Search Our Blog


By Katherine Bowles & Jason Jacobs of Shustak Reynolds & Partners, P.C. posted on Monday, May 6, 2019.

Katherine S. Bowles

Katherine S. Bowles


Location: San Diego, California
Phone: (619) 696-9500 (Ext. 124)
Email: [email protected]

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has published a risk alert warning of widespread deficiencies in broker-dealers’ and investment advisors’ implementation of Regulation S-P.  Among the concerns highlighted in the alert was a widespread failure of companies to provide initial and annual privacy and opt-out notices and also companies providing notices that do not reflect firms’ actual privacy policies and procedures.  A major concern is that companies lack adequate policies and procedures for safeguarding client data. The OCIE alert also noted firms frequently failed to implement their own policies or adopted policies that fail to address critical aspects of data security, such as encryption of electronic communications, storing customer data on personal devices, and requiring outside vendors to keep client data confidential. 

Regulation S-P is the SEC rule regarding privacy and opt-out notices and customer data security.  The regulation requires firms to provide notices that accurately reflect their privacy policies and practices to clients, and to provide clients with opt-out notices regarding disclosure of clients’ non-public personal information to third parties.  Regulation S-P also contains a Safeguards Rule, which requires firms to adopt written policies and procedures for the protection of client data.

SEC risk alerts are generally precursors to industry-wide enforcement actions.  OCIE recommends firms review and revise their written policies and procedures to ensure compliance with Regulation S-P.  Safeguard Rule compliance can pose challenges for firms because technology and cybersecurity are generally outside their areas of expertise.  Regardless, firms are responsible for ensuring compliance with all aspects of the regulation. 

Shustak Reynolds & Partners, P.C. focuses its practice on securities and financial services law and complex business disputes. We routinely represent broker-dealers and financial advisors in arbitrations, financial advisor transitions, broker protocol disputes and related matters. Please contact us today for a confidential, complimentary consultation.

Share This Article linkedin