee – Washington, D.C. (+1 202-887-3591, email@example.com)
Arthur S. Long – New York (+1 212-351-2426, firstname.lastname@example.org)
Linda Noonan - Washington, D.C. (+1 202 887 3595, email@example.com)
Adam M. Smith – Washington, D.C. (+1 202-887-3547, firstname.lastname@example.org)
David A. Wolber – Washington, D.C. (+1 202-887-3727, email@example.com)
Stephanie L. Connor – Washington, D.C. (+1 202-955-8586, firstname.lastname@example.org)
© 2015 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.