Cyber-security and IIROC-regulated firms

Type: Media Release> General


Sean Hamilton
Director, Public Affairs and Member Education Services, Public Affairs

As noted in IIROC’s Annual Compliance Report for 2014/2015, cyber-security continues to be a key issue for investment firms and for IIROC.

One aspect of advancing technology is that cyber-attacks are becoming more sophisticated, with potential for greater damage. For regulators and financial market participants, the increased efficiencies and improved capabilities of today’s information technology infrastructure come with incremental cyber-risks.

Given the increasing automation of, and interconnections among business functions, information and operational systems, an appropriate response to the challenge of cyber-security must take an enterprise-wide perspective and be part of each firm’s overall risk-management program.

We recognize that proactive management of cyber-risk is critical to the stability of IIROC-regulated firms, the integrity of capital markets and the protection of investors.

In February and March 2015, we surveyed IIROC-regulated firms to collect information concerning their assessment of their cyber-security preparedness.

In March 2015, we conducted a “table-top” exercise with a cross-section of firms to test their preparedness to deal with cyber-attacks. The exercise included coordination among firms and with regulators for sharing information to mitigate the impact of an attack, and protocols for updating clients and other stakeholders during such an emergency.

IIROC is using the results of the survey and test to assist in developing best-practice recommendations that can be applied by all IIROC-regulated firms, irrespective of size and business model, as well as an “incident response playbook”.

These materials will draw on input from firms (including the Investment Industry Association of Canada’s cyber-security working group) and other domestic and global financial services regulators, and will be made available in the fall of 2015.


MFDA and IIROC have consolidated

As of January 1, 2023 the MFDA and IIROC have come together as New Self-Regulatory Organization of Canada (New SRO).

New SRO has assumed the regulatory responsibilities of the MFDA and IIROC.

We have set up an interim website for updates and information related to the New SRO including:

  • Executive Management
  • Governance
  • New SRO Rules
  • Member Application
  • Investor Office and the Investor Advisory Panel
  • Information concerning mutual fund dealers registered in Québec
  • Complaints
  • Careers

Enforcement proceedings, membership lists, continuing education, investor education resources and any other information not set out above continue to reside on and