Technology and cyber risk management

Technology outages and cyber attacks continue to increase in frequency and complexity. Federally regulated financial institutions in Canada need to manage these risks to remain resilient. As a result, we’ve issued regulatory guidance and tools to help financial institutions manage technology and cyber risks. 

Guideline B-13: Technology and Cyber Risk Management

Guideline B-13 aims to support financial institutions in developing greater resilience to technology and cyber risks. It isn’t a one-size-fits-all approach, due to the variables that differ with each institution. Instead, institutions should read it from a risk-based perspective that allows them to compete effectively and be innovative.

Incident reporting

Federally regulated financial institutions need to respond to technology and cyber security incidents quickly and effectively. Whenever a reportable incident happens, institutions must notify us. This reporting can help us identify areas where institutions or the industry can take steps to prevent further incidents.

Self-assessment for federally regulated financial institutions

We provide a voluntary self-assessment tool to help financial institutions improve their approach to manage technology and cyber risks. Financial institutions may use this tool to assess their current level of preparedness for addressing risks. It can also help them strengthen cyber risk management practices across the organization.

Intelligence-led Cyber Resilience Testing Framework

Intelligence-led Cyber Resilience Testing is an approach to help identify areas where the financial sector could be vulnerable to sophisticated cyber attack. The testing framework helps institutions conduct this sort of assessment.

Report a problem or mistake on this page
Please select all that apply:
Date modified: