Thank you for a terrific Roundtable!


  1. Firm text messaging compliance policies are required. Some firms are having successes with using third parties vendors for monitoring. Implementation was “painful” but adopting was “easier” than expected.
  2. What is Artificial Intelligence (AI)? Tool to use for Monitoring? Marketing? Client Presentations? Aggregate and Summarize Data? Firms are struggling to implement policies and procedures for acceptance uses. Firms are looking for greater definition around AI. The vast majority of the group see AI/machine learning an asset, yet they find the concepts are on the horizon and not yet clear to see.
  3. Regulators are deferring RegBI questions / issues back to FINRA’a RegBI group for final decisions. Auditors are moving away from focusing on risk to fee comparisons, investments and trading transactions. They are scrutinizing rep documentation during the trade process, including presented documents, tickets, notes, etc.
  4. Vendors can help with recovering from data attacks; however, they can also be part of the data breach. Firms should be proactive and know the industry players and rules before they are attacked.Firms should also ensure contracts include language for ongoing risk reviews for third and fourth party vendors. Additionally, firm’s documenting an attack resolution plan is not enough. Firms must ensure ongoing practicing of table top exercises with internal owners and all vendors so all familiar with their roles and responsibilities muscle memory) which will save all time, money and reputation.
  5. Risk-based automation and audit checklists help to proactively identify and address potential issues before they arise. Firms ar implementing their own “audit examination” processes and schedules treduce / eliminate findings and continue to be a trusted partner. Concern that remote audits will miss important “call-outs” that onsite visits find.
  6. How much suitability and surveillance are enough? Firms are having to balance priorities vs exposure,needs vs wants, big picture vs weeds, data hygiene, integrity and analysis and more. Integrations are required. Need to continue to review and adjust as needs change. “See something, say something” This idea is transcending the traditional “we don’t know what we do not know.”
  7. Prepare, Prepare, Prepare for Audits. Document process to include: interview questions and summary, and post-audit: resolution and closeout plan. Additionally, ongoing processes, knowing your reps, and office, reviewing client files , scheduled internal trainings / case studies discussions, monitoring risk metrics and holding annual customized compliance meetings help to minimize / eliminate risk.
  8. Supervising Your 3rd Party Vendors. Infrastructure to include: Initial Assessment, Risk Ranking, and Ownership / Stakeholders.Create Portal for Data Collection, Renewal, Cyber Assessment / Due Diligence Plan to Offload. Onboarding Plan: Review Committee. Monitoring: Contract Review Negotiation (SCAs), Acceptable Risk, Event Incident / Reach Remediations, M+A and Implementation. Add-On: what happens when a firm is no longer using a 3rd party services / tool
  9. We are all in this together. Forums for open and honest communications are appreciated and welcome. Opportunities to listen, learn and share, remind us we are not alone.

To Learn More about Firm Curated Roundtables and Beacon Strategies


Our Testimonials

Add testimonial description here. Edit and place your own text.

John Doe


Scroll to Top