Requirements for Secure Electronic Regulatory Communication

14-0186
Type: Rules Notice> Technical
Rule connection:
UMIR
Legacy DMR Rules
Distribute internally to:
Institutional
Legal and Compliance
Operations
Retail
Senior Management
Trading Desk
Training

Contact:

Keith Persaud
Senior Vice-President, Finance and Administration
Telephone:
Email:

Executive Summary

On September 1, 2014, IIROC will have completed the implementation of Echoworx OneWorld (“OneWorld”) as a secure e-mail exchange service to encrypt the transmission of confidential, private or sensitive information between IIROC and Dealer Members.1 As of that date, the current service, EMX, will be fully phased out and all users will be required to use the new service. Concurrent with the implementation of OneWorld, IIROC will be launching Citrix ShareFile (“ShareFile”), which will allow for the secure transfer of large electronic data files that cannot be transmitted using e- mail, due to the 15MB size limitation of e-mail messages sent via OneWorld.

  • 1Reference should be made to IIROC Notice 14-0100 – Rules Notice – Technical - Update Respecting Secure Communications with IIROC (April 22, 2014).

Effective September 1, 2014, this notice repeals and replaces Notice 13-0045 – Rules Notice – Technical – UMIR – Requirements for Secure Electronic Communications (February 7, 2013). 

About OneWorld

OneWorld is a technology tool that provides for the encrypted transmission of e-mails. OneWorld is only intended to securely transmit an e-mail; it does not provide any facility for the long-term storage or archiving of e-mail messages.  All e-mails sent through OneWorld are only retained for a period of thirty days from the date the e-mail was transmitted; therefore they must be retreived by the e-mail’s receipient during that time.  Any message not retrieved within the thirty-day period will be deleted and will no longer be accessible.  

About ShareFile 

ShareFile is a facility that provides for the  electronic delivery of large data files in a secure manner. The submitter of the files is provided with a link that enables the uploading of electronic files to a secure server for retrieval by the recipient.  

Use of OneWorld and ShareFile for the Submission of Regulatory Information 

  1. Requests for Information –  Whenever feasible, requests for information made by IIROC to a Dealer Member will be delivered via OneWorld.  When submitting the requested information to IIROC, the Dealer Member may reply to the original secure e-mail request and include any required electronic documents as attachments.2   For large files that may exceed the maximum 15MB capacity to be transmitted via e-mail, the Dealer Member may request a link from IIROC to enable them to upload the electronic files to a secure ShareFile server.  In each case, the electronic files are transmitted in a fully secure and encrypted environment. 

  2. Submission of Regulatory Reporting – Each regulatory report sumitted to IIROC, such as the reporting of changes to ownership, structure, registered employees and business models should be transmitted via OneWorld.  To accommodate the submission of such reports, the submitter may contact IIROC to advise IIROC of their intention to submit a report.  IIROC will send a secure e-mail, via OneWorld, to the submitter. The submitter may reply to this e-mail, including the report as an attachment.  

    Dealer Members that are also marketplace members (i.e. “ATSs”) are encouraged to submit all regulatory filings required under their Regulation Services Agreements via OneWorld.  The Dealer Member may contact IIROC to initiate a secure e-mail through OneWorld.  By replying to this e-mail and attaching any required documents, the return message to IIROC and all attachments are transmitted securely.  

    In all cases, for larger files that cannot be accomodated using OneWorld due to size limitations, the Dealer Member may request a link from IIROC to enable the Dealer Member to upload the documents to ShareFile.  Whether transmitted using OneWorld or ShareFile, the transmission of the documents to IIROC will be fully secure and encrypted. The process currently used to submit certain regulatory reports through the “regulatory reporting” portal 3 on the IIROC website will not change and is unaffected by the implementation of OneWorld and ShareFile. 

  3. Registrations Correspondence – The IIROC Registrations department uses OneWorld for all e-mail correspondence of a sensitive or confidential nature. When replying to a secure e-mail, the transmission back to IIROC will be fully secure and encrypted. 

    A Dealer Member who wishes to transmit sensative or confidential electronic information to IIROC may do so by contacting the registration department who will initiate a OneWorld encrypted message to the Dealer Member. The Dealer member can reply to this e-mail. The transmission back to IIROC, including any attachments will be fully secure and encrypted. 

  4. Short Position Reporting – Each Dealer Member required to submit Short Position Reports in accordance with UMIR 10.10 must utilize ShareFile to obtain the starting securities list from the Exchanges, and to deliver their completed reports back to the Exchanges.  On a semi-monthly basis, the Exchanges will deliver a message to each Dealer Member that is required to submit short position reports.  That message will include the appropriate ShareFile link required by the Dealer Member to upload their completed reports.  All other aspects of the Short Position Reporting business process are unchanged. 

  5. Potential Violation Alert Notifications (“PVANS”) – IIROC provides an early warning system to Participants that notifies them of potential violations by their traders, known as Potential Violation Alert Notifications (“PVANS”).  All PVANS are issued using OneWorld. 

  6. Trade Variation and Cancellation Report (“TVCR”) – Participants are required under UMIR 7.11 to report all trade variations and cancellations to IIROC.  Participants are encouraged to submit these reports to IIROC securely.  To accommodate the secure transmission of these reports, the submitter may contact IIROC to advise of their intention to submit a report.  In response to being notified, IIROC will send a secure e-mail via OneWorld to the submitter.  By replying to this secure e-mail the transmission back to IIROC, including any attachments, is fully secure and encrypted.  

  7. Requirements to Notify IIROC under the Electronic Trading Rules – The Electronic Trading Rules require that IIROC be advised of certain details repecting arrangements between a Participant and a third-party.  To accommodate the secure transmission of these reports, IIROC will provide each Participant who currently submits such reports with a link that should be used to upload all required reports relating to the Electronic Trading Rules.  Doing so will ensure that the transmission of the report to IIROC is fully secure and encypted. 

Questions and Answers

The following are frequently asked questions relating to secure electronic regulatory communication and IIROC’s response to each question: 

  1. How do I obtain access to OneWorld? 
    When a secure e-mail is transmitted to you from IIROC, you will receive a regular, unsecured e-mail advising you that an encrypted e-mail has been sent to you.  Included in this e-mail is a link that will allow you to access a secure website where you can retrieve your message.  If this is the first message you have received via OneWorld from IIROC, you will be required to create an account.  Once you have set up the account, the same account is used for all subsequent e-mails sent by IIROC to the recipient via OneWorld.  

  2. How do I obtain access to ShareFile? 
    The first time you receive an e-mail from IIROC containing a secure link for sending or receiving files, you will be directed to set up an account on Sharefile.  Once your account is set up, that account is used for all subsequent ShareFile activity.    

  3. How will I know that I have received a OneWorld secure communication? 
    You will receive a regular (un-protected) e-mail advising you that you have a message waiting on the OneWorld server.  This e-mail will contain a link that will take you to the site where you are able to retrieve your secure message. 

  4. How many times will the recipient be notified that a OneWorld message has been sent to them? 
    In addition to the initial notification, the recipient will receive additional notifications for all messages that have not yet been retrieved on the 15th and 30th day following the delivery of the message.  OneWorld does not, however, provide a facility for the long-term storage or archiving of e-mails.  As such, all messages, including those not yet retrieved, are deleted from the system 30 days following origination of the message. 

  5. Am I able to use OneWorld to send secure communications to another Dealer Member? 
    No. OneWorld is only intended to allow secure transmission of e-mail traffic between Dealer Members and IIROC.  Dealer Members wishing to send secure communication to a party other than IIROC should talk to their IT department respecting possible solutions. 

  6. Can I initiate a secure OneWorld e-mail to IIROC? 
    No. All e-mail transmissions through OneWorld may only be initiated by IIROC.  When replying to an e-mail sent by IIROC via OneWorld, the transmission back to IIROC, including any attachments, will be fully protected.   If you need to send a secure communication to IIROC, you may contact IIROC and advise them of your intention.  IIROC will send you a secure e-mail, via OneWorld.  By replying to the e-mail, the transmission back to IIROC, including any attachments, is fully secure and encrypted. 

  7. How large an attachment can I include with a message? 
    The maximum size allowed for a OneWorld message is 15MB.  Data transmissions that exceed this size must be transmitted using ShareFile.  In this case, the Dealer Member must request a ShareFile link from IIROC that they can use to upload the file to a secure server.  ShareFile does not limit the size of uploads.  

  8. How long are messages sent/received using OneWorld saved for? 
    OneWorld is intended to provide secure and encrypted transmission only, and does not provide any facility for archiving or long-term storage. Messages sent via OneWorld will be deleted 30 days following delivery. Dealer Members are encouraged to save a copy of any e-mail sent via OneWorld that needs to be retained.  This may be done by using the “Save” functionality within OneWorld.   

  9. How long are files uploaded to ShareFile saved for? 
    ShareFile is intended to provide users with the ability to securely transmit electronic data files.  Sharefile does not provide any facility for archiving or long-term storage. All files uploaded to ShareFile are deleted after 30 days.    

  10. How do I retain a copy of the e-mails in my EMX account? 
    IIROC will be discontinuing the use of EMX on September 1, 2014, which includes deleting the current contents of all EMX mailboxes.  If you need to retain a copy of any e-mails that you have sent or received from your EMX account, you will need to log into your EMX account before September 1st and use the “SAVE” function to save a copy of each message to your local computer network.  You will no longer have access to your EMX account after September 1st and all of its contents will be permanently deleted at that time. 

  11. I used to send my Short Position reports via EMX.  How will I do this going forward?  
    You will receive requests to submit your short position report from the Exchanges.  These requests will contain the required links and further instructions on the transmission process. You will continue to receive a starting securities list from the Exchanges. With the exception of changes to the transmission method itself, all other aspects of the business process related to short position reporting remain unchanged. 

  12. How do I recover a forgotten password? 
    The OneWorld and ShareFile systems have a password recovery link on the login page. You can use that link to recover your password. 

IIROC Contact Information 

Dealer Members who require technical assistance with respect to the use of OneWorld or Sharefile may contact Steve Montague, Project Manager, Information Technology at [email protected].  All other inquiries should be directed to one of the following: 

Trading Review and Analysis: Arlene Cristello [email protected] 

Trading Conduct Compliance: Murray Lund [email protected] 

Registrations: Josette Nagel [email protected] 

Enforcement: Hazel D’Souza [email protected] 

Business Conduct: Compliance Ben Yee [email protected] 

Financial and Operations Compliance: Ciro Mirabella [email protected] 

General Counsels Office: Karen Green [email protected] 

  • 2You may include multiple attachments in a OneWorld e-mail message if using IE 10 or higher, Chrome or Firefox. If using IE 9 or lower, you will be limited to one attachment per e-mail.
  • 3Regulatory reports submitted through the IIROC web-site portal include:
    • Registration reporting through the National registrations Database,
    • Online CE Reporting,
    • Gatekeeper Reporting,
    • Regulatory Marker Corrections,
    • Notice of Basis Orders,
    • Extended Failed Trade reporting,
    • SIRFF Filing Access, and
    • UN Regulatory Reporting.