home home  


Cybersecurity is a key issue for investment firms and for IIROC. As noted in our Annual Compliance Report for 2014/2015, the proactive management of cyber-risk is critical to the stability of IIROC-regulated firms, the integrity of capital markets, and the protection of investors.

IIROC is committed to developing resources to help firms strengthen risk-management practices and increase cybersecurity preparedness, including important tools that provide a risk-based framework of industry standards and best practices, and help firms prepare effective response plans for cyber threats and attacks.



Information and resources for IIROC-regulated firms

On December 15, 2015, IIROC issued the Dealer Member Cybersecurity administrative notice along with the following guides for registered members:


News releases and related documents

November 14, 2019
IIROC-regulated investment firms must now report cybersecurity incidents
IIROC news release

November 14, 2019
Frequently Asked Questions – Mandatory Cybersecurity Incident Reporting
Guidance Note and Dealer Member Rules [IIROC Rules]

April 5, 2018
Proposed Amendments Respecting Mandatory Reporting of Cybersecurity Incidents
Rules Notice and Request for Comments 

October 3, 2016
IIROC issues cybersecurity report cards for dealer firms
IIROC news release

December 21, 2015
IIROC publishes resources to help dealers increase cybersecurity preparedness
IIROC news release

July 16, 2015
Cybersecurity and IIROC-regulated firms
IIROC news release

       tool bar