(1) A state trust institution and its affiliate or third-party service provider, if applicable, shall comply with the federal financial recordkeeping and reporting of currency and foreign transactions act, 31 U.S.C. Sec. 5311 et seq., also known as the bank secrecy act, and with associated federal regulations including, without limitation, any requirements under 31 C.F.R. Part 103.

(2) A state trust institution and its affiliate or third-party service provider, if applicable, shall maintain the federal standards for safeguarding customer information, required pursuant to Title V of the federal Gramm-Leach-Bliley act, P.L. 106-10, 113 Stat. 1338, as amended, and shall comply with applicable federal and state laws and rules related to cybersecurity, or written interpretive statement of the department to which the state trust institution, affiliate, or third-party service provider has been furnished notice.

(3) A state trust company shall be subject to examination by the department for compliance with subsections (1) and (2) of this section. An affiliate of a state trust company may be subject to examination for compliance with subsections (1) and (2) of this section upon notice to the state trust company and to the applicable affiliate. A third-party service provider may be subject to direct examination in relation to compliance with subsections (1) and (2) of this section as may be required pursuant to RCW 30B.10.045 (3) and (4).