MTradecraft

MTradecraft
Sign in Subscribe
Menu

The 206(4)-7 Annual Compliance Review Template and Checklist

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0
Hi everyone —

If you’re an SEC-registered investment adviser, your Rule 206(4)-7 Annual Review isn’t optional — and the SEC expects it to be more than a once-a-year “checkbox.” 

The…

Latest posts View all

Practical Takeaways from the SEC’s M Holdings Cybersecurity Case

Comments 1
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0
 

MTradecraft has no affiliation with M Holdings.  We both just fancy the 13th letter of the English alphabet.


The SEC actions against M-Holdings are extremely noteworthy so lets jump…

Best Practices for Securing a Microsoft 365 Environment

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0


Microsoft 365 sits at the center of most advisory and financial firms’ operations. Email, document storage, identity, collaboration, and authentication all converge there—which makes it one of the most critical…

Cufflinks or Handcuffs: Navigating the New Era of Executive Cybersecurity Liability

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0

For years, cybersecurity was treated as a technical problem—something delegated to IT, managed quietly in the background, and addressed with vague references to “best practices.” I have spent enough time…

Guide to Performing a Cybersecurity Risk and Threat Assessment using Shodan.

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0


Introduction to the Risk and Threat Assessment.

Most SEC-registered firms believe they have a clear understanding of which systems are exposed to the public internet. In reality, many firms do…

New Guide Posted: How to Execute the Cybersecurity Policies & Procedures Manual

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0
I’ve posted a new document to The BrainTrust repository:


“An Overview and Introduction to the MTradecraft Cybersecurity Policies & Procedures Manual.” 


This guide is the execution-layer companion to the…

How A Spy Would Conduct a Vendor Due Diligence Analysis for an SEC Registered Firm

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0

Leveraging Open Source Intelligence (OSINT) to Fortify RIA Vendor Oversight:

In the intelligence world, you never rely solely on what a subject tells you.  

 You validate the story through…

The Future of RIA Operations, IT Infrastructure, and Security...my $0.02.

Comments 1
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 1
Over the past year or two-ish, a powerful convergence of forces has quietly — but decisively — reshaped the risk landscape for every RIA and financial institution.

This shift is…

New Cybersecurity Policies & Procedures Template Released — Fully Updated for the 2024 Regulation S-P Amendments

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0
A newly revised Cybersecurity Policies & Procedures Template is now available to all members. This update incorporates the 2024 amendments to Regulation S-P (effective August 2, 2024) and aligns the…

The New SEC Regulation S-P Amendments: What Every RIA Needs to Know

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0

Effective Date: August 2, 2024

Compliance Deadline for Smaller Firms: June 2026

Regulation Applies To: SEC-registered Investment Advisers, Broker-Dealers, Investment Companies, and Transfer Agents

The Full SEC…

Mastering the Cybersecurity Policies and Procedures Manual

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0



This video walks through how we build a cybersecurity Policies & Procedures Manual that not only satisfies today’s regulatory requirements but also anticipates what’s coming next.

Although Rule 206(4)-9 was…

New Compliance Template Available: The Vendor Due Diligence Questionnaire

Comments 0
{:like=>"Like", :liked=>"Liked", :likes_html=>{:one=>"1 <span class='like-text'>like</span>", :other=>"%{count} <span class='like-text'>likes</span>"}, :index=>{:more_likes=>{:one=>"And one more", :other=>"And %{count} more"}}} 0
We’ve added a new Vendor Due Diligence & Risk Assessment Questionnaire to help you streamline one of the most critical parts of your cybersecurity compliance program — assessing the firms…