Elevate Solutions
(888) 901-9686 Book a strategy call

Reg S-PFinancial ServicesCompliance

Reg S-P for the 15-Person RIA: What Actually Changed

Elevate Solutions Security & IT Advisory Team 4 min read

Small does not mean exempt

The SEC's amended Regulation S-P brought incident-notification and written-program requirements to advisory firms of every size. A 15-person RIA has the same obligations as a 500-person one — just less staff to meet them.

The pragmatic path

  1. A written information security program owned by a named individual.
  1. Vendor due-diligence on every provider touching client data.
  1. A 30-day breach-notification capability you have actually tested.

Where an MSP fits

We run the program day-to-day and keep the evidence current, so the named owner can attest with confidence.

Talk to us about your firm.

Want help applying this to your environment? We advise regulated Los Angeles firms on exactly these decisions — without the hard sell.

Talk to us