The Investment Industry Regulatory Organization of Canada (IIROC) is seeking comments on proposed amendments to the Dealer Member Rules to require the prompt mandatory reporting of a cybersecurity incident by Dealer Members (Dealers). IIROC asks that Dealers continue to voluntarily report such incidents for the time being.
IIROC is of the view that information sharing is an essential tool to mitigate cyber threats which are on the rise. IIROC expects that prompt reporting would enable them to quickly assist the affected Dealer and inform other dealers where necessary to help manage any negative impacts on Dealers and investors.
IIROC requests any comments be submitted in writing by May 22, 2018. For more information please see IIROC Notice 18-0070.