Compliance with IIROC’s Cybersecurity Incident Reporting Requirements

22-0024
Type: Rules Notice> Notice of Implementation
Rule connection:
IIROC Rules
Distribute internally to:
Internal Audit
Legal and Compliance
Operations
Senior Management
Technology & Cybersecurity
Training

Contact:

Financial & Operations Compliance
Email:
Member Regulation Policy
Email:

IIROC is publishing guidance on subsection 3703(1) and clause 3703(2)(vii) of IIROC Rules (Cybersecurity Incident Reporting Requirements). The guidance outlines IIROC’s requirements related to the Cybersecurity Incident Reporting Requirements and also provides guidance to Dealer Members on how to demonstrate compliance with IIROC requirements.

The guidance will be effective immediately and replaces GN-3700-21-005 - Frequently Asked Questions – Mandatory Cybersecurity Incident Reporting.

Appendices

Appendix A – GN-3700-22-001 Compliance with IIROC’s Cybersecurity Incident Reporting Requirements

MFDA and IIROC have consolidated

As of January 1, 2023 the MFDA and IIROC have come together as New Self-Regulatory Organization of Canada (New SRO).

New SRO has assumed the regulatory responsibilities of the MFDA and IIROC.

We have set up an interim website for updates and information related to the New SRO including:

  • Executive Management
  • Governance
  • New SRO Rules
  • Member Application
  • Investor Office and the Investor Advisory Panel
  • Information concerning mutual fund dealers registered in Québec
  • Complaints
  • Careers

Enforcement proceedings, membership lists, continuing education, investor education resources and any other information not set out above continue to reside on www.mfda.ca and www.iiroc.ca.