Locke Lord QuickStudy: Final New York Anti-Money Laundering Regulations Released – Risk of Liability for AML Compliance Expands to Senior Officers and Directors

Locke Lord LLP
July 15, 2016

Last December we alerted our clients of newly proposed anti-money laundering regulations issued by the New York Department of Financial Services (the Department)1. These rules generated nationwide attention (and criticism) due to their expansion of criminal liability for compliance officers and the imposition of numerous new mandates for AML/BSA compliance programs. The Department has now issued revised final rules that do little to address the concerns raised by industry stakeholders. Notwithstanding these revisions, we believe the new regulations subject boards and senior officers of regulated institutions to new risks of regulatory enforcement action and criminal prosecution. 

The initial set of rules required each regulated financial institution to implement and maintain a transaction monitoring program and strengthen existing watch list filtering programs. This proposal was described as a significant departure from current requirements and in some instances, in conflict with federal rules.2  In addition, the proposed rules required the chief compliance officer to certify on an annual basis as to the entity’s actual compliance with the requirements. Any incorrect or false annual certification would be subject to criminal penalties. This certification requirement raised fears that compliance officers would be exposed to criminal liability for actions beyond their control.3  The proposed rules provided no clear standard for defining compliance or measure of culpability with respect to any criminal penalties. 

Perhaps in response to these concerns, the revised rules amended the monitoring program requirements and substituted the annual compliance officer certification with an annual board resolution or senior officer finding regarding the institution’s compliance. Instead of the compliance officer, the board or senior officer must now certify that (i) they have “reviewed documents, reports, certifications and opinions of such officers, employees, representatives, outside vendors and other individuals or entities as necessary” to adopt the required certification, (ii) they have “taken all steps necessary” to confirm their institution has a monitoring program in compliance with the rules, and (iii) to “the best of [their] knowledge,” such program complies with the rules.4  While this finding/resolution modifies and expands upon the initial certification, it should do little to assuage the concerns of regulated financial institutions in New York. The final rules simply shifted the burden imposed by the proposed regulations away from compliance offers and on to boards and senior management. 

Despite removing a reference to criminal penalties and renaming the annual filing, the new regulations still subject directors and senior officers to possible criminal penalties. New York imposes criminal penalties for offering a written instrument for filing with a public office that contains a false statement or false information.5  The annual finding that must be submitted to the Superintendent of the Department may be deemed a filing subject to such criminal law. Furthermore, the revised rule grants the Superintendent the ability to bring enforcement action in connection with the finding to the fullest extent of her authority. 

In many respects, the revised rules have provoked more questions. The most important of which is the scope of the new burden placed on certifying boards and senior management.  Also, the expected level of diligence and investigation that such individuals must undertake is unclear. AML compliance programs are intricate systems relying on the input and performance of multiple employees, vendors and software programs. The certifying directors or officers must attest to the actual compliance of these systems with the granular requirements of the rules. What level of negligence in investigation or knowledge of possible system weaknesses could make a certification actionable remains to be seen. 

Another item that the rules leave open is which person(s) within the organization will be forced to carry the heightened burden. The rule requires each regulated institution to submit a board resolution or a senior officer(s) compliance finding. A “senior officer” under the rules is “the senior individual or individuals responsible for the management, operations, compliance and/or risk of a Regulated Institution.” While responsibilities and titles vary among organizations based on various factors, the rules leave open whether the chief executive officer, chief operations officer, chief compliance officer or other officer must sign the certification absent a board resolution. We expect the Department to provide further clarity on this matter in due course. 

All banks chartered pursuant to New York banking law (Banking Law), all branches and agencies of foreign banking corporations licensed pursuant to Banking Law, as well as nonbank institutions such as check cashers and money transmitters licensed under Banking Law should carefully formulate plans to address the requirements of the new rules. While all of the aforementioned entities are subject to enhanced regulation due to the nature of their activities, AML compliance is subject to particularly strict scrutiny and a frequent target of enforcement actions. Perhaps by design, we believe the groups most vulnerable are smaller players in the nonbank money services business who may lack the means to achieve full compliance with the enhanced monitoring requirements. Regardless of size, we advise all affected companies to evaluate their current anti-money laundering programs in light of the new requirements. We also recommend procedures be set in place to guide those certifying directors/senior officers in making a sufficient investigation into such programs well ahead of the first certification due April 15, 2018.

While some institutions may look to avoid the new rules by leaving the Department’s jurisdiction through various methods including re-chartering in other states, we recommend exercising caution given New York’s broad interpretation of ‘doing business’ in the state. This is particularly true for those businesses heavily relying on a digital presence in multiple jurisdictions outside their corporate domiciles. Furthermore, while no other state has proposed similar regulations, New York’s new rules may inspire regulators in other states to act. 

1Locke Lord QuickStudy: Newly Proposed Anti-Money Laundering Regulations in New York Signal Increasing Personal Criminal Liability for AML/BSA Compliance Officers 
2American Bankers Association letter to the New York State Department of Financial Services dated March 31, 2016.
5Section 175.35 of NY Penal Code