Insight

New York: Leading the fight against crime

Written by Simone Jones on Friday September 22, 2017

New York has been capturing the imagination and the attention of the world for well over 100 years. It’s a city like no other; its intoxicating pull is felt by both residents and non-residents alike.

It has also long been a source of inspiration for those looking to fight crime: in the Superhero world, Marvel’s Spiderman, The Avengers and The Defenders all call New York home. Some people believe that Metropolis and Gotham, home to Superman and Batman, are also based on New York.

Today, New York continues to be a source of inspiration for those looking to fight crime, and not just those looking to wear a cape. The New York Department of Financial Services (NYDFS), created in 2011 by the merger of New York State Banking Department and New York State Insurance Department, has been making waves in recent times by releasing a raft of new anti money laundering rules, many of which have no equivalent in federal law or regulation.

Here we take a look at five key areas where the NYDFS is leading the fight against financial crime.

1. Cybersecurity

One of the most talked about new regulations to come out of the NYDFS is the cybersecurity regulations. The new regulations, which were effective 28 August 2017, have been described as ‘first-of-its-kind’.

Maria T. Vullo, Superintendent of DFS, made clear that the regulations signified that ‘New York is leading the nation with strong cybersecurity regulation’. Although financial services firms operating in other states are required to have adequate measures in place, no other regulator imposes such stringent rules.

The rules allow for a risk-based approach, and although outlining minimum standards, they cannot be too prescriptive. Technology goes out of date fast, and the rules must be flexible enough to adapt to ever evolving technologies utilised by both firms and criminals alike.

The requirements are broad but the goal is clear: firms must be able to protect the confidentiality, integrity and availability of their systems. Some of the key requirements include:

carrying out periodic risk assessments
having in place a written cybersecurity policy approved by the board
the appointment of a chief information security officer
filing an annual certification confirming compliance.

Cybersecurity has increasingly become an area of focus. A concern not limited to financial services, it seems that no industry is immune from the risk of cybercriminals. The first six months of 2017 alone saw a seemingly unprecedented amount of attacks, targeting government organisations and even hospital services.

No doubt regulators around the world will be watching how effective these regulations will become. Time will surely tell how impactful these regulations are and whether other regulators will start to follow suit.

2. BitLicense

Another area where the NYDFS looked to impose regulations which were over and above the industry norm was in its oversight of firms engaging in virtual currency business activity. Commonly referred to as the ‘BitLicense’, it became effective in 2015 and required anyone engaging in a number of activities, including transmitting virtual currency and performing as an exchange service to register with the NYDFS.

The requirements are not directed at either consumers or merchants who are solely using virtual currency to purchase or receive payment for goods or services. Businesses that operate out of state but engage in transactions involving residents of New York are also caught by the rules.

So far, only three BitLicenses have been awarded. It was met with controversy in part due to the expense of obtaining a licence, whilst some applications were denied. It led to a number of companies withdrawing services in New York.

Virtual currencies are seen as being high-risk from a money laundering perspective due to the anonymity they can provide; the risks are being addressed by regulators around the world. Most recently Washington state has followed in New York’s footsteps by passing Senate Bill 5031.

3. Transaction monitoring

The beginning of 2017 saw the introduction of the new anti-terrorism transaction monitoring and filtering program regulation. Transaction monitoring and filtering are long established controls used by many financial services firms to identify a number of AML and sanctions issues. Although their use is widespread, they are not often mandated in regulation.

Financial Services Superintendent Maria T. Vullo once again made clear New York’s stance on financial crime: ‘Financial institutions doing business in New York must do everything they can to help stem the tide of illegal financial transactions that fund terrorist activity’.

Financial services firms in New York are required to maintain a transaction monitoring programme, whether manual or automatic, that can identify transactions for suspicious activity. It must be based on a risk assessment and be commensurate to the risk posed to the business. The requirements for the Watch List Filtering Program are also similar, but these requirements include ‘end-to-end, pre- and post-implementation testing of the Filtering Program’.

The NYDFS requires evidence of compliance via submission of a board resolution or senior officer compliance finding on an annual basis to the superintendent.

4. Fines

Whilst this one isn’t unique to the NYDFS, at times it seems that regulators around the world are all vying to have the most ‘teeth’, and NYDFS are not being left behind with enforcement action. In 2016 NYDFS imposed monetary penalties totalling over $600 million for violations of AML laws and the Bank Secrecy Act.

Most recently Habib Bank were fined $225 million and closed their New York branch for serious AML failings. Earlier in 2017 Deutsche Bank were fined $425 million for Russian mirror-trading scheme. 2014 also saw large fines as Standard Chartered were required to pay $300 million for their AML failings and BNP Paribas paid $2.24 billion to NYDFS for multiple sanctions violations.

5. Enforcement Action

The enforcement action isn’t limited to fining companies, NYDFS also directed BNP Paribas to relieve 13 individuals of their duties who they deemed to be culpable for the sanctions violations. Whilst one high ranking officer retired from the bank, the message from NYDFS was clear: as part of the settlement the individuals could not be connected to BNP Paribas now, or in the future. The total number of individuals that faced disciplinary action by the bank was 45, ranging from ‘termination, to cuts in compensation, demotion, mandatory training sessions and warnings’.

In addition to ensuring that named individuals did not carry out activities for the bank, The Bank of Tokyo-Mitsubishi were also required to relocate their US BSA/AML and OFAC sanctions compliance programme to New York to ensure sufficient US oversight. Ensuring that individuals are accountable for wrongdoing is a key priority for the NYDFS.

The fight continues

Whilst some regulators around the world may have moved away from prescriptive rules, favouring outcome based regulation, the NYDFS seem happy to make clear their expectations on firms through new rules. Are regulators are akin to real-life superheroes? Embodying Captain America – finally awake to the issues around them, and continuing with their never-ending battle for liberty.

NYDFS are clear on their commitment to safeguard markets and enforce financial services law: for the city that never sleeps, its regulator certainly isn’t resting on its laurels.

In the words of Superman, “I’m here to fight for truth, and justice, and the American way”.

How can ICA help?

ICA can help you increase your knowledge and skills as an anti money laundering and financial crime prevention professional. ICA's internationally recognised qualifications in AML and FCP are suitable for all levels of knowledge and experience.

Are you interested in studying for an ICA qualification? All our qualifications can be studied in globally by online learning at any time. View the full list of ICA qualifications here.