What this is
An independent, evidence-based reference on the cybersecurity and compliance posture of the vendors that
financial firms — RIAs, broker-dealers, and funds — entrust with sensitive data. For each vendor we work
through a fixed due-diligence questionnaire and publish what can be confirmed
from public sources, with a link and capture date; anything we can't yet confirm is marked Unknown.
Nothing is inferred or assumed, and every item is anchored to the regulation behind it —
Reg S-P, Rule 206(4)-7, Rule 204-2, Reg S-ID.
Want a hard copy? Download the Vendor Due Diligence Questionnaire from the BrainTrust Library.
How to use it. Send
the vendor self-report questionnaire to your own vendors — it's the same form we use. When a vendor
responds, their answers are added to that vendor's record, ready to pull into your own due-diligence file.
Need documentation now? Switch on
Selection mode, pick the vendors you use, and print them to a single
PDF — including ones still in review, so you get the full questionnaire with placeholders for what we're
still researching and a ready-made checklist of what to collect.
Beta — and always improving. Coverage is expanding and records are refined continuously.
If you reach out about a vendor that's missing or unverified, we prioritize researching it — our
current turnaround to verify a vendor's information is
30 days. Send corrections, missing vendors, or
requests to
vdd@mtradecraft.com. (Community confirm/flag tools
are planned for a future release.)
Have your vendors complete it themselves. Forward this link to any vendor — their responses come back to us for review and are added to that vendor's record: https://mtradecraft.com/vendor-self-report/
⚠️ Always a work in progress. This is a living resource — new vendors and re-reviews are
added continuously, certifications lapse, and trust centers change. Treat every entry as a research aid, not a
certification or endorsement. Public information only (no client data); not legal advice. Verify anything
decision-critical directly with the vendor.
