The Day the Rules Changed for Smaller RIAs

On May 16, 2024, the Securities and Exchange Commission adopted amendments to Regulation S-P. The amendments became effective August 2, 2024. They were not new requirements written from scratch. They were the Commission's response to the operational reality, visible to anyone watching the broker-dealer and registered-investment-adviser landscape since the early 2020s, that the surface area of customer information had outgrown the original 2000-vintage rule.

The amendments did three things that matter to a sub-$1.5-billion-AUM registered investment adviser. First, they redefined customer information to include not only the records the firm collects directly, but any nonpublic personal information about a customer that the firm receives from another financial institution. Second, they required every covered institution to adopt, maintain, and implement written policies and procedures for an incident response program — a program reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information. Third, they imposed a new affirmative duty to notify each affected individual, in most cases within thirty days of the determination that customer information has been or is reasonably likely to have been accessed without authorization.

For larger entities — registered investment advisers with $1.5 billion or more in regulatory assets under management, and registered investment companies with net assets of $1 billion or more — the compliance deadline was December 3, 2025. That deadline has passed. For smaller entities, including the substantial majority of the U.S. registered investment adviser population, the deadline is June 3, 2026. As this is written, that deadline is weeks away.

The reading that has been wrong since November

There is a tendency, in the family-office and boutique-RIA world, to read SEC compliance deadlines as something that applies to other firms. Larger firms. Firms with general counsel. Firms with chief information security officers. Firms that show up on the SEC's annual examination priorities list.

That reading has been wrong since November 17, 2025, when the Division of Examinations released its 2026 Examination Priorities. The 2026 priorities document, which sets the examination posture for the fiscal year, named amended Regulation S-P as a focus area. Acting Division Director Keith Cassidy made the same point in plainer language: examinations should not be a gotcha exercise, but the priorities document exists precisely so firms can direct compliance efforts to areas of heightened scrutiny. The amended rule is one of those areas.

The 2026 FINRA Annual Regulatory Oversight Report, released December 9, 2025, added a dedicated section addressing generative AI, deepfake-enabled fraud, and the use of AI in vendor relationships. The Delaware Court of Chancery, building on Marchand v. Barnhill and the In re Caremark line, now treats cybersecurity as a mission-critical risk subject to heightened oversight duties at the board level. These are not parallel regulatory streams. They are converging into a single operational expectation.

The narrow legal question has a wider operational answer

The narrow legal question — are we a covered institution? — has a wider operational answer. Under the amendments, covered institution includes brokers, dealers, investment companies, registered investment advisers, funding portals, and transfer agents. If the firm is registered with the Commission as an investment adviser, the firm is in scope. The threshold for the smaller-entity deadline does not change whether the rule applies. It changes only when the rule applies. June 3, 2026 is the date by which the firm's written incident response program must be in place, the firm's vendor oversight policies must be reasonably designed and implemented, the firm's recordkeeping must document compliance, and the firm's notification capability must be operational.

The operational substance of the rule is what trips most firms. The rule does not require a perfect program. It requires a written program reasonably designed to detect, respond to, and recover from a breach of customer information. Reasonably designed is the legal standard, and the SEC's small-entity compliance guide, published in 2024, gives the floor.

The program must include policies and procedures for assessing the nature and scope of any incident, taking appropriate steps to contain and control the incident to prevent further unauthorized access, and notifying affected individuals when notification is required. It must include policies and procedures for oversight of service providers — meaning due diligence at onboarding, monitoring during the relationship, and a contractual or operational mechanism by which the service provider notifies the firm of a breach affecting the firm's customer information as soon as possible, but no later than seventy-two hours after the service provider becomes aware. It must include recordkeeping that preserves the policies, the assessments, the notifications, and the response actions.

The thirty-day clock most firms have not rehearsed

The thirty-day individual notification clock is the headline obligation. It is also the obligation most firms have not yet rehearsed. The clock begins when the firm has a reasonable basis to conclude that customer information has been, or is reasonably likely to have been, accessed without authorization. A breach by a service provider — for example, the SaaS portfolio-accounting platform the firm relies on — starts the clock for the firm, not just for the vendor. The notice must describe the incident, the customer information involved, and the steps the customer can take to protect themselves.

There is a narrow exception for cases in which the firm determines, after reasonable investigation, that the information has not been and is not reasonably likely to be used in a manner that would result in substantial harm or inconvenience. The exception is narrow on purpose. Firms relying on it should expect to defend the determination in writing.

Three things that are different in 2026

It is at this point, reading through the rule for the first time, that family-office chief operating officers and registered-investment-adviser chief compliance officers tend to ask the question that this short piece exists to address: what, specifically, is different in 2026 from the cybersecurity programs we have operated for years? Three things are different.

First, the program must address an attack surface that did not exist when the original Regulation S-P was written and that is changing month over month. In April 2026, the FBI's Internet Crime Complaint Center released its 2025 Annual Report and disclosed total reported losses of $20.88 billion across more than one million complaints. AI-enabled fraud, broken out as a stand-alone descriptor for the first time in the IC3's twenty-five-year history, accounted for $893 million in adjusted losses across 22,364 complaints — a figure the Bureau itself flagged as conservative because it depends on whether victims recognized AI involvement. Voice cloning, which now requires roughly three seconds of source audio, is a standard layer in business-email-compromise schemes. The Arup deepfake video-call case of 2024 — twenty-five million dollars moved on a synthetic video conference — is no longer the outlier case study. It is the operational template.

Second, the program must address an internal attack surface created by the firm's own AI adoption. The Replit production-database deletion of July 2025, in which an AI coding agent erased the production database of a SaaS business during an explicit code freeze, is the canonical incident. Amazon's December 2025 Kiro incident, in which the company's AI coding agent autonomously deleted and recreated a live production environment for AWS Cost Explorer in a mainland China region — a thirteen-hour outage publicly attributed by Amazon to user misconfiguration but described differently by anonymous sources to the Financial Times — is the second. Cursor and Claude Opus 4.6 deleting PocketOS's production database in nine seconds on April 25, 2026, despite an active code freeze, is the third. Amazon's own consumer-facing marketplace lost roughly 6.3 million orders on March 5, 2026, in an outage triggered by a code-deployment error following an earlier March 2 incident; the company subsequently imposed a 90-day code safety reset across approximately 335 Tier-1 systems requiring two-engineer approval for any change. An incident response program reasonably designed for 2026 must contemplate the possibility that the next breach of customer information at the firm will be initiated not by an external attacker, but by the firm's own AI agent operating with credentials it should not have had, in an environment it should not have been able to reach.

Third, the program operates in a regulatory environment in which, for the first time, a chief compliance officer who has not addressed agentic-AI risk has affirmative exposure. The SEC's December 4, 2025 Investor Advisory Committee recommendation that companies disclose how they define artificial intelligence and what board-level oversight mechanisms exist for it. The FINRA 2026 Report's addition of a dedicated GenAI section. The Delaware Court of Chancery's 2025 posture treating cybersecurity as a mission-critical risk subject to heightened oversight duties. These are converging into a single operational expectation: that the firm's program addresses AI, and that the firm's board or governing body can demonstrate, in writing, that it has done so.

The week to start

The deadline is June 3, 2026. The examination cycle that follows it will not test whether the firm built a perfect program in thirty days. It will test whether the firm built a reasonable program at all, whether the firm tested it, and whether the firm can produce the documentation to prove it.

Firms that have not begun should begin this week. Firms that have begun and stalled should restart this week. The wedge between a firm with a reasonable, tested, documented program and a firm without one is, on June 4, 2026, the wedge between a firm the SEC will treat as cooperative and a firm the SEC will treat as a finding.

Brad McEvilly is the founder of DeepSweep, which operates ARIA, a runtime governance engine for agentic AI, and runs three programs for the wealth-management sector: the Reg S-P Compliance Bundle, the Family Office Audit, and the Executive Deepfake Defense Retainer. He is the author of The Governance Gap (May 2026) and The Governance Gap at the Edge of Wealth (July 2026).