NY DFS Superintendent’s Regulations: Part 504 · accountant at the Suffolk County District ......
Transcript of NY DFS Superintendent’s Regulations: Part 504 · accountant at the Suffolk County District ......
Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
an independently owned and managed member of Baker Tilly International.
BANKING DIVISION TRANSACTION
MONITORING AND FILTERING PROGRAM
REQUIREMENTS AND CERTIFICATIONS
NY DFS Superintendent’s
Regulations: Part 504January 12, 2016
1
Ann Petterson, CFE, CAMS, EASenior ManagerMs. Petterson specializes in forensic accounting and investigative matters relating to
Government investigations, corporate internal investigations, asset tracking and anti-
money laundering compliance projects. Ms. Petterson served as a forensic
accountant at the Suffolk County District Attorney's Office and as a Special Agent
with the Internal Revenue Service’s Criminal Investigation Division in New York City.
As a Special Agent, Ms. Petterson conducted long‐term, high‐profile investigations of
individuals and corporate entities. She investigated allegations of tax evasion and
other tax related criminal offenses, mail and wire fraud, embezzlement, stock
manipulation, money laundering, political corruption and identity theft.
Russell Sommers, CPA, CISASenior ManagerRuss has ten years of experience in the field of public accounting, beginning his
career as a financial statement auditor, then transitioning into the role of a risk
advisor. He provides enterprise risk management, internal audit, process
reengineering, compliance audit, and specialized consulting services to financial
institutions and insurance organizations.
Introductions
2
Dominic Suszek, Founder & CEO Founder & CEO of Global RADARDominic Suszek is the Founder and CEO of Global RADAR, one of the most
respected anti-money laundering and risk management software solutions in the
industry. Global RADAR is the software company responsible for the creation of an
Anti-Money Laundering and Terrorist Financing software solution developed to
provide financial service providers a comprehensive tool to facilitate client
onboarding due diligence, automated risk rating and transaction surveillance.
Introductions
3
Agenda
I. Introduction and refresher
II. Catalyst for NY DFS 504
III. Who’s impacted?
IV. What’s new?
V. Certification (§504.4)
VI. Model Validation
VII. Easily Understandable Documentation
VIII.Program Changes
IX. Samples of documentation
X. Applicability to local branches of foreign institutions4
USA PATRIOT Act:
Bank Secrecy Act & Anti-
Money Laundering
>Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and
Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
> Bank Secrecy Act of 1970 (BSA)
>Money Laundering Control Act of 1986 (AML)
6
!
Four Pillars of an Effective
AML Program
1. Client On-boarding & Know Your
Customer
2. Documentation Management
3. Watch List Screening
4. Transaction Surveillance
7
Key Points
• Policy
• Program
• Officer
• Risk Assessment
• Training
• Transaction Reporting
• List Checking
• Training
• Independent Audit8
Excerpts from one settlement
document:
10
“the Bank (through its head office in Paris; its
subsidiary, …in Paris, London, Singapore, Hong
Kong, and the Gulf (Dubai and Bahrain); and
its subsidiary in Geneva) employed
nontransparent methods to process more
than $32 billion in U.S. dollar payments
through the New York Branch and other banks
with offices in New York, most of which were
on behalf of Sudanese, Iranian, Burmese and
Cuban entities subject to U.S. economic
sanctions, (“Sanctioned Parties”),1 including
entities appearing on the List of Specially
Designated Nationals and Blocked Persons
(the “SDN List”) of the U.S. Treasury
Department’s Office of Foreign Assets Control
(“OFAC”);2 ….
“…In general, instructions were issued to hide clients’ identities on transactions transiting through New York. For example, a Sudanese bank client frequently sent the following request to the Bank’s Subsidiary: “DON’T MENTION SUDAN ON THIS PAYMENT ORDER. PLS SEND DIRECT TO BENEF. BANK. DON’T MENTION BANK NAME ON COVER PAYMENT.”
Who is impacted?
>Bank Regulated Institutions – all banks, trust
companies, private bankers, savings banks, and
savings a loan associations chartered pursuant to
New York Banking Law (“Banking Law”) and all
branches and agencies of foreign banking
corporations licensed pursuant to the Banking Law
to conduct banking operations in New York.
>Nonbank Regulated Institutions – shall mean check
cashers and money transmitters licensed pursuant
to the Banking Law (money service businesses)
12
Why update or add on?
>Since inception of BSA, AML & the
USA PATRIOT Act– Expectations for governance oversight
– Globalization of markets and operations
– Changes and greater complexities in business
– Demands and complexities in laws, rules regulations, and standards
– Expectations for competencies and accountabilities
– Use of, and reliance on, evolving technologies
– Expectations relating to preventing and detecting money-laundering
and…
– Continued failures of institutions to comply with existing regulations.
14
Don’t we do this already?
Yes, but…
NY DFS found shortcomings in the following areas:
• transaction monitoring and filtering programs
• lack of robust governance, oversight, and accountability
at senior levels
• transaction monitoring programs for monitoring
transactions for suspicious activities,
• watch list filtering programs, for “real-time” interdiction or
stopping of transactions on the basis of watch lists,
(OFAC, PEP, other sanction lists, internal lists, etc.)
15
Refresh on Existing
Requirements
>§504.3 Transaction Monitoring & Filtering Program
Requirements
>§504.3a Transaction Monitoring & Suspicious
Activity Reporting (detective)
>§504.3b Watch List Filtering (preventative)
16
New Requirements and
Considerations
>Certification
>Expanded Model Validation
>Concept of Easily Understandable Information
>Mandate that no institution can modify their program
to reduce SAR filings or due to resource constraints
17
§504.4 Annual Certification
19
Certifying Senior Officer must certify annually, using the form accompanying
the Proposed Regulation (Attachment A) that he or she has reviewed the
institutions programs, and that the programs comply with all of the
requirements of the proposed regulation.
The framework outlined in the proposed regulation sets forth minimum
requirements of the program, including compliance with current BSA/AM
regulations laws, the existence of a comprehensive and dynamic risk
assessment.
Due date: April 15 of each year
Certification - Materiality
20
• Although the certification is to be based on the SOX framework, SOX has
a materiality component which is notably missing from this. With the
certification including verbiage ““in material respects.”
• Comment period remains open until January 30, 2016. This may be
addressed there.
• Without a materiality consideration, Senior Certifying Officers would be
certifying absolute compliance, rather than compliance in all material
regards.
Impact of the “Yates Memo”
21
September 2015
Assistant Attorney General authored document that established new
DOJ policy to hold individuals responsible for civil and criminal
misdeeds
Outgrowth of backlash resulting from financial meltdown – many
observers feel that the lack of individual accountability led to
reckless behavior
SS504.5 Penalties/Enforcement Actions “A Certifying Officer who
files an incorrect or false Annual Certification also may be
subject to criminal penalties for such filing”
§504.5 Penalties &
Enforcement Actions
22
Institutional penalties
Under the proposed regulation institutions will be subject to "all applicable
penalties provided for by the Banking Law and the Financial Services
Law for failure to maintain" programs which meet the requirements of the
proposed regulation and for failing to file the certification annually
Individual liability
Certifying Senior Officer “who files an incorrect or false Annual
Certification also may be subject to criminal penalties for such filing."
Question:
23
Would you, today, right now, sign a certification that your institutions AML
programs are comprehensive, effective and meet all existing regulations
without exception?
Practical Considerations:
Strike While the Iron is Hot.
25
Target implementation date: April 2017
Budget cycles between now and implementation: one
Room for improvement:
• Data quality
• Monitoring and governance;
• Transaction monitoring and filtering;
• building the certification infrastructure,
• implementing tools & applications
Practical Considerations:
SOX Based Sub-
Certifications
26
• Through SOX, in order for the CEO & CFO to sign their certifications,
especially in large decentralized organizations, it became important for
Senior Management to certify over there areas to support executive
certification.
• In this venue, these sub-certifications would enable the Certifying
Senior Officer to rely on the work and certification of others to complete
their duties in accordance with NY DFS 504.
Practical Considerations:
Sub-Certifications
27
• Certifying Senior Officer – “Institutions Chief Compliance Officer or
functional equivalent” Annual Certification on prescribed form
Other Parties
• BSA Officer
• Compliance Department Staff
• Back Office Operations Department:
• Deposit Operations Team
• Wires Team
• Information Technology
• Internal Audit
Corporate Governance:
• Executive Team
• Board of Directors
VI. Model Validation
Does the Proposed Regulation Require More IT
Testing than Previous Regulations?
28
Model Validation & IT
Testing
29
Previous Guidance Proposed NY 504
From the FFIEC’s 2014 BSA/AML Exam Manual:
The exam should include:
An assessment of the integrity and accuracy of MIS
used in the BSA/AML compliance program.
Select a judgmental sample that includes transactions
other than those tested by the independent auditor
and determine whether independent testing:
• Is comprehensive, adequate, and timely?
• Has reviewed the accuracy of MIS used in the
BSA/AML compliance program
Program must include:
504.3.(a)5 an end-to-end, pre-and post-
implementation testing of the Transaction
Monitoring Program, including governance, data
mapping, transaction coding, detection scenario
logic, model validation, data input and Program
output, as well as periodic testing;
504.3(b) include an end-to-end, pre- and post-
implementation testing of the Watch List
Filtering Program, including data mapping, an
evaluation of whether the watch lists and
threshold settings map to the risks of the
institution, the logic of matching technology or
tools, model validation, and data input and
Watch List Filtering Program output;
Easily Understandable
Information
31
Questions:
Easy for whom?
Define “easy”?
Documentation – how much is enough?
Practical Considerations:
Have a third party, not involved with the process review the information
and have them verbally summarize it back to you.
Leverage an accepted readability scale
Easily Understandable
Flesch-Kincaid
32
Use a 3rd Party Standard such as Flesch-Kincaid
1970’s – US Navy developed a readability index that has become widely used
Flesch–Kincaid readability index.
Used in Insurance Regulations in some states for forms that go to consumers
Can be accessed via web sites for nominal amounts
Also available through MS Word (see following slides)
One drawback – pictures tell a thousand words and Flesch-Kincaid was
developed at a time when illustrations required a professional illustrator
Easily Understandable:
Flesch-Kincaid
Instructions:
34
MS Word (MS Office 2013)
1.Click the File tab, and then click Options.
2.Click Proofing.
3.Under When correcting spelling and grammar in Word, make
sure the Check grammar with spelling check box is selected.
4.Select Show readability statistics.
See following step by step instructions
Making changes to your
program
40
§504.3(d) No Regulated Institution may make changes or alterations to
the Transaction Monitoring and Filtering Program to avoid or minimize
filing suspicious activity reports, or because the institution does not
have the resources to review the number of alerts generated by a
Program established pursuant to the requirements of this Part, or to
otherwise avoid complying with regulatory requirements.
Changes: Resource
Management
41
Per DFS: Inadequate resources is not a viable excuse for scaling down efforts.
In addition:
§504.3(c) 6 - “Funding to design, implement and maintain a Transaction Monitoring and Filtering Program that complies with the requirements of this Part;”
§504.3(c) 7 – “qualified personnel or outside consultant responsible for the design, planning, implementation, operation, testing, validation, and on-going analysis, of the Transaction Monitoring and Filtering Program, including automated systems if applicable, as well as case management, review and decision making with respect to generated alerts and potential filings.”
§504.3(c) 8 – “periodic training of all stakeholders with respect to the Transaction Monitoring and Filtering Program.”
Changes: In layman’s terms
42
You cannot change you
policy, program or level
of effort to reduce
filing responsibility.
You will dedicate the appropriate financial & human resources to address the needs of your institution ensuring your AML efforts are appropriately funded and staffed with highly skilled and well trained personnel.
45
ABC Bank BSA Reporting Dashboard, <Q4 2015>
Suspicious Activity Reporting
Monetary Instrument Logging
Month # of SAR’s Filed Date Reported
Oct
Nov
Dec
Description Quantity Amount
A: Total Monetary Instrument
Purchases
B: Total Purchases > $5,000
C: CTR’s filed
E: Check figure (=B-C)
Document NameDate
ModifiedApproved by
BSA Policy
BSA Program
2015 Risk Assessment
OFAC Policy
Money Laundering Policy
Wire Transfer Policy
Procedures for Conducting 314
Searches
Procedures for identifying high
risk customers
CTR Exemption List and most
recent Biennial filing
OFAC Scrub log for prior 3
months• N/A
BSA E-filing Status Report for
prior 3 months• N/A
Program Documents
Description Quantity Amount
A: Total Currency Transactions
B: Total Transactions > $10,000
C: CTR’s filed
D: CTR’s Exempted
E: Check figure (=B-C-D)
Currency Transaction Reporting
Description Quantity
New Customers this reporting period
High Risk Customers
Missing Taxpayer Identification Numbers
Non-Resident Aliens
CIP Audits performed
CTR Exempt Customers
New Customers
ABC Bank BSA Reporting Dashboard, <Q4 2015>
314a Information Requests
System Name Version # Last UpdatedDate of last
Model Validation
Global Radar
Tools & Applications Training
Month Number of Requests Number of Reportable Findings
October
November
December
Personnel Date Training Hours
Materials Used
Board of
Directors
Management
Compliance
Staff
All Staff
List NameDate Updated/
ObtainedDate Checked
OFAC Sanctions Matrix
Politically Exposed
Persons
Palestinian Legislative
Council
Foreign Sanctions
Evaders
FINCEN MSB list
List Checking
Other Information
Independent Audit Report Issue February 1, 2015
covering period 1/1/14-12/31/14. No
recommendations noted
46
Financial Action Task Force
on Money Laundering
(“FATF”)
48
• Afghanistan
• Algeria
• Angola
• Bosnia and Herzegovina
• Iraq
• Guyana
Per: http://www.fatf-gafi.org/publications/high-riskandnon-cooperativejurisdictions/documents/fatf-compliance-october-2015.html
• Lao PDR
• Panama
• Papua New Guinea
• Syria
• Uganda
• Yemen
Nations Currently on FATF Action Plans
Questions?
Connect with us:
Ann Petterson, CFE, CAMS, EASenior Manager
+1 212 792 4854
Russell Sommers, CPA, CISASenior Manager
+1 646 776 6214
Dominic SuszekFounder & CEO Global Radar
For more information, visit www.GlobalRADAR.com
Copyright © Global RADAR®
You can now help your organization streamline operations, reduce
costs and enhance compliance through one comprehensive, easy-
to-use cloud-based solution. Global RADAR® provides better data
management and simplified processes for onboarding new clients,
managing existing clients and remediating existing profiles to new
standards.
About Global Radar
About Baker Tilly
51
Baker Tilly Virchow Krause, LLP provides a wide range of accounting, tax,
assurance, and consulting services with more than 2,500 professionals,
including 330 partners. We serve clients nationwide from 29 offices in 12 states
and a net revenue of $475 million.
Upcoming Webinars
FATCA – What You Need to Know
February 16, 2016 11:00 AM (EST)
Register at
http://www.globalradar.com/webinars/
Copyright © Global RADAR®
FATCA -
Join us for a discussion on FATCA and learn what you need to
understand about FATCA (Foreign Accounts Tax Compliance Act) and
what it will take to be fully compliant.
Topics covered:
- FATCA and what it means in practice
- What is a ‘Financial Institution’ for FATCA purposes?
- Registering with the IRS
- Consequences of not registering with the IRS
- Changes that you will need to make in the way you run your practice
- The timetable for FATCA
Copyright © Global RADAR®
FATCA – What You Need to Know
Gabriel Caballero, Holland & Knight
Senior Counsel Gabriel is a senior counsel in Holland & Knight's Miami office
and member of the firm's Financial Services practice group.
He regularly advises clients on issues relating to the Bank
Secrecy Act (BSA), anti-money laundering, Office of Foreign
Assets Control (OFAC), the Foreign Account Tax Compliance Act
(FATCA), financial privacy, consumer protection, virtual/digital
currencies (including Bitcoin), and enforcement actions by
various federal and state regulatory authorities (e.g., the Federal
Reserve, OCC, FDIC, CFPB, OFAC, FINRA, SEC and the
Florida Office of Financial Regulation).
Copyright © Global RADAR®
Disclosure
Pursuant to the rules of professional conduct set forth in Circular 230, as
promulgated by the United States Department of the Treasury, nothing
contained in this communication was intended or written to be used by any
taxpayer for the purpose of avoiding penalties that may be imposed on the
taxpayer by the Internal Revenue Service, and it cannot be used by any
taxpayer for such purpose. No one, without our express prior written
permission, may use or refer to any tax advice in this communication in
promoting, marketing, or recommending a partnership or other entity,
investment plan, or arrangement to any other party.
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
owned and managed member of Baker Tilly International. The information
provided here is of a general nature and is not intended to address specific
circumstances of any individual or entity. In specific circumstances, the
services of a professional should be sought. © 2014 Baker Tilly Virchow
Krause, LLP
55