SF4157 Summary

• Creates comprehensive information security program requirements for financial institutions covering customer data safeguards, risk assessments, encryption, multifactor authentication, incident response plans, and annual reporting to governing boards.

• Establishes new notification requirements for data breaches affecting 500+ consumers, requiring financial institutions to notify the commissioner within 30 days with specific breach details and law enforcement consultation information.

• Increases surety bond requirements for residential mortgage originators from $100,000 to $125,000 base amount and for servicers from $100,000 to $125,000 base amount, with tiered increases based on loan volumes.

• Makes technical modifications to existing financial institution regulations including updates to definitions, licensing exemptions, and references to the Nationwide Multistate Licensing System and Registry.

• Grants the Commissioner of Commerce expanded examination and enforcement powers for information security violations and repeals the bond exemption for mortgage originators and servicers approved by Federal National Mortgage Association or Federal Home Loan Mortgage Corporation.