SEC reminds registrants of privacy notices and safeguard policies

Securities SEC Privacy/Cyber Risk & Data Security Compliance Consumer Protection

On April 16, the SEC’s Office of Compliance Inspections and Examinations issued a Risk Alert to discuss compliance issues related to Regulation S-P—the SEC’s primary rule regarding privacy notices and safeguard policies—and to provide assistance to registered investment advisors and broker-dealers (registrants) when issuing compliant privacy and opt-out notices. Regulation S-P requires registrants to provide customers with a clear and conspicuous notice accurately reflecting its privacy policies and practices, plus any options to opt out of sharing certain non-public personal information with nonaffiliated third parties. The notice must be sent annually throughout the duration of the customer relationship. Regulation S-P also requires registrants to implement written policies and practices reasonably designed to ensure that customer records and information are secure and protected against unauthorized access. The Risk Alert provides examples of common Regulation S-P compliance deficiencies and weaknesses, and advises registrants to “review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are compliant with Regulation S-P.”