SEGMENT 1:

Brice Prince, Special Counsel, Division of Trading and Markets,
U.S. Securities and Exchange Commission

- Regulation S-P’s current requirements
- Status of proposal to amend Regulation S-P
- Recent Regulation S-P enforcement actions
- Model privacy form rulemaking
- Regulation S-AM
- FTC identity theft Red Flags Rule SEGMENT 2:

David Medine, Partner, Regulatory and Government Affairs Department,
WilmerHale

- What information can departing financial advisors take with them?
- What Red Flags Rule obligations do broker dealers have?
- How can I share eligibility information with affiliates for marketing purposes?
- What will the impact be of proposed Reg. S-P safeguards provisions?
- What do I need to do if there has been a security breach involving client data?
- Does Reg S-P apply to international operations?

SEGMENT 3:

Brian L. Rubin, Partner,
Sutherland

- NEXT Financial case
  » Genesis of case
  » Allegations
  » Trial
  » Decision
  » Implications for recruiting -- inbound and outbound
  » Current Recruiting and Transition Practices

SEGMENT 4:

Julianne Inozemcev, Partner, Financial Services Office,
Ernst & Young LLP

- Independent broker-dealers, registered investment advisors, and Transfer agents that are not part
  of a Financial Holding company will be required to expend the greatest effort to comply with the
  specific and extensive standards related to information security programs for protecting and
  disposing of customer information, including requiring procedures for responding to security
  breeches
- Due to the proposal to expanded the scope of information protected and extends coverage to
  persons associated with firms - data flow mapping activities to understand information covered by
  the regulation and covered parties will need to be undertaken (or updated) and documented to
  evidence to regulators and management that the organization understands where their information
  resides and how is it processed (collected, use, shared, and disposed of)
- Formal risk assessments will need to be conducted to identify internal and external threats to
  protected information / covered parties and the internal controls (governance structure, policies,
  procedures, manual and automated processes) necessary to comply with the Reg-S-P information
  security/breach response requirements
- Written information security programs and vendor management programs will need to e updated
  for risk assessment results
- Corporate audit or an independent third party may partner with management to perform procedures
  to evidence regulator testing / monitoring of the effectiveness of the safeguards key controls,
  systems, and procedures

SEGMENT 5:

Patricia Albrecht, Assistant General Counsel; Office of the General Counsel,
FINRA

- FINRA Examination Findings and Priorities
- Changes in Examination Procedures in Light of Recent SEC Enforcement Actions