Baker Tilly refers to Baker Tilly Virchow Krause, LLP,

an independently owned and managed member of Baker Tilly International.

BANKING DIVISION TRANSACTION

MONITORING AND FILTERING PROGRAM

REQUIREMENTS AND CERTIFICATIONS

NY DFS Superintendent’s

Regulations: Part 504January 12, 2016

1

Ann Petterson, CFE, CAMS, EASenior ManagerMs. Petterson specializes in forensic accounting and investigative matters relating to

Government investigations, corporate internal investigations, asset tracking and anti-

money laundering compliance projects. Ms. Petterson served as a forensic

accountant at the Suffolk County District Attorney's Office and as a Special Agent

with the Internal Revenue Service’s Criminal Investigation Division in New York City.

As a Special Agent, Ms. Petterson conducted long‐term, high‐profile investigations of

individuals and corporate entities. She investigated allegations of tax evasion and

other tax related criminal offenses, mail and wire fraud, embezzlement, stock

manipulation, money laundering, political corruption and identity theft.

Russell Sommers, CPA, CISASenior ManagerRuss has ten years of experience in the field of public accounting, beginning his

career as a financial statement auditor, then transitioning into the role of a risk

advisor. He provides enterprise risk management, internal audit, process

reengineering, compliance audit, and specialized consulting services to financial

institutions and insurance organizations.

Introductions

2

Dominic Suszek, Founder & CEO Founder & CEO of Global RADARDominic Suszek is the Founder and CEO of Global RADAR, one of the most

respected anti-money laundering and risk management software solutions in the

industry. Global RADAR is the software company responsible for the creation of an

Anti-Money Laundering and Terrorist Financing software solution developed to

provide financial service providers a comprehensive tool to facilitate client

onboarding due diligence, automated risk rating and transaction surveillance.

Introductions

3

Agenda

I. Introduction and refresher

II. Catalyst for NY DFS 504

III. Who’s impacted?

IV. What’s new?

V. Certification (§504.4)

VI. Model Validation

VII. Easily Understandable Documentation

VIII.Program Changes

IX. Samples of documentation

X. Applicability to local branches of foreign institutions4

I. Introduction and refresher

5

USA PATRIOT Act:

Bank Secrecy Act & Anti-

Money Laundering

>Uniting and Strengthening America by Providing

Appropriate Tools Required to Intercept and

Obstruct Terrorism Act of 2001 (USA PATRIOT Act)

> Bank Secrecy Act of 1970 (BSA)

>Money Laundering Control Act of 1986 (AML)

6

!

Four Pillars of an Effective

AML Program

1. Client On-boarding & Know Your

Customer

2. Documentation Management

3. Watch List Screening

4. Transaction Surveillance

7

Key Points

• Policy

• Program

• Officer

• Risk Assessment

• Training

• Transaction Reporting

• List Checking

• Training

• Independent Audit8

II. Catalyst for NY DFS 504

Excerpts from one settlement

document:

10

“the Bank (through its head office in Paris; its

subsidiary, …in Paris, London, Singapore, Hong

Kong, and the Gulf (Dubai and Bahrain); and

its subsidiary in Geneva) employed

nontransparent methods to process more

than $32 billion in U.S. dollar payments

through the New York Branch and other banks

with offices in New York, most of which were

on behalf of Sudanese, Iranian, Burmese and

Cuban entities subject to U.S. economic

sanctions, (“Sanctioned Parties”),1 including

entities appearing on the List of Specially

Designated Nationals and Blocked Persons

(the “SDN List”) of the U.S. Treasury

Department’s Office of Foreign Assets Control

(“OFAC”);2 ….

“…In general, instructions were issued to hide clients’ identities on transactions transiting through New York. For example, a Sudanese bank client frequently sent the following request to the Bank’s Subsidiary: “DON’T MENTION SUDAN ON THIS PAYMENT ORDER. PLS SEND DIRECT TO BENEF. BANK. DON’T MENTION BANK NAME ON COVER PAYMENT.”

III. Who’s Impacted?

11

Who is impacted?

>Bank Regulated Institutions – all banks, trust

companies, private bankers, savings banks, and

savings a loan associations chartered pursuant to

New York Banking Law (“Banking Law”) and all

branches and agencies of foreign banking

corporations licensed pursuant to the Banking Law

to conduct banking operations in New York.

>Nonbank Regulated Institutions – shall mean check

cashers and money transmitters licensed pursuant

to the Banking Law (money service businesses)

12

IV. What’s New?

13

Why update or add on?

>Since inception of BSA, AML & the

USA PATRIOT Act– Expectations for governance oversight

– Globalization of markets and operations

– Changes and greater complexities in business

– Demands and complexities in laws, rules regulations, and standards

– Expectations for competencies and accountabilities

– Use of, and reliance on, evolving technologies

– Expectations relating to preventing and detecting money-laundering

and…

– Continued failures of institutions to comply with existing regulations.

14

Don’t we do this already?

Yes, but…

NY DFS found shortcomings in the following areas:

• transaction monitoring and filtering programs

• lack of robust governance, oversight, and accountability

at senior levels

• transaction monitoring programs for monitoring

transactions for suspicious activities,

• watch list filtering programs, for “real-time” interdiction or

stopping of transactions on the basis of watch lists,

(OFAC, PEP, other sanction lists, internal lists, etc.)

15

Refresh on Existing

Requirements

>§504.3 Transaction Monitoring & Filtering Program

Requirements

>§504.3a Transaction Monitoring & Suspicious

Activity Reporting (detective)

>§504.3b Watch List Filtering (preventative)

16

New Requirements and

Considerations

>Certification

>Expanded Model Validation

>Concept of Easily Understandable Information

>Mandate that no institution can modify their program

to reduce SAR filings or due to resource constraints

17

V. Certification (§504.4)

18

§504.4 Annual Certification

19

Certifying Senior Officer must certify annually, using the form accompanying

the Proposed Regulation (Attachment A) that he or she has reviewed the

institutions programs, and that the programs comply with all of the

requirements of the proposed regulation.

The framework outlined in the proposed regulation sets forth minimum

requirements of the program, including compliance with current BSA/AM

regulations laws, the existence of a comprehensive and dynamic risk

assessment.

Due date: April 15 of each year

Certification - Materiality

20

• Although the certification is to be based on the SOX framework, SOX has

a materiality component which is notably missing from this. With the

certification including verbiage ““in material respects.”

• Comment period remains open until January 30, 2016. This may be

addressed there.

• Without a materiality consideration, Senior Certifying Officers would be

certifying absolute compliance, rather than compliance in all material

regards.

Impact of the “Yates Memo”

21

September 2015

Assistant Attorney General authored document that established new

DOJ policy to hold individuals responsible for civil and criminal

misdeeds

Outgrowth of backlash resulting from financial meltdown – many

observers feel that the lack of individual accountability led to

reckless behavior

SS504.5 Penalties/Enforcement Actions “A Certifying Officer who

files an incorrect or false Annual Certification also may be

subject to criminal penalties for such filing”

§504.5 Penalties &

Enforcement Actions

22

Institutional penalties

Under the proposed regulation institutions will be subject to "all applicable

penalties provided for by the Banking Law and the Financial Services

Law for failure to maintain" programs which meet the requirements of the

proposed regulation and for failing to file the certification annually

Individual liability

Certifying Senior Officer “who files an incorrect or false Annual

Certification also may be subject to criminal penalties for such filing."

Question:

23

Would you, today, right now, sign a certification that your institutions AML

programs are comprehensive, effective and meet all existing regulations

without exception?

Certification

24

Practical Considerations:

Strike While the Iron is Hot.

25

Target implementation date: April 2017

Budget cycles between now and implementation: one

Room for improvement:

• Data quality

• Monitoring and governance;

• Transaction monitoring and filtering;

• building the certification infrastructure,

• implementing tools & applications

Practical Considerations:

SOX Based Sub-

Certifications

26

• Through SOX, in order for the CEO & CFO to sign their certifications,

especially in large decentralized organizations, it became important for

Senior Management to certify over there areas to support executive

certification.

• In this venue, these sub-certifications would enable the Certifying

Senior Officer to rely on the work and certification of others to complete

their duties in accordance with NY DFS 504.

Practical Considerations:

Sub-Certifications

27

• Certifying Senior Officer – “Institutions Chief Compliance Officer or

functional equivalent” Annual Certification on prescribed form

Other Parties

• BSA Officer

• Compliance Department Staff

• Back Office Operations Department:

• Deposit Operations Team

• Wires Team

• Information Technology

• Internal Audit

Corporate Governance:

• Executive Team

• Board of Directors

VI. Model Validation

Does the Proposed Regulation Require More IT

Testing than Previous Regulations?

28

Model Validation & IT

Testing

29

Previous Guidance Proposed NY 504

From the FFIEC’s 2014 BSA/AML Exam Manual:

The exam should include:

An assessment of the integrity and accuracy of MIS

used in the BSA/AML compliance program.

Select a judgmental sample that includes transactions

other than those tested by the independent auditor

and determine whether independent testing:

• Is comprehensive, adequate, and timely?

• Has reviewed the accuracy of MIS used in the

BSA/AML compliance program

Program must include:

504.3.(a)5 an end-to-end, pre-and post-

implementation testing of the Transaction

Monitoring Program, including governance, data

mapping, transaction coding, detection scenario

logic, model validation, data input and Program

output, as well as periodic testing;

504.3(b) include an end-to-end, pre- and post-

implementation testing of the Watch List

Filtering Program, including data mapping, an

evaluation of whether the watch lists and

threshold settings map to the risks of the

institution, the logic of matching technology or

tools, model validation, and data input and

Watch List Filtering Program output;

VII. Easily Understandable Documentation

30

Easily Understandable

Information

31

Questions:

Easy for whom?

Define “easy”?

Documentation – how much is enough?

Practical Considerations:

Have a third party, not involved with the process review the information

and have them verbally summarize it back to you.

Leverage an accepted readability scale

Easily Understandable

Flesch-Kincaid

32

Use a 3rd Party Standard such as Flesch-Kincaid

1970’s – US Navy developed a readability index that has become widely used

Flesch–Kincaid readability index.

Used in Insurance Regulations in some states for forms that go to consumers

Can be accessed via web sites for nominal amounts

Also available through MS Word (see following slides)

One drawback – pictures tell a thousand words and Flesch-Kincaid was

developed at a time when illustrations required a professional illustrator

Easily Understandable

Flesch-Kincaid

33

Easily Understandable:

Flesch-Kincaid

Instructions:

34

MS Word (MS Office 2013)

1.Click the File tab, and then click Options.

2.Click Proofing.

3.Under When correcting spelling and grammar in Word, make

sure the Check grammar with spelling check box is selected.

4.Select Show readability statistics.

See following step by step instructions

Easily Understandable:

Flesch-Kincaid

35

Easily Understandable:

Flesch-Kincaid

36

Easily Understandable:

Flesch-Kincaid

37

Easily Understandable:

Flesch-Kincaid

38

VIII. Program Changes

39

Making changes to your

program

40

§504.3(d) No Regulated Institution may make changes or alterations to

the Transaction Monitoring and Filtering Program to avoid or minimize

filing suspicious activity reports, or because the institution does not

have the resources to review the number of alerts generated by a

Program established pursuant to the requirements of this Part, or to

otherwise avoid complying with regulatory requirements.

Changes: Resource

Management

41

Per DFS: Inadequate resources is not a viable excuse for scaling down efforts.

In addition:

§504.3(c) 6 - “Funding to design, implement and maintain a Transaction Monitoring and Filtering Program that complies with the requirements of this Part;”

§504.3(c) 7 – “qualified personnel or outside consultant responsible for the design, planning, implementation, operation, testing, validation, and on-going analysis, of the Transaction Monitoring and Filtering Program, including automated systems if applicable, as well as case management, review and decision making with respect to generated alerts and potential filings.”

§504.3(c) 8 – “periodic training of all stakeholders with respect to the Transaction Monitoring and Filtering Program.”

Changes: In layman’s terms

42

You cannot change you

policy, program or level

of effort to reduce

filing responsibility.

You will dedicate the appropriate financial & human resources to address the needs of your institution ensuring your AML efforts are appropriately funded and staffed with highly skilled and well trained personnel.

IX. Samples of documentation

43

Dashboard Reporting

44

45

ABC Bank BSA Reporting Dashboard, <Q4 2015>

Suspicious Activity Reporting

Monetary Instrument Logging

Month # of SAR’s Filed Date Reported

Oct

Nov

Dec

Description Quantity Amount

A: Total Monetary Instrument

Purchases

B: Total Purchases > $5,000

C: CTR’s filed

E: Check figure (=B-C)

Document NameDate

ModifiedApproved by

BSA Policy

BSA Program

2015 Risk Assessment

OFAC Policy

Money Laundering Policy

Wire Transfer Policy

Procedures for Conducting 314

Searches

Procedures for identifying high

risk customers

CTR Exemption List and most

recent Biennial filing

OFAC Scrub log for prior 3

months• N/A

BSA E-filing Status Report for

prior 3 months• N/A

Program Documents

Description Quantity Amount

A: Total Currency Transactions

B: Total Transactions > $10,000

C: CTR’s filed

D: CTR’s Exempted

E: Check figure (=B-C-D)

Currency Transaction Reporting

Description Quantity

New Customers this reporting period

High Risk Customers

Missing Taxpayer Identification Numbers

Non-Resident Aliens

CIP Audits performed

CTR Exempt Customers

New Customers

ABC Bank BSA Reporting Dashboard, <Q4 2015>

314a Information Requests

System Name Version # Last UpdatedDate of last

Model Validation

Global Radar

Tools & Applications Training

Month Number of Requests Number of Reportable Findings

October

November

December

Personnel Date Training Hours

Materials Used

Board of

Directors

Management

Compliance

Staff

All Staff

List NameDate Updated/

ObtainedDate Checked

OFAC Sanctions Matrix

Politically Exposed

Persons

Palestinian Legislative

Council

Foreign Sanctions

Evaders

FINCEN MSB list

List Checking

Other Information

Independent Audit Report Issue February 1, 2015

covering period 1/1/14-12/31/14. No

recommendations noted

46

X. Applicability to local branches

of foreign institutions

47

Financial Action Task Force

on Money Laundering

(“FATF”)

48

• Afghanistan

• Algeria

• Angola

• Bosnia and Herzegovina

• Iraq

• Guyana

Per: http://www.fatf-gafi.org/publications/high-riskandnon-cooperativejurisdictions/documents/fatf-compliance-october-2015.html

• Lao PDR

• Panama

• Papua New Guinea

• Syria

• Uganda

• Yemen

Nations Currently on FATF Action Plans

Questions?

Connect with us:

Ann Petterson, CFE, CAMS, EASenior Manager

ann.petterson@bakertilly.com

+1 212 792 4854

Russell Sommers, CPA, CISASenior Manager

russell.sommers@bakertilly.com

+1 646 776 6214

Dominic SuszekFounder & CEO Global Radar

info@globalradar.com49

For more information, visit www.GlobalRADAR.com

Copyright © Global RADAR®

You can now help your organization streamline operations, reduce

costs and enhance compliance through one comprehensive, easy-

to-use cloud-based solution. Global RADAR® provides better data

management and simplified processes for onboarding new clients,

managing existing clients and remediating existing profiles to new

standards.

About Global Radar

About Baker Tilly

51

Baker Tilly Virchow Krause, LLP provides a wide range of accounting, tax,

assurance, and consulting services with more than 2,500 professionals,

including 330 partners. We serve clients nationwide from 29 offices in 12 states

and a net revenue of $475 million.

Upcoming Webinars

FATCA – What You Need to Know

February 16, 2016 11:00 AM (EST)

Register at

http://www.globalradar.com/webinars/

Copyright © Global RADAR®

FATCA -

Join us for a discussion on FATCA and learn what you need to

understand about FATCA (Foreign Accounts Tax Compliance Act) and

what it will take to be fully compliant.

Topics covered:

- FATCA and what it means in practice

- What is a ‘Financial Institution’ for FATCA purposes?

- Registering with the IRS

- Consequences of not registering with the IRS

- Changes that you will need to make in the way you run your practice

- The timetable for FATCA

Copyright © Global RADAR®

FATCA – What You Need to Know

Gabriel Caballero, Holland & Knight

Senior Counsel Gabriel is a senior counsel in Holland & Knight's Miami office

and member of the firm's Financial Services practice group.

He regularly advises clients on issues relating to the Bank

Secrecy Act (BSA), anti-money laundering, Office of Foreign

Assets Control (OFAC), the Foreign Account Tax Compliance Act

(FATCA), financial privacy, consumer protection, virtual/digital

currencies (including Bitcoin), and enforcement actions by

various federal and state regulatory authorities (e.g., the Federal

Reserve, OCC, FDIC, CFPB, OFAC, FINRA, SEC and the

Florida Office of Financial Regulation).

Copyright © Global RADAR®

Disclosure

Pursuant to the rules of professional conduct set forth in Circular 230, as

promulgated by the United States Department of the Treasury, nothing

contained in this communication was intended or written to be used by any

taxpayer for the purpose of avoiding penalties that may be imposed on the

taxpayer by the Internal Revenue Service, and it cannot be used by any

taxpayer for such purpose. No one, without our express prior written

permission, may use or refer to any tax advice in this communication in

promoting, marketing, or recommending a partnership or other entity,

investment plan, or arrangement to any other party.

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

owned and managed member of Baker Tilly International. The information

provided here is of a general nature and is not intended to address specific

circumstances of any individual or entity. In specific circumstances, the

services of a professional should be sought. © 2014 Baker Tilly Virchow

Krause, LLP

55