Eh?
"Morgan Stanley's fine relates to a lack of compliance with the Code of Federal Regulations, Part 30, Appendix B, "Interagency Guidelines Establishing Information Security Standards." These security rules specifically relate to guidelines about the "proper disposal" of banking customers' information."
So... Are they rules, or are they guidelines?