Financial Regulations Part-2 Pdf Free Download
Theo Rihanek
A separate drafting site is available with paragraph structure matching the official CFR formatting. If you work for a Federal agency, use this drafting site when drafting amendatory language for Federal regulations: switch to eCFR drafting site.
These are the definitions for terms used in this part. Different definitions may be found in Federal statutes or regulations that apply more specifically to particular programs or activities. These definitions could be supplemented by additional instructional information provided in governmentwide standard information collections. For purposes of this part, the following definitions apply:
The specific requirements and responsibilities of Federal agencies and non-Federal entities are set forth in this part. Federal agencies making Federal awards to non-Federal entities must implement the language in subparts C through F of this part in codified regulations unless different provisions are required by Federal statute or are approved by OMB.
OMB will review Federal agency regulations and implementation of this part, and will provide interpretations of policy requirements and assistance to ensure effective and efficient implementation. Any exceptions will be subject to approval by OMB. Exceptions will only be made in particular cases where adequate justification is presented.
Unless prohibited by the U.S. Constitution, Federal statutes or regulations, each Federal awarding agency or pass-through entity is authorized to require the non-Federal entity to submit certifications and representations required by Federal statutes, or regulations on an annual basis. Submission may be required more frequently if the non-Federal entity fails to meet a requirement of a Federal award.
Non-Federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR part 180. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities.
Federal awarding agencies and recipients are subject to the regulations implementing Never Contract with the Enemy in 2 CFR part 183. The regulations in 2 CFR part 183 affect covered contracts, grants and cooperative agreements that are expected to exceed $50,000 within the period of performance, are performed outside the United States and its territories, and are in support of a contingency operation in which members of the Armed Forces are actively engaged in hostilities.
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. The only exceptions are the following:
If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances:
Costs to the non-Federal entity resulting from financial obligations incurred by the non-Federal entity during a suspension or after termination of a Federal award or subaward are not allowable unless the Federal awarding agency or pass-through entity expressly authorizes them in the notice of suspension or termination or subsequently. However, costs during suspension or after termination are allowable if:
Costs resulting from non-Federal entity violations of, alleged violations of, or failure to comply with, Federal, state, tribal, local or foreign laws and regulations are unallowable, except when incurred as a result of compliance with specific provisions of the Federal award, or with prior written approval of the Federal awarding agency. See also 200.435.
This Resource Center is frequently updated, and you may sign up for email updates on important regulatory guidance, cybersecurity alerts, and other information related to cybersecurity in the financial services sector by going to the DFS Email Updates Signup Page and subscribing to Cybersecurity Updates. These emails will come from the email address [email protected].
Under N.Y. Banking Law 590(2)(b-1), an Exempt Mortgage Loan Servicer needs to notify DFS that it will act as a servicer. Since the notification is not an authorization from the Department, an exempt Mortgage Loan Servicer is not a Covered Entity under 500.1(e). However, if an Exempt Mortgage Loan Servicer also holds a license, registration, or received approval under the provisions of Part 418.2(e), it will be considered a Covered Entity and required to comply with the Cybersecurity Regulation. Given the increasing cybersecurity risks that all financial services organizations face, DFS strongly encourages all financial institutions, including those Exempt Mortgage Loan Servicers that are not Covered Entities, to adopt cybersecurity protections consistent with those required by Part 500.
Yes. Section 500.17(a) requires a Covered Entity that has been impacted by a Cybersecurity Event that occurred at one of its Third-Party Service Providers to notify DFS if the Covered Entity is also required to notify any government body, self-regulatory agency, or any other supervisory body. This is required of the Covered Entity even if the Third-Party Service Provider also notifies DFS. Reporting Cybersecurity Events such as these enables the Department to more rapidly identify techniques used by attackers and alert industry, respond quickly to new threats, and continue to protect consumers and the financial services industry.
Unfortunately, ransomware attacks continue to threaten financial services companies and their customers. DFS, like the FBI and other regulators, recommends against paying ransoms. While Covered Entities are not prohibited from making such payments, as of December 1, 2023, a Covered Entity that has made an extortion payment in connection with a cybersecurity event that occurred on its Information Systems must file a Notice of Extortion Payment within 24 hours of payment. Within 30 days of payment, the Covered Entity will be required to provide the reasons payment was necessary, alternatives to payment that were considered and the diligence, or research, it conducted to find these alternatives. Furthermore, the Covered Entity must describe the diligence it performed to ensure compliance with all applicable rules and regulations including those of the Office of Foreign Assets Control. 500.17(c). To notify DFS of an extortion payment, please go to the DFS Portal and follow the Instructions on How to Report an Extortion Payment (PDF).
To safeguard financial services organizations and the confidential information of New Yorkers, DFS uses a multi-pronged approach to monitor cyber risk. The cyber supervision program supplements traditional examinations with new types of information-gathering and analysis activities intended to create a holistic view of the cybersecurity risk posture of the thousands of New York financial services firms regulated by DFS.
DFS will periodically ask Covered Entities to complete assessment questionnaires, such as the Cybersecurity and Information Technology Baseline Risk Questionnaire. Such questionnaires will be independent of the examination process and are based on similar assessments used by industry and insurers to assess risk for financial services companies.
(1) These Regulations shall govern financial matters and budgetary practices of the Hague Conference on Private International Law, including the Permanent Bureau and its regional offices (the Conference).
(2) The Standing Committee of the Council of Diplomatic Representatives shall assist the Council in this role. It shall consider any financial or budgetary matters that may be brought to its attention by any Member State or the Secretary General. It shall consider, and may make recommendations in relation to, the budget. The Standing Committee shall be open to all Member States. Its meetings shall be chaired by a member of the Council of Diplomatic Representatives who shall be elected by the Council for a period of two years.
(3) All monetary voluntary contributions shall be allocated to projects and will be reported upon to Member States through Voluntary Contributions Account Statements (VCAS), which are to be submitted as part of the financial statements to the auditor.
df19127ead