The Vendor Contract 72-Hour Notification Requirement: The Reg S-P Clause Your RIA Probably Doesn’t Have
Ask most RIA advisors about their Reg S-P compliance gaps and they will focus on the Incident Response Plan or the privacy notice. Those are visible, familiar compliance documents. The harder problem — the one that most firms have not even begun to address — is the vendor contract 72-hour notification requirement. The typical small […]
Reg S-P’s 30-Day Customer Notification Requirement: What RIAs Must Do After a Data Breach
When a data breach occurs at your RIA firm — or at a vendor holding your client data — you have 30 calendar days to notify affected customers. Not 30 business days. Not 30 days from the conclusion of your forensic investigation. Thirty calendar days from the point at which your firm becomes aware of […]
What Is an Incident Response Plan (IRP) and Does Your RIA Firm Actually Have One?
Most RIA firms, when asked whether they have an Incident Response Plan, say yes. Then an SEC examiner asks to see it, and one of three things happens: the firm produces a document that was downloaded from the internet with the firm’s name in the header and never actually customized; the firm produces a cybersecurity […]
The June 3, 2026 Reg S-P Deadline: What RIA Firms Need to Do Before Time Runs Out
June 3, 2026 is a hard deadline. Not a soft guidance date. Not a “best practice target.” A regulatory compliance deadline with enforcement consequences attached to it. For SEC-registered investment advisers with under $1.5 billion in regulatory assets under management, it is the date by which your firm must have a fully documented, operational Reg […]
What Is SEC Reg S-P and Why Every Small RIA Needs to Care Right Now
There is a regulation sitting in your compliance inbox right now that most small RIA firms are either ignoring or misunderstanding. That regulation is SEC Reg S-P — formally known as SEC Release No. 34-100155, the updated Safeguards Rule — and it carries real enforcement teeth that are already being used. If you manage client […]