Incident Reporting Summary
Information sharing is an essential tool for mitigating cyber threats, particularly in a rapidly evolving threat landscape. In April 2018, IIROC (now CIRO) proposed rules to require mandatory reporting of a cybersecurity incident by Investment Dealer Members (Dealers) to IIROC (now CIRO). We expect Dealers will benefit from the prompt reporting of cybersecurity incidents. When CIRO receives notice of an incident it can move quickly to assist the affected Dealer(s) and, when necessary, inform other Dealers of current cyber threats, thereby helping to manage the impact on Dealers as well as investors.
We recently implemented IDPC Rule 3703 requiring the mandatory reporting of cybersecurity incidents by Dealers to CIRO. We also issued guidance in the form of frequently-asked questions to assist Dealers.
Welcome to CIRO.ca!
You can find the Canadian Investment Regulatory Organization (CIRO) at CIRO.ca with our fresh look and feel.
The following sections of the legacy mfda.ca and iiroc.ca sites have been migrated to ciro.ca:
- Enforcement
- Hearings
- Consultations
- A unified member directory (Dealers We Regulate)
- Advisor Report
We will continue moving items off MFDA and IIROC in 2024. Stay tuned for future updates.