Aligning State Requirements with FTC Standards

The governor of Nevada has enacted a new law, SB 44, to align state requirements for safeguarding customer information with the Federal Trade Commission’s (FTC) safeguards rule. This move aims to enhance the security and protection of customer data across the state’s financial services sector. The new regulations impose new duties on financial services providers in Nevada, including the development, implementation, and maintenance of comprehensive information security programs. These programs must include administrative, technical, and physical safeguards to manage customer information.

Key Requirements of the New Regulations

• Develop, implement, and maintain a comprehensive information security program that consists of administrative, technical, and physical safeguards to manage customer information

• Implement information security programs and report unauthorized acquisitions of customer information to the FTC

• Notify state commissioners of certain events, including a “notification event” under 16 C.F.R. Part 314.2(m)

The Affect on Various Financial Service Providers

The new regulations will impact a wide range of financial service providers, including:

1. Mortgage companies
2. Mortgage loan originators
3. Mortgage servicers
4. Mortgage servicers who manage 2,000 or more residential mortgage loans across multiple states
5. Collection agencies
6. Persons operating deferred deposit loan services
7. High-interest loan services
8. Earned wage access services providers
9. Trust companies
10. Student loan servicers
11. Private education lenders
12. Money transmitters
13. Providers of debt-management services

These providers must now comply with the new regulations, which include notifying state commissioners of certain events and implementing information security programs.

The Standards for Mortgage Servicers

The act outlined standards for the financial condition and corporate governance of mortgage servicers who manage 2,000 or more residential mortgage loans across multiple states. Covered institutions must:

1. Maintain a certain amount of liquidity
2. Establish risk management programs
3. Conduct annual assessments

The Commissioner of Mortgage Lending holds the authority to enforce, investigate, and discipline as necessary.

Enforcement and Flexibility

The legislation empowers the Commissioner to adopt regulations to ensure adherence to these standards and allows for flexibility in enforcement based on risk assessments. The bill’s provisions become effective on January 1, 2026, with some tasks beginning immediately upon passage.

The new regulations aim to enhance the security and protection of customer data across the state’s financial services sector. By aligning state requirements with FTC standards, Nevada is taking a proactive approach to protecting customers and promoting a safer financial environment.

Conclusion

The new regulations will have a significant impact on financial services providers in Nevada, requiring them to implement new information security programs and report unauthorized acquisitions of customer information. While the regulations may pose a challenge, they also provide an opportunity for financial institutions to enhance their security measures and protect customer data. As the financial services sector continues to evolve, it is essential for Nevada to stay ahead of the curve and protect its customers’ sensitive information.