In light of the growing risk of cyberattacks on issuers, registrants and regulated entities (Market Participants), the Canadian Securities Administrators (CSA) recently published CSA Staff Notice 11-332 Cyber Security (Staff Notice) providing guidance to Market Participants on the subject.

Cybersecurity a Priority Area for the CSA

The Staff Notice identifies cybersecurity as a priority for the CSA, and states that the CSA has a central role to play in “assessing and promoting readiness and cyber resilience” of Market Participants.  To this point, enhancing cybersecurity is identified as a key initiative to facilitate fair and efficient markets and the reduction of risks to market integrity under the CSA’s 2016-2019 Business Plan (Business Plan).  This Business Plan includes tasks related to  improving collaboration and communication on cybersecurity issues with Market Participants and improving Market Participants’ understanding of the CSA’s cybersecurity activities, to which the Staff Notice speaks.

Previous CSA Notice on Cybersecurity

The CSA previously released guidance concerning cybersecurity in 2013 with Staff Notice 11-326 Cyber Security (2013 Notice).  The 2013 Notice provided general recommendations for the steps that Market Participants can take to manage cyber threats.  These recommended steps were to:

  • educate staff on the importance of cybersecurity and their role of ensuring such security;
  • follow industry best practices in regards to cybersecurity; and
  • conduct regular third party vulnerability and security tests and assessments against the Market Participants’ systems.

In addition to these steps, Market Participants were advised by the 2013 Notice to review their cybersecurity measures on a regular basis.Continue Reading CSA Introduces Updated Cyber Security Guidance

The Ontario Securities Commission (OSC) published OSC Staff Notice 33-746 (Notice) on September 21, 2015.

The Notice focuses on registered firms and individuals directly overseen by the OSC describing the initiatives within the Compliance and Registrant Regulation Branch (CRR), notices published, rule amendments and regulatory action taken as a

On May 8, 2014, the Staff of the Investment Funds Branch of the Ontario Securities Commission (Staff) released a notice setting out recommendations based on their observations from a targeted continuous disclosure review of the fees and expenses disclosure practices of investment funds.

Staff conducted a targeted, continuous disclosure review of the fees and expenses disclosure practices of a sample of 18 fund managers offering various types of investment funds, including conventional mutual funds, exchange-traded funds and closed-end funds.


Staff made the following recommendations:

1.  Transparency in Disclosure of Management Fees and Expenses

  • Prospectus and continuous disclosure documents should disclose the specific services that the fund manager provides to the fund in consideration of the management fees and the types of expenses charged to the fund as operating expenses. General “catch all” terminology should be avoided.
  • The prospectus should provide details sufficient for investors to clearly distinguish the types of expenses, in particular the types of administrative and operating expenses, that are covered by management fees from those that are covered by operating expenses. Investors should not have to refer to the management or trust agreement for the information.
  • Fund managers should clearly describe the major services paid for out of the management fees in their funds’ MRFPs, as well as provide the required line items in the funds’ financial statements.  Relevant and descriptive line items, in addition to the mandated line items, should be used.

2.  Transparency in Disclosure of Expense Allocation