House Bill 381 introduces comprehensive cybersecurity requirements for loan originators, mortgage brokers, mortgage lenders, and money services businesses in Florida. The bill mandates the development and maintenance of written information security programs to protect nonpublic personal information and information systems. It requires these entities to create written incident response plans to address cybersecurity events, conduct investigations, and maintain documentation related to these processes. Additionally, the bill specifies that licensees with fewer than twenty employees or five hundred customers are exempt from certain requirements but must comply within 180 days if they no longer qualify for the exemption. The legislation also establishes a Financial Technology Sandbox, allowing innovators to test new financial products under a flexible regulatory framework while ensuring consumer protection remains a priority.

The bill amends existing statutes to include new grounds for disciplinary actions against licensees, updates definitions related to financial technology, and modifies the application process for businesses seeking to offer financial products in the sandbox. Key deletions from current law include prohibitions on certain activities during the sandbox period and specific requirements related to application approvals. The legislation also clarifies the authority of the Office of Financial Regulation to issue orders for restitution and emphasizes the importance of maintaining records related to cybersecurity investigations for a minimum of five years. Overall, HB 381 aims to enhance consumer protection, tighten regulatory oversight, and establish clear guidelines for cybersecurity practices within Florida's financial sector.

Statutes affected:
H 381 Filed: 559.952, 657.005, 657.024, 658.33, 662.141, 517.12