Cyber-security action steps

How to Draft the Cybersecurity IRP – Incident Response Plan – for BDs and RIAs

Cyber-security action stepsThe Cybersecurity Incident Response Plan becomes part of the Cybersecurity policy and outlines steps the firm will take when a risk or threat is discovered. All fund managers, investment firms, and securities brokerages are expected to have this policy in place, as it outlines what the firm is doing to minimize the risk of threats, and how it intends to administer response in the event of a breach. Firms are also expected to fully track and document their response steps, and fully disclose damage done, costs, and recovery procedures.

In order to develop a strong Cybersecurity IRP, an assessment of existing capabilities and threats is needed. SEC’s Office of Compliance Inspections and Examinations (OCIE) tells us what they expect in a sound plan.

OCIE Examiners will focus on and scrutinize areas of; governance and risk assessment, access rights and controls, data loss prevention, vendor and third party management, and incident response. Specifically, examiners will review whether established policies, assigned roles, system assessments, and plans to address events are sound. Examiners are keenly concerned about risk and handling of Personally Identifiable Information (PII).

Read more

Free Webinar: PCAOB for FINOP

Join us for A free webinar, “PCAOB for FINOP: A Necessary Update for FINOPS” on December, 17th at 12:15pst.


You can expect detailed advice regarding:

1. SEC Filing

2. Auditor Engagement

3. Workpaper Review


Date: Wednesday, 12/17/2014

Time: 12:15 PST


Registration URL:

Webinar ID: 103-613-859


Free Webinar: “Regulatory Examinations Gone Bad”

On Thursday, August 28th at 12:45, Dave Banerjee, CEO of RND Resources will be presenting a free webinar entitled, “Regulatory Examinations Gone Bad.”

You can expect detailed advice regarding:

1. Current Trends

2. The Disciplinary Process

3. Exam Issues.

4. Pre and Post Exam Notice

5. How to Handle a Negative Result


After registering you will receive a confirmation email containing information about joining the Webinar.


System Requirements:

PC-based attendees

Required: WindowsR 8, 7, Vista, XP or 2003 Server

MacR-based attendees

Required: Mac OSR X 10.6 or newer


Space is limited.

Reserve your Webinar seat now at:



RND Resources will be speaking and exhibiting at The National Society of Compliance Professionals (NSCP) on October 21st, 2014.

The Upcoming SEC and FINRA Cybersecurity Sweeps. Is Your Firm Ready?

Because of all of the sensitive financial information that RIA’s, Broker Dealers and Banks keep regarding their clients, internet security has become a major concern for the wealth management industry. As, hacking techniques are growing more sophisticated, it is hard to tell who could be observing your connection and Internet activity. Due to this cyber-threat the SEC and FINRA will be conducting cybersecurity sweeps of the wealth management industry to make sure you are up to date and taking the latest precautions to protect your clients.

Why Hackers Target RIAs and Financial Firms

Bank account numbers and social security numbers are not the only thing hackers are looking to steal. Many hackers and rogue traders are hijacking trading accounts from financial firms and making unauthorized trades, as well as stealing funds.

How the SEC and FINRA Cybersecurity Sweeps Will Work

The SEC and FINRA are aware of these potential security threats and want the industry to get prepared. They have announced that this year they are planning random sweeps to test the defenses of various firms. If a firm’s cybersecurity is not up to the job, the SEC and FINRA could levy large fines as punishment for the oversight.

The SEC and FINRA will also be checking to see that firms have adequate written policies and measures for cybersecurity, a schedule of periodic tests for weaknesses in the system, and a history of fixing weaknesses in their cybersecurity. If your firm fails in any of these categories, you could be liable for a large fine.

What Your Firm Needs to Do to Prepare

The SEC and FINRA cybersecurity requirements are fairly exhaustive and could catch many firms off guard, especially smaller firms that might not have full-time tech support. If you are worried that you may have a security gap, you could try working with a third party that specializes in this type of compliance. These firms have studied the upcoming requirements and can you give a checklist of the measure you need in place in case of a sweep.

We encourage you to join our free webinar, entitled “Cybersecurity for Financial Services Firms” on July 9th where we will be discussing the procedures you need to get ready. Preparing for the SEC and FINRA cybersecurity sweeps will take some work, but it’s a fraction of the headache of dealing with a serious breach.

Reserve your Webinar seat now at:


Join us for “FINOPS Guide to PCOB Audits” Free Webinar

arising from regulatory action.


PCAOB Broker-dealer audits are complex and necessitate solid understanding of SEC, FINRA, and PCAOB guidelines. Many broker-dealers outsource preparation of the audit to a CPA firm with requisite skill to prepare the needed documentation. Should your firm hire assistance with preparing for the year-end certified broker-dealer audit, we would be happy to provide a quote.

Learn more about out-sourced and co-sourced BD audit preparation by RND Resources.