Utah Admin. Code R25-22-4 - Documents Required for Validation of Financial Institutions

(1) A Financial Institution must provide a letter self-certifying that the access desired will be used only in accordance with Subsections 4-41a-103(6)(a)(i) through 4-41a-103(6)(a)(iii). The self-certification must stipulate that the financial institution will comply with the following regulations:

(a) Know Your Customer (KYC) in accordance with the Federal Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, 31 U.S.C. 5318 Sec. 326;

(b) Suspicious Activity Report (SAR) and Currency Transaction Report (CTR) filings in accordance with the Federal Bank Secrecy Act of 1970, 31 U.S.C 5311 et seq., as amended; and

(c) Due diligence in accordance with the Federal Department of Treasury, Financial Crimes Enforcement Network (FinCEN) guidance given in FIN-2014-G001, "BSA Expectations Regarding Marijuana-Related Businesses," Issued February 14, 2014, incorporated by reference.

(2) A Financial Institution must provide self-certification and supporting documentation that Automated Clearing House (ACH) transactions are compliant with National Automated Clearing House Association (NACHA) Rules and Operating Guidelines, incorporated by reference.

(3) A Financial Institution must provide documentation demonstrating compliance with the Gramm-Leach-Bliley Act (GLBA) of 1999, 15 U.S.C. 6801, et seq.

(4) A Financial Institution must provide a current American Institute of Certified Public Accountants (AICPA) SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy - Type 2 report.

Notes

Utah Admin. Code R25-22-4

Adopted by Utah State Bulletin Number 2020-09, effective 4/10/2020 Amended by Utah State Bulletin Number 2020-12, effective 6/8/2020 Amended by Utah State Bulletin Number 2020-23, effective 11/23/2020