How to Run the Cybersecurity Section of Your Annual 206(4)-7 Review

Rule 206(4)-7 requires an adviser to review, at least annually, the adequacy of its compliance policies and the effectiveness of their implementation. Most firms do this faithfully for trading, custody, and marketing — and then the cybersecurity section says something like “the firm’s IT provider confirmed systems are secure.” That sentence answers neither of the questions the rule actually asks — and examiners know it.

The rest of this article is free to read with a BrainTrust membership — joining takes about a minute, and no credit card is required.

Join the BrainTrust   Already a member? Sign in

Keep Reading

More on this topic: SEC Cybersecurity Exam Readiness →