Amendments to SEC Regulation S-P strengthen the requirements for safeguarding customer information and notifying clients of breaches. Adopted on August 2, 2024, they phase in by firm size: larger entities had to comply by December 3, 2025, and smaller entities by June 3, 2026. Combined with GLBA and the FTC Safeguards Rule, the message for Texas registered investment advisors (RIAs) is clear: documented safeguards, tested and reviewed.

The amendments require a written incident response program, customer notification within 30 days of a breach affecting their information, service-provider oversight, and five-year recordkeeping.

What Advisors Must Document

  • A written safeguards program covering how nonpublic client information is collected, protected, and disposed of.
  • An incident response and customer notification procedure.
  • Vendor oversight for custodians and technology providers.
  • Encrypted, authenticated client communications.

Verify Your Posture

Examiners expect to see real controls, not just policies. Run a free scan at audit.emailmenow.com/?industry=financial-advisors to confirm your SPF, DKIM, DMARC, and transport security are enforced.


Be ready before the exam letter arrives. Contact EmailMeNow IT Consulting for a written safeguards program and email security hardening.


Source: SEC — Enhancements to Regulation S-P: A Small Entity Compliance Guide