In an effort to stop terrorism financing at its source, the New York Department of Financial Services proposed new requirements for economic sanctions and anti-money laundering programs maintained by financial firms.
The proposed rule arises from the state’s own crackdown on violations of the federal Anti-Money Laundering and Office of Foreign Asset Control (OFAC) regulations.
Compliance with OFAC regulations and transaction monitoring are important requirements for financial institutions. Although New York’s proposed rule purports to clarify these federal requirements, it appears to place tougher standards on financial institutions.
Moreover, it places criminal liability on the chief compliance officers of New York financial firms, who would be required to vouch for the program’s compliance with the rule and attest to the veracity of its certification.
Under OFAC regulations, individuals and companies are prohibited from doing business with sanctioned geographies and restricted persons appearing on government watchlists that compromise U.S. national security or foreign policy interests. Violations of the regulations can result in criminal and civil penalties; for these reasons, banks must monitor transactions for suspicious activity and watchlist matches.
Often, during the course of watchlist screening, false positives occur when fairly common names trigger “hits” against the lists, even where there is no link between a customer and the sanctioned entity.
When this occurs, OFAC allows banks to take risk-based measures to reduce the likelihood of false positives, recognizing it is not reasonably possible to prevent every illicit transaction. Thus, the depth and frequency of typical watchlist screening is based on risk factors.
Conversely, New York’s proposed rule requires financial institutions to maintain a watchlist-screening program to find and prevent unlawful transactions before their execution. And it specifically states that the screening technology must be “adequate” to capture prohibited transactions.
This undermines risk-based approaches permitted under federal rules, making businesses responsible for new screening techniques that may or may not be “adequate” under the rule, depending on how that term is ultimately defined.
The annual certification by chief compliance officers is burdensome as well.
This would be the first time a firm would seemingly be required to interdict each illicit transaction in real-time, as opposed to taking a risk-based, batch-screening approach permitted under federal regulations. The chief compliance officer would have to certify the program’s ability to meet this standard. This, together with new criminal liability under the New York rule, places chief compliance officers in the hot seat.
The new rule could also require review of a larger volume of false hits, creating a backlog.
Given the wider universe of false hits that would come under the purview of the compliance department, quality control may become more challenging. Since compliance departments rely heavily on third-party screening technology and analysts, chief compliance officer certification over attenuated chains-of-command may prove difficult. The individual liability enforcement climate further exacerbates this concern.
Public comments are due by March 31, and the proposed rule is available here (pdf).
Laura Martino is the General Counsel of a legal and consulting services organization. Previously, Laura served as the global compliance officer at CPA Global, where she helped design FCPA compliance programs and advised on global sanctions matters. She can be contacted here.