Federally Regulated Financial Institutions Archives - IPOsgoode /osgoode/iposgoode/tag/federally-regulated-financial-institutions/ An Authoritive Leader in IP Mon, 15 Aug 2022 16:00:00 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 OSFI Releases Final Version Of Guideline B-13: Technology And Cyber Risk Management /osgoode/iposgoode/2022/08/15/osfi-releases-final-version-of-guideline-b-13-technology-and-cyber-risk-management/ Mon, 15 Aug 2022 16:00:00 +0000 https://www.iposgoode.ca/?p=39894 The post OSFI Releases Final Version Of Guideline B-13: Technology And Cyber Risk Management appeared first on IPOsgoode.

]]>

M. Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLP. This article was originally posted on on July 27, 2022.


On July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI)its final Guideline B-13: Technology and Cyber Risk Management (Guideline B-13), which describes OSFI’s expectations for how federally regulated financial institutions (FRFIs) should manage technology and cyber risks.

OSFI views the large increase of cyber incidents in Canada as an urgent call for FRFIs to bolster their technology and cyber risk management practices. Guideline B-13 is OSFI’s answer to this call and provides a flexible, principle-based regulatory framework for FRFIs to strengthen their cybersecurity posture with strategies that account for their size, nature, scope, and complexity.

Guideline B-13 is the final result of an extensive consultation process that started in September 2020 and included an initial draft Guideline B-13 in November 2021, as previously reported by the E-TIPS® NewsletterԻ. The final Guideline B-13 takes a more streamlined approach than the previous iteration and is organized around three “domains” as opposed to the first draft’s five-domain structure. Each domain sets out specific outcomes for FRFIs to achieve in order to align with OSFI’s expectations:

  1. Governance and Risk Management: Technology and cyber risks should be governed by clear accountabilities and structures, and comprehensive strategies and framework.
  2. Technology Operations and Resilience: The FRFI has a technology environment that is stable, scalable, and resilient. The environment should remain current and supported by technology operating and recovery processes that are “robust and sustainable”.
  3. Cyber Security: Guideline B-13 requires the FRFI to implement a technology posture that maintains the confidentiality, integrity, and availability of its technology assets.

Guideline B-13 is set to come into effect on January 1, 2024, which gives FRFIs time to review the framework and ensure that they meet compliance.

The post OSFI Releases Final Version Of Guideline B-13: Technology And Cyber Risk Management appeared first on IPOsgoode.

]]>
OSFI Launches Consultation On Draft Technology And Cyber Risk Management Guideline /osgoode/iposgoode/2021/11/26/osfi-launches-consultation-on-draft-technology-and-cyber-risk-management-guideline/ Fri, 26 Nov 2021 17:00:00 +0000 https://www.iposgoode.ca/?p=38698 The post OSFI Launches Consultation On Draft Technology And Cyber Risk Management Guideline appeared first on IPOsgoode.

]]>
M. Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLP. This article was originally posted on .

On November 9, 2021, the Office of the Superintendent of Financial Institutions (OSFI)a public consultation on Draft Guideline B‑13: Technology and Cyber Risk Management (the Guideline). It applies to federally regulated financial institutions (FRFIs) and addresses OSFI’s expectations in relation to technology and cyber risks.

The Guideline is organized into five domains, with each domain describing OSFI’s desired outcome for FRFIs in a certain aspect of technology and cyber risk management:

  1. Governance and Risk Management:the FRFI has a clear framework and comprehensive strategy to govern technology and cyber risks.
  2. Technology Operations:there isa resilient and scalable technology environment in place that is kept up-to-date by robust operating processes.
  3. Cyber Security:the FRFI is able to maintain the confidentiality, integrity, and availability of technology assets.
  4. Third-Party Provider Technology and Cyber Risk:third-party providers deliver reliable and secure technology and cyber operations to the FRFI.
  5. Technology Resilience:the FRFI has proper disaster recovery capabilities that allows the delivery of technology services through operational disruption.

In its announcement of the consultation, OSFI commented on the importance of stakeholder engagement to strike the appropriate balance between its prudential objectives, while still allowing financial institutions to compete. Accordingly, OSFI welcomes public feedback on the Guideline and is especially interested in feedback that addresses the clarity and application of their outlined expectations, the balance between principles and prescriptiveness in these expectations, and other suggestions that relate to OSFI’s mandate.

The consultation is open until February 9, 2022 and comments can be submitted atTech.Cyber@osfi-bsif.gc.ca.

The post OSFI Launches Consultation On Draft Technology And Cyber Risk Management Guideline appeared first on IPOsgoode.

]]>