The Canadian Securities Administrators yesterday issued a staff notice recommending that issuers, registrants and regulated entities consider the risks of cyber crime and take steps to address cyber security risks. Suggested actions include educating staff of the importance of securing client information, following industry guidance and best practices in regards to security measures and conducting regular third party vulnerability and security tests.
While protecting against cyber crime is relevant for issuers, registrants and regulated entities (such as SROs, marketplaces, clearing agencies and information processors), CSA staff provide their view on specific considerations for each of these categories of market participants. According to the notice, issuers should consider whether such risks, related controls and any cyber crime incidents they may experience are matters that need to be disclosed in a prospectus or continuous disclosure filing. Registrants meanwhile are advised to consider whether their risk management systems allow them to manage such risks in accordance with prudent business practices, while regulated entities are advised to consider what measures are necessary to manage cybercrime risk.
For more information, see CSA Staff Notice 11-326.