Technology and cyber risk management

Technology outages and cyber attacks continue to increase in frequency and complexity. Federally regulated financial institutions in Canada need to manage these risks to remain resilient. As a result, we’ve issued regulatory guidance and tools to help financial institutions manage technology and cyber risks. 

Guideline B-13: Technology and Cyber Risk Management

Guideline B-13 aims to support financial institutions in developing greater resilience to technology and cyber risks. It isn’t a one-size-fits-all approach, due to the variables that differ with each institution. Instead, institutions should read it from a risk-based perspective that allows them to compete effectively and be innovative.

Incident reporting

Federally regulated financial institutions need to respond to technology and cyber security incidents quickly and effectively. Whenever a reportable incident happens, institutions must notify us. This reporting can help us identify areas where institutions or the industry can take steps to prevent further incidents.

Self-assessment for federally regulated financial institutions

We provide a cyber security self-assessment to help financial institutions improve their approach to cyber security. Financial institutions should use this tool to assess their current level of cyber preparedness. It can also help them develop effective cyber security practices.

Intelligence-led Cyber Resilience Testing Framework

Intelligence-led Cyber Resilience Testing is an approach to help identify areas where the financial sector could be vulnerable to sophisticated cyber attack. The testing framework helps institutions conduct this sort of assessment.