The BrainTrust — Self-Serve Membership

The documentation backbone of a cybersecurity compliance program — without the engagement.

Built for CCOs, IT managers, and small RIAs that need real cybersecurity compliance capability — not a full advisory engagement. One Premium membership gives your firm a working Reg S-P vendor due-diligence program with 600+ vendors already researched; automated, compliant employee training; the policy, framework, and template library we use in our own consulting engagements; and interactive tools like the Reg S-P Incident Response Plan Builder.

Why Premium

Everything a compliance program needs — in one membership.

BrainTrust Premium is more than a document library. It packages the work an SEC-registered firm is most often asked to show: that it vets its vendors, that it trains its people, that its policies are written down and mapped to the rules — and now, tools that build those documents for you.

Vendor Due Diligence Portal

The Reg S-P vendor program, already built

A living evidence database of 600+ vendors RIAs actually use — CRMs, custodians, planning, portfolio, AI platforms — each scored against a 90-field due-diligence questionnaire. Every answer independently verified from a public source with a citation and capture date, or flagged for direct vendor attestation. Select your stack, print your Rule 204-2 vendor file.

FieldCraft Training

Security awareness, automated

Phishing simulations, quiz tracking, and audit-ready completion reports for up to 50 employees — the training evidence Reg S-P's Safeguards Rule expects.

Comparable standalone training: $800–$1,750/yr.
IRP Builder New

Your incident response plan, generated

Answer five minutes of questions; get your firm's complete Reg S-P incident response plan as an editable Word document — every section mapped to §248.30, with a printable quick-reference card.

Template Library

60+ documents we use with clients

The same editable policies, frameworks, and exam-prep tools MTradecraft delivers in consulting engagements — each mapped to the rule it supports.

AI Governance Kit New

Adopt AI without failing an exam

The AI Compliance Framework, governance workbook, output validation protocol, and AI marketing claims checklist — plus an AI supplemental track inside the vendor portal.

Direct Access

Email support on compliance questions

Members email MTradecraft directly with cybersecurity compliance questions — answers from the practice, not a help desk.

All of it — $2,500 a year, flat.

The Flagship — Vendor Due Diligence

The Reg S-P Vendor Due Diligence Portal.

The vendor due-diligence work amended Reg S-P now expects — already done and continuously maintained. A living database of the vendors RIAs rely on, each scored against our 90-field due-diligence questionnaire, now including an AI supplemental section covering model training, data retention, and AI subprocessors. Every answer is independently verified from a public source (with a link and capture date) or flagged as requiring direct vendor attestation. High-sensitivity vendors are fully covered today; coverage expands continuously.

Free — preview the full vendor catalog Premium — full records, sources & attestation gaps

Explore the Vendor DD Portal →

What's Inside

The same materials we use in our consulting engagements.

The BrainTrust is not a marketing handout. The Premium library is the set of policies, frameworks, and templates MTradecraft drafts, maintains, and delivers to its consulting clients — organized the way you'll use them, each mapped to the rule it supports.

Cybersecurity Program

Cybersecurity Policies & Procedures Manual (Reg S-P), NPI Data Inventory, Access Control & MFA, Annual Risk Assessment, Data Disposal.

Incident Response & Fraud

Incident Response Plan, Tabletop Exercise Kit, Wire-Transfer & Disbursement Verification — plus the interactive IRP Builder.

AI Governance

AI Compliance Framework & Governance Workbook, AI Output Validation Protocol, AI Marketing Claims Review Checklist.

Vendor & Third-Party

Vendor Due-Diligence Questionnaire and Confidentiality Agreement — alongside the 600-vendor evidence portal.

Annual Compliance

206(4)-7 Annual Review, Compliance Calendar, Compliance Meeting Agenda, Mock SEC Cyber Audit.

Code of Ethics & Conflicts

Code of Ethics, Conflicts of Interest, Gifts & Entertainment, Political Contributions, Outside Business Activity.

Client Disclosures & Privacy

Client Communication Letter Suite, Form ADV Amendment Checklist, Reg S-ID Red Flags, USA PATRIOT Act / AML.

Marketing & Social Media

Marketing Procedures Policy, Firm & Employee Social Media Policies, Promoter & Solicitor Oversight.

Trading, Custody & Operations

Best Execution Evaluation, Trade Error Policy & Log, Proxy Voting, Custody Rule Compliance Checklist.

Employee Agreements

Employee Technology Use Agreement, Whistleblower Policy, and acknowledgement forms.

Governance & Records

Business Continuity Plan, Books & Records Policy, Written Supervisory Procedures.

Examination & Reference

SEC Exam Document Production Checklist, First-Time Examination Guide, Cybersecurity Request Bundle.

60+ editable documents across a dozen categories, each mapped to the rule it supports. Browse the full library →

Included Free

Start before you subscribe

The Securing Compliance report, the SEC Exam Cybersecurity Preparedness Brief, the Reg S-P Impact Summary, and our ongoing BrainTrust posts — no payment required.

FieldCraft Training

Security awareness for up to 50 staff

Phishing simulations, quiz tracking, and audit-ready completion reports — the training evidence retained for your examination file.

Membership Tiers

Two tiers. One Premium price.

The Free tier is built to put real material into the hands of CCOs and IT managers who are still organizing their cybersecurity program. The Premium tier adds everything above — the Reg S-P vendor due-diligence portal, automated employee training, the full policy and framework library, and the interactive builders.

Free Tier

The BrainTrust

Free account required

A practical starting point for firms that need better direction before engaging a consultant or building a more formal cybersecurity compliance program.

  • Securing Compliance — what SEC examiners actually ask for
  • BrainTrust Posts — cybersecurity commentary and SEC enforcement updates
  • SEC Exam Cybersecurity Preparedness Brief
  • 2025 SEC Regulatory Intelligence Update
  • Reg S-P 2024 Compliance Impact Summary
Create Free Account
Who Buys This

Built for firms in a specific situation.

A Premium membership fits if…

  • You are a CCO or IT manager at an SEC-registered firm and you need real policy templates — not generic ones.
  • You are a small RIA without the budget for a $36K consulting engagement but with examination obligations you cannot ignore.
  • You are a compliance consultant who needs a defensible cybersecurity policy library to deliver to your own clients.
  • You want to run FieldCraft Security Awareness Training for your staff without a separate training vendor relationship.

Premium is not the right fit if…

  • You need someone else to operate the cybersecurity program, not just provide the documentation. The Cyber Compliance Consultant engagement exists for that.
  • An insurance carrier or DDQ requires a named CISO. The Remote CISO engagement exists for that.
  • You want active SEC examination support and direct involvement from cybersecurity counsel. That is consulting, not membership.
See Consulting Engagements
Membership Details

Questions members ask before subscribing.

Can I cancel anytime?

Yes. The subscription is managed through Memberful. You can cancel future charges at any time from your account portal — no phone calls, no penalty. You retain access through the end of the paid period.

Are the documents customized to my firm?

No. BrainTrust templates are provided as editable Word documents that the member adapts to their firm's specifics. If you need documents drafted to your firm, that is a Cyber Compliance Consultant engagement.

Can I list MTradecraft as my cybersecurity expert?

No. A BrainTrust membership is a resource subscription, not a consulting relationship. For DDQ and examination purposes requiring a named cybersecurity expert or CISO, the Remote CISO engagement is what's required.

What does FieldCraft cost beyond 50 users?

The Premium membership includes FieldCraft for up to 50 users. If your firm exceeds 50 users, additional seats can be added on a separate FieldCraft subscription at $4.00 per user per month (billed annually).

Will the templates pass an SEC examination?

Templates do not pass examinations — implemented programs do. A BrainTrust template gives you a defensible starting point written by a knowledgeable party. Whether your firm passes an exam depends on how the policies are adopted, implemented, reviewed, and documented over time.

Ready

Premium is $2,500 a year — and starts the moment you subscribe.

Free account first if you want to read the Securing Compliance report and access our posts. Upgrade to Premium when you decide the full library is worth it.