Earlier this year, the South Dakota Department of Labor and Regulation's Division of Banking ("Division") issued notices to South Dakota licensees through the Nationwide Multistate Licensing System ("NMLS") informing them that the Division would require each licensee to upload a current version of its Information Security Policy as part of the annual license renewal process. These notices were issued to Money Lender, Money Transmitter, Mortgage Broker, Mortgage Lender, and Non-Residential Mortgage Lender licensees and make clear that the updated version of each licensee's Information Security Policy should cover the Federal Trade Commission's ("FTC") recently amended Safeguards Rule, relevant portions of which became effective on June 9, 2023. Please see our Legal Update covering the FTC Safeguards Rule for details on those updates to the Safeguards Rule.
According to the NMLS Annual Renewal Checklist Instructions ("Checklist Instructions") for these South Dakota license types, failure to upload an updated policy will prevent renewal of the South Dakota license. Regulators have informed us that placing the license item on accounts prior to the renewal period enables South Dakota to ensure companies are amending their filing to update the record and provide an updated policy prior to renewals. All policies must be updated by November 1, 2023.
South Dakota regulators and the Checklist Instructions confirm that the Division of Banking will begin conducting cyber-security examinations using the CSBS Non-Bank Cyber Security Work Program, which we covered in a Legal Update last October, to ensure that non-bank licensees comply with the amended FTC Safeguards Rule. In the Checklist Instructions, South Dakota regulators have stated that, for consumer lender/servicer licensees, South Dakota will cite a failure to safeguard consumer information as a violation. For commercial lender/servicer licensees, if the FTC Safeguards Rule would not apply, the Checklist Instructions state that South Dakota would not cite a violation; however, the Division will recommend that the licensee implement "appropriate measures" as a best business practice. The Checklist Instructions do not include additional detail regarding what might constitute "appropriate measures" for these licensees.
Visit us at mayerbrown.com
Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the "Mayer Brown Practices"). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC ("PKWN") is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website. "Mayer Brown" and the Mayer Brown logo are the trademarks of Mayer Brown.
© Copyright 2023. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.
