A recent enforcement action offers a glimpse of the Financial Industry Regulatory Authority’s (“FINRA”) expectations for firms conducting anti-money laundering (“AML”) due diligence and transaction monitoring. On July 27, 2020, FINRA settled with broker-dealer JKR & Company (“JKR”) over allegations that the firm failed to detect, investigate, and report suspicious activity in four customer accounts in violation of FINRA Rules 3310(a) and 2010. JKR agreed to a $50,000 fine and a censure to resolve the matter. The settlement is notable in that FINRA applied transaction monitoring and due diligence expectations common in the banking industry to a broker-dealer. It also serves as a reminder that FINRA expects member firms to not only establish written AML policies and procedures, but also to put their AML programs into practice in order to meet their regulatory obligations.
Continue Reading FINRA Settlement Highlights Importance of Anti-Money Laundering Due Diligence and Monitoring
Administrative Procedures Act
Another Prologue to Cybersecurity Regulations: Controlled Unclassified Information (“CUI”) – What Contractors Need to Know and Why They Should Care
Government contractors should take note of a proposed new rule that could impose significant new data storage obligations when finalized. The Federal Government is taking another baby-step towards cybersecurity regulation with a proposed rule intended to standardize protocols relating to designating and safeguarding unclassified information that is to be withheld from public disclosure (also known as “controlled unclassified information” (“CUI”)). See 80 Fed. Reg. 26501 (proposing amendments to 32 CFR Part 2002). On May 8, 2015, the National Archives and Records Administration (“NARA”) published a proposed new rule that goes a long way in creating a standardized system intended to replace the litany of improvised CUI control markings that have been used by various Federal agencies and, unintentionally, hindered inter-governmental information sharing for decades. The effort, however, is more than a simple housekeeping exercise, the re-designation of CUI will also bring changes to the manner in which contractor-generated information residing on contractor-owned systems is stored and secured.
Continue Reading Another Prologue to Cybersecurity Regulations: Controlled Unclassified Information (“CUI”) – What Contractors Need to Know and Why They Should Care