United States

Newly released compliance issues for Regulation S-P


On April 16, 2019, the Office of Compliance Inspections and Examinations (OCIE) provided a list of compliance issues that were identified in recent examinations of Securities and Exchange Commission (SEC)-registered investment advisers and broker-dealers related to Regulation S-P with particular attention to privacy notices and safeguard policies. The most common deficiencies or weaknesses that were identified by OCIE staff were:

1. Privacy and opt-out notices: In some instances, firms didn’t provide required notices to their customers, or notices didn’t accurately reflect firms’ policies and procedures.
2. Lack of policies and procedures: Firms didn’t have written policies and procedures that are required under the Safeguards Rule.
3. Policies that were not implemented or not reasonably designed to safeguard customer records and information:

  • Personal devices
  • Electronic communications
  • Training and monitoring
  • Unsecure networks
  • Outside vendors
  • PII inventory
  • Incident response plans
  • Unsecure physical locations
  • Login credentials
  • Departed employees

The privacy of consumer financial information and safeguarding personal information is an important business practice for firms, to have strong policies and procedures to protect critical information. With increased regulations like SEC Regulation S-P among others, firms also face the challenge of ensuring their policies and procedures comply with applicable regulations. RSM’s regulatory compliance services assess your firms’ current policies and procedures, and compare those against the applicable regulations and industry best practices to provide recommendations for improvements to further enhance your firm’s compliance.