Menu

New York Department of Financial Services BSA/AML and Cybersecurity Regulations and Officer/Board Certifications

Get RegSmart

The first regulation of its kind, but likely not the last…The New York Department of Financial Services adopted Part 500 (Cybersecurity) and Part 504 (BSA/AML), which require officers or directors of all regulated entities (including banks, credit unions, MSBs) to personally certify compliance with specific regulatory requirements.

Compliance with Parts 500 and 504 is complex.  RegSmart will help.

 

Part 500

Cybersecurity, Governance and Risk Management

Part 500 gets “in the weeds” of your cybersecurity and governance program.  …and we mean “in the weeds.” Here are the areas of inquiry—each having very specific operational as well as governance requirements:

  • Cybersecurity Governance and Program Design
  • Risk Assessment
  • Personnel
  • Policies & Procedures
  • Monitoring and Testing
  • Audit
  • Access Management
  • Application Design and Security
  • Third Part Service Providers
  • Multi-Factor Authentication
  • Data Maintenance
  • Training
  • Incident Response Plan
  • Incident Notifications to DFS

How can RegSmart help?

  1. RegSmart-CyberSolutions is a complete governance structure that will guide you to compliance with NYDFS requirements.  Then, when it’s certification time…
  2. RegSmart-DFS’s SaaS walks step-be-step though the Part 500 requirements. It answers the regulator’s questions with the care and precision that comes only from detailed understanding and analysis of cybersecurity and your Part 500 obligations.

Part 504

BSA & OFAC Governance and Risk Management

Part 504 BSA/AML and OFAC requirements center on requirements for a robust, managed transaction monitoring and OFAC filtering system, but the regulation is much broader than it sounds.

The first requirement of this “transaction monitoring” regulation has nothing to do with transaction monitoring. The first requirement of Part 504 is that every regulated entity must create a custom risk assessment covering its locations, products, services, and customers. Having created a robust risk assessment, the regulation goes about requiring you to continually monitor, adjust, test, refine, evaluate, validate, improve, and manage your monitoring and filtering system in accordance with your risk assessment and the regulation’s specific requirements.

How can RegSmart help?

Compliance with Part 504 starts with a complete, robust, up-to-date BSA risk assessment—without which compliance with 504 is impossible.

  1. RegSmart-BSA Risk & Review is a complete FFIEC and DFS risk assessment that will serve as the foundation of your Part 504 compliance by evaluating every location, product, service, and customer profile representing BSA risk to your institution. Then, when it’s certification time…
  2. RegSmart-DFS’s SaaS walks step-be-step though the Part 504 requirements. It answers the regulator’s questions with the care and precision that comes only from detailed understanding and analysis of BSA and your Part 504 obligations.