Incident Reporting Summary

Information sharing is an essential tool for mitigating cyber threats, particularly in a rapidly evolving threat landscape. In April 2018, IIROC proposed rules to require mandatory reporting of a cybersecurity incident by Dealer Members (Dealers) to IIROC. We expect Dealers will benefit from the prompt reporting of cybersecurity incidents. When IIROC receives notice of an incident it can move quickly to assist the affected Dealer(s) and, when necessary, inform other Dealers of current cyber threats, thereby helping to manage the impact on Dealers as well as investors.

We recently implemented IIROC Rule 3703 requiring the mandatory reporting of cybersecurity incidents by Dealers to IIROC. We also issued guidance in the form of frequently-asked questions to assist Dealers.

MFDA and IIROC have consolidated

As of January 1, 2023 the MFDA and IIROC have come together as New Self-Regulatory Organization of Canada (New SRO).

New SRO has assumed the regulatory responsibilities of the MFDA and IIROC.

We have set up an interim website for updates and information related to the New SRO including:

  • Executive Management
  • Governance
  • New SRO Rules
  • Member Application
  • Investor Office and the Investor Advisory Panel
  • Information concerning mutual fund dealers registered in Québec
  • Complaints
  • Careers

Enforcement proceedings, membership lists, continuing education, investor education resources and any other information not set out above continue to reside on and