Collaborating Author: Ina Thompson
The final month of a NYC summer never gets any easier. The subway stations turn into communal saunas, half the workplace has gone on vacation leaving you as their “out of office urgent matters contact” and it suddenly dawns on you that the end of the year (and another long winter) is coming! So, before you set your own out of office and escape the city for 2 weeks of sunshine, let’s reflect on the year so far...
January 1st, 2017 started strong – new resolutions to become healthier (or hit the gym a bit more often) and the New York State Department Financial Services “NYSDFS” Part 504 regulation became effective. Hopefully, momentum has continued and you are currently operating, or actively working towards operating your Transaction Monitoring and Filtering programs in accordance with Section 504.3 of the regulation.
We’ve put together the below checklist to help you make sure that things are running smoothly with your Part 504 preparations, which will allow you to be more at ease when you set that out of office memo:
- Gap Assessment – In my last blog I talked about how creating a Part 504 gap assessment is like personal budgeting... so before you splurge on an upgrade to Business Class and ruin all that hard work, check-in on the progress of the gap assessment. The gap assessment is critical to ensuring that all requirements of the NYDFS Part 504 regulation are being met, or a plan is in place to ensure that gaps are remediated. Business Class to the wrong destination isn’t going to feel that luxurious when you get there!
- Certification Protocol – December 31st is quickly approaching and just like joining a gym the day before your vacation won’t help you burn off all those calories from the late-night pizza, leaving your Part 504 planning until December 28th won’t help you impress the NYSDFS either. Remember this is an annual certification, and in the words of Benjamin Franklin and every school teacher I ever had “if you fail to plan, you are planning to fail”. So, if you haven’t already, start mapping out the Certification Protocol and identifying all elements, stakeholders and dependencies involved.
- Certification Support Tool – How is your organization currently handling existing annual attestation regulatory requirements such as SOX and Volcker? Do you have a Governance, Risk and Controls (GRC) tool supporting the process and working as a repository? Reminder: Part 504 requires all documents and data be retained for 5 years. A GRC tools can be used to ensure you have full coverage of the Part 504 requirements, and have clearly documented all findings impacting your Transaction Monitoring and Filtering programs. A GRC tool can also aid in providing assurance to the certification signers, and presenting a complete picture of the current state of your programs.
- Awareness – Do your travel companions know the end destination? Do they know why you are even going on this “journey” in the first place? Communicating a consistent and clear message about what Part 504 is, who it will impact, and why, is very important. As mentioned in my earlier blogs, upfront involvement from key stakeholders is critical. No one wants their vacation to be ruined because that one friend waited until boarding the plane to announce they wanted to go snow skiing, not to the beach!
So how did you measure up? If none of the above have started, it might be time to consider postponing your vacation – hopefully you bought a flexible air flight! If you’ve got everything "in progess" – then well done! You deserve a vacation.
The final certification date is less than 9 months away, which may feel like a lot of time, but given the final Part 504 regulation was published 12 months ago, that time will fly. Don’t wait until the last minute, whoever told you last minute flights are cheap were not flying to a destination anyone wants to go!