What Keeps Chief Compliance Officers Awake?

As if there weren’t enough regulations keeping CCOs awake at night, key provisions of Part 504 of the Superintendent’s Regulations slated to go into effect April 1, 2017, would require NYDFS regulated institutions to:

*Maintain a Transaction Monitoring Program to monitor transactions after their execution for potential BSA/AML violations and Suspicious Activity Reporting.
*Implement a Watch List Filtering Program “for the purpose of interdicting transactions, before their execution, that are prohibited by applicable sanctions, including OFAC and other sanctions lists, and internal watch lists, which system may be manual or automated…”
*Create processes to ensure the integrity of Transaction Monitoring and Watch List Filtering programs; and
*Fulfill the Chief Compliance Officer (CCO) Certification requirement. This means that the CCO would need to certify annually by April 15, that their institution is in compliance with the Transaction Monitoring and Watch List Filtering programs’ requirements. This certification would state that the signatory has “reviewed, or caused to be reviewed,” the Transaction Monitoring and Watch List Filtering programs and that, “to the best of their knowledge,” the programs comply with the NYDFS’ regulations. Filing an incorrect or false certification could lead to CCO criminal prosecution, while the financial institution also could face civil penalties for noncompliance.

Lack of resources is not an acceptable excuse for noncompliance with the regulations. No bank or nonbank regulated institution “may make changes or alterations to the Transaction Monitoring and Filtering Program to avoid or minimize filing suspicious activity reports, or because the institution does not have the resources to review the number of alerts…”

Compliance professionals already know the criticality of knowing our customers and beneficial owners and fostering a culture of compliance at all levels…now BSA/AML programs need to be further strengthened to ensure clear communication of the organization’s products and risks and independently validated technology solutions.

This entry was posted in Compliance. Bookmark the permalink.