In the last few years, the New York State Department of Financial Services (NYSDFS) has fined financial institutions billions of dollars for lapses in their terrorist financing, sanctions, and anti-money laundering compliance programs. In recent enforcement actions, the NYSDFS has not only levied fines, but also sought to hold individuals involved in intentional circumvention of these laws accountable by seeking their termination or banning them from working in New York State–licensed entities.

On December 1, 2015, New York Governor Andrew Cuomo and the NYSDFS proposed a new Sarbanes-Oxley type regulation aimed at addressing deficiencies in financial institutions’ anti-terrorism and anti-money laundering compliance programs, and stopping illegal U.S. dollar-denominated transactions from being processed by New York regulated entities. The NYSDFS cited “serious shortcomings in the transaction monitoring and filtering programs” identified during investigations of the institutions it oversees, and the proposed regulation focuses on these compliance systems and the governance around them.

The key facets of the new anti-terrorism and anti-money laundering regulation are not novel, but generally require that regulated financial institutions implement and maintain well-documented, tested, and continuously updated risk-based transaction monitoring and sanctions interdiction programs to catch illegal money laundering and potential terror financing activities. These programs must be tied to the institution’s risk assessment and be designed to effectively manage the risks posed by its customers and counterparties, business lines, services, and products.

Not surprisingly, as it parallels with the NYSDFS’s focus on individual accountability, the regulation is deep in governance requirements, including pre- and post-implementation validation and testing, evidence of the diligence conducted to justify the selection of third parties to support parts of the programs, and competence of individuals responsible for the programs’ components, as well as the overall programs. Finally, governance ultimately manifests itself in the requirement that the institution’s chief compliance officer or “functional equivalent,” like Sarbanes-Oxley, certify to the programs’ functionality and adherence to the regulation.

Members of BRG’s Global Investigations + Strategic Intelligence practice have led monitorships and independent consultancies in connection with NYSDFS settlements, and the global BRG team has decades of experience counseling financial institutions, including banks, money services businesses, casinos, investment banks, private equity firms, and hedge funds on best practices for anti-money laundering and sanctions compliance. We welcome the opportunity to share our insights and practical solutions with you.

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.