Call Us
New York Part 504 Regulation

Breaking Down the New York Part 504 Regulation

Posted on: January 30th, 2018 by Julie

The New York State Department of Financial Services (NYS DFS) enacted a new AML regulation, Part 504.

In response to the shortcomings identified in transaction monitoring, the NYS DFS, which regulates financial, insurance, and banking industries in New York, ruled that the Banking Division Transaction Monitoring, Filtering Program Requirements and Certifications lacked robust governance, oversight, and accountability in regulated industries.  

To remedy the shortcomings the new Part 504 regulation:

  1. Clarifies what a Transaction Monitoring and Filtering Program should look like
  2. Requires every NYDFS regulated entity to submit a Resolution by the Board of Directors or a Compliance Finding, in a format specified in the rule, that the entity’s BSA/AML and OFAC programs comply with the requirements of Part 504.

Effective January 1, 2017, the NYS DFS is requiring institutions to adopt transaction monitoring and filtering programs which should be based on the company’s risk assessment.

Download the white paper here.


The regulation states that all regulated institutions must have:

  1. A transaction monitoring program
  2. A filtering program
  3. Both programs must contain relevant data to the business
  4. Any and all changes made to the programs are required to be documented


The transaction monitoring program can be manual or automated, but it must be able to detect any and all BSA/AML violations and suspicious activity.

The program should meet the following criteria:

  • Be based on a risk assessment
  • Up-to-date with current rules and regulation as well as performing periodic risk-based reviews
  • Comply with current BSA/AML risks to the institution’s businesses, products, services and customers/counterparts
  • Outfitted with threshold values and amounts to detect money laundering or illegal activities
  • Test if relevant,  governance, data mapping, transaction coding, detection scenario logic, model validation, data input and program output
  • Documentation that explains entity’s detection scenarios including  assumptions, parameters and thresholds
  • Protocols for investigating actionable alerts, who will be making the decisions and how the investigative and decision making process will be documented
  • On-going analysis of continued relevancy of the detection scenarios, their underlying rules, threshold values, parameters, and assumptions


The filtering program may also be manual or automated. The intention is to design the program with the intent of intercepting transactions that are prohibited by the Office of Foreign Asset Control (OFAC). The program must also satisfy the following:

  • Be based on a risk assessment
  • Be based on technology, processes or tools for matching names and accounts and considers the entity’s particular risks, transactions and product profiles
  • Includes a before and after review of filtering program including  data matching and, and whether  OFAC sanctions lists and threshold settings map to the risk of the institution, the logic of matching technology or tools, model validation and data input and program output
  • Be designed to analyze on an on-going basis Documentation that describes how the program’s tools, processes or technology works


The transaction monitoring and filtering programs must collect data that is relevant to the institution. The relevant data must also comply with the following:

  • In-put- Validate integrity, accuracy and quality of data to ensure complete data is entered
  • Out-put- If automated systems are used, the data must be accurate to ensure data extraction and loading processes are completed correctly
  • Establish governance and management oversight to ensure that changes are defined, managed, controlled, reported and audited
  • If a third party is used to acquire, install, implement, or test the programs, the selection process must be documented
  • Any funding allocated or used to curate the programs must be documented
  • Document the employee(s) or third party that are responsible for designing and maintaining the programs
  • All staff must receive an initial basic training and if any changes are made to the programs, the staff should be provided additional training  


Documenting changes to any program within regulatory compliance is important and this regulation is no different. Any time there is a change to the policies or procedures to the transaction monitoring or filtering programs, it must be documented.


Once a year by April 15th, every regulated institution must submit the form, Attachment A, to the Superintendent a Board Resolution or Senior Officer(s) Compliance Finding. All documents pertaining to the regulation must be retained for five years.


If the regulated Institution violates any part of Part 504, the penalties will vary depending on the applicable law.


The regulation is effective as of January 1, 2017, but the institutions have until April 15, 2018 to implement Part 504 and submit the Attachment A form.


Our team, the Capital Compliance Experts, has developed comprehensive solutions to stay ahead of regulatory changes. We offer programs and services that keep you fully compliant and reduce your labor costs.

STEP 1Risk Assessment

A risk assessment takes an in-depth look at your business and identifies potential risks so you can safeguard your institution from harm.

Our CAMS certified experts have developed a systematic process that will uncover the potential risks that may be involved with your business and the actions you have in place to manage liability.

STEP 2Automated Transaction Monitoring

Developing your own transaction monitoring and filtering programs can be costly and time consuming. Our Compliance IQ solution is an automated transaction monitoring tool that is not only fully compliant with Part 504 regulation, but will identify high risk activity and dramatically reduce the time it takes to review multiple transactions.


  • Batch Processing/Real Time API
  • Automated Analysis
  • Detailed Reports
  • Automated Filing
  • Aggregated Data

If you would like help complying with Part 504, contact us.

(855) 922-4325

Tags: , , , , ,

You Might Also
Be Interested In...

Back to Top