Consultation on OSFI Guidelines for Technology and Cyber Risk Management
Draft guideline sets expectations for federally regulated financial institutions to manage technology-based risks
On November 9, 2021, the Canadian Office of the Superintendent of Financial Institutions (OSFI) launched a consultation on their draft Tech and Cyber Risk Management Guideline (B-13). This new draft guideline follows a previous consultation that sought feedback on the OSFI discussion paper Delivering financial sector resilience in a digital world.
The guidelines express OSFI’s expectations for federally regulated financial institutions across five dimensions:
Governance and Risk Management – Technology and cyber risks are governed through clear accountabilities and structures, and comprehensive strategies and frameworks.
Technology Operations – A technology environment that is stable, scalable and resilient. The environment is kept current and supported by robust and sustainable operating processes.
Cyber Security – A secure technology posture that maintains the confidentiality, integrity and availability of the federally regulated financial institution’s technology assets.
Third-Party Provider Technology and Cyber Risk – Reliable and secure technology and cyber operations from third-party providers.
Technology Resilience – Technology services are delivered, as expected, through disruption.
The consultation is open for comment until February.