Office of Financial Regulation; Requires loan originators, mortgage brokers, & mortgage lenders & money services businesses to develop, implement, & maintain comprehensive written information security programs for protection of information systems & nonpublic personal information; requires loan originators, mortgage brokers, & mortgage lenders & money services businesses to establish written incident response plans for specified purposes & to conduct investigations of cybersecurity events; provides requirements for notices of security breaches; revises list of general law provisions that are waived upon approval of Financial Technology Sandbox application; revises conditions under which waiver of requirement may be granted; revises requirements for permission to organize credit unions; removes provisions that impose limitations on investments in real estate & equipment for credit unions; revises requirements & factors for approving applications for organizing banks & trust companies; revises requirements for directors of certain banks & trust companies.