Skip to main content
Unsupported Browser
Your Browser is out of date and is not supported by this website.
Please upgrade to Firefox, Chrome, Internet Explorer 11, or Microsoft Edge.

Consultation on OSFI Guidelines for Technology and Cyber Risk Management

December 9, 2021

Draft guideline sets expectations for federally regulated financial institutions to manage technology-based risks

On November 9, 2021, the Canadian Office of the Superintendent of Financial Institutions (OSFI) launched a consultation on their draft Tech and Cyber Risk Management Guideline (B-13). This new draft guideline follows a previous consultation that sought feedback on the OSFI discussion paper Delivering financial sector resilience in a digital world.

The guidelines express OSFI’s expectations for federally regulated financial institutions across five dimensions:

  1. Governance and Risk Management – Technology and cyber risks are governed through clear accountabilities and structures, and comprehensive strategies and frameworks. 

  2. Technology Operations – A technology environment that is stable, scalable and resilient. The environment is kept current and supported by robust and sustainable operating processes. 

  3. Cyber Security – A secure technology posture that maintains the confidentiality, integrity and availability of the federally regulated financial institution’s technology assets. 

  4. Third-Party Provider Technology and Cyber Risk – Reliable and secure technology and cyber operations from third-party providers.

  5. Technology Resilience – Technology services are delivered, as expected, through disruption. 

The consultation is open for comment until February. 

Member Discounts

  • Members get discounts to all our events
  • Access members-only resources
  • Create your own member profile
Join Today