IIROC GUIDANCE RE: CYBERSECURITY INCIDENT REPORTING
IIROC has issued a Guidance Note on its cybersecurity incident reporting requirements. Notably, if a dealer has identified a possible cybersecurity incident but is not sure if the incident meets the definition to trigger reporting, IIROC recommends that the dealer contact its Financial & Operations Compliance (FinOps) relationship manager to discuss. IIROC’s FinOps group will review the dealer’s evidence of controls to ensure compliance with the Cybersecurity Incident Reporting Requirements during regularly scheduled field examinations. The new Guidance is effective immediately.