Transcript
Jordan Rivera: Welcome back to the CyberEyeQ weekly podcast. I’m Jordan Rivera, and with me as always is Alex Chen. This week is stacked — immediate deadlines, a record enforcement action, and a legislative surge in AI. Alex, what’s keeping you up this week?
Alex Chen: The NYDFS Part 500 cybersecurity certification is due April 15 — six days from now.
Jordan Rivera: Right, and this one’s different from prior years. It’s the first certification covering all the 2023 through 2025 amendments, including MFA requirements and the written asset inventory rules that kicked in last November. Your CISO or senior officer is signing under penalty of perjury that all of those controls are in place. If you haven’t validated the November tranche yet, this is a red-flag moment.
Jordan Rivera: Speaking of deadlines, COPPA’s amended rule reaches its enforcement date on April 22 — thirteen days out. The FTC expanded what counts as personal information to include biometric identifiers like voiceprints and facial templates. Operators of child-directed services now need written information security programs and written data retention policies in place.
Jordan Rivera: Teams are scrambling on the separate parental consent requirement for non-integral data disclosures — that’s the piece people underestimated. Now let’s talk enforcement money. FinCEN, the SEC, and FINRA jointly hit Canaccord Genuity with an $80 million penalty — the largest BSA enforcement action ever against a broker-dealer. The failures spanned six years of AML program deficiencies, from transaction monitoring gaps to SAR filing breakdowns.
Alex Chen: Eighty million sends a message. If you’re a mid-market broker-dealer, the takeaway is that “adequate” AML programs aren’t enough anymore. The agencies want demonstrable, risk-based controls.
Jordan Rivera: Shifting to AI governance — nineteen new state AI laws were enacted across seven US states in just the last two weeks. Utah alone signed nine bills covering deepfake intimate images, AI literacy in schools, and health insurance AI disclosure. Oregon’s SB 1546 created a private right of action for AI companion platform harms.
Alex Chen: The patchwork problem is real. The 2026 total is now 25 enacted laws with 27 more awaiting signature, and Colorado’s AI Act enforcement begins June 30. We’re tracking different scopes and enforcement mechanisms in every state.
Jordan Rivera: Finally, a quick international note: China’s Internet Platform Pricing Regulations take effect tomorrow, April 10. They ban algorithmic price discrimination based on user data without consent, and platforms were supposed to complete self-inspections before the deadline. For any company operating consumer-facing platforms in China, that’s a compliance check you need to have done yesterday.
Jordan Rivera: That’s our five for this week. To recap: NYDFS certification by April 15, COPPA enforcement April 22, the $80 million FinCEN penalty as a wake-up call for AML programs, nineteen new state AI laws reshaping the US landscape, and China’s pricing regulations going live tomorrow.
Alex Chen: A lot to stay on top of. Thanks for listening, everyone — stay compliant, and we’ll see you next week.
CyberEyeQ — Actionable Regulatory Intelligence