Cybersecurity and Compliance Issues for RIAs

9:40 AM - 10:55 AM
FINRA, the SEC, and State Regulators have “elevated their expectations” with respect to cybersecurity and what advisors should be doing or how we should be protecting our operating technology, employees, and clients. Regardless of firm size or scope, the expectations for data security controls are consistent and must include Policies and Procedures, Training and Testing, Vendor Diligence and Incident Response capabilities. Regulators will continue to “examine for cybersecurity compliance procedures and controls, including testing the implementation of those procedures and controls”.

As you are developing your cyber program, you need to create it or tailor it to your firm’s specific circumstances and needs. Mark Brown and Dan Konzen will discuss ways to help you through establishing your firm’s cybersecurity compliance including:

  • Policies and Procedures

  • Email Testing

  • Training

  • Data Controls

  • Risk Assessments and Vulnerability Identification

  • Vendor Vetting

  • Incident Response Planning