Posts

RND Resources Inc

Investment Firms need a Cyber-secure Corporate Culture

Protecting client and company data from cyber breach should be a critical operations objective for Investment Advisory firms today. The risks reach beyond unsuspected internal hacks to software and servers, while cloud computing adds an additional layer of threat. Addressing procedures for protecting data as a corporate culture increases the chances of survival in the ever evolving cyber hack landscape.

 

Attackers use advanced skills and weapons to organize assaults. Long-term cyber attack strategists sneak in to systems and gather information for later use. Other criminals look for easy targets where they can steal money and disrupt business; including holding websites and proprietary data for ransom. Financial industry firms are particularly vulnerable to Web-App attacks and DoS (denial of service), as well as Insider threats.Cyber Attacks profile 2014

Many RIA firms have not yet become adept at developing sound cyber security tactics. They leave themselves and their clients at risk for sudden loss of information, embarrassment, and unforeseen recovery costs. The first step in creating a cyber security strategy should be a comprehensive evaluation of risk and education of threats that exist.

Educating Investment firm staff on how to spot cyber threats can go a long ways in ensuring against attack. Large to small firms should to have a practical guide to inform employees on rules and procedures. Every list should include the basics: 

  • Never email sensitive data to clients. Use HTTPS secure portals and encrypted technology to handle exchange of information such as account information, wiring instructions, and passwords. Implement a secret code word with clients to ensure authenticity and verbally confirm transfers.
  • When traveling, use only secure data connections. Free wi-fi access is often times a prime opportunity for criminals to gain access to your account data, log ins, and passwords. Be aware of your surroundings and be sure to protect view of your screen from onlookers.
  • Train staff to identify suspicious emails, phishing attempts, and protect identity. Require virus scan and manager approval for downloading attachments. Remind staff to carefully protect confidential personal information on social media sites. Sharing information such as maiden names, middle names, and date of birth present an easy opportunity for thieves to take over identity.
  • Require two-step authentication for secure systems. Hackers are known to use advanced algorithms and spyware to crack system passwords. Adding a 2nd layer of protection such as; thumb or hand print validation, or authentication images can stop a threat and identify an attempt for the IT department.
  • Update passwords no less than every 3 months and use different passwords for separate systems. Once hackers discover a password, they will try it across other company systems and portals. Stop them cold by varying log-in id’s and passwords. Create alpha-numeric passwords and include special characters.

Cloud computing adds an additional level of threat to firms, in that firms generally don’t have direct control over the cyber security of their cloud resources. SaaS spending is showing a dramatic growth rate with cloud computing estimated to reach a worldwide sales volume of $127.5 billion by 2020 according to Forbes. This indicates the robustness of cyber security going forward will often times lay in the hands of those providing cloud resources. However, securities firms and investment advisers are still accountable for using poor judgment in cloud computing arrangements.

Have you tested staff, cloud services, and internal systems to see how they respond to potential threats? Can the staff identify a potentially malicious email or attachment and prevent an attack?

Evaluate the risks

For investment firms, loss due to cyber breach can incur further costs beyond repair, such as fines and sanction by authorities. RND Resources, Inc. will be covering regulatory guidelines and strategies at our New York compliance round table for RIA compliance officers and firms on June 29 2015. We’ll be covering regulatory guidelines and addressing the specific rules investment firms must follow.

RND has expertise in regulatory compliance and is able to assist firms in setting up security controls; and identifying procedures, policies, and standards to maintain data safekeeping.

Contact us to evaluate your cyber-security program, create a procedures checklist, and provide guidance on how to comply with regulatory standards. For quotes call (818) 657-0288.

Fields marked with an * are required
MSRB Rule G44 changes

MSRB Rule G-44 – changes effective April 23, 2015

Supervisory and Compliance obligations of municipal advisers are set to change effective April 23, 2015.

The new rule requires all municipal advisors to establish, implement, and maintain a system to supervise their activities and those of their associates in compliance with all applicable securities laws and regulations.

MSRB Rule G44 changes

 

Specifically paragraph (a) {Rule G-44 (a)} specifies that final responsibility for proper supervision rests with the municipal advisor. It follows that the establishment, implementation, maintenance and enforcement of written supervisory procedures must be reasonably designed to achieve compliance with applicable rules.

Rule G-44 becomes effective on April 23, 2015, although the annual certification requirement will not become effective until a year later. The delayed effective date provides municipal advisors time to adopt and implement written supervisory and compliance policies and procedures, designate at least one supervisory principal and a CCO, and prepare the records required under the amendments to Rules G-8 and G-9.

Read the MSRB release for full details.


 

RND Resources, Inc is prepared to help Municipal Advisers meet their ongoing regulatory requirements with SEC, MSRB, and FINRA. We are a full-service securities brokerage support firm that specializes in preparing firms for regulatory inspections. Our veteran compliance experts can handle and oversee registrations, development of supervisory policies, system reviews, education, and employee training.

 

For further information about how we can assist you contact:

 

Tarik Munisoglu   (818) 835-7105

tarik@finracompliance.com

 

Dave Banerjee, CPA (818) 657-0288

dave@finracompliance.com

RND Resources at the NSCP Conference

The 2014 NSCP Conference is almost upon us and we are pleased to announce that RND Resources will be speaking and exhibiting.  We invite you to join us at our booth (#8) and chat with our representatives.   We welcome the opportunity to get to know you and better show you how we can solve your compliance & PCAOB challenges.

Our CEO, Dave Banerjee will be speaking in regards to “Due Diligence of Funds, Counterparties and Vendors” on Tuesday, October 21st at 11:15am.  We hope that after attending his session you will come away with a better understanding of due diligence.

Your presence will do us a great honor and we are looking forward to meeting you.

Free Webinar: “Regulatory Examinations Gone Bad”

On Thursday, August 28th at 12:45, Dave Banerjee, CEO of RND Resources will be presenting a free webinar entitled, “Regulatory Examinations Gone Bad.”

You can expect detailed advice regarding:

1. Current Trends

2. The Disciplinary Process

3. Exam Issues.

4. Pre and Post Exam Notice

5. How to Handle a Negative Result

 

After registering you will receive a confirmation email containing information about joining the Webinar.

 

System Requirements:

PC-based attendees

Required: WindowsR 8, 7, Vista, XP or 2003 Server

MacR-based attendees

Required: Mac OSR X 10.6 or newer

    

Space is limited.

Reserve your Webinar seat now at:

https://www1.gotomeeting.com/register/363455401

 

Reminder:

RND Resources will be speaking and exhibiting at The National Society of Compliance Professionals (NSCP) on October 21st, 2014.

www.nscp.org

RND Resources to Speak & Exhibit at NSCP Conference

RND Resources is pleased to announce that Dave Banerjee, Co-Founder and CEO will be speaking about “Due Diligence of Funds, Counterparties and Vendors” at the National Society of Compliance Professionals Conference in Maryland on Tuesday, October 21st at 11:15 a.m.

We invite you to visit our booth to learn more about RND Resources and pick-up your free gift.

At this annual conference, attendees have access to more than 80 topics encompassing investment adviser, broker-dealer, private fund/hedge fund and investment company compliance issues. www.nscp.org