IIROC Requests Comments on the Mandatory Reporting of Cybersecurity Incidents

April 19, 2018

The Investment Industry Regulatory Organization of Canada (IIROC) is seeking comments on proposed amendments to the Dealer Member Rules to require the prompt mandatory reporting of a cybersecurity incident by Dealer Members (Dealers). IIROC asks that Dealers continue to voluntarily report such incidents for the time being. 

IIROC is of the view that information sharing is an essential tool to mitigate cyber threats which are on the rise. IIROC expects that prompt reporting would enable them to quickly assist the affected Dealer and inform other dealers where necessary to help manage any negative impacts on Dealers and investors.

IIROC requests any comments be submitted in writing by May 22, 2018. For more information please see IIROC Notice 18-0070.

DISCLAIMER: This publication is intended to convey general information about legal issues and developments as of the indicated date. It does not constitute legal advice and must not be treated or relied on as such. Please read our full disclaimer at www.stikeman.com/legal-notice.