On April 16, 2019, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a risk alert, “Investment Adviser and Broker-Dealer Compliance Issues Relating to Regulation S-P – Privacy Notices and Safeguard Policies,” highlighting its data privacy and cybersecurity observations from recent examinations of registered firms.

Regulation S-P

By way of background, Regulation S-P is the SEC’s data privacy regulation that implemented the privacy provisions of the Gramm-Leach-Bliley Act. In particular, this regulation protects the nonpublic personal information of customers, including personally identifiable financial information and consumer lists or descriptions derived from nonpublic information. To protect this information, Regulation S-P requires firms to do two main things.

Read more >>