Mar. 15, 2023
I would like to add that the related consumer protection initiative to alert the retail client when there has been a cyber breach will help the public be alert to signs of identity theft as a result. This is excellent and forward thinking of the sec Bkennedy Comments For this rule I am please to see the reference to international cooperation. With this in mind please also consider cyber risk vulnerabilities in outsourcing protocol, as well as what is referenced still in terms and conditions of service when retail investors open accounts and the focus on capping litigation rather than known cyber electronic vulnerabilities including osfi B13. And it's enhance ment of B10. Right down to the semantics such as "electronic" which may not should cyber risk. And also vulnerabilities in how oversight bodies (using Canada ) as an example dial down on risk focus related to this because it is at the retail service portals. Not understanding the link into broader systemic risk management concerns. Noting our osc and iiroc both are quite aware of B10 and B13 concerns of the osfi. But oddly still have those deceptively worded liability disclaimers on the policy priority back burners because this is retail related (whereas the issue goes far beyond liquidity risk and litigation cash outflows that the disclaimers are shielding.) I am very pleased to se how the S EC is now prioritizing the formalizing this issue. But suggest there be flexibility in add on protocol related to keep up with how industry is evolving along with cyber risk . (Semantics e.g. reference to electronic services) can also hide the current seriousness tied to tech cyber vulnerabilities.. Our regulators need to add these systemic vulnerabilities and not just focus on fraudsters and assume their duties are done and dusted. Yours truly Kennedy Oakville Ont Canada. Sent from Yahoo Mail on Android regarding adding cyber risk vulnerabilities. one "unlikely" venue to loo at would be at the retail investors service account opening and terms of service. including reference to electronic services. for example wobbly platforms due to periods of high traffic suggest less than robust tech portals. And per iirocs 19-0177 the focus appears to be shielding from litigation not underlying vulnerabilities. And probably proactive assessment including closing off these vulnerabilities and not assuming they can't leak into the functionality cited in the rule proposal solely. including when service is interrupted including at the retail interface. I note there is malware that can create the same conditions as periods of higher than normal traffic. So when one portal seizes up is this capped there or not including into other service portals that may have further vulnerabilities. you need an integrated not a silo mindset approach. SHARED ON 15-March-2023 10:02 AM PDT Manage Your Account | Customer Support | Forums | Terms of Use | Report Abuse Adobe, the Adobe logo, the Adobe PDF logo, and Acrobat are either registered trademarks or trademarks of Adobe in the United States and/or other countries. All other trademarks are the property of their respective owners.