BSA/AML compliance certification, NY 504, finalized

Authored by: Russ Sommers

New York Department of Financial Services (DFS) finalized Superintendent’s Rule Part 504 last week. The proposed regulation received a great deal of attention because it would have required Chief Compliance Officers (CCOs) to personally certify that his/her organization was in compliance with the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) laws.

While some of the harsh wording was removed resulting in less “in your face” wording in the final regulation, the basic requirements remain the same. Senior leadership needs to be very comfortable with the organization’s BSA/AML program, and must pro-actively certify over its’ effectiveness every year.

The final version has some significant changes from the draft:

  1. The CCO certification requirement was dropped. Instead, regulated institutions can have either the Board of Directors or a “Senior Officer” sign the certification. A Senior Officer is defined as an individual with responsibility for the management, operations, compliance and/or risk of a regulated institution.
  2. The certification document included as “Attachment A” was changed to increase clarity over what the Board or Senior Officer is certifying; they have reviewed, confirmed, and are comfortable that the BSA/AML program is in compliance.
  3. The effective date was changed from “immediate” to Jan. 1, 2017, providing regulated entities with approximately six months for readiness.
  4. The documentation “easily understandable…” requirement was dropped. While detailed documentation is clearly still required, presumably the understandability requirement was too ambiguous.
  5. The requirement for “…periodic testing” of the transaction monitoring and filtering program in 504.3.(a)5 was dropped.

One other thing to keep in mind, this rule does not supersede any other regulations or requirements thereof, such as annual risk assessment, annual independent audit, annual model validation, maintenance of appropriate internal controls, and timeliness of required reporting. DFS Superintendent’s Rule Part 504 sets forth these requirements in addition to existing regulations.

For more information on regulatory compliance, or to learn how Baker Tilly's financial services specialists can help, contact our team.