Addressing the DFS Duo for AML and cyber

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.


With compliance deadlines for the New York State Department of Financial Services’ (DFS) anti-money laundering (AML) and cybersecurity regulations rapidly coming into effect, financial institutions are underway adjusting their controls, policies, and procedures in preparation. 

DFS’s AML regulation (i.e., Part 504) sets standards for technology and risk management regarding transaction monitoring and filtering programs, and requires that either senior officers or the board of directors certify the effectiveness of the programs. Its cybersecurity regulation (i.e., Part 500) calls for a broad set of controls (i.e., encryption, multi-factor authentication), governance, and reporting requirements – the earliest of which came into effect the first of this month. Like Part 504, Part 500 also requires that senior officers or the board of directors certify compliance with the rule.

Part 504 and Part 500 similarities

Fortunately, similarities exist between Part 504 and Part 500, which when addressed holistically create opportunities to leverage efforts across both regulations. This paper addresses three key benefits institutions achieve by utilizing Part 504 efforts to comply with Part 500 requirements. The three main benefits are as follows:

  1. Knowledge of payment systems – identification of the universe of payment systems in-scope for Part 504, which are a subset of the universe of systems in-scope for Part 500
  2. Coordinate reporting processes – coordination of AML/Fraud and Cybersecurity groups to deliver consistent reporting
  3. Certification Uniformity – designing a consistent certification process across both Part 504uPart 500 requirements

Contact us

Julien Courbe

Financial Services Leader, PwC US

Jeff Lavine

Global Financial Crimes Leader, PwC US

Joseph Nocera

Cyber & Privacy Innovation Institute Leader, PwC US

John Sabatini

Risk and Regulatory Leader, PwC US

Follow us