Nevada Enacts Cybersecurity and Breach Requirements for Mortgage Licensees

Nevada Enacts Cybersecurity and Breach Requirements for Mortgage Licensees

The Nevada Division of Mortgage Lending has announced amendments to NRS 645B, NRS 645F, and NRS 645A that impose new cybersecurity and breach reporting obligations on licensees.

Under the updated requirements, companies must establish and maintain a comprehensive information security program in accordance with 16 C.F.R. § 314.3. This program must be maintained as part of the licensee’s books and records.

In addition, licensees are now required to notify the Commissioner of any security breach events.

The Division has provided further guidance through its application and amendments checklists, including instructions for uploading the required information security program and for fulfilling breach reporting obligations.

What This Means for Licensees

Nevada mortgage licensees should ensure their information security programs are properly documented, maintained, and aligned with applicable requirements. Firms should also review internal incident response procedures to ensure timely notification to the Commissioner in the event of a breach.

‍