Compliance with IIROC’s Cybersecurity Incident Reporting Requirements

Type: Rules Notice> Notice of Implementation
Rule connection:
Distribute internally to:
Internal Audit
Legal and Compliance
Senior Management
Technology & Cybersecurity


Financial & Operations Compliance
Member Regulation Policy

IIROC is publishing guidance on subsection 3703(1) and clause 3703(2)(vii) of IIROC Rules (Cybersecurity Incident Reporting Requirements). The guidance outlines IIROC’s requirements related to the Cybersecurity Incident Reporting Requirements and also provides guidance to Dealer Members on how to demonstrate compliance with IIROC requirements.

The guidance will be effective immediately and replaces GN-3700-21-005 - Frequently Asked Questions – Mandatory Cybersecurity Incident Reporting.


Appendix A – GN-3700-22-001 Compliance with IIROC’s Cybersecurity Incident Reporting Requirements

Welcome to!

We have a new look! You can find the Canadian Investment Regulatory Organization (CIRO) at with our fresh look and feel.

You can now find new publications published by CIRO since January 1, 2023 on If you are looking for past notices or bulletins published by MFDA or IIROC, you can find those on our legacy websites. Enforcement related content will continue on those websites as well.

You can now find previous Annual Reports and Enforcement Reports on, along with Halts and Resumption, and our ePublications sign up (for all previous MFDA and IIROC subscriber lists).

We will continue moving items off MFDA and IIROC in 2023/2024. Stay tuned for future updates.