With compliance deadlines for the New York State Department of Financial Services’ (DFS) anti-money laundering (AML) and cybersecurity regulations rapidly coming into effect, financial institutions are underway adjusting their controls, policies, and procedures in preparation.
DFS’s AML regulation (i.e., Part 504) sets standards for technology and risk management regarding transaction monitoring and filtering programs, and requires that either senior officers or the board of directors certify the effectiveness of the programs. Its cybersecurity regulation (i.e., Part 500) calls for a broad set of controls (i.e., encryption, multi-factor authentication), governance, and reporting requirements – the earliest of which came into effect the first of this month. Like Part 504, Part 500 also requires that senior officers or the board of directors certify compliance with the rule.
Fortunately, similarities exist between Part 504 and Part 500, which when addressed holistically create opportunities to leverage efforts across both regulations. This paper addresses three key benefits institutions achieve by utilizing Part 504 efforts to comply with Part 500 requirements. The three main benefits are as follows: