§ 19-14.3-3.7. Mandated compliance programs and monitoring.
(a) An applicant, before submitting an application, shall create and, during licensure, maintain in a record, policies and procedures for:
(1) An information-security and operational-security program;
(2) A business-continuity program;
(3) A disaster-recovery program;
(4) An anti-fraud program;
(5) An anti-money-laundering program; and
(6) A program to ensure compliance with the Bank Secrecy Act and the USA Patriot Act.
(b) A licensee’s information-security and operational-security policy must include reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of any non-public personal information or currency transmission it receives, maintains, or transmits.
(c) A licensee is not required to file with the department a copy of a report it makes to a federal authority unless the department specifically requires filing.
(d) After the policies and procedures required under this section are created by the licensee and approved by the department, the licensee shall engage a responsible individual with adequate authority and experience to monitor each policy and procedure, recommend changes as desirable, and enforce it.
(e) A licensee may:
(1) Request advice from the department as to compliance with this section; and
(2) With the department’s approval, outsource functions, other than compliance, required under this section.
(f) Failure of a particular policy or procedure adopted under this section to meet its goals in a particular instance is not a ground for liability of the licensee if the policy or procedure was created, implemented, and monitored properly. Repeated failures of a policy or procedure are evidence that the policy or procedure was not created or implemented properly.
History of Section.P.L. 2019, ch. 226, § 4; P.L. 2019, ch. 246, § 4.
Structure Rhode Island General Laws
Title 19 - Financial Institutions
Chapter 19-14.3 - Currency Transmissions
Section 19-14.3-1. - Exemption from licensing.
Section 19-14.3-1.1. - Definitions.
Section 19-14.3-1.2. - License by reciprocity.
Section 19-14.3-1.3. - Cooperation and data-sharing authority.
Section 19-14.3-2. - Securities in lieu of bonds.
Section 19-14.3-3. - Liability of licensees.
Section 19-14.3-3.1. - Record of foreign exchange transactions.
Section 19-14.3-3.3. - Action on bond.
Section 19-14.3-3.4. - Companies exempt from provisions.
Section 19-14.3-3.5. - Required disclosures for virtual currency.
Section 19-14.3-3.6. - Property interests and entitlements to virtual currency.
Section 19-14.3-3.7. - Mandated compliance programs and monitoring.
Section 19-14.3-3.8. - Prohibited acts and practices.