Citing the success of its first two Cyber Security Self-Assessment Surveys, as well as the importance of regular self-assessments in ensuring good cyber risk management, IIROC commissioned Deloitte to develop Cyber Security Self-Assessment Checklists for Businesses. appointed to Although use of the tool is optional, the self-regulatory organization strongly advises all businesses to conduct a cyber security audit and self-assessment at least once every two years.
IIROC also referred to its Fundamentals of Risk Management Guide, published on March 31, 2021, for businesses oriented to the critical risks associated with technology adoption, use and transformation. It also covers how businesses use the technology and manage the risks that come with it in their FinOps risk model.
In addition, IIROC is emphasizing its inspection processes to ensure that businesses design and develop products that are fit for purpose and have developed measures in place to ensure that their systems and applications comply with applicable regulations. comply with.
IIROC said, “As part of the Technology Risk Review, we intend to review supply chain risks and vendors systematically important to the industry to consider ways to identify, assess and manage these risks.” could.”
IIROC also said that it is conducting a comprehensive review with CSA and MFDA to determine to what extent dealers are complying with the new CFR conflict of interest provisions (COI) that came into force on June 30, 2021 . The review aims to see whether companies have complied with the essence of the new COI standards and taken appropriate measures. Rather than continuing to default to disclosure, IIROC wants firms to resolve conflicts sufficiently in the best interest of clients.
