Welcome back to the Compliance In Context podcast! On today’s show, we will be serving up everything you need to know about Regulation S-P and the upcoming compliance date for many firms—what are the new requirements, what are firms doing to prepare, and best practices on implementation. To help guide us through the conversation, we are very pleased to welcome in Kristin Snyder and Charu Chandrasekhar from Debevoise Plimpton. In our Headlines section, we review the 2026 Examination Priorities from the SEC Division of Exams, and finally, we close up today with another installment of History Has Your Back, where we examine what an old quote from an NBA superstar can teach us about conducting annual compliance reviews and the compliance profession.

Show

Headlines

• Reviewing the 2026 SEC Examination Priorities

Interview with Kristin Snyder and Charu Chandrasekhar

• Overview of the Reg S-P Amendments
• What are some of the key considerations firm should consider when implementing the new requirements of Reg S-P into their policies and procedures?
• What are some best practices if firms decide to build in the relevant provisions of Reg S-P into other sections of the firm’s compliance manual?
• What about recordkeeping provisions? How does disposal impact other policies and procedures?
• How can firms properly establish vendor risk management in the wake of the new Reg S-P requirements?
• How are firms successfully navigating the 72-hour notification requirements?
• If you were starting a firm from scratch, what are some additional best practices firms should consider when developing their broader information security and cybersecurity framework?
• What can we expect from the exam staff coming out of the shutdown?
• What would we expect the SEC to do now that the rule is live?

History Has Your Back

• Quote from Giannis Antetokounmpo regarding success versus failure at work.

Quotes

09:00 – “So the amendments, which went into effect in May of 2024. And then as we've all noted, the compliance dates are coming up for large institutions on December 3rd and then for smaller institutions later in the year into 2026 in June. The amendment is actually required, and have brought to bear, a number of significant changes. At a very high level, they now require under the amended reg SP covered institutions and the covered institutions are defined to include broker-dealers, registered investment companies, registered investment advisors, funding portals, and transfer agents must now adopt a formal incident response program and have written policies and procedures that are reasonably designed to detect and respond to and recover from any unauthorized access to or use of customer information. There's a notification requirement that now exists if sensitive customer information was or was reasonably likely to have been accessed or used with that authorization. And I think that the notification provisions are really what's significant for firms, because that notification has to be made as soon as practicable, but no later than 30 days after the advisor becomes aware of a breach.” – Kristen

15:00 – “We've seen it actually done in a combination in which you see a lot of compliance manuals have a section on privacy, on cybersecurity. There's usually a reference to Reg S-P and its obligations. But then actually to implement the reg, the policies and procedures need to live in several different areas, like incident response. That's pure cybersecurity. And so you're likely going to have cybersecurity specific procedures in terms of just drafting the notice, getting it out t...

Welcome back to the Compliance In Context podcast! On today’s show, we will be providing a comprehensive, deep-dive look at SEC Enforcement over the last twelve months—including the real story behind some of the recent numbers, distinct areas of focus, and what we’re hearing from the Paul Atkins-led SEC. To help guide us through this important topic and share some fantastic insights for our listeners, we welcome in two expert panelists (and accomplished podcasters), Andrew Dean from Weil Gotshal and Kurt Wolfe from Quinn Emmanuel.

Show

Interview with Andrew Dean and Kurt Wolfe

• Review of SEC Enforcement metrics over the last twelve months
• What are we hearing from the SEC and Chair Atkins?
• Reviewing the takeaways from Atkins’ recent statements on the Wells process
• What are we hearing from the other Commissioners?
• How have the cuts and departures impacted SEC Enforcement? What typically happens during a transition? Are their programmatic impacts?
• Understanding key differences between the Division of Exams and the Division of Enforcement
• How are SEC exams being resolved in the current environment?
• How are firms interacting with the Staff right now?
• What can we expect next in the area of SEC Enforcement?

Quotes

05:11 – “So, you know, the SEC's fiscal year runs October 1 through September 30, and we don't have the final numbers yet from that period. Our friends at Cornerstone always put out a nice report at the end of the year that kind of, you know, tell the story. It will be a little complicated by the fact that this fiscal year was over the course of two commissions that have relatively different approaches to enforcement. And so the first three and a half months of the fiscal year were under Chair Gensler, and the remaining were under interim chair Uyeda, and then Chair Atkins. You know, it’s clear that the enforcement actions are dramatically lower under the Atkins Commission. If we just look at the period, this is our friends at King and Spaulding putout this, and we’re giving a lot of credit to others who have, kind of, done the math for us. Between February and July of 2025 there were 67 enforcement actions. Compare that to 198enforcement actions during the same time period in 2021 when there was another Commission transition.” – Andrew Dean

20:25 – “They should focus on cases where there's a lot of harm to investors or potential harm to investors and not just technical violations, not foot faults. I think many would say that's a different tone or strategy than what we saw in the last administration. He even went out of his out of his way to say, SEC enforcement should never feel like a gotcha game. My third point would be transparency and predictability. I think, again, this is sort of consistent with what we've heard from Chairman Atkins, you know, back when he was a commissioner even, he thinks enforcement action should be consistent. The results should be fairly predictable and tied to SEC policies and coordinated across the divisions.” – Kurt Wolfe

Welcome back to the Compliance In Context podcast! On today’s show, we will be focusing on the impact of mentorship on compliance, and how as mentors and mentees, we can become the best version of our compliance-selves. To help guide us through the conversation, we are very pleased to welcome back to the show, attorney and former regulator (and insightful mentor), Richard Szuch. In our Headlines section, we look a notable decline in SEC enforcement actions in 2025 and review the recently announced rulemaking agenda for the SEC in upcoming months,, and finally, we close up today with another installment of Outtakes, where we see continued focus from SEC Enforcement on the Marketing Rule and accurate disclosure of conflicts of interest.

Show

Headlines

• SEC enforcement actions drop sharply, with focus shifting to investor fraud.
• US SEC unveils agenda to revamp crypto policies, ease Wall Street rules

Interview with Richard Szuch

• How has mentorship shaped your career as a legal and securities compliance professional?
• Reviewing the importance of mentoring and mentorship in compliance
• Understanding the benefits received from mentorship for both the mentee and the mentor
• What were some of the lessons that you received early on as either a mentee or mentor that inspired you in this area?
• What are three questions every compliance professional should ask themselves?
• How does mentorship impact the overall productivity of a compliance team?
• How to find professional fulfillment in your legal/compliance role
• For those that are considering taking on a role as mentor or mentee, what additional advice or words of encouragement would you give them?

Outtakes

• SEC Charges RIA with Marketing, Books and Records, and Compliance Rule Violations

Quotes

16:00 – “Like at the prosecutor’s office. I remember John O’ Reilly saying to me once, ‘Richard, you do not need to be smart enough to know the answer to every question, but you do need tobe smart enough to know when to ask a question.’ And I think the same goes true with navigating with the people you work with.” - Richard Szuch

28:06 – “There is the law, there are the facts, and then there’s the application of judgement to what those facts mean in the legal construct. Same exact thing in compliance. There are the regs. There is the activity, you know, going on, there’s maybe not a bright line answer, and that’s when, you know, having help from older folks or people more experienced than you is really what you’re looking for, or at least as experienced as you.” - Richard Szuch