As technology continues to dazzle consumers with its innovative flair, financial regulatory objectives have remained consistent: create regulations that both protect consumer data and prevent criminals from funding their illegal activities.
The truth of the matter, however, is that modern criminals possess a deep-seeded knowledge of current regulations, and thus are constantly inventing means to bypass the current standard.
This is a significant concern for money services businesses (MSBs), because at their core, MSBs are digitally driven. Moving money digitally is a modern convenience for law-abiding consumers, but it also provides a simple and low-risk way for criminals to move money. This has caused many regulators to question whether current BSA/AML requirements are enough.
To quell these concerns, the New York Department of Financial Services (NYDFS) has taken action to overhaul current BSA/AML regulations by implementing the 504 Rule: “… the Department has become aware of the shortcomings in the transaction monitoring and filtering programs of these institutions and that a lack of robust governance, oversight, and accountability at senior levels of these institutions has contributed to these shortcomings.”
Wait … Isn’t this Only Relevant to New York?
Yes and no. While it is true that, currently, the NYDFS rule pertains only to MSBs within the department’s jurisdiction, it is likely that similar, if not identical, requirements will be adopted by other state—and possibly federal—regulatory agencies. Therefore, it is essential that these policies be monitored and understood in order to quickly and seamlessly implement them should the need arise.
Are MSBs Bound to this Rule?
Yes. Under the 504 Rule, MSBs fall under the classification of “Nonbank Regulated Institutions,” and thus are subject to the same regularity scrutiny as financial institutions. And while BSA/AML concepts are very much at the core of the new issuance, the 504 Rule aims to “beef up” these standards. Here is a rundown of the requirements of the 504 Rule:
Breaking Down the 504 Rule for MSBs
- Risk Assessment: Though not a new component to current BSA requirements, MSBs must perform an annual risk assessment. This risk assessment serves as the foundation for the remaining criteria below.
- Transaction Monitoring Program: MSBs under the regulatory umbrella of the NYDFS must maintain a monitoring program to enhance discovery of BSA/AML violations. This monitoring program must be based on the institution’s risk assessment, and is required to detail various detection scenarios.
- Watch List Filtering Program: MSBs are required to implement a watch list screening program. The program must be designed to prevent the completion of transactions prohibited by OFAC. This can be done manually or by automation.
- Director and Officer Liability: The 504 Rule promises increased liability for directors and senior officers. MSBs within NYDFS jurisdiction will need to submit written consent from these officers, confirming their approval on the company’s compliance standards, beginning April 15, 2018.
- Retention and Validation: MSBs are required to maintain all schedules, records and data supporting the above-mentioned programs. The chief risk officer or appropriate director also is responsible—and personally liable—for signing off on the above-mentioned programs, essentially validating that they are up to par with the 504’s requirements.
Regulations such as the 504 Rule serve as a foreshadowing of others yet to come. MSBs across the country would be wise to take note of these requirements now and prepare themselves for the eventuality of implementing such requirements.
Amber Goodrich, compliance strategist for CSI Regulatory Compliance, has more than 10 years of financial industry experience. She is a Certified Regulatory Compliance Manager (CRCM) and Certified Bank Secrecy Act (BSA) Professional (CBAP).