This bill establishes comprehensive requirements for loan originators, mortgage brokers, mortgage lenders, and money services businesses in Florida to develop and maintain written information security programs aimed at protecting nonpublic personal information and information systems. It mandates the creation of incident response plans for cybersecurity events, the documentation of security breaches, and compliance with specific requirements, including maintaining these security programs for a minimum of five years. The bill also introduces new definitions related to information security and revises disciplinary criteria for loan originators and mortgage brokers. Additionally, it outlines the establishment of a Financial Technology Sandbox, allowing innovators to test new financial products under a flexible regulatory framework while ensuring consumer protection.

Moreover, the bill amends existing laws governing money services businesses, expanding grounds for license suspension and requiring the development of information security programs. It emphasizes the need for administrative, technical, and physical safeguards, as well as regular testing of systems and incident response plans. The bill also modifies the qualifications for directors and officers of financial institutions, increasing the required experience for proposed presidents or CEOs from five to ten years. It updates the fee structure for examinations of family trust companies and introduces penalties for late payments. Overall, the bill aims to enhance consumer protection, strengthen the security of financial services, and ensure compliance with updated cybersecurity standards, with an effective date set for July 1, 2026.

Statutes affected:
S 540 Filed: 559.952, 655.045, 657.005, 657.024, 658.33, 662.141, 517.12