Seeking to beef up prevention of money laundering, New York’s top banking regulator has proposed requiring bank executives to personally attest to the adequacy of their money-laundering controls.
Benjamin M. Lawsky, New York’s superintendent of Financial Services, said in a speech Wednesday at Columbia Law School that his office is considering a number of proposals to address not only money laundering but also cyber attacks on banks.
He also wants banks to conduct random audits of regulated firms’ transaction monitoring and filtering systems, which are meant to catch money laundering, and receive warranties from third-party vendors that those providers have cyber security protections in place, The Wall Street Journal reports.
The Department of Financial Services oversees New York-chartered financial institutions and, under Lawsky’s leadership, has taken an aggressive approach to regulation.
Matthew L. Schwartz, partner in the white collar defense practice at Boies, Schiller & Flexner LLP, said the idea was obviously modeled on the Sarbanes-Oxley requirement that CEOs and CFOs personally attest to the adequacy of accounting and finance controls.
“This announcement fits with the broader emphasis that regulators and law enforcement have placed on Bank Secrecy Act compliance over the last several years,” Schwartz said in an email. “If this proposal is enacted, as seems likely, senior executives will personally be on the hook for faulty AML controls, a potentially scary prospect, and one that should cause them to become as personally involved in AML compliance as they are in financial reporting.”
Recent targets of hackers have included JPMorgan Chase, where the accounts of about 76 million households were compromised last summer, renewing concerns that cybercriminals could easily wreak havoc on Wall Street.
Lawsky is also considering incorporating targeted assessments of banks’ cyber-security preparedness in its regular bank examinations and enhancing the protection of bank customers by requiring that banks use “multifactor authentication,” a second layer of security to the traditional username and password.
“The password system should have been dead and buried many years ago,” Lawsky said. “And it is time that we bury it now.”