The Investment Industry Regulatory Organization of Canada (IIROC) is proposing amendments that would make it mandatory for its Dealer Members to report cybersecurity incidents to IIROC.

In a notice issued April 5, the regulator stated that it is introducing the proposals because cybersecurity incidents are occurring more frequently and are increasingly sophisticated. In addition, the IIROC says information sharing is essential to mitigate cyber threats.

Direct reporting

The proposed amendments would require Dealers to directly report cybersecurity incidents to IIROC, and would list the information that must be reported.

Comments on the proposed amendments are being accepted until May 22. To learn more, consult IIROC’s notice here.