Kansas Financial Institutions Information Security Act Approved by Governor

Kansas Gov. Laura Kelly has approved enactment of Senate Bill 44 which requires certain financial institutions to establish information security standards consistent with the federal Gramm-Leach-Bliley Act’s Safeguards Rule, 16 C.F.R. § 314.1, et seq. The Kansas Financial Institutions Information Security Act becomes effective July 1, 2023.

APPLICABILITY

The Act applies to the following covered entities, as defined by Kansas law:

Credit services organizations;
Mortgage companies;
Supervised lenders;
Financial institutions engaging in money transmission;
Trust companies; and
Technology-enabled fiduciary financial institutions.

REQUIREMENTS

Covered entities must:

Set forth standards for developing, implementing, and maintaining reasonable safeguards to protect the security, confidentiality, and integrity of customer information pursuant to 16 C.F.R. § 314, as in effect on July 1, 2023;
develop and organize its information security program into one or more readily accessible parts; and
maintain its information security program as part of the covered entity’s books and records in accordance with the record retention requirements of such covered entity.

ENFORCEMENT

The State Bank Commissioner has exclusive authority to implement, administer and enforce the Act, which includes the ability to examine, investigate, and subpoena covered entities. The Commissioner may seek injunctive relief and assess civil penalties not to exceed $5,000 per violation. All enforcement actions are pursuant to the Kansas Administrative Procedure Act.

IMPRESSION

This legislation is a model of simplicity. Instead of reinventing the wheel with lengthy and potentially controversial legislation, Kansas has taken a commonsense approach by simply requiring that certain regulated entities comply with the Safeguards Rule and providing its state regulator with enforcement authority.

Eric Rosenkoetter

Eric Rosenkoetter is a principal at Maurice Wutscher LLP, where he provides counsel to businesses and consumer financial services firms nationwide. For many years, he has focused his practice on various aspects of financial services law. As a litigation attorney, he has conducted every aspect of the litigation process, including countless depositions, motion proceedings, bench and jury trials, and appeals in various courts. In addition, he has significant experience as a compliance and transactional attorney, providing strategic, business growth, legislative, compliance and regulatory advice to national corporations and trade associations. For example, he has drafted consumer contracts and disclosures designed to state-specific statutory requirements, and developed “Best Practices” guides and state-by-state compliance grids, for national financial services companies. He also conducted research and crafted a metrics report for a national trade association with analysis designed to counter the claims of advocacy groups. Eric’s experience also includes working for a national corporation as Executive Counsel, Chief Compliance and Ethics Officer, and Director of Legislative Affairs, and as a federal lobbyist and Director of Government and Public Affairs for a national financial services trade association. In the government sector, Eric presided over approximately 6,000 state administrative hearings, served as a staff attorney for the Missouri Senate, and handled litigation in 33 counties as a regional managing attorney. Eric frequently speaks to audiences on topics relevant to the financial services industry including regulatory compliance, data privacy law and related advocacy initiatives. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/