#Financial Services Cloud6 discussing

Bob — yes, you're not alone. We've heard the same from others navigating this with large SaaS vendors. Salesforce routing it through a legal addendum is pretty consistent with how they've handled similar requests. 

To your second question: beyond a formal addendum, other approaches that firms have used include a written questionnaire or attestation from the service provider acknowledging the 72-hour notification obligation, or documenting a risk-based vendor oversight decision if a contractual commitment isn't obtainable. The SEC gave some flexibility here — what matters is that your written policies reflect a reasonable effort to obtain that assurance and that you can demonstrate it during an exam. 

On the preparedness side, it's worth getting clear now on exactly what NPI lives in your Salesforce org — things like account numbers, SSNs, income data, credit info, or transaction history. If a breach occurs, Reg S-P requires you to notify affected individuals within 30 days of becoming aware, and the notice needs to clearly describe what information was compromised, the potential risk of harm, and what steps individuals can take to protect themselves. Knowing your data footprint in advance makes that process significantly less painful. 

For what it's worth, our team at LASER Credit Access works with financial institutions on Salesforce regularly and these compliance questions come up a lot. Happy to compare notes if it's helpful. Good luck on the deadline.

@Devendra Singh

This is expected behavior in

Financial Accounts are not directly owned by the Household. They are linked to Person Accounts via Financial Account Roles, and the Household aggregates data based on those relationships.

If the account appears under the Person Account but not the Household, check the following:

✔ The Person Account is correctly added as a Household Member

✔ A

exists (e.g., Primary Owner / Joint Owner) 

✔ The role is associated with the correct Person Account 

✔ Household rollups are enabled and recalculated

In FSC, the Household view is relationship-driven, not ownership-driven. Once the proper role relationship is in place, the Financial Account should surface automatically in the Household Financial Summary.

If everything looks correct, try recalculating rollups or running a data sync.

Hope this helps clarify the architecture behind it.

Hi Wojciech,

Good news - you CAN retrieve custom picklist values you added to managed package fields via metadata! Here's what's likely happening:

Understanding the Structure: The Interaction object (likely InteractionSummary in FSC) is a managed package object. When you add custom picklist values to a managed field, those values ARE retrievable - they're stored as part of your org's customizations.

How to Retrieve Your Custom Picklist Values:

Option 1: CustomField Metadata Type Use the full API name format:

NamespacePrefix__ObjectName__c.InteractionType

In your package.xml:

<types>
    <members>InteractionSummary.InteractionType</members>
    <name>CustomField</name>
</types>

Option 2: Check if it uses a GlobalValueSet The picklist might reference a GlobalValueSet. Try retrieving:

<types>
    <members>*</members>
    <name>GlobalValueSet</name>
</types>

Then search the results for anything related to InteractionType.

Option 3: Tooling API to Inspect

SELECT Id, DeveloperName, Metadata FROM CustomField WHERE DeveloperName = 'InteractionType'

Why your field-meta.xml appears empty: If the field uses a GlobalValueSet or StandardValueSet, the values won't appear inline - you need to retrieve that separate metadata type.

Troubleshooting tip: Run a full retrieve of GlobalValueSet and StandardValueSet metadata types and search for "Interaction" to find where the values live.

Hope this helps narrow it down!