1.Data Security Standards Now Mandated for Financial Institutions

SB44 aligns Nevada’s data protection requirements with the Federal Trade Commission’s Safeguards Rule, making it mandatory for mortgage companies, loan originators, escrow agents, and collection agencies to implement and maintain comprehensive information security programs. This includes the creation of internal systems to protect consumer information and respond appropriately to data breaches or threats.

In addition to these programmatic requirements, SB44 introduces a state-level notification mandate. If a financial institution experiences a breach or other “notification event” involving customer information, it must report the incident to the Commissioner of Financial Institutions or the Commissioner of Mortgage Lending. This move strengthens Nevada’s oversight capabilities and formalizes expectations around incident response.

2.Operational Oversight Increases for Larger Mortgage Servicers

Mortgage servicers operating at scale—specifically those managing 2,000 or more residential mortgage loans across multiple states—will be subject to heightened regulatory expectations under SB44. Beginning January 1, 2026, these servicers will be required to demonstrate institutional stability through the maintenance of defined asset liquidity levels. They must also establish a formal governance structure, such as a board of directors or similar body, to oversee servicing operations and ensure accountability.

Servicers will need to undergo annual external audits to validate operational integrity and compliance. In addition, a comprehensive risk management program must be implemented to help identify, mitigate, and monitor servicing risks. These changes are designed to promote stronger internal controls and consistency in how larger entities manage their servicing portfolios across jurisdictions.

The Commissioner of Mortgage Lending is empowered to enforce these new standards. The bill grants authority to investigate non-compliance and take disciplinary action where necessary, adding teeth to the regulatory framework.

3.What’s Next and When It Takes Effect

While certain components of SB44 took effect immediately, most of the critical updates—particularly those tied to servicing oversight and security program expectations—will become enforceable starting January 1, 2026. This provides a clear runway for institutions to assess their current systems, implement changes, and ensure full compliance ahead of the deadline.

With these sweeping updates, Nevada is signaling a stronger emphasis on consumer data protection, responsible servicing practices, and proactive regulatory oversight. Financial service providers operating in the state should begin reviewing their internal controls and governance frameworks now to avoid last-minute compliance challenges.

To review the full text of SB44, you can access it here: Nevada SB44 Full Text