Canadian Securities Administrators approve new rules for reporting of cybersecurity incidents

Maria Nikolova

Dealer members of IIROC are now required to report any cybersecurity incidents within three days of discovery of the issues.

The Canadian Securities Administrators (CSA) have approved amendments to the Dealer Member Rules (DMRs) and corresponding amendments for the rules of the Investment Industry Regulatory Organization of Canada (IIROC) regarding reporting of cybersecurity issues.

The Amendments:

  • require Dealers to report to IIROC any cybersecurity incidents within three days of discovery of the cybersecurity incident,
  • require Dealers to provide IIROC with an incident investigation report within 30 days of discovery of the cybersecurity incident, and
  • list the information Dealers must report.

The Amendments are effective immediately.

Since IIROC first published its Cybersecurity Incident Best Practices Guide in December 2015, cyber risks have continued to evolve, the body warns. These risk present a more urgent threat of harm to investors, market participants and Dealers. On top of that, as IIROC seeks more ways to support industry transformation, it recognizes Dealers are increasing their collection of data and reliance on complex information systems. This development highlights the importance of timely information sharing to mitigate cyber risk.

Before these changes to reporting requirements, IIROC members followed the Cybersecurity Best Practices Guide. The document, however, sets forth merely a voluntary risk-based Cybersecurity Framework – a set of industry standards and best practices to help IIROC Dealer Members manage cybersecurity risks. The voluntary guidance offers Dealer Members the ability to customize and quantify adjustments to their cybersecurity programs using cost-effective security controls and risk management techniques.

Back in March this year, IIROC warned that cyber attacks were increasing in number and sophistication. In particular, there is a general increase in ransomware attacks, likely due to the ‘commoditization’ of tools making it easier for less sophisticated attackers to use them. The active management of cyber risk is critical to the stability of Dealers, the integrity of capital markets and the protection of investors, IIROC noted.

Read this next

Digital Assets

BlackRock digs further into crypto with metaverse ETF

BlackRock, the world’s largest asset manager with almost $10 trillion in AUM, is set to launch a new metaverse ETF to help investors securely monetize on the booming immersive version of the internet.

Digital Assets

Binance wins license in New Zealand as rival Huobi shutters derivatives

Binance, the world’s largest crypto exchange by traded volume, has obtained licenses to operate in New Zealand, even after rival Huobi shutdown derivatives trading last month due to concerns about regulations.

Retail FX

Hong Kong busts perpetrators of ‘ramp and dump’ scam

Hong Kong’s financial watchdog, the Securities and Futures Commission (SFC), has charged thirteen suspects of market manipulation in a joint operation with the local police.

Institutional FX

TradingView integrates market data from German Tradegate exchange

TradingView announced that it ‎has increased data coverage to allow its users to receive information from ‎and get free access to the intra-day and tick data from Tradegate Exchange.

Retail FX

Spotware Systems introduces Custom Push Notifications for cTrader mobile apps

Spotware Systems, a technology provider for the electronic trading industry, is introducing a new push notification feature to alert mobile users of price swings and market fluctuations through their cTrader app.

Market News

The Week Ahead: 30 September from David Madden, Market Analyst at Equiti Group

Sterling dominated the headlines last week, as there were concerns the UK government might struggle to service its debt.

Inside View

How does the quality of signal providers affect your business?

A must-have onboarding process for brokers with investment services like PAMM, MAM, or copy trading


DBS deploys Nasdaq Trade Surveillance

“The confidence that markets and our clients have in DBS as a safe and trusted banking group is anchored on our ability to detect and respond to anomalous activity, which in turn calls for a robust surveillance and prevention infrastructure.”

Industry News

SEC charges Justin Costello and David Ferraro for securities fraud and posing as billionaire veteran

The Securities and Exchange Commission charged Cannabis executive Justin Costello and David Ferraro, an associate of Costello’s, for promoting the stock of several microcap companies on social media without disclosing their own simultaneous stock sales as market prices rose.