On February 3rd, 2015, the SEC and FINRA released their findings for the previous year's document request from a subset of RIAs. Reviewing these two documents, we combined their recommendations regarding points of interest into several straightforward categories. Many firms are still unsure what they are required to do to comply with examination-related guidelines. To stay current with regulators and ahead of the evolving cyber threat landscape, firms must routinely review and update cybersecurity policies and procedures. The Regulatory Response Matrix for Registered Investment Advisors from eSentire is a pragmatic security to-do list that simplifies compliance requirements for firms, based on their specific size and AUM.

With this matrix, you will develop realistic and sensible approaches to information security, helping you to:

  • Understand the requirements and definitions of Risk Governance and Oversight;
  • Develop and document your firm’s security policies and procedures
  • Create and define access rights and controls, training, and vendor management
  • Understand and develop plans to meet compliance obligations