Welcome back to the Compliance In Context podcast! On today’s show, we get to dive deep into one of our favorite topics on this fine show, namely what’s happening with the SEC Marketing Rule and some recent guidance that’s come out from the Division of Examinations and the Division of Investment Management. To help guide us through the conversation, we are very pleased to welcome back to the show, Chris Mulligan and Jeff Blumberg. In our Headlines section, we pay tribute to the service of former Commissioner Caroline Crenshaw, and we will also review a recent FINRA proposal covering the financial exploitation of senior investors and a new rule addressing suspected fraud for all customers, and finally, we close up today with another installment of Outtakes, where we continue to see an increased focus from the SEC Division of Enforcement on insider trading and related fraud schemes.

Show

Headlines

• SEC Statement on Departure of Commissioner Caroline Crenshaw
• FINRA Proposes Increased Protections for Senior Investors and Other Vulnerable Customers

Interview with Chris Mulligan and Jeff Blumberg

• Overview of the new Marketing Rule FAQs?
• What is the impact on Footnote 590?
• Discussion of the purpose and process behind SEC Risk Alerts
• What does the new Risk Alert tell us about the Marketing Rule?
• What is the impact on testimonials and endorsements?
• Reviewing the sufficiency of disclosure requirements, including links to websites and the “clear and prominent” standard
• What does the Risk Alert say about third-party ratings? What satisfies the “reasonable belief” standard regarding preparation of third-party ratings?
• What does the Risk Alert disclose regarding the SEC’s stance regarding compensation structures?
• When does a statement from a third-party trigger the Marketing Rule?
• Reviewing the “adoption and entanglement” doctrine and related issues

Outtakes

• SEC Charges Six in $41M Insider Trading Scheme

Quotes

08:03 – “I think this FAQ is going to be very welcome by the industry. And it really stems from the fact that the rule itself does not seem to require a model fee. Net returns are defined as gross returns minus the fees and expenses you pay the advisor. There’s a pretty clear definition. And it provides guidance around how you can use a model fee. But it doesn’t really require it in the rule itself. However, Footnote 590–and this is why it was so controversial—said that if the fee to be charged to the intended audience is anticipated to be higher than the actual fees charged, the advisor must use the model fee that reflects the anticipated fee to be charged in order not to violate the rule’s general prohibitions.” – Chris Mulligan

15:24 – “So risk alerts are a really important part of the Division of Examinations. And, you know, they really express what the Staff is seeing on examinations, right? So the priorities come out every year and receive a lot of attention. You know, the reality is the priorities are often very similar year to year. They sort of focused on the issues that, you know, everyone generally knows they’re going to focus on. And it doesn’t talk about the results. Like, what did you actually find on these exams. And that’s where the risk alerts really come in and I think are really terrific docum...

Welcome back to the Compliance In Context podcast! On today’s show, we will be serving up everything you need to know about Regulation S-P and the upcoming compliance date for many firms—what are the new requirements, what are firms doing to prepare, and best practices on implementation. To help guide us through the conversation, we are very pleased to welcome in Kristin Snyder and Charu Chandrasekhar from Debevoise Plimpton. In our Headlines section, we review the 2026 Examination Priorities from the SEC Division of Exams, and finally, we close up today with another installment of History Has Your Back, where we examine what an old quote from an NBA superstar can teach us about conducting annual compliance reviews and the compliance profession.

Show

Headlines

• Reviewing the 2026 SEC Examination Priorities

Interview with Kristin Snyder and Charu Chandrasekhar

• Overview of the Reg S-P Amendments
• What are some of the key considerations firm should consider when implementing the new requirements of Reg S-P into their policies and procedures?
• What are some best practices if firms decide to build in the relevant provisions of Reg S-P into other sections of the firm’s compliance manual?
• What about recordkeeping provisions? How does disposal impact other policies and procedures?
• How can firms properly establish vendor risk management in the wake of the new Reg S-P requirements?
• How are firms successfully navigating the 72-hour notification requirements?
• If you were starting a firm from scratch, what are some additional best practices firms should consider when developing their broader information security and cybersecurity framework?
• What can we expect from the exam staff coming out of the shutdown?
• What would we expect the SEC to do now that the rule is live?

History Has Your Back

• Quote from Giannis Antetokounmpo regarding success versus failure at work.

Quotes

09:00 – “So the amendments, which went into effect in May of 2024. And then as we've all noted, the compliance dates are coming up for large institutions on December 3rd and then for smaller institutions later in the year into 2026 in June. The amendment is actually required, and have brought to bear, a number of significant changes. At a very high level, they now require under the amended reg SP covered institutions and the covered institutions are defined to include broker-dealers, registered investment companies, registered investment advisors, funding portals, and transfer agents must now adopt a formal incident response program and have written policies and procedures that are reasonably designed to detect and respond to and recover from any unauthorized access to or use of customer information. There's a notification requirement that now exists if sensitive customer information was or was reasonably likely to have been accessed or used with that authorization. And I think that the notification provisions are really what's significant for firms, because that notification has to be made as soon as practicable, but no later than 30 days after the advisor becomes aware of a breach.” – Kristen

15:00 – “We've seen it actually done in a combination in which you see a lot of compliance manuals have a section on privacy, on cybersecurity. There's usually a reference to Reg S-P and its obligations. But then actually to implement the reg, the policies and procedures need to live in several different areas, like incident response. That's pure cybersecurity. And so you're likely going to have cybersecurity specific procedures in terms of just drafting the notice, getting it out t...

Welcome back to the Compliance In Context podcast! On today’s show, we will be providing a comprehensive, deep-dive look at SEC Enforcement over the last twelve months—including the real story behind some of the recent numbers, distinct areas of focus, and what we’re hearing from the Paul Atkins-led SEC. To help guide us through this important topic and share some fantastic insights for our listeners, we welcome in two expert panelists (and accomplished podcasters), Andrew Dean from Weil Gotshal and Kurt Wolfe from Quinn Emmanuel.

Show

Interview with Andrew Dean and Kurt Wolfe

• Review of SEC Enforcement metrics over the last twelve months
• What are we hearing from the SEC and Chair Atkins?
• Reviewing the takeaways from Atkins’ recent statements on the Wells process
• What are we hearing from the other Commissioners?
• How have the cuts and departures impacted SEC Enforcement? What typically happens during a transition? Are their programmatic impacts?
• Understanding key differences between the Division of Exams and the Division of Enforcement
• How are SEC exams being resolved in the current environment?
• How are firms interacting with the Staff right now?
• What can we expect next in the area of SEC Enforcement?

Quotes

05:11 – “So, you know, the SEC's fiscal year runs October 1 through September 30, and we don't have the final numbers yet from that period. Our friends at Cornerstone always put out a nice report at the end of the year that kind of, you know, tell the story. It will be a little complicated by the fact that this fiscal year was over the course of two commissions that have relatively different approaches to enforcement. And so the first three and a half months of the fiscal year were under Chair Gensler, and the remaining were under interim chair Uyeda, and then Chair Atkins. You know, it’s clear that the enforcement actions are dramatically lower under the Atkins Commission. If we just look at the period, this is our friends at King and Spaulding putout this, and we’re giving a lot of credit to others who have, kind of, done the math for us. Between February and July of 2025 there were 67 enforcement actions. Compare that to 198enforcement actions during the same time period in 2021 when there was another Commission transition.” – Andrew Dean

20:25 – “They should focus on cases where there's a lot of harm to investors or potential harm to investors and not just technical violations, not foot faults. I think many would say that's a different tone or strategy than what we saw in the last administration. He even went out of his out of his way to say, SEC enforcement should never feel like a gotcha game. My third point would be transparency and predictability. I think, again, this is sort of consistent with what we've heard from Chairman Atkins, you know, back when he was a commissioner even, he thinks enforcement action should be consistent. The results should be fairly predictable and tied to SEC policies and coordinated across the divisions.” – Kurt Wolfe