MTradecraft builds the cybersecurity compliance program your SEC examiner, your insurance carrier, and your institutional investors expect to see — and maintains it year-round.
Most firms come to us for one of two reasons — an upcoming SEC examination, or a request from their cyber insurance carrier, a custodian, or an institutional DDQ they cannot answer with what they currently have on file. Both engagements are built to close that gap and keep it closed.
A full cybersecurity compliance program operated on an annual cadence. Quarterly attack surface assessments, documented policy and procedure updates, vendor oversight, and exam-ready evidence retention. Built for firms that have a CCO and an outsourced IT provider but no internal cybersecurity function.
Everything in the Cyber Compliance Consultant program, plus a named Chief Information Security Officer for your firm. Used by firms whose insurance carriers, prime brokers, or institutional investors require a named CISO on the cybersecurity governance chart.
The actual pressure on a firm's cybersecurity program comes from five places, and they are the five things our engagements are designed to answer for:
Renewal applications now run 40 to 80 questions on access controls, MFA coverage, backup posture, incident response procedures, and named security leadership. The answers determine whether a firm gets coverage, what it pays, and what is excluded.
Every major custodian runs an annual cybersecurity attestation. Prime brokers and fund administrators ask the same questions in a different format. None of them accept "we use a good MSP" as an answer.
Pension consultants, endowment investment offices, and fund-of-funds now ask about CISO designation, third-party penetration testing, and tabletop exercise cadence in their standard due diligence questionnaires. A weak answer here costs allocations.
Examiners ask for the firm's cybersecurity policies, the most recent annual review under Rule 206(4)-7, and the evidence file showing the policies were actually implemented and tested. Firms without documentation written by a knowledgeable party fail this test.
The firm's clients assume the firm they hired is operating like Fort Knox. When a client picks up the phone and asks how their data is protected, what the firm did when a breach was reported in the news, or what happens to their account if the firm's email is compromised — the answer has to be specific, accurate, and unrehearsed. Vague reassurances cost trust on the first call and assets under management on the second. A documented program is the only way to answer those questions consistently across every person at the firm who might take them.
Not every firm is ready for a full engagement. The BrainTrust gives CCOs and IT managers access to MTradecraft's cybersecurity policy library, incident response templates, vendor due diligence questionnaire, annual review template, and the AI compliance framework — the same materials we use in our consulting engagements.
Free tier includes the Securing Compliance report and starter templates. Premium tier at $2,500 a year unlocks the full library, FieldCraft Security Awareness Training for up to 50 users, and email support from MTradecraft on cybersecurity compliance questions.
Most calls start with a specific trigger — an upcoming examination, an insurance renewal, a DDQ response, or a custodian attestation. Tell us what's driving the timing and we'll tell you honestly whether we can help.
Click here to start a conversation →