The regulator has published its latest compliance priorities
Cybersecurity remains a key priority for investment dealers to ensure compliance with IIROC according to the regulator’s latest update.
Its Compliance Priorities Report also highlights risk management and conflict of interest as areas that it is particularly concerned about for 2018.
For cybersecurity, IIROC has visited small and medium sized dealers to review their cybersecurity preparedness. It offered dealers recommendations on how to improve in this area.
"In a landscape of heightened security, IIROC believes it is critical for firms to maintain policies and procedures that protect their clients and their businesses by safeguarding personal information and business data," says Wendy Rudd, Senior Vice-President, Member Regulation and Strategic Initiatives, IIROC. "Proactive work in areas that present the greatest risk, such as cybersecurity, will remain a priority."
Among the main recommendations on cybersecurity, IIROC says that firms should use strong encryption and passwords, carry out due diligence on thirs party vendors, and develop a plan to deal with cyber incidents.
That plan should include a description of the different types of possible incidents; procedures to stop an incident and eliminate the threat; procedures for recovery of data; investigation of an incident; and incident notification and reporting obligations.
IIROC says it will continue to work with dealers, in co-operation with IIAC to ensure compliance.
However, those that fail to address significant compliance findings and/or fail to show their commitment to a strong compliance culture will face enforcement action.
This will include the increased imposition of terms and conditions on non-compliant dealers.
Its Compliance Priorities Report also highlights risk management and conflict of interest as areas that it is particularly concerned about for 2018.
For cybersecurity, IIROC has visited small and medium sized dealers to review their cybersecurity preparedness. It offered dealers recommendations on how to improve in this area.
"In a landscape of heightened security, IIROC believes it is critical for firms to maintain policies and procedures that protect their clients and their businesses by safeguarding personal information and business data," says Wendy Rudd, Senior Vice-President, Member Regulation and Strategic Initiatives, IIROC. "Proactive work in areas that present the greatest risk, such as cybersecurity, will remain a priority."
Among the main recommendations on cybersecurity, IIROC says that firms should use strong encryption and passwords, carry out due diligence on thirs party vendors, and develop a plan to deal with cyber incidents.
That plan should include a description of the different types of possible incidents; procedures to stop an incident and eliminate the threat; procedures for recovery of data; investigation of an incident; and incident notification and reporting obligations.
IIROC says it will continue to work with dealers, in co-operation with IIAC to ensure compliance.
However, those that fail to address significant compliance findings and/or fail to show their commitment to a strong compliance culture will face enforcement action.
This will include the increased imposition of terms and conditions on non-compliant dealers.