Regulatory Alerts2023-12-07
Regulation Respecting the Management and Reporting of Information Security Incidents by Financial Institutions and Credit Assessment Agents
The Autorité des marchés financiers proposes a regulation requiring financial institutions and credit assessment agents to implement incident management policies and report security incidents with potentially adverse impacts within 24 hours. Covered entities must maintain a secure, confidential incident register for at least seven years and face monetary administrative penalties for non-compliance. The framework applies to insurers, credit unions, deposit institutions, trust companies, and designated agents, supplementing existing prudential management guidelines.
Share