IIROC to require dealers to report cyber breaches

Currently, firms can voluntarily report incidents

By Staff | April 6, 2018 | Last updated on April 6, 2018
2 min read

In a notice issued on Thursday, IIROC put forward a proposal for comment that would require dealers to report cybersecurity incidents. Currently, firms are encouraged to voluntarily report incidents and that should continue, the SRO says.

Through amendments to dealer member rules and the proposed IIROC Dealer Member Plain Language Rule Book, the SRO would require that such incidents be “promptly” reported via two reports—one would be required immediately, while the other, with more detail, would follow within 30 days—and would also list the information that must be shared.

The main reasons IIROC is proposing these steps is it finds “cybersecurity incidents are increasing in frequency and sophistication.” What’s more, “information sharing is an essential tool for mitigating cyber threats,” it says in the notice.

Appendix 1 says the initial report to IIROC, following an incident, would have to include:

  • a description of the incident;
  • information on when it occurred;
  • a preliminary assessment of harm;
  • a list of what steps have been taken; and
  • the contact information of who can answer questions from the SRO.

The second, more in-depth report would have to include a description of what caused the incident as well as an assessment of its scope and how many people were likely affected. It would also have to comprehensively explain how the situation was dealt with and how the dealer will boost its “cybersecurity incident preparedness,” says IIROC.

The SRO is seeking prompt reporting so it can assist firms in managing isolated incidents and protect the industry against widespread issues. “[…] When necessary, [IIROC can] inform other dealers of current cyber threats, thereby helping to manage the impact on dealers as well as investors,” it says in the notice.

The comment period on the proposed amendments closes on May 22.

Also read:

SEC cyber unit files charges over Quebec PlexCoin securities

G20 urged to adopt common cryptocurrency regulation

How Canadian execs are dealing with changing tech landscape

Advisor.ca staff

Staff

The staff of Advisor.ca have been covering news for financial advisors since 1998.

Wall Street firms poised for strong Q1

Industry

Wall Street firms poised for strong Q1

Robust investment banking revenues to drive improved earnings

By James Langton |April 11, 2024

2 min read

Industry moves this week

Industry

Industry moves this week

Notable news comes from banking, and a new leader joins Sterling Mutuals

By Katie Keir |April 15, 2024

2 min read

Rep incorporation proposals prove to be sticky wicket

Industry

Rep incorporation proposals prove to be sticky wicket

Industry divided on, investor advocates opposed to, reforms

By James Langton |April 8, 2024

3 min read