Resources to help licensees of DFI's Division of Consumer Services maintain information security and meet compliance requirements.
Overview
The Washington State Department of Financial Institutions Division of Consumer Services is concerned with the security of consumer information. Failure to maintain confidentiality, integrity, and availability of customer information can result in direct harm to consumers, as well as operational and reputational risk for licensees.
Licensees are encouraged to review relevant best practices and additional resources regarding information security and compliance listed below. These materials can provide valuable guidance on maintaining and enhancing Licensee information technology and security posture in accordance with industry standards and regulatory expectations.
Best Practices and Resource List
Voluntary best practices and resources to help financial institutions develop, document, and maintain an Information Security Program.
Nonbank Ransomware Self-Assessment Tool
Voluntary ransomware self-assessment tool to assess Licensees’ efforts to mitigate risks associated with ransomware and identify security gaps. Licensees are advised to safeguard completed assessments to prevent unauthorized disclosure.
Cyber Hygiene Awareness Campaign
Cyber hygiene programs generally include well-known controls that have been employed in financial institutions for years; however, ongoing attention is needed to ensure that these programs are consistently implemented and managed across the entire organization.
Featured Topics
Related Laws and Rules
Consumer Loan Companies
- WAC 208-620-490 (5) - Reporting requirements
- WAC 208-620-531 - Business resumption plans
- WAC 208-620-532 - Records disposal
- WAC 208-620-571 - Information security program requirements under Gramm-Leach-Bliley Act
- WAC 208-620-572 - Consumer privacy under Gramm-Leach Bliley Act and Regulation P
- WAC 208-620-573 - Notice to consumers of data breach
Mortgage Brokers
- WAC 208-660-400 (2)(e) - Reporting requirements
- WAC 208-660-460 - Information security program requirements under Gramm-Leach-Bliley Act
- WAC 208-660-470 - Consumer privacy under Gramm-Leach Bliley Act and Regulation P
- WAC 208-660-480 - Notice to consumers of data breach
- WAC 208-660-490 - Business resumption plans
Money Service Providers
- WAC 208-690-110 (10) - Report of material change
- WAC 208-690-240 - Cybersecurity program requirements
- WAC 208-690-250 - Information security program requirements under Gramm-Leach-Bliley Act
- WAC 208-690-260 - Consumer privacy under Gramm-Leach Bliley Act and Regulation P
- WAC 208-690-270 - Notice to consumers of data breach
- WAC 208-690-280 - Business resumption plans
Escrow Agents
- WAC 208-680-532 - Information security program requirements under Gramm-Leach-Bliley Act
- WAC 208-680-534 - Consumer privacy under Gramm-Leach Bliley Act and Regulation P
- WAC 208-680-536 - Notice to consumers of data breach
- WAC 208-680-538 - Business resumption plans
- WAC 208-680-265 (4)(i) - Reporting significant events