New Reporting Requirements

On November 14, 2019, the Investment Industry Regulatory Organization of Canada (IIROC) amended its Dealer Member Rules (the Rules) to address reporting of cybersecurity incidents. The amendment, which takes effect immediately, requires all investment dealers regulated by IIROC to report all cybersecurity incidents.

The Rules define a “cybersecurity incident” as “any act to gain unauthorized access to, disrupt or misuse a Dealer Member’s information system, or information stored on such information system, that has resulted in, or has a reasonable likelihood of resulting in:

(i) substantial harm to any person

(ii) a material … Continue Reading