Recently, the Office of Superintendent of Financial Institutions (OSFI) published an Advisory on Technology and Cyber Security Incident Reporting, which comes into effect on March 31. Although this guidance is of primary relevance to federally regulated financial institutions, we think that it will be of interest to other, regulated financial services firms in Canada. You may wish to read it conjunction with guidance published the Canadian Securities Administrators (CSA) Staff Notice 33-321 Cybersecurity and Social Media, which we wrote about in our October 2017 bulletin. Given that cybersecurity threats are increasing in sophistication, frequency and persistence, we wouldn’t be surprised to see the CSA incorporate elements of OSFI’s cyber incident reporting regime into the Canadian securities regulatory framework sometime soon.