You Can't Outsource the Risk: Reg S-P and Vendor Oversight

You Can't Outsource the Risk: Reg S-P and Vendor Oversight

The SEC's amended Regulation S-P raises the bar on how investment advisors protect customer data — and the compliance timeline isn't moving. In this episode of the Ncast, Rafael DeLeon sits down with Tracy Soehle, Associate General Counsel at the Investment Advisors Association, to work through what the rule demands in practice: building an incident response program, meeting the 30-day notification requirement, and managing service providers in a regulatory environment that still leaves a lot open to interpretation.For RIAs, this isn't just a compliance exercise. It runs directly through fiduciary duty — and Tracy walks through how firms can meet that obligation while navigating vendor relationships that don't always cooperate.In this episode:The two most significant changes in amended Reg S-P: mandatory incident response programs and the 30-day customer notification requirementWhy that 30-day clock is harder than it sounds — and what firms need in place before a breach happensWhat "reasonable assurances" from vendors actually means when the rule doesn't require it in the contractWhich service providers will renegotiate and which won't — and how to document the diligence either wayWhy you can delegate notification to a vendor but can't delegate the liabilityData mapping as the non-negotiable foundation of the entire programWhat SEC examiners are asking for and what "reasonably designed" has to mean in practice To get insights on how your peers are managing third-party risks, download our State of Third-Party Risk Management Survey: https://www.ncontracts.com/state-of-third-party-risk-management-survey-report

Go Fast, Safely: What It Takes to Trust AI in Compliance

Compliance officers are under constant pressure to answer regulatory questions accurately — and fast. In this episode of Ncast, Rafael DeLeon sits down with Stephanie Lyon and Jay Jamison to unpack what it means to use AI in compliance responsibly, from how Nquiry was built to eliminate the research burden to what examiners actually want to see in your documentation when AI informed a decision.Guests: Stephanie Lyon — SVP of Regulatory & Risk Intelligence, Ncontracts Jay Jamison — Chief Product Officer, NcontractsIn this episode:• Why lean compliance teams are stuck playing compliance encyclopedia — and what that costs• What citations, current sourcing, and visible reasoning have to do with trust in any AI tool• The liability question: when an AI tool gets it wrong, who owns it?• How Nquiry's purpose-built regulatory library and integration with nComply sets it apart from general-purpose AI• What hallucination risk looks like beyond wrong answers — and why regulatory nuance is the harder problem• The examiner's checklist: what Rafael looked for at the OCC when institutions used third-party tools to support compliance decisions• How to tell whether your AI tool is reducing uncertainty or creating it Learn more about Nquiry: https://hubs.ly/Q04f3J8w0

An Executive's Take: The Future of AI in Risk and Compliance

AI is moving faster than most compliance programs can handle — and financial institutions are feeling it. In this episode of the Ncast, host Rafael DeLeon sits down with Ncontracts Chief Product Officer Jay Jamison to talk about what it actually means to govern AI responsibly in financial services.Jay brings nearly 30 years of software experience — including a decade at Microsoft — to a conversation that covers where institutions are going wrong with AI adoption, how to build a practical governance framework starting with your data, what your vendors may not be disclosing about the AI embedded in their products, and where risk and compliance programs are headed over the next three to five years.Whether you're a community bank CEO just getting curious or a compliance officer trying to keep pace with a fast-moving vendor landscape, this episode gives you a framework to move forward with confidence.

Tackling Compliance Challenges: Lessons from a Former Compliance Officer

Former compliance and BSA officer Ashley Przada joins Rafael DeLeon to share hard-won lessons from 14 years in banking — covering everything from BSA risk and examiner relationships to compliance burnout and building programs from the ground up.

Transformative Compliance Tactics: Getting to "Yes" in a Complex Regulatory World | The Ncast Episode 43

Compliance is often viewed as a gatekeeper instead of a collaborator. How can a compliance officer change that perception and actually become valued as a strategic business partner? In this episode of the Ncast podcast, Rafael DeLeon interviews Michelle Prohaska, Chief Risk & Compliance Officer at Nymbus, as she shares how she laid the groundwork to ensure compliance is welcomed into strategic conversations and partnerships.