2026-07-15
Added · Updated
The Canadian Securities Administrators (CSA) issued Staff Notice 33-322 to summarize findings from recent compliance examinations of registered firms' cybersecurity practices and provide updated guidance on regulatory expectations. The examinations, covering 73 firms, identified common deficiencies and areas for improvement in cybersecurity policies and procedures, employee training, risk assessments, third-party due diligence, and incident response plans. This notice serves as a reminder that cybersecurity threats are a critical business risk, offering insights and best practices, especially for smaller and medium-sized firms, to ensure robust and evolving cybersecurity frameworks.