Experts in Financial Regulatory Services

Business person pointing at clipboard with pen.

Renaissance Regulatory Services, Inc. was built on the premise that the financial services industry is constantly changing. As a result, our clients need the most contemporary tools and insights in order to adapt to the unique compliance and operational challenges that arise in this ever-evolving environment.

Our purpose today is the same as it was on the day we were founded in February 2006: to empower our clients to Manage Through Change, with comprehensive and proactive solutions and audits designed by Real, Reliable consultants, and tailored to our clients’ Strategic needs.

Our Services

Person pointing at chart with pen across the desk from another person.

Investment Adviser Services

Whether you are an investment adviser, investment company, private fund or looking to become one, RRS can provide the expertise and support to meet your firm’s regulatory requirements under the Investment Adviser’s Act, Investment Company Act and applicable state regulations. RRS offers support through a suite of services from initial business planning to the creation and implementation of compliance and risk management programs. Leverage RRS’ regulatory and business experience to support all your firm’s regulatory requirements.

Learn More

Broker-Dealer Services

Whether your firm is a full service or limited broker-dealer, RRS can provide the expertise and support to meet your firm’s regulatory requirements. RRS offers support through a suite of services from initial business planning to the creation and implementation of compliance and risk management programs. Leverage our team’s regulatory and compliance expertise to build and support a compliance program for your firm that meets or exceeds your regulatory requirements.

Learn More

Two people shaking hands in a business deal.

Read Our Latest Blogs

Regulation S-P: Next Steps for Investment Advisers

June 3, 2026 | Renaissance Regulatory Services | Renaissance Regulatory Services

As the SEC’s amended Regulation S-P requirements become effective for all investment advisers, firms should now be focused on implementation of the requirements, including cybersecurity governance, vendor oversight, use of artificial intelligence (AI), and testing their ability to respond effectively to cyber incidents.

We outline key areas firms should prioritize over the balance of the year.

Implementation Readiness

The Regulation S-P requirements now place greater emphasis on incident response, customer notification, and protection of customer information.

Firms should ensure they have:

Written incident response procedures
Escalation and breach assessment protocols
Customer notification procedures
Vendor oversight programs
Information security controls
Documented employee training
Evidence of testing and governance

Recommended Action Items:

Conduct at least one tabletop cybersecurity exercise
Confirm client notification templates are prepared
Test escalation and communication workflows
Review vendor incident notification obligations

Key Risk: It is expected that the SEC will focus on firms that cannot demonstrate implementation and testing of their cybersecurity controls.

Artificial Intelligence (AI) Governance

AI usage has expanded rapidly, creating new regulatory and operational risks.

The SEC expects firms to maintain controls over customer information regardless of the technology platform being utilized.

Primary AI Risks:

Employees entering confidential client data into public AI systems
Unapproved “shadow AI” usage
AI-generated inaccuracies
Improper use of AI-generated marketing content
Vendor AI data retention concerns

Recommended Controls:

Establish an AI Governance Policy
Maintain an approved AI tools inventory
Prohibit entry of customer information into public AI platforms
Require human review of AI-generated content
Conduct employee AI usage training
Include AI vendors in vendor due diligence reviews

Best Practice: Treat AI access and governance similarly to email, cloud storage, and cybersecurity controls.

Cybersecurity & Threat Management

Cyber threats targeting financial services firms continue increasing in sophistication.

Key Threats Firms Should Monitor:

AI-powered phishing attacks
Business email compromise (BEC)
Remote Access Tool (RAT) attacks
Ransomware
Vendor and supply chain breaches
Credential theft and MFA bypass attacks

Recommended Controls:

Multi-factor authentication (MFA)
Endpoint Detection & Response (EDR)
Device encryption
Patch management
Privileged access restrictions
Secure backup testing
Employee phishing simulations
Wire transfer verification procedures

Best Practice: Cybersecurity should be treated as an enterprise risk management issue, not solely an IT function.

Vendor Oversight & Third-Party Risk Management

The SEC continues to increase focus on vendor oversight. Firms should identify all vendors with access to:

Customer information
Network infrastructure
Email systems
Portfolio or trading systems
AI or cloud environments

Recommended Vendor Reviews:

SOC 2 reports
Cybersecurity questionnaires
Incident notification obligations
Data encryption standards
Subcontractor usage
Business continuity capabilities
Cyber insurance coverage

Best Practice: Require contractual notification obligations for suspected breaches within 72 hours.

SEC Examination Preparedness

Regulators are increasingly requesting evidence of implementation rather than simply reviewing policies.

Firms should be prepared to provide:

Evidence of employee training
Incident response testing results
Vendor due diligence documentation
Access review records
Cybersecurity governance documentation
Risk assessments
AI governance documentation
Annual review and testing results

Likely SEC Examination Questions:

How does the firm identify and classify cyber incidents?
How are vendors monitored?
How does the firm govern AI usage?
What testing has been performed?
How would the firm notify clients after a breach?
What evidence exists that management reviewed cybersecurity risks?

Employee Training

Many cybersecurity incidents continue to originate from employee actions.

Training should include:

Phishing awareness
Password and MFA security
AI usage restrictions
Remote work security
Escalation procedures
Social engineering risks
Data handling procedures

Best Practice: Conduct periodic phishing simulations and maintain evidence of employee participation.

Governance & Documentation

One of the most important themes for 2026 is documentation.

If an action is not documented, regulators may assume it did not occur.

Firms should maintain documentation related to:

Testing activities
Vendor reviews
Employee training
Risk assessments
Incident response exercises
AI governance reviews
Cybersecurity committee or management discussions

Best Practice: Maintain centralized cybersecurity and compliance evidence repositories.

Final Takeaways

For the remainder of 2026, investment advisers should focus on five core themes:

Implementation and Awareness
Cybersecurity Governance
AI Oversight and Controls
Vendor Risk Management
Testing and Documentation

The firms best positioned for SEC examinations will be those able to demonstrate that cybersecurity, AI governance, and operational controls are active, tested, and supported by management oversight.

Regulation S-P should now be viewed as a broader operational and cybersecurity framework rather than solely a privacy rule.

Strengthening Your Broker-Dealer Compliance Program with Support from RRS

March 9, 2026 | Renaissance Regulatory Services | Renaissance Regulatory Services

Broker-dealers operate in one of the most highly regulated areas of the financial services industry. Regulatory oversight from the SEC, FINRA, and other self-regulatory organizations requires firms to maintain strong compliance controls and supervisory systems. As a result, firms must implement a comprehensive broker dealer compliance program that addresses supervisory responsibilities, internal controls, regulatory reporting, and periodic compliance testing.