Strengthening IIROC-regulated firms’ risk management
December 21, 2015 (Toronto, Ontario) – The Investment Industry Regulatory Organization of Canada (IIROC) today published two resources to help IIROC-regulated firms protect themselves and their clients against cyber threats and attacks.
The Cybersecurity Best Practices Guide provides an enterprise-wide risk-based framework of industry standards and best practices that IIROC-regulated firms can apply to heighten awareness and manage cyber risks in an evolving environment. The Cyber Incident Management Planning Guide is a complementary tool for firms to prepare effective response plans for cyber threats and attacks. These resources were produced by a leading security consulting firm, engaged by IIROC, which has worked with other Canadian financial services regulators on cybersecurity matters.
“Active management of cyber risk is critical to the stability of IIROC-regulated firms, the integrity of Canadian capital markets and the protection of investors,” said Andrew Kriegler, IIROC President and CEO. “That is why we consulted with the industry, engaged security experts and developed concrete resources to help firms better manage their cyber risks.”
This initiative follows from previous work IIROC conducted including a survey of its membership, a table-top exercise, as well as input from industry representatives. IIROC also reviewed approaches used by other domestic and global financial services regulators.
In addition, IIROC is developing a cybersecurity program to work with dealers to increase their cybersecurity preparedness.
* * *
IIROC is the national self-regulatory organization which oversees all investment dealers and their trading activity in Canada’s debt and equity markets. IIROC sets high quality regulatory and investment industry standards, protects investors and strengthens market integrity while maintaining efficient and competitive capital markets. IIROC carries out its regulatory responsibilities through setting and enforcing rules regarding the proficiency, business and financial conduct of dealer firms and their registered employees and through setting and enforcing market integrity rules regarding trading activity on Canadian equity marketplaces.