The bill establishes new cybersecurity and information security requirements for loan originators, mortgage brokers, mortgage lenders, and money services businesses in Florida. It mandates the development of comprehensive written information security programs and incident response plans to protect nonpublic personal information and address cybersecurity events. Licensees are required to maintain security program documentation for a minimum of five years, conduct prompt investigations of cybersecurity incidents, and notify the relevant office of any breaches affecting 500 or more individuals. The bill also introduces exemptions for smaller institutions and outlines compliance timelines if they no longer qualify for these exemptions.

Additionally, the bill amends existing statutes to enhance the regulatory framework for financial institutions, including the establishment of a Financial Technology Sandbox that allows innovators to test new products under a flexible regulatory framework. It expands the grounds for disciplinary actions against loan originators and mortgage brokers, updates definitions related to financial services, and modifies the qualifications for directors and executive officers of financial institutions. The bill also increases the timeframe for mailing costs related to examinations and introduces new provisions for compliance and regulatory measures for money services businesses. Overall, the legislation aims to strengthen consumer protection and enhance cybersecurity measures across Florida's financial services sector.

Statutes affected:
S 540 Filed: 559.952, 655.045, 657.005, 657.024, 658.33, 662.141, 517.12