The Mutual Fund Dealers Association of Canada (MFDA) recently published guidance(the Bulletin) on contending with cybersecurity threats. The Bulletin suggests a comprehensive suite of cybersecurity considerations that are widely used but that may nonetheless be particularly relevant to MFDA members.
The Bulletin encourages MFDA members to create a “cybersecurity framework” which considers the unique operations and potential vulnerabilities of the MFDA member in implementing additional controls and risk management techniques. According to the Bulletin, maintaining the confidentiality of important information; ensuring that information remains complete, intact and uncorrupted; and maintaining the availability of a firm’s systems, services and information are the three fundamental goals of a successful cybersecurity framework.
The Bulletin includes some practical suggestions for minimizing the threat of a cybersecurity breach. Those suggestions range from governance-related matters, physical and virtual security, training and preparedness. For example, the Bulletin suggests involving the board of directors of a firm in cybersecurity risk management and obtaining cybersecurity insurance coverage. Policies and procedures regarding cybersecurity prevention and incident response, including notice to the Privacy Commissioner of Canada, should be prepared and mandatory ongoing training for all staff of a firm should be provided.
The Bulletin concludes by suggesting additional resources for further reading. These include: IIROC’s Cybersecurity Best Practices Guide; IIROC’s Cyber Incident Management Planning Guide; FINRA’s Report on Cybersecurity Practices; CSA Staff Notice 11-326 Cyber Security; and BIS’ and IOSCO’s Guidance on Cyber Resilience for Financial Market Infrastructures.