ARTICLE
6 October 2025

REMINDER: Regulation S-P Amendments – Upcoming Dec. 3, 2025 Compliance Date

SR
Schulte Roth & Zabel LLP

Contributor

With a firm focus on private capital, Schulte Roth & Zabel comprises legal advisers and commercial problem-solvers who combine exceptional experience, industry insight, integrated intelligence and commercial creativity to help clients raise and invest assets and protect and expand their businesses.
As a reminder, "Larger Entities," including registered investment advisers with $1.5 billion or more in assets under management and any broker-dealer that is not a small entity under the Exchange Act...
United States Corporate/Commercial Law
William J. Barbera’s articles from Schulte Roth & Zabel LLP are most popular:
  • with readers working within the Media & Information and Securities & Investment industries

As a reminder, "Larger Entities," including registered investment advisers with $1.5 billion or more in assets under management and any broker-dealer that is not a small entity under the Exchange Act (generally, any broker-dealer with more than $500,000 in total capital), must comply with revised Regulation S-P beginning on Dec. 3, 2025.

Smaller registered investment advisers and broker-dealers will need to start complying with revised Regulation S-P beginning on June 3, 2026.

Key Changes

The amendments to Regulation S-P (the "Amendments") require that covered firms take a number of steps, including:

  • Developing and implementing written policies and procedures for an incident response plan;
  • Developing and implementing written policies and procedures providing for service provider oversight, including procedures reasonably designed to ensure service providers notify covered firms within 72 hours of security breaches involving "customer information systems"; and
  • Notifying customers (including customers of certain other financial institutions) within 30 days in the event their "sensitive customer information" has been compromised.

The Amendments also broaden the scope of information covered by Regulation S-P, implement additional recordkeeping obligations for covered institutions, and provide an exception to the annual privacy notice delivery requirement.

MWS has already begun working to help firms meet these new requirements, including:

  • Updating Incident Response Plan documentation; and
  • Developing procedures and documentation regarding service provider outreach.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More