Notice of Commission Approval – Amendments Respecting Mandatory Reporting of Cybersecurity Incidents – Investment Industry Regulatory Organization of Canada (IIROC)

Market Regulation Document Type
IIROC rule review

The Ontario Securities Commission has approved IIROC’s proposed amendments to the Dealer Member Rules and corresponding amendments to its Dealer Member Plain Language Rule Book to require mandatory reporting of a cybersecurity incident by Dealer Members to IIROC (the Amendments).

The Amendments were published for comment on April 5, 2018. IIROC has made non-substantive changes to the Amendments as published in 2018 in response to comments received. A summary of the public comments and IIROC’s responses, as well as the IIROC Notice including the Amendments, can be found at

The Amendments are effective immediately.

In addition, the Alberta Securities Commission; the Autorité des marchés financiers; the British Columbia Securities Commission; the Financial and Consumer Affairs Authority of Saskatchewan; the Financial and Consumer Services Commission of New Brunswick; the Manitoba Securities Commission; the Newfoundland and Labrador Office of the Superintendent of Securities; the Northwest Territories Office of the Superintendent of Securities; the Nova Scotia Securities Commission; the Nunavut Office of the Superintendent of Securities; the Office of the Yukon Superintendent of Securities; and the Prince Edward Island Office of the Superintendent of Securities have either not objected to or have approved the Amendments.