OSFI Sets Out Plan for Future Guidance on Managing Technology Risk
OSFI has set out the schedule for release of draft guidance on the management of technology risks by federally regulated financial institutions and private pension plans. This follows an OSFI discussion paper on a range of technology risk areas such as cyber security, advanced analytics, and third-party technology ecosystem. The feedback period on the paper ended on December 15, 2020, with respondents expressing broad support for emerging principles-based and technology-neutral perspectives on technology risk management.
In the feedback, the respondents indicated that OSFI should first leverage its existing guidance and align any additional guidance with existing international and information technology standards. In light of the feedback received on the discussion paper, OSFI plans to release draft guidance and industry letters as per the following schedule:
- OSFI plans to publish an industry letter on operational resilience and a new draft guideline on technology and cyber risk in the third and fourth quarters of 2021, respectively.
- In the first quarter of 2022, OSFI plans to publish a draft of the revised guideline on third-party risk and an industry letter on advanced analytics and model risk.
- In 2022-23, OSFI plans to publish the revised Guideline E-21 on operational risk management and the revised guidance on model risk.
Related Links
Keywords: Americas, Canada, Banking, Insurance, Technology Risk, Operational Risk, Operational Resilience, Third-Party Risk, Cyber Risk, Regtech, OSFI
Next Article
EBA Publishes Phase 1 of Reporting Framework 3.1Related Articles
US Agencies Issue Regulatory Updates, FDIC Launches Tech Sprint
The Board of Governors of the Federal Reserve System (FED) published the final rule that amends Regulation I to reduce the quarterly reporting burden for member banks by automating the application process for adjusting their subscriptions to the Federal Reserve Bank capital stock, except in the context of mergers.
EBA Issues Guide on Bank Resolvability, Consults on Transferability
The European Banking Authority (EBA) published its assessment of risks through the quarterly Risk Dashboard and the results of the Autumn edition of the Risk Assessment Questionnaire (RAQ).
MFSA Publishes CRD5 Updates and Supervisory Priorities for 2022
The Malta Financial Services Authority (MFSA) updated the guidelines on supervisory reporting requirements under the reporting framework 3.0.
HKMA Extends Repayment for Trade Facilities, Consults on Crypto-Assets
The Hong Kong Monetary Authority (HKMA) published a circular, along with the reporting form and instructions, for self-assessment, by authorized institutions, of compliance with the Code of Banking Practice 2021.
FCA Registers Securitization Repositories; PRA Issues 2022 Priorities
The Financial Conduct Authority (FCA) decided to register European DataWarehouse Ltd and SecRep Limited as securitization repositories under the UK Securitization Regulation, with effect from January 17, 2022.
EC Regulation Sets Out Methods for Measuring K-Factors Under IFR
The European Commission (EC) published the Delegated Regulation 2022/25, which supplements the Investment Firms Regulation (IFR or Regulation 2019/2033) with respect to the regulatory technical standards specifying the methods for measuring the K-factors referred to in Article 15 of the IFR.
BIS Studies How Platform Models Impact Financial Stability & Inclusion
The Bank of International Settlements (BIS) published a paper that assesses the ways in which platform-based business models can affect financial inclusion, competition, financial stability and consumer protection.
CBE Issues Additional Measures to Ease Disruptions from Pandemic
The Central Bank of Egypt (CBE) published a circular with instructions on emergency liquidity assistance to banks that are unable to meet their liquidity requirements.
ESAs Publish List of Financial Conglomerates for 2021
The European Supervisory Authorities (ESAs) published the list of identified financial conglomerates for 2021.
APRA Licenses Two More Banks, Reduces Committed Liquidity Facility
The Australian Prudential Regulation Authority (APRA) updated the list of authorized deposit-taking institutions, granting license to Barclays Bank PLC and Crédit Agricole Corporate and Investment Bank to operate as foreign authorized deposit-taking institutions under the Banking Act 1959.
