Download the Free Checklist
Regulation S-P Self Assessment
Understand Where Your Program Stands Before Exam Time
The amended Regulation S-P raises the bar for how SEC-regulated firms, including RIAs, broker-dealers, and investment companies, oversee service providers, respond to incidents, and document compliance. This self-assessment checklist helps you take a clear, practical look at your program — highlighting strengths, uncovering gaps, and clarifying what needs attention ahead of an exam.
What It Covers
- Service Provider Oversight: Evaluate how you inventory vendors, define contractual expectations, assess risk, and perform ongoing oversight in line with SEC expectations.
- Incident Response Readiness: Review whether your written program, testing, and internal coordination support the 72-hour notification requirement and 30-day investigation window.
- Recordkeeping & Documentation: Assess how compliance evidence is organized, retained for five years, and made accessible when regulators ask for it.
- Core Privacy Obligations: Confirm privacy notice delivery, information-sharing controls, opt-out tracking, and documentation of applicable service provider exceptions.
Regulation S-P now expects consistency, speed, and clear documentation across vendors, incidents, and records. This checklist helps you clarify what’s already in place and defensible and identify gaps before they become exam issues.