Office of the Superintendent of Financial Institutions
Today, the Office of the Superintendent of Financial Institutions (OSFI) is launching a three-month public consultation on Draft Guideline B‑13: Technology and Cyber Risk Management.
The proposed Guideline sets out OSFI’s expectations for sound technology and cyber risk management across five domains. Each domain is guided by a desired outcome and related technology-neutral principles that collectively contribute to operational resilience. The proposed Guideline responds to
feedback received as a result of OSFI’s fall 2020 discussion paper on technology and related risks (see Annex).
Existing OSFI guidance, including Guidelines E‑21 (Operational Risk Management) and B‑10 (Outsourcing of Business Activities, Functions and Processes), as well as the recently updated
Technology and Cyber Security Incident Reporting Advisory and
Cyber Security Self-Assessment tool, will complement the proposed Guideline. In May 2021, through its
Near-Term Plan of Prudential Policy, OSFI shared its plan to review existing guidance on outsourcing and operational risk management.
Developing guidance for technology and cyber risks requires continued stakeholder engagement and transparency, so that OSFI can strike the right balance between its prudential objectives and allowing financial institutions to compete. OSFI welcomes public comments on Draft Guideline B‑13, and is particularly interested in feedback on:Footnote 1
An information session for financial institutions is planned within the next few weeks to provide an overview of OSFI’s Draft Guideline B‑13 and an opportunity to raise questions.
Please submit comments to Tech.Cyber@osfi-bsif.gc.ca by February 9, 2022.
In developing Draft Guideline B‑13, OSFI considered the range of
feedback received from stakeholders in response to the fall 2020 discussion paper,
Developing financial sector resilience in a digital world. Below is a brief summary of key issues from the discussion paper consultation and how OSFI responded to each.
OSFI’s responses to the fall 2020 consultation (see Annex) expand on the approach taken to Draft Guideline B‑13.
Return to footnote 1