The Canadian Securities Administrators (CSA) is stepping up its efforts to bolster cybersecurity in Canada’s capital markets with targeted compliance reviews, an examination of issuer disclosure to ensure it’s adequate, and plans for roundtable sessions with market participants to discuss emerging cyber threats.
The CSA published a staff notice on Tuesday that says the cybersecurity landscape has “evolved considerably in recent years,” with more frequent attacks that are, in turn, becoming more complex and costly for the industry.
“With advancing technology, cyber adversaries are becoming more sophisticated and the potential for damage is ever increasing,” the CSA’s notice says. “The number of entities experiencing financial losses, intellectual property theft, reputational damage, fraud, and legal exposure is rising.”
Regulators have been collecting data on firms’ cybersecurity practices and training efforts and they intend to delve further into the subject in the months ahead, the notice states: “A more targeted desk review is planned for the remainder of 2016, which will assess in more detail the areas discussed in regular compliance reviews.”
The regulators are also planning to examine the disclosure of a sample of larger issuers, which, they say, will generate futurerecommendations from the regulators in this area.
In addition, the CSA is also planning roundtable sessions in the months ahead to “discuss cybersecurity issues and risks, regulatory expectations and the need for co-ordination.”
In these meetings, the regulators aim to examine emerging risks, to “promote an open dialogue” between the industry and cyber security experts and to explore opportunities to improve collaboration and communication, among other things, the CSA’s notice indicates.
For securities dealers, the notice also highlights the efforts of the Investment Industry Regulatory Organization of Canada (IIROC) and the Mutual Fund Dealers Association of Canada (MFDA) in setting out their expectations in terms of ensuring cyber security.
“It is crucial for us to improve collaboration and communication on cybersecurity issues with market participants,” says Louis Morisset, the CSA’s chairman and president and CEO of the Autorité des marchés financiers. “We want to ensure they are aware of the challenges, have a sufficient level of preparedness, and are as resilient as possible against cyber risks.”
Photo copyright: rabbit75123/123RF