The Ncast

Wealth Management Compliance: AI Governance, Vendor Risk, and the SEC and FINRA

Regulators aren't waiting for new rules before they start examining for compliance failures — they're applying existing frameworks to AI and vendor oversight right now, and wealth management firms that aren't prepared are already behind. Hollie Mason, Managing Director at Stout and former FINRA senior enforcement counsel, joins Rafael DeLeon to break down what the SEC and FINRA are prioritizing in 2026 exams, where the vendor oversight documentation gaps are showing up, and what defensible AI governance looks like for RIAs and broker-dealers.

You Can't Outsource the Risk: Reg S-P and Vendor Oversight

The SEC's amended Regulation S-P raises the bar on how investment advisors protect customer data — and the compliance timeline isn't moving. In this episode of the Ncast, Rafael DeLeon sits down with Tracy Soehle, Associate General Counsel at the Investment Advisors Association, to work through what the rule demands in practice: building an incident response program, meeting the 30-day notification requirement, and managing service providers in a regulatory environment that still leaves a lot open to interpretation.For RIAs, this isn't just a compliance exercise. It runs directly through fiduciary duty — and Tracy walks through how firms can meet that obligation while navigating vendor relationships that don't always cooperate.In this episode:The two most significant changes in amended Reg S-P: mandatory incident response programs and the 30-day customer notification requirementWhy that 30-day clock is harder than it sounds — and what firms need in place before a breach happensWhat "reasonable assurances" from vendors actually means when the rule doesn't require it in the contractWhich service providers will renegotiate and which won't — and how to document the diligence either wayWhy you can delegate notification to a vendor but can't delegate the liabilityData mapping as the non-negotiable foundation of the entire programWhat SEC examiners are asking for and what "reasonably designed" has to mean in practice To get insights on how your peers are managing third-party risks, download our State of Third-Party Risk Management Survey: https://www.ncontracts.com/state-of-third-party-risk-management-survey-report

Go Fast, Safely: What It Takes to Trust AI in Compliance

Compliance officers are under constant pressure to answer regulatory questions accurately — and fast. In this episode of Ncast, Rafael DeLeon sits down with Stephanie Lyon and Jay Jamison to unpack what it means to use AI in compliance responsibly, from how Nquiry was built to eliminate the research burden to what examiners actually want to see in your documentation when AI informed a decision.Guests: Stephanie Lyon — SVP of Regulatory & Risk Intelligence, Ncontracts Jay Jamison — Chief Product Officer, NcontractsIn this episode:• Why lean compliance teams are stuck playing compliance encyclopedia — and what that costs• What citations, current sourcing, and visible reasoning have to do with trust in any AI tool• The liability question: when an AI tool gets it wrong, who owns it?• How Nquiry's purpose-built regulatory library and integration with nComply sets it apart from general-purpose AI• What hallucination risk looks like beyond wrong answers — and why regulatory nuance is the harder problem• The examiner's checklist: what Rafael looked for at the OCC when institutions used third-party tools to support compliance decisions• How to tell whether your AI tool is reducing uncertainty or creating it Learn more about Nquiry: https://hubs.ly/Q04f3J8w0

An Executive's Take: The Future of AI in Risk and Compliance

AI is moving faster than most compliance programs can handle — and financial institutions are feeling it. In this episode of the Ncast, host Rafael DeLeon sits down with Ncontracts Chief Product Officer Jay Jamison to talk about what it actually means to govern AI responsibly in financial services.Jay brings nearly 30 years of software experience — including a decade at Microsoft — to a conversation that covers where institutions are going wrong with AI adoption, how to build a practical governance framework starting with your data, what your vendors may not be disclosing about the AI embedded in their products, and where risk and compliance programs are headed over the next three to five years.Whether you're a community bank CEO just getting curious or a compliance officer trying to keep pace with a fast-moving vendor landscape, this episode gives you a framework to move forward with confidence.

Tackling Compliance Challenges: Lessons from a Former Compliance Officer

Former compliance and BSA officer Ashley Przada joins Rafael DeLeon to share hard-won lessons from 14 years in banking — covering everything from BSA risk and examiner relationships to compliance burnout and building programs from the ground up.