Category: Uncategorized

Our latest webinars have been focusing on the new cybersecurity regulations, 206(4)-9, for over a year now as I have been mainly helping companies to understand and comply with the new regulations.

Thus, I think it’s crucial to keep our audience informed about this topic.

The SEC has postponed the RIAs’ new cybersecurity regulations, Rule 206(4)-9, until October 2023, according to the SEC’s Spring Agenda.

The upcoming regulation is significant because it will shift us from a phase of receiving information on cybersecurity best practices observed during examinations by the commission, to a phase where the SEC will impose strict regulations on what RIAs are required to do to meet cybersecurity regulations.  Heavy fines are being enforced now and more will follow as regulations become stricter.

The implementation of the SEC’s new regulation 206(4)-9 will be an expensive and complex task for many firms. Given the requirement to perform vulnerability scans, threat and risk assessments, network and domain mapping, and employee training, the costs associated with these security measures can quickly add up.  According to the SEC, “Our survey found that firms spent an average of 0.5% of revenue – or $2348 per employee…while spending is considerable, it may non the less be inadequate.” (SEC Proposed Rule 206(4)-9 | Pages 71-72)

And just FYI, we charge clients significantly less to tackle this work for them.

We are not fans of the new regulations and think they bring more problems than they solve.  We covered that topic in our webinar titled “The SECs New Cybersecurity Reporting Rules Are Extremely Dangerous for RIAs” (video on YouTube linked below)

The Investment Adviser Association recently wrote a letter to the SEC criticizing the overall impact of the agenda on RIAs and other market participants. Despite the delayed timeline, some individuals are still concentrating on ensuring that they will meet the requirements of the proposed regulations, according to Karen Barr, the president and CEO of the industry association, as reported by Financial Advisor IQ.

“No one is feeling that comfortable,” said Barr. “Firms are trying to prepare for the onslaught of a suite of new regulations and trying to analyze what they know, what resources they might need and trying to make their best guesses in their budgeting as to what the final proposals might look like and what the timelines might be.”

According to a 2022 report by Cerulli Associates, about 68% of RIAs viewed uncertainty regarding RIA regulation and oversight in the future as a major or moderate challenge, indicating that regulatory pressure continues to be a significant issue for the industry.  I can assure you, here at MTradecraft, just about everyone we talk to is confused.

The SEC’s new regulation 206(4)-9 will be an expensive and complex task for many firms. With heavy fines in place, it is important to make sure you are compliant with the regulations as soon as possible. If all of this sounds daunting or like a lot to handle on your own, don’t worry! Our team at MTradecraft has extensive experience helping companies understand and comply with these cybersecurity regulations. We offer comprehensive solutions that cover everything from vulnerability scans and threat assessments to network mapping and employee training – so let us help take some of the burden off your shoulders. Reach out today to learn more about how we can assist you in meeting regulatory requirements while keeping your data safe and secure.

In this webinar, we discuss the actions that we take to build insanely secure financial institutions using the kind the same technologies and ideas deployed by the NSA and the CIA.

It’s time to face the truth: moving clients to the cloud and relying on third-party vendors does not make your firm’s data more secure. In fact, it can lead you down a path of extreme vulnerability.

Because we do not sell these types of services (MTradecraft is a Braintrust), we are free to share the facts with you and help you build true cybersecurity into your firm.

In this video, we take a deep dive into the latest SEC regulations on cybersecurity documentation, including a detailed examination of a recent letter the SEC sent to an RIA prior to an examination.

We will explore this Examination Information Request Letter from the SEC in detail during this webinar.

Here is a link to download a copy of the letter: https://workdrive.zohoexternal.com/external/090bbc0919dde5dfa1b8d33fbd271009c03d4b90d1a232d8ba29fcfa56f27597

Through practical tips and best practices, we’ll explore how RIAs, Hedge Funds, B/Ds, and family offices can protect their firms against cyber threats.

Our presentation will cover the key elements necessary for compliance with the latest regulations and safeguarding your investments, clients, and business. As the SEC continues to scrutinize firms and their cybersecurity practices, it’s more important than ever to stay informed and ensure your firm is implementing the necessary measures for protection.

In this video, we explore why it is important for SEC registered firms to have a comprehensive cybersecurity response plan in place.

A good plan should include preparation and awareness initiatives to help prevent incidents, containment processes so that the attack can be contained with minimal damage, remediation steps to restore systems, and proper incident reporting to the relevant authorities.

These steps are critical for any organization that wants to be prepared for a cyber security incident.

Keep your financial organization safe and compliant with the SEC. In this webinar, you’ll learn how to conduct a comprehensive cybersecurity risk assessment designed specifically for SEC registered firms.

Discover what cyber risks may haunt your organization, uncover weaknesses in your system, identify potential liabilities and develop mitigation strategies to create a secure and reliable environment for conducting business.

With actionable steps throughout the webinar, you can take proactive measures to protect your organization’s assets and ensure regulatory compliance.

Make sure you’re prepared for any possible cyber threats by joining us for this insightful session!

In this video we will discuss the details what you need to include in your firm’s policy and procedures manual to make sure it will withstand an examination.

It is essential for SEC registered investment advisors to have a comprehensive cybersecurity policies and procedures manual in order to remain compliant with the latest cybersecurity regulation, known as 206(4)-9, released by the Securities and Exchange Commission.

Firms must ensure that their policies and procedures adequately address the risks associated with their business activities.

This includes protecting customer information, detecting unauthorized access or activity, responding to cyber threats, maintaining cyber-security controls and overall compliance with applicable law.

With 2023, SEC-registered RIAs will be bracing for an unprecedented challenge: tackling cyber operations compliance with the upcoming 206(4)-9 regulations.

In this video, MTradecraft discusses what lies ahead for firms in 2023 as 206(4)-9 is set to debut.

Unveiling the latest SEC cybersecurity regulations, we delve into the ripple effect on Registered Investment Advisors (RIAs) regarding compliance and smooth operations.

Discover the mandatory safeguards to fortify your clients’ digital realms and ensure seamless adherence to these trailblazing regulations.

Discover how to seamlessly integrate a Cybersecurity Awareness Training Program within your SEC or FINRA registered firm using a straightforward three-step methodology.

Elevate your firm’s security by empowering your employees with essential knowledge and skills.

Need Help Training your Employees? Check out our FieldCraft Training Platform.

Explore the critical risks associated with Bring Your Own Device (BYOD) policies for SEC registered firms that potentially expose sensitive data to cybercriminals.

Gain insights from an experienced ethical hacker, formerly a CCO and COO, who has conducted over 200 security audits and penetration tests specifically targeting such firms.

Delve into the complexities of this issue and acknowledge the absence of a one-size-fits-all solution.