The Securities Compliance Podcast: Compliance In Context

S6:E5 | Are You Ready For Reg S-P? | Compliance in Context

Listen Later

Welcome back to the Compliance In Context podcast! On today’s show, we will be serving up everything you need to know about Regulation S-P and the upcoming compliance date for many firms—what are the new requirements, what are firms doing to prepare, and best practices on implementation.  To help guide us through the conversation, we are very pleased to welcome in Kristin Snyder and Charu Chandrasekhar from Debevoise Plimpton. In our Headlines section, we review the 2026 Examination Priorities from the SEC Division of Exams, and finally, we close up today with another installment of History Has Your Back, where we examine what an old quote from an NBA superstar can teach us about conducting annual compliance reviews and the compliance profession.

Show

Headlines

  • Reviewing the 2026 SEC Examination Priorities

    • Interview with Kristin Snyder and Charu Chandrasekhar

    • Overview of the Reg S-P Amendments
    • What are some of the key considerations firm should consider when implementing the new requirements of Reg S-P into their policies and procedures?
    • What are some best practices if firms decide to build in the relevant provisions of Reg S-P into other sections of the firm’s compliance manual?
    • What about recordkeeping provisions? How does disposal impact other policies and procedures?
    • How can firms properly establish vendor risk management in the wake of the new Reg S-P requirements?
    • How are firms successfully navigating the 72-hour notification requirements?
    • If you were starting a firm from scratch, what are some additional best practices firms should consider when developing their broader information security and cybersecurity framework?
    • What can we expect from the exam staff coming out of the shutdown?
    • What would we expect the SEC to do now that the rule is live?

      • History Has Your Back

      • Quote from Giannis Antetokounmpo regarding success versus failure at work.

        • Quotes

        09:00 – “So the amendments, which went into effect in May of 2024. And then as we've all noted, the compliance dates are coming up for large institutions on December 3rd and then for smaller institutions later in the year into 2026 in June. The amendment is actually required, and have brought to bear, a number of significant changes. At a very high level, they now require under the amended reg SP covered institutions and the covered institutions are defined to include broker-dealers, registered investment companies, registered investment advisors, funding portals, and transfer agents must now adopt a formal incident response program and have written policies and procedures that are reasonably designed to detect and respond to and recover from any unauthorized access to or use of customer information. There's a notification requirement that now exists if sensitive customer information was or was reasonably likely to have been accessed or used with that authorization. And I think that the notification provisions are really what's significant for firms, because that notification has to be made as soon as practicable, but no later than 30 days after the advisor becomes aware of a breach.” – Kristen

        15:00 – “We've seen it actually done in a combination in which you see a lot of compliance manuals have a section on privacy, on cybersecurity. There's usually a reference to Reg S-P and its obligations. But then actually to implement the reg, the policies and procedures need to live in several different areas, like incident response. That's pure cybersecurity. And so you're likely going to have cybersecurity specific procedures in terms of just drafting the notice, getting it out to customers, making sure it's out the door within 30 days.” – Charu

        18:09 –  “Some of the information that I think is meant to be safeguarded (so customer information that is covered by S-P) may not necessarily be a required record, you know, book and record under the Advisers Act. And so you're very, you know, you're correct that I think with disposal, you want to have secure methods in place. – Kristen

        ...more
        View all episodesView all episodes
        Download on the App Store
        The Securities Compliance Podcast: Compliance In ContextBy Patrick Hayes
        • 4.9
        • 4.9
        • 4.9
        • 4.9
        • 4.9

        4.9

        32 ratings

        More shows like The Securities Compliance Podcast: Compliance In Context

        View all
        Planet Money by NPR

        Planet Money

        30,711 Listeners

        WSJ What’s News by The Wall Street Journal

        WSJ What’s News

        4,350 Listeners

        Odd Lots by Bloomberg

        Odd Lots

        1,942 Listeners

        Men In Blazers by Men In Blazers

        Men In Blazers

        5,286 Listeners

        FINRA Unscripted by FINRA

        FINRA Unscripted

        45 Listeners

        Pod Save America by Crooked Media

        Pod Save America

        87,412 Listeners

        The Daily by The New York Times

        The Daily

        112,426 Listeners

        Up First from NPR by NPR

        Up First from NPR

        56,545 Listeners

        The Diary Of A CEO with Steven Bartlett by DOAC

        The Diary Of A CEO with Steven Bartlett

        8,618 Listeners

        The Daily Stoic by Daily Stoic | Backyard Ventures

        The Daily Stoic

        4,898 Listeners

        The Journal. by The Wall Street Journal & Spotify Studios

        The Journal.

        6,094 Listeners

        The Prof G Pod with Scott Galloway by Vox Media Podcast Network

        The Prof G Pod with Scott Galloway

        5,542 Listeners

        Everything Everywhere Daily by Gary Arndt

        Everything Everywhere Daily

        2,131 Listeners

        The Ezra Klein Show by New York Times Opinion

        The Ezra Klein Show

        15,948 Listeners