On 9 January 2026, the U.S. Securities and Exchange Commission announced a hybrid compliance outreach event focused on helping small registered firms implement recent amendments to Regulation S-P, the SEC’s core investor data protection and privacy rule. Scheduled for 22 January 2026, it addresses an important market-integrity risk i.e. the increasing exposure of investor personal information arising from cyber incidents, inadequate safeguards, and insufficient incident-response preparedness at smaller market participants.
Regulation S-P amendments impose operationally testable obligations around safeguarding customer information, incident response, and regulatory interaction during examinations. The US SEC’s decision to conduct a final, workshop-driven outreach by combining compliance guidance with simulated examination scenarios is an enforcement-adjacent posture: firms are expected to understand not only what the rule requires, but how exam staff will assess compliance.
It is a regulatory compliance outreach, which applies to US SEC-registered firms, particularly small advisers and broker-dealers, that are subject to Regulation S-P. The core regulatory focus is the implementation of new data protection and incident-response obligations, and firms’ readiness for US SEC examinations assessing those obligations.
During the event, US SEC staff will explain substantive compliance requirements, outline examination expectations, and conduct a hands-on Incident Response tabletop exercise, including review of a sample document request list and a mock examination session.
Regulation S-P is issued under the US SEC’s authority pursuant to the United States Securities Exchange Act of 1934, the Investment Advisers Act of 1940, and related federal securities statutes governing broker-dealers and investment advisers. The rule establishes requirements for the protection of customer information, including safeguards policies and procedures. The recent amendments to Regulation S-P, heighten expectations around incident response, governance, and examination readiness.
(Source: https://www.sec.gov/newsroom/press-releases/2026-3-sec-host-hybrid-event-regulation-s-p-small-firms)
