What a way for the New York Department of Financial Services (NYDFS) to end the year. Since Ben Lawsky’s departure in May 2015, the NYDFS has not lost its stride. Last month, Mr. Lawsky’s former employer proposed a comprehensive AML regulation which at a high level consists of two requirements: (1) Mandate requiring all financial institutions (including money transmitters) to maintain watch-list-filtering and transaction-monitoring programs; and, (2) An annual certification of compliance with NYDFS signed and attested to by the institution’s chief compliance officer.
The first proposed requirement appears to strengthen and formalize current BitLicense mandates to monitor transactions and screen customers against the OFAC SDN, among other government lists. The minimum requirements in the proposed regulation establish an extremely high bar, including policies and procedures governing data validation, complete data flows and data transfers, as well as the vendor selection process.
The second proposed requirement mimics the officer certification section of the Sarbanes-Oxley Act of 2002, which was passed in the wake of the Enron scandal. Under this proposal, chief compliance officers (CCOs) in New York would be required to attest that “to the best of their knowledge,” the institution’s filtering and monitoring programs are in compliance with the requirements of the proposed rule. CCOs who file an incorrect or false annual certification would face criminal liability.
With this proposed regulation, the NYDFS continues its aggressive campaign to be the standard-bearer in AML regulatory compliance. This action may foreshadow the direction of AML requirements outside of the Empire State. FinCEN and other agencies (both state and federal) have floated various enhancements to transaction screening and a similar compliance officer attestation requirement. Time will tell if these agencies and jurisdictions follow the lead of New York.