Elevate your local knowledge
Sign up for the iNFOnews newsletter today!
IIROC requires mandatory reporting of cybersecurity incidents at firms
TORONTO – The Investment Industry Regulatory Organization of Canada is now requiring the mandatory reporting of any cybersecurity incidents that occur at the investment firms it regulates.
Under the new rules, firms have to report to the industry regulator any cybersecurity incidents in two stages.
In the first stage, firms have three days to provide a preliminary description of the incident and steps taken.
The second stage allows firms 30 days to provide a detailed investigation report, outlining the cause and scope of the issue, and steps taken to mitigate the risk of harm to investors and to the firm.
IIROC says the mandatory reporting will allow it to analyze the information received for any trends, insights or intelligence and help improve the industry’s cybersecurity preparedness.
IIROC is the self-regulatory organization that oversees investment dealers and their trading activity in Canada’s debt and equity markets.
Earlier this week, the Bank of Canada’s chief operating officer said government bodies and the private sector need more ways to share information about cybersecurity threats.
This report by The Canadian Press was first published Nov. 14, 2019.
News from © iNFOnews.ca, . All rights reserved.
This material may not be published, broadcast, rewritten or redistributed.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Join the Conversation!
Want to share your thoughts, add context, or connect with others in your community?
You must be logged in to post a comment.
