OSFI releases final Integrity and Security Guideline
News release - Ottawa -
Today, the Office of the Superintendent of Financial Institutions (OSFI) is releasing its final Integrity and Security Guideline. This final guideline reflects the feedback received through public consultation held from October 13 to November 24, 2023. OSFI is also publishing a summary of that feedback.
Public confidence in the financial system depends on financial institutions acting with integrity and protecting themselves against security threats, including foreign interference. This guideline sets out OSFI’s expectations for the policies and procedures that financial institutions employ to protect themselves against threats to their integrity and security, including foreign interference. It also describes how integrity and security relate to one another, and notes where those concepts are reflected in current guidelines.
This guideline is a critical step in clarifying OSFI’s expectations and it will help financial institutions proactively address associated risks to be more resilient. This, in turn, contributes to institutions that are stable and secure, and a financial system that Canadians can trust. OSFI will continue to engage institutions on integrity and security risks management throughout this implementation period in keeping with its expanded mandate.
“Resilience and trust in the financial system depend upon the integrity and security of financial institutions. Contained within our integrity and security guideline are specific, practical measures that we expect financial institutions to implement for their protection. Though much work remains, this guideline serves as an important, initial step towards enhancing integrity and security in the financial system.”
- Peter Routledge, Superintendent of Financial Institutions
- New legislation (C-47) expanded OSFI’s mandate upon receiving Royal Assent on June 22, 2023.
- The Integrity and Security Guideline is complemented by OSFI’s existing guidance and tools, including draft Guideline E‑21 (Operational Resilience and Operational Risk Management), Guideline B‑10 (Third-Party Risk Management), Guideline B-13 (Technology and Cyber Risk Management), Guideline E-17 (Background Checks on Directors and Senior Management of FREs), the Technology and Cyber Security Incident Reporting Advisory and the Cyber Security Self-Assessment tool, among others.