Maria Vullo, Superintendent of the Department of Financial Services. (Photo: Rick Kopstein)
State regulators have imposed new requirements on banks operating in New York that they say are needed to ensure the institutions are adequately monitoring transactions for possible money laundering.
The state Department of Financial Services (DFS) said its investigations and enforcement activities indicate that gaps exist in the monitoring and filtering capabilities banks use to prevent activities linked to terrorism and crime.
State Financial Services Superintendent Maria Vullo said the new regulation, which went into effect on Jan. 1, requires that banks monitor for illegal transactions under state statutes and a host of federal laws and guidelines, including the Bank Secrecy Act (BSA) and federal anti-money laundering laws (AML), and requirements of the U.S. Department of the Treasury's Office of Foreign Assets Control. A department spokesman said New York is the only state to have such regulation.
The rule was proposed in December 2015. The DFS said the new requirements apply to all banks, trust companies, private bankers, savings banks, and savings and loan associations chartered by the state as well as branches and agencies of foreign banking corporations licensed to operate in New York.
"The department identified shortcomings in the transaction monitoring and filtering programs of these institutions attributable to a lack of robust governance, oversight and accountability at senior levels," the financial services department said in a statement justifying the adoption of the new regulation.
"Based on not only this experience, but also its regular examinations for safety and soundness, along with other factors, the department has reason to believe that financial institutions have shortcomings in their transaction monitoring and filtering programs," the regulation states.
The new state regulation requires institutions to maintain a Transaction Monitoring Program designed to detect possible violations of the BSA or the AML, or "suspicious activity reporting" defined under federal law as indicating the presence of suspicious or illegal activities.
It also requires the Transaction Monitoring Program be based on risk assessments of potential violations developed by banks, and be in full compliance with the pertinent federal laws and regulations. The program must be updated periodically.
"This regulation does not mandate the use of any particular technology, only that the system or technology used must be reasonably designed to identify prohibited transactions," the rule states.
It also mandates that banks submit a formal statement of compliance with the rules from their governing boards or chief executives each year effective April 15, 2018.
Vullo cited several enforcement actions that justified the new rules, including the $185 million fine levied by the department against Mega Bank of Taiwan in August 2016 for violating anti-money laundering laws; $215 million in fines levied against the Agricultural Bank of China in November; and a $235 million fine imposed on Intesa Sanpaolo S.p.A. in December.
Matthew Schwartz, a partner specializing in government compliance at Boies, Schiller & Flexner, said making bank executives personally attest to the "adequacy and robustness" of their institution's money-laundering monitoring systems will catch the attention of the regulated banks and should enhance compliance with the Bank Secrecy Act and other federal laws. But he said in an interview Jan. 6 that it "remains to be seen" whether all the banks regulated by the DFS have the resources to comply with the new requirement.
In comments filed last year at the department after it proposed the new regulations, the New York Bankers Association interpreted the rules as overbroad and questioned whether they are necessary in light of the "comprehensive" federal security standards in this area.
In a statement released Jan. 6, the Bankers Association said the DFS addressed many of its concerns when issuing the final regulations.
"The banking industry supports a strong protocol to protect the financial system from fraud and abuse," the bankers' group said in a statement.
The financial services department said its anti-money laundering and terrorism detection rule is complementary to the cybersecurity rules it is has enacted for banks and insurance companies to better protect consumers' and institutions' confidential digital information (NYLJ, Dec. 28).