At the start of 2024, the New York State Department of Financial Services (“DFS”) issued an industry letter: Guidance on Assessment of the Character and Fitness of Directors, Senior Officers, and Managers (the “Guidance”), regarding the DFS’ expectations that financial institutions covered by the Guidance (“Covered Institutions”) “develop, implement, and maintain a framework for the review and assessment of the character and fitness of their directors, senior officers, and managers.” By issuing the industry letter and Guidance, the DFS makes clear that an important component of its role of protecting the safety and soundness of New York State financial institutions is to ensure that the executives engaged in the management, direction and operations of the financial institutions have the appropriate experience and expertise, and are free from conflict and otherwise uncompromised.

The Guidance follows the DFS’s consideration of twenty comments received on its proposed guidance issued on May 9, 2023, with commenters seeking clarification on: the list of senior officers that should receive periodic review; an understanding of how the Guidance would fit into the DFS’s examination process; and how the proposed list of questions should be interpreted, whether they be recommendations or required elements of the review. The Guidance resolves these comments and provides clarity regarding the department’s expectations for the review and assessment of directors, senior officers, and applicable managers.

What is in the NYDFS’ Guidance?

Foremost, the Guidance covers all New York State-regulated banking entities, including branches, agencies, and “representative offices of foreign banking organizations licensed by the Department; non-depository financial institutions licensed or chartered under the New York Banking Law, and entities licensed as Virtual Currency Business under 23 NYCRR Part 200 (collectively, “Covered Institutions”). “Mortgage loan originators” are not covered by the Guidance.

Covered Institutions are expected to create a framework for evaluating and assessing the character and fitness of “Designated Persons,” which includes their board of directors, board of trustees and/or board of managers, as applicable, and every senior officer. In addition to the traditional senior officer titles (CXO, president, executive vice president, secretary of the board of directors, or treasurer), the Guidance interprets “senior officer” to include “officers who participate or have authority to participate in major policy-making functions of a Covered Institution,” regardless of whether those individuals have titles or salaries that would traditionally reflect such functions.

Requirements of the Risk Management Framework

The Guidance requires that the framework reflects a risk-based and proportionate approach. This includes policies and procedures for vetting the character and fitness of Designated Persons at the time of their hire or retention. It also requires policies and procedures for continuous monitoring and periodic updates of prior diligence, to ensure that material changes in the Designated Person’s background or circumstances are known and management and/or the board of directors has an opportunity to consider those changes in the context of the Designated Person’s suitability for their role. In addition, the DFS expects that the assessment framework includes processes for triggering deeper exploration of background issues, when defined criteria surface or other warning signs or indicators warrant. The DFS then requires issues surfaced during the vetting process to be “run to the ground,” to ensure all facts and circumstances are meaningfully vetted prior to the retention of a Designated Person.

The nature, depth of vetting, and frequency of updates to that vetting should also be documented in the policies and procedures, considering the Covered Institution’s risk profile and factors individual to the financial institution. It is important to note that the DFS expects the vetting to go beyond a simple public records investigation, as much of what is laid out in the questions found in the Appendix to the Guidance would not be covered by a traditional public record, due diligence investigation. Lastly, materials generated in connection with the assessment or vetting of a Designated Person should be shared with the board of directors and chief compliance officer, to ensure that information of concern identified during the vetting is made to known and evaluated appropriately.

How can NYDFS’ Guidance be Operationalized?

It was only a matter of time before the DFS promulgated the Guidance. A series of relatively recent, high-profile crypto failures and regulatory actions called into question the backgrounds of executives and those in the boardroom charged with their oversight. The failure of Silicon Valley Bank also raised the question of board members’ experience and expertise, such as one board member’s appointment, a Napa Valley vineyard owner, which highlighted the board member’s “experience and passion for winemaking, technology investing, and philanthropy.”¹ Similar to Silicon Valley Bank’s situation, the Federal Deposit Insurance Corporation disclosed in November 2023 that it was investigating officers and directors of First Republic Bank to determine whether they failed to act in the best interests of the bank.²  However, the issue of character and fitness in the financial industry is not new and can be traced back decades to several notable matters involving insider malfeasance, including the guilty plea by a former executive of a New York-based bank in 2000 for facilitating money laundering and other actions against the interest of the bank .³

Look Beyond the Bare Minimum

Experience suggests that Covered Institutions should consider not only the “letter of the law,” but the objectives the Guidance is trying to achieve, as they look to develop and implement their character and fitness framework, and associated policies and procedures. It is obvious that financial institutions would rather not have criminals or seven-figure debtors in their highest ranks, but Appendix A of the Guidance is more probing. For example, several of the DFS’ suggested questions to facilitate the initial assessment ask questions about the Designated Person’s prior associations with financial institutions that have had regulatory issues, including consent orders or supervisory agreements. Likewise, the DFS suggests eliciting information regarding a Designated Person’s association with an entity denied a charter or license or merger application while a director, senior executive officer, or related position. These and related questions in the Guidance’s Appendix suggest that the DFS is not only looking for Covered Institutions to verify the character and fitness of proposed Designated Persons, but also looking to Covered Institutions to consider their “suitability” for their respective roles and responsibilities.

Actionable Steps to Mitigate Risk

Looking beyond simple public records checks, Covered Institutions should consider a framework that includes the following elements:

  • Self-Disclosure Questionnaire. Covered Institutions should devise a questionnaire, using the Appendix in the Guidance as a foundation. The questionnaire should be tailored to reflect the nature of the business, taking into account the risks associated with the anticipated role – directors versus senior managers. The self-disclosure will serve as a baseline of information on the DP from which to compare updated questionnaire responses can be compared. It can also serve as a road map for conducting independent due diligence on the proposed Designated Person. The self-disclosure questionnaires should be identical for all proposed senior managers, while all proposed board members should have an identical one that is geared towards their roles as board members of the Covered Institution.
  • Policies and Procedures. The polices and procedures should include processes for onboarding new Designated Persons, including: the requirement for a self-disclosure questionnaire; the parameters for due diligence or background investigations; the frequency, timeline and process for updating Designated Persons’ vetting and seeking updated self-disclosures; thresholds or triggers for seeking additional information from a Designated Person when an issue surfaces in a self-disclosure or background investigation; the process by which information is shared with the board of directors; the method by which potential conflicts of interest are decided; and additional governance requirements such as roles and responsibilities for the program, and determining how the character and fitness assessment program will be tested or audited to determine its effectiveness.
  • Comprehensive Due Diligence: Character and fitness assessments begin with a comprehensive due diligence investigation of Designated Persons at the time of retention or hire. The scope of the due diligence investigations should be designed with the Appendix of the DFS’ Guidance as an outline, with the overall objective of independently verifying the information sought in the Appendix. Other public records checks should also be part of the due diligence effort, including social media and print media reviews.
  • Effectiveness Assessment. As noted above, part of the DFS’ objectives with the Guidance, it would seem, is to ensure that not only are the Designated Persons of the appropriate character and fitness, but that the individuals are suitable for their roles and responsibilities. In that regard, Covered Institutions should consider devising and implementing effectiveness assessments to assist with determining the suitability of the Designated Persons for their roles and responsibilities. The assessment should include self-evaluations by the individual board members and senior managers, with the goal of understanding whether the management team and board of directors has all the necessary skills sets to manage the day-to-day affairs of the financial institution in a safe and sound manner. The assessment should be deployed at least every other year to allow management and the board of directors to evaluate their own performance and provide insight into where additional skills, capabilities, or expertise may be required to effectively manage an ever evolving, complex operating environment.
  • Governance: The character and fitness assessment program should be immersed in a transparent governance framework that provides the board and senior management with the ability to gauge its effectiveness and allow for constant improvement. The program should be audited periodically to ensure that all facets are being adhered to, and the board should be kept apprised of the program, as well as the results of individual character and fitness assessments.


The essence of what is required of the DFS Guidance is already part of most, if not all, financial institutions’ business practices. Operationalizing the Guidance requires developing, documenting and implementing a framework and programmatic approach to what is already being done to meet the DFS’s requirements. Thorough and periodically updated due diligence investigations of board members and decision-making senior executives is a critical component of the Guidance’s requirements and addresses the DFS’ concern of ensuring that New York licensed entities are not vulnerable to fraud and other risks perpetrated by insiders.

If you have any questions or would like to discuss this article please reach out to David Holley or Snežana Gebauer.


To receive StoneTurn Insights, sign up for our newsletter.

Posted In:

About the Authors

David Holley

David A. Holley

David A. Holley, a Partner with StoneTurn, has more than 30 years of investigative and risk consulting experience and frequently serves as a trusted advisor to corporations, law firms, audit […]

Read Bio
Snezana HS

Snežana Gebauer

Snežana Gebauer, a partner with StoneTurn, has 20 years of experience in managing complex international investigations for major law firms, Fortune 500 corporations, government agencies and sovereign nations.  She frequently […]

Read Bio