Regulation S-P requires financial advisors to provide clients with a clear privacy notice explaining how you collect, use, and share their personal financial information. The annual privacy notice is a compliance obligation many advisors treat as an afterthought — but a well-crafted privacy letter can actually reinforce client trust and demonstrate your commitment to data security.
Regulation S-P, adopted by the SEC under the Gramm-Leach-Bliley Act, requires financial institutions — including RIAs — to provide privacy notices to individual clients. The regulation covers the collection of nonpublic personal information (NPI) and restricts sharing that information with nonaffiliated third parties. In 2024, the SEC updated Reg S-P to add data breach notification requirements, making your privacy communications more important than ever.
You must provide an initial privacy notice when you establish a customer relationship. After that, you must provide an annual notice for as long as the relationship continues. The 2023 SEC rule amendment created a simplified annual delivery exception — if your privacy policy hasn't changed and you don't share NPI except under specified exceptions, you may be able to post your notice on your website instead of mailing it annually. Confirm with your compliance consultant whether you qualify.
Compliance Note: The 2024 amendments to Reg S-P added a significant new requirement: advisors must notify affected clients within 30 days of discovering a data breach that may have compromised their NPI. This is a new and material obligation. Ensure your incident response plan is updated to meet this timeline. This template letter covers the annual privacy notice — breach notification letters require separate, specific language.
[Date]
[Client Full Name]
[Client Address]
[City, State, ZIP]
Dear [Client First Name],
Annual Privacy Notice — [Firm Name]
We are committed to protecting the privacy and security of your personal financial information. This notice describes how we collect, use, and protect your nonpublic personal information in accordance with Regulation S-P.
Information We Collect
We collect nonpublic personal information about you from the following sources:
How We Use Your Information
We use your personal information to provide investment advisory services, administer your account, and fulfill our legal and regulatory obligations. We do not sell your personal information to third parties.
Information We May Share
We may share your information with:
We do not share your personal information with nonaffiliated third parties for marketing purposes.
How We Protect Your Information
We maintain physical, electronic, and procedural safeguards to protect your nonpublic personal information, including encrypted data transmission, secure document storage, and employee training on privacy procedures.
If you have questions about our privacy practices, please contact us at [Phone] or [Email].
Sincerely,
[Advisor Name]
[Title]
[Firm Name]
Most privacy notices are dense, legalistic, and unread. The best advisors pair the required notice with a brief personal cover note explaining in plain English: "We never sell your information, we store it securely, and here's how to reach us if you have questions." This human layer on top of the compliance language builds trust rather than anxiety.
For clients who receive your letter digitally, consider hyperlinking to your full privacy policy on your firm's website for easy reference. Document that delivery occurred — email delivery with a read receipt or a logged client portal access provides a defensible record.
Privacy notices, fee disclosures, RMD reminders — every client letter your practice needs, generated by AI in seconds.
$49/mo founding price (7-day free trial)
Start Free Trial →