Publication
Regulation Around the World: Open Finance
In this issue of Regulation Around the World we look at how regulators are developing their proposals for Open Finance.
Author:
Global | Publication | October 2016
The Canadian Securities Administrators (CSA) have published a new staff notice to promote cybersecurity awareness, preparedness and resilience in Canadian capital markets and to encourage better disclosure by issuers.
The CSA first published a notice on cybersecurity in 2013, reminding issuers and registrants of the importance of putting into place strong security measures to safeguard themselves and their clients. Issuers were also advised to consider whether and to what extent cybercrime risks, incidents and controls to address such risks should be disclosed in a prospectus or a continuous disclosure filing.
In its new notice, the CSA advises that it considers cybersecurity a priority and expects issuers and registrants to take steps to protect themselves against cyber threats.
The securities regulators will be re-examining issuer disclosure related to cybersecurity in the coming months. As issuers begin to turn their minds to the upcoming annual reporting season, they should assess the cybersecurity risks they face and consider the type and level of disclosure, if any, to include in their MD&A and annual information forms. To the extent that they consider the risk material, issuers should avoid boilerplate and provide cyber risk disclosure that is as detailed and company specific as possible. Issuers should also consider the threshold required to determine that a cyberattack is material and should be disclosed, taking into consideration the impact on its operations, reputation, customers, employees and investors.
In respect of registrants, the CSA advises that it has been gathering data about the cybersecurity practices in place and will continue to discuss cybersecurity policies and procedures with registered firms as part of compliance reviews. Registrants are expected to remain “vigilant,” regularly review their cybersecurity risk control measures and update their procedures in accordance with industry best practices.
Part of cybersecurity preparedness for both issuers and registrants includes continually reviewing guidance and best practices from industry associations and tailoring a program to meet the organization’s specific needs. The new CSA notice includes links to a number of reference documents that may be useful to issuers and registrants.
The September 2016 CSA Staff Notice 11-332 can be accessed here.
The September 2013 CSA Staff Notice 11-326 can be accessed here.
Publication
In this issue of Regulation Around the World we look at how regulators are developing their proposals for Open Finance.
Publication
On 3 July 2025 the UK Takeover Panel (Panel) published PCP 2025/1: Dual class share structures, IPOs and share buybacks (Consultation) setting out a proposed framework for the application of the UK Takeover Code (Code) to companies with dual class share structures (DCSS companies).
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2025