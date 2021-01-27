The Autorité des marchés financiers (AMF) is concerned by the increasing number of security incidents, including cyber incidents, affecting major institutions in Québec’s financial sector. The AMF is therefore again calling on the financial institutions and businesses it supervises to adequately assess information technology risks and take all necessary steps to bolster privacy safeguards and cybersecurity.
“The latest incidents further highlight the ever-present threat that information technology risks pose to all organizations,” said Louis Morisset, AMF President and CEO. “The AMF has been sharing its growing concerns about cyber risks with the clienteles it supervises since 2013. Today, we are asking them again to significantly heighten their vigilance and further strengthen monitoring of their technological environments.”
Specifically, the AMF is asking the clienteles it supervises to periodically conduct penetration tests of their technological environments in order to assess the operational effectiveness and adequacy of the controls in place.
The AMF is also asking them to regularly reinforce staff awareness of the information security risks associated with phishing.
Lastly, the AMF is asking them to ensure that their business continuity plans are in place and updated to deal with any possible crisis management scenarios and minimize any potential damage.
Québec’s financial sector participants quickly instituted new procedures, such as large-scale remote-work measures, to manage their operations in response to the COVID-19 pandemic. In the summer, the AMF reminded those who had implemented such procedures of the importance of properly documenting them and ensuring that the controls in place are appropriate. The AMF also asked the clienteles it supervises to pay particular attention to the remote access rights granted to employees and to ensure that employees use the applications and software accessible to them in a secure manner. These messages are just as relevant now.
On a final note, the AMF reminds the financial institutions and businesses it supervises that they must advise the AMF promptly of any major operational incident or privacy breach.
The Autorité des marchés financiers is the regulatory and oversight body for Québec’s financial sector.