The Securities Compliance Podcast Season 6 Episode 5: Are You Ready For Reg S-P

In Season 6 Episode 5 of The Securities Compliance Podcast: Compliance in Context, host and Calfee Partner Patrick D. Hayes serves up everything you need to know about Regulation S-P and the upcoming compliance date for many firms-what are the new requirements, what are firms doing to prepare, and best practices on implementation. To help guide us through the conversation, we are very pleased to welcome in Kristin Snyder and Charu Chandrasekhar from Debevoise Plimpton. In our Headlines section, we review the 2026 Examination Priorities from the SEC Division of Exams, and finally, we close up today with another installment of History Has Your Back, where we examine what an old quote from an NBA superstar can teach us about conducting annual compliance reviews and the compliance profession.

Show

Headlines

• Reviewing the 2026 SEC Examination Priorities

Interview with Kristin Snyder and Charu Chandrasekhar

• Overview of the Reg S-P Amendments

• What are some of the key considerations firm should consider when implementing the new requirements of Reg S-P into their policies and procedures?

• What are some best practices if firms decide to build in the relevant provisions of Reg S-P into other sections of the firm's compliance manual?

• What about recordkeeping provisions? How does disposal impact other policies and procedures?

• How can firms properly establish vendor risk management in the wake of the new Reg S-P requirements?

• How are firms successfully navigating the 72-hour notification requirements?

• If you were starting a firm from scratch, what are some additional best practices firms should consider when developing their broader information security and cybersecurity framework?

• What can we expect from the exam staff coming out of the shutdown?

• What would we expect the SEC to do now that the rule is live?

History Has Your Back

• Quote from Giannis Antetokounmpo regarding success versus failure at work.

Quotes

09:00- "So the amendments, which went into effect in May of 2024. And then as we've all noted, the compliance dates are coming up for large institutions on December 3rd and then for smaller institutions later in the year into 2026 in June. The amendment is actually required, and have brought to bear, a number of significant changes. At a very high level, they now require under the amended reg SP covered institutions and the covered institutions are defined to include broker-dealers, registered investment companies, registered investment advisors, funding portals, and transfer agents must now adopt a formal incident response program and have written policies and procedures that are reasonably designed to detect and respond to and recover from any unauthorized access to or use of customer information. There's a notification requirement that now exists if sensitive customer information was or was reasonably likely to have been accessed or used with that authorization. And I think that the notification provisions are really what's significant for firms, because that notification has to be made as soon as practicable, but no later than 30 days after the advisor becomes aware of a breach." - Kristin Snyder

15:00 - "We've seen it actually done in a combination in which you see a lot of compliance manuals have a section on privacy, on cybersecurity. There's usually a reference to Reg S-P and its obligations. But then actually to implement the reg, the policies and procedures need to live in several different areas, like incident response. That's pure cybersecurity. And so you're likely going to have cybersecurity specific procedures in terms of just drafting the notice, getting it out to customers, making sure it's out the door within 30 days." - Charu Chandrasekhar

About the Securities Compliance Podcast: Compliance in Context

Introducing the Securities Compliance Podcast: Compliance in Context presented by Calfee, Halter & Griswold, and the National Society of Compliance Professionals and hosted by Patrick D. Hayes, Partner and Chair of Calfee's Investment Management practice.

Designed as a personal master class for the securities legal and compliance professional, this podcast embodies Patrick's passion to help you put Compliance In Context™ by combining the technical expertise of industry thought leaders and innovators with the practical experience of doers and key decision makers.

Listeners will find the podcast on Apple Podcast and Spotify.

The opinions expressed by guest speakers and panelists during Securities Compliance Podcasts may not necessarily reflect the viewpoints of the attorneys and professionals of Calfee, Halter & Griswold LLP, or its subsidiaries or affiliates. Calfee's educational content is intended to inform and educate readers about legal developments and is not intended as legal advice for any specific individual or specific situation. Please consult with your attorney regarding any legal questions you may have. With regard to all content including case studies or descriptions, past outcomes do not predict future results.

You May Also Be Interested In