On May 23, 2019, the United States Securities and Exchange Commission (“SEC”)’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert entitled “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features” (the “Risk Alert”). The Risk Alert highlights the risks associated with the storage of customer records and information by broker-dealers and investment advisors on cloud-based storage platforms.
The SEC’s OCIE recently issued a Risk Alert focusing on compliance issues related to Regulation S-P, the primary SEC rule governing compliance practices for privacy notices and safeguard policies for investment advisers and broker-dealers. The Risk Alert summarizes the OCIE’s findings from two-year’s worth of issues identified in deficiency letters to assist investment advisers and broker-dealers in adopting and implementing effective policies and procedures for safeguarding customer records and information pursuant to Regulation S-P.
In this alert, partner Jim Lundy outlines the Regulation S-P requirements, the OCIE’s Regulation S-P findings and key takeaways for SEC registrants.