Resources to help licensees of DFI's Division of Consumer Services maintain information security and meet compliance requirements.
Overview
The Washington State Department of Financial Institutions Division of Consumer Services is concerned with the security of consumer information. Failure to maintain confidentiality, integrity, and availability of customer information can result in direct harm to consumers, as well as operational and reputational risk for licensees.
Licensees are encouraged to review relevant best practices and additional resources regarding information security and compliance listed below. These materials can provide valuable guidance on maintaining and enhancing Licensee information technology and security posture in accordance with industry standards and regulatory expectations.
Best Practices and Resource List
Voluntary best practices and resources to help financial institutions develop, document, and maintain an Information Security Program.
Nonbank Ransomware Self-Assessment Tool
Voluntary ransomware self-assessment tool to assess Licensees’ efforts to mitigate risks associated with ransomware and identify security gaps. Licensees are advised to safeguard completed assessments to prevent unauthorized disclosure.
Fundamentals of Cyber Hygiene for Financial Institutions
For nonbank financial institutions, the modern threat environment presents an ever-expanding horizon of significant adversaries and attack methods – all aimed at crippling operations, extorting money from the institution, or stealing customers’ sensitive personal information. Having fundamental awareness of how to protect your institution from cyberattacks is important.
Featured Topics
Related Laws and Rules
Consumer Loan Companies
- WAC 208-620-490 (5) - Reporting requirements
- WAC 208-620-531 - Business resumption plans
- WAC 208-620-532 - Records disposal
- WAC 208-620-571 - Information security program requirements under Gramm-Leach-Bliley Act
- WAC 208-620-572 - Consumer privacy under Gramm-Leach Bliley Act and Regulation P
- WAC 208-620-573 - Notice to consumers of data breach
Mortgage Brokers
- WAC 208-660-400 (2)(e) - Reporting requirements
- WAC 208-660-460 - Information security program requirements under Gramm-Leach-Bliley Act
- WAC 208-660-470 - Consumer privacy under Gramm-Leach Bliley Act and Regulation P
- WAC 208-660-480 - Notice to consumers of data breach
- WAC 208-660-490 - Business resumption plans
Money Service Providers
- WAC 208-690-110 (10) - Report of material change
- WAC 208-690-240 - Cybersecurity program requirements
- WAC 208-690-250 - Information security program requirements under Gramm-Leach-Bliley Act
- WAC 208-690-260 - Consumer privacy under Gramm-Leach Bliley Act and Regulation P
- WAC 208-690-270 - Notice to consumers of data breach
- WAC 208-690-280 - Business resumption plans
Escrow Agents
- WAC 208-680-532 - Information security program requirements under Gramm-Leach-Bliley Act
- WAC 208-680-534 - Consumer privacy under Gramm-Leach Bliley Act and Regulation P
- WAC 208-680-536 - Notice to consumers of data breach
- WAC 208-680-538 - Business resumption plans
- WAC 208-680-265 (4)(i) - Reporting significant events