United States

Potential criminal liability for Chief Compliance Officers included in proposed NY AML regulations

Under proposed regulations issued by the New York State Department of Financial Services (“NY DFS”), state-chartered banking organizations, state-licensed branches and agencies of foreign banks, and state licensed check cashers and money transmitters, would be required to maintain “robust” transaction monitoring and filtering systems designed to better enable these financial institutions to comply with relevant federal and state anti-money laundering (“AML”) and federal economic sanctions regulations. Chief Compliance Officers would need to certify annually the financial institution’s compliance with the regulations. The comment period ends February 1, 2016, with anticipated compliance to begin April 1, 2017.

According to the NY DFS, new Part 504 of the Banking Regulations was proposed after a series of investigations into AML and sanctions compliance revealed “shortcomings” in their transaction monitoring and watch list filtering systems and a lack of “robust governance, oversight and accountability at senior levels of these institutions.”

There are three primary components to the proposed regulations:

Transaction Monitoring System: The proposal sets out the minimum requirements for a system to monitor transactions after their execution for potential AML violations, based on the institution’s “Risk Assessment” that takes into account the specific characteristic of, among other things, the institution’s businesses, products, customers, and locations.
Watch List Filtering Program: The proposal also sets out the minimum requirements for a system that will interdict transactions before their execution that are prohibited by applicable economic sanctions and internal and external watch lists; this system too is to be based on the institution’s Risk Assessment.
Chief Compliance Officer Certification: By April 15th of each year, the institution’s Chief Compliance Officer or functional equivalent must certify to the best of the certifier’s knowledge that the institution is in compliance with these regulations.

This last component likely will be the most controversial. The term used in the proposal is “Certifying Senior Officer” which is defined as the institution’s Chief Compliance Officer (or functional equivalent) rather than, for example, its chief executive officer. In the commentary accompanying the proposal as published in the New York State Register, the NY DFS notes that the proposal provides a “more granular framework” to follow in ensuring compliance and that the certification requirement was to cause “proactive” compliance by the institutions.

The proposed regulations state that a Chief Compliance Officer that files an “incorrect or false” certification may be subject to personal criminal liability. One can anticipate comments being submitted requesting more specificity on the scope of that potential personal criminal liability.