OSFI releases new guideline for technology and cyber risk, balancing innovation with risk management

News release

For immediate release

OTTAWA ─ July 13, 2022 ─ Office of the Superintendent of Financial Institutions

Today, the Office of the Superintendent of Financial Institutions (OSFI) released its final Guideline B-13. This guideline sets out OSFI’s expectations for how federally regulated financial institutions (FRFIs) should manage technology and cyber risks such as data breaches, technology outages and more.

The widespread use of technology and the growing rate of cyber incidents has created an urgent need for enhanced regulatory guidance to FRFIs on technology and cyber risk management. OSFI’s final Guideline B-13 provides that guidance, while allowing FRFIs to compete effectively and take full advantage of digital innovation.

The Guideline is organized around three “domains,” each of which sets out key components for sound risk management: Governance and Risk Management, Technology Operations and Resilience, and Cyber Security. In turn, each of these domains includes a desired outcome aimed at helping FRFIs understand OSFI’s expectations, focusing on the “why” and “to what end” of technology and cyber risk management.

The final Guideline B-13 will be effective as of January 1, 2024, to provide financial institutions sufficient time to self-assess and ensure compliance with this new guideline.


“With today’s release of final Guideline B-13, OSFI has crafted a flexible, principles-based approach towards managing technology and cyber risk that takes into consideration the size, nature, scope and complexity of financial institutions.”

- Jamey Hubbs, Vice-Superintendent

Quick facts


OSFI – Media Relations

About OSFI

The Office of the Superintendent of Financial Institutions (OSFI) is an independent agency of the Government of Canada, established in 1987, to protect depositors, policyholders, financial institution creditors and pension plan members, while allowing financial institutions to compete and take reasonable risks. OSFI supervises more than 400 federally regulated financial institutions and 1,200 pension plans to determine whether they are in sound financial condition and meeting their prudential requirements.

Related links