Regulation S-P Receives a Boost
The SEC’s recent amendments to Regulation S-P highlight the ongoing focus on data privacy and security. These changes directly impact how RIAs manage and protect client information. Here’s a breakdown of the key updates and what they mean for compliance efforts.
Background on Regulation S-P
Since 2000, Regulation S-P has required Registered Investment Advisers, Broker-Dealers, and Investment Companies to implement policies and procedures that protect client information. It also mandates providing clients with a Privacy Notice detailing data practices and an option to opt out of certain data-sharing activities.
In May 2024, the SEC adopted amendments to modernize Regulation S-P, reflecting the evolving landscape of cybersecurity threats and consumer privacy expectations. Here’s what’s new.

Key Updates to Regulation S-P
Third-Party Service Providers:
The amendments also impose greater responsibility on firms to ensure that third-party service providers with access to client information comply with the same privacy and security standards. This necessitates thorough due diligence and ongoing monitoring of vendor relationships.
Incident Response Program:
Financial institutions are now required to establish and maintain a written Incident Response Program. This program must be designed to detect, respond to, and recover from unauthorized access to client information. Notably, the rule now mandates notifying affected clients within 30 days of discovering unauthorized access. This requires having a robust network monitoring system and documented procedures in place.
Data Disposal Requirements:
The updated rule specifies that policies and procedures must include secure disposal methods for both digital and physical client information. This includes shredding paper documents and permanently deleting digital records to prevent unauthorized access. Reviewing and updating data disposal practices is essential for maintaining compliance.
Enhanced Privacy Notices:
Privacy Notices must now be more detailed, explaining how client information is collected, used, and shared. These notices are to be delivered annually, ensuring ongoing transparency. It’s crucial to review current Privacy Notices and update them as needed to meet the new requirements.
Why It Matters
These updates reflect the increasing importance of data security and client privacy. Strengthening privacy policies and procedures not only maintains compliance but also protects client trust and the firm’s reputation.
To effectively implement these changes, consider the following:
- Review and update incident response and data disposal procedures.
- Ensure Privacy Notices are clear, comprehensive, and compliant.
- Conduct thorough due diligence on third-party vendors.
- Communicate the changes effectively to clients.
Next Steps
Over the coming months, firms should evaluate and update their compliance policies to align with these new requirements. This includes revising incident response plans, enhancing data disposal practices, updating Privacy Notices, and auditing third-party vendor relationships.
Questions or challenges are likely to arise during this transition. Staying proactive and informed will be key to maintaining compliance and client confidence.
Final Thoughts
The recent updates to Regulation S-P emphasize the importance of cybersecurity and data privacy. By staying ahead of these regulatory changes, firms can enhance their approach to client data protection while safeguarding their reputation and trustworthiness.
Looking for more ways to keep your team up to date? Follow us on LinkedIn to stay in touch!
Sources: Stark & Stark Compliance Alert 05/30/2024
Categories
Recent Insights
-
Turning Wealth Into Wisdom: How Families Shape a Lasting Legacy
Money is more than a tool—it’s a teacher, a mirror, and a powerful force for change. From childhood lessons to family traditions, our financial beliefs and habits are shaped over time. But when families plan intentionally, wealth can do more than last—it can lead. By passing on not just assets but values, purpose, and insight,…
-
Redefining Retirement: How to Repurpose After a Successful Career
A recent report from the Financial Planning Association hit on something we see all the time: people can have their financial ducks in a row for retirement, but emotionally? They’re often miles behind. It makes sense. Leaving a long, successful career isn’t just about money; it shakes up your routine, your social life, and even…
-
The Growing Phenomenon of Grey Divorce: What Older Couples Should Know
While divorce rates have generally declined in recent decades, one demographic has bucked this trend: couples over the age of 50. Dubbed “grey divorce,” this growing phenomenon presents unique challenges that younger divorcees typically don’t face. As empty nests, changing social norms, and desires for personal fulfillment drive more long-term marriages apart, those involved must…
-
SECURE 2.0 Roth Catch-Up Rule: What High Earners Need to Know Before 2026
Beginning January 1, 2026, a key provision of the SECURE Act 2.0 will take effect that reshapes how retirement plan catch-up contributions are handled. Known as the SECURE 2.0 Roth catch-up rule, this change will require anyone age 50 or older who earned more than $145,000 in wages from their employer in the previous year…
-
The Backbone of Your RIA: Building a Best-in-Class Client Services Team
In a competitive wealth management landscape, your Client Services team can be your greatest differentiator. A thriving Registered Investment Advisory (RIA) firm isn’t just built on strong financial planning and investment strategies—it’s also built on an exceptional Client Services team. The Client Services department is the backbone of client relationships, ensuring that every interaction is…