FREE Membership Sign in

MENU

JavaScript is disabled in your browser.

In order visualise this page, please follow these steps.

Regulator announces mandatory reporting of cybersecurity incidents

Visibility360, PDF version to share

By The IJ Staff | Nov. 15, 2019, 12:06 p.m.

INVESTMENT INDUSTRY REGULATORY ORGANIZATION OF CANADA (IIROC) | Investment | Regulation | Compliance | Technology | Cyberrisks

Photo: Photo: Freepik

Effective immediately, all Investment Industry Regulatory Organization of Canada (IIROC) regulated firms are required to report cybersecurity incidents that they have encountered in two stages.

“Within three days, firms must provide a preliminary description of the incident and steps taken,” said the regulator in a statement issued Nov. 14. “Within 30 days, firms must provide a detailed investigation report, outlining the cause and scope of the issue, and steps taken to mitigate the risk of harm to investors and to the firm.”

IIROC first published these amendments to its rules as a request for comment in April 2018. Following a public consultation period, they were approved by the Canadian Securities Administrators.

Will improve cybersecurity preparedness

"Mandatory reporting of cybersecurity incidents will allow IIROC to analyze the information received for any trends, insights or intelligence," says Irene Winel, IIROC’s senior vice-president, member regulation and strategy. "This reporting will help us to improve the industry's cybersecurity preparedness and protect the integrity of Canada's capital markets, thereby contributing to investors' confidence in the industry."

mail

Insurance Portal daily bulletin

Make sure you don't miss a thing!

Be every day the first notified of news, analysis and scoop of the industry !

Advertisement

The most popular in Investment

Sanctions for pre-signed forms levied against former Fredericton rep

Pension funding rises in March

Insurers express increased appetite for private market investments

Make your business shine with Visibility360!

Get a PDF version to share in your networks.

I'm interested

Headlines

Fallout of a cyber catastrophe modelled by reinsurer

Average fund fees declined following implementation of disclosure rule amendments

Close to one-in-ten seniors worked out of necessity in 2022

Advertisement

Related topics …

INVESTMENT INDUSTRY REGULATORY ORGANIZATION OF CANADA (IIROC)

Firms, associations and reps weigh in on advisor compensation

Regulator sanctions agent twice for same infractions

Regulator orders $30,000 fine, costs and disgorgement in suitability case

Enforcement year in review unveiled by new regulator

Investment

Tips for increasing your firm’s value

Pension funding rises in March

Insurers express increased appetite for private market investments

iA Financial acquires Laurentian Bank’s full-service brokerage division

Regulation

Quebec flood zone map raises concerns even before its release

Ontario regulator publishes guidance for comment

National Flood Insurance Program promised again in budget

Mutual fund rep fined close to $1.7-million

Compliance

Regulator revokes healthcare service providers’ licenses

Regulator comes down on the whole industry for Take-All-Comers non-compliance

Regulator imposes $600,000 in administrative penalties

Serving clients without regulatory approval or adequate controls costs firm $100,000

Technology

Fallout of a cyber catastrophe modelled by reinsurer

Direct simplified issue offerings benefit advisors eventually

Race to insure electric vehicles could change the industry

Embracing artificial intelligence is crucial for industry

Cyberrisks

Generative artificial intelligence expected to increase small-scale cyber attacks

Valid accounts are the weapon of choice for cybercriminals

Regulator publishes Ransomware Response Playbook for member firms

Systemic risks in capital markets include the possibility of dealer failure