SEC Regulation S-P Amendments (May 2024)

Effective Date: October 2025

Summary

In May 2024, the U.S. Securities and Exchange Commission (SEC) adopted amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information. These changes enhance data protection obligations for certain regulated financial institutions and their service providers.

FundApps position: The amendments do not impact FundApps obligations under Regulation S-P, as FundApps does not process or store any “Customer Information” as defined by the rule and therefore no change to FundApps regulatory obligations or customer data handling practices is required.

Overview of Regulation S-P

Regulation S-P sets out privacy and safeguarding standards for specific U.S. financial institutions, including:

  • Registered investment advisers

  • Broker-dealers

  • Investment companies

  • Transfer agents

The regulation governs the protection of non-public personal information (NPI) belonging to consumers and customers of these institutions.

Key 2024 Amendments

The SEC’s May 2024 amendments aim to modernize Regulation S-P and strengthen data protection obligations. Key updates include:

  • New Defined Term – “Customer Information” Replaces “Customer Records and Information” to clarify the scope of protected data. Refers to any record containing non-public personal information about a customer of a financial institution, whether held directly by the institution or by a service provider on its behalf.

  • Expanded Safeguarding Obligations Covered institutions must establish and maintain written policies and procedures to protect and dispose of customer information securely.

  • Service Provider Oversight Financial institutions must ensure that service providers with access to customer information maintain appropriate safeguards and disposal controls.

Why FundApps Is Not Impacted

The 2024 amendments to Regulation S-P do not apply to FundApps for the following reasons:

  • FundApps is not a “financial institution” under Regulation S-P, but a service provider.

  • FundApps does not process or store “Customer Information” as defined in the amended rule.

  • Information provided by FundApps clients is limited to employee names and emails (i.e. login credentials) for access control, which does not constitute “consumer financial information” or “customer data” under Regulation S-P.

Accordingly, FundApps role and data handling practices remain outside the scope of the rule’s privacy, safeguarding, and disposal obligations.

PreviousLaws and RegulationsNextAI

Last updated

Was this helpful?