You Can't Outsource the Risk: Reg S-P and Vendor Oversight

The SEC's amended Regulation S-P is the most significant update to customer data privacy rules for investment advisors in a generation. Tracy Soehle, Associate General Counsel at the Investment Advisors Association, joins Rafael DeLeon to walk through what the amended rule actually requires: a mandatory incident response program, a 30-day notification clock, vendor oversight obligations, and exactly what an examiner will want to see when they walk in the door.

In this episode, you will learn

Tracy Soehle's Background and Role at the Investment Advisors Association

1:39
Tracy Soehle's Background and Role at the Investment Advisors Association
The Biggest Changes in Amended Reg S-P

4:46
The Biggest Changes in Amended Reg S-P
The 30-Day Notification Clock: Operational Challenges and How to Get Ahead of Them

7:20
The 30-Day Notification Clock: Operational Challenges and How to Get Ahead of Them
What "Reasonable Assurances" From Vendors Actually Means — and What It Doesn't

11:45
What "Reasonable Assurances" From Vendors Actually Means — and What It Doesn't
You Can't Outsource the Risk: Where Liability Stays With the Firm

18:55
You Can't Outsource the Risk: Where Liability Stays With the Firm
Data Mapping as the Foundation of Your Entire Compliance Program

22:22
Data Mapping as the Foundation of Your Entire Compliance Program
What Examiners Will Ask For and What Strong Documentation Looks Like

28:05
What Examiners Will Ask For and What Strong Documentation Looks Like

Guests

Tracy Soehle

Associate General Counsel - Investment Advisers Association

The Ncast Podcast

Episode 47

You Can't Outsource the Risk: Reg S-P and Vendor Oversight

In this episode, you will learn

Guests

Subscribe to the Nsight Blog

Share this

Related Episodes

A Path Forward: Community Banks and Innovation

How Banks are Adjusting to Cyber Risk and Remote Exams

Regulatory Brief for October 2021