July 7, 2026
What happened?
A recent SEC document request letter could be indicative of a long-predicted sweep of Amended Regulation S-P compliance, according to at least one news outlet. This should not come as a surprise. Amended Regulation S-P was the only new or proposed rule that was not overturned or postponed by the new administration. In late 2025, the SEC’s Division of Examinations (“EXAMS”) published its 2026 Examination Priorities, and as we previously reported, one thing was clear: Amended Regulation S-P was outlined as a priority. The SEC also held two webinars on Amended Regulation S-P (one for larger firms and one for smaller firms), further conveying its emphasis on advisers’ compliance with these new requirements.
Among the cybersecurity-related questions in the recent SEC document request letter are the following:
The request items are in line with what the SEC previewed as likely initial request items related to Amended Regulation S-P. Specifically, the incident response plan, written policies and procedures addressing the administrative, technical, and physical safeguards for customer information, and the risk assessments related cybersecurity, controls, threats, and vulnerabilities.
What does this mean for me?
By now, all covered institutions should be in compliance with Amended Regulation S-P. This letter is a strong reminder for firms to ensure that you are not only in compliance with Amended Regulation S-P, but that you are also meeting all SEC cybersecurity expectations and requirements.
Our cybersecurity team works with RIAs to build and maintain sound cybersecurity programs, in accordance with SEC expectations and best practices. Whether you need assistance with vendor due diligence, employee training, penetration testing, or AI implementation, Fairview’s team of cyber experts can help. Contact us today to set up a conversation.