OSFI published a discussion paper that focuses on risks arising from rapid technological advancement and digitalization. The discussion paper presents the recent work of OSFI on a wide range of risks in technology. The discussion paper addresses operational risk and resilience and data risk, with cyber security, advanced analytics (including artificial intelligence and machine learning), and use of third-party services (such as cloud computing) as the key focus areas. The paper shares preliminary direction of OSFI on the key focus areas and seeks stakeholder views to inform future prudential policy development. Stakeholders can provide feedback by December 15, 2020.
At this time, OSFI is not presenting any firm proposals and intends to follow this consultation process with one or more consultative documents. Through this paper, OSFI shares some of its thinking and recent work, inviting stakeholder feedback on a range of issues surrounding technology and related risks, including:
- Operational risk and resilience and the need for a holistic assessment of the overarching regulatory architecture for technology and other non-financial risks
- Understanding technology risk and the role of prudential regulators with respect to technology and data risk management
- Core principles to guide future regulatory guidance development in relation to three priority areas—cyber security, advanced analytics, and the technology third-party ecosystem
Data is foundational to each theme of this paper; thus, this paper includes a separate discussion on data risk management. Each thematic section presents the perspective of OSFI in the respective area and, where applicable, the existing regulatory guidance and supervisory work of OSFI. The Canadian regulator OSFI is interested in receiving stakeholder feedback based on questions posed in each section. The consultation supports a strategic objective of OSFI to ensure that federally regulated financial institutions and pension plans are better prepared to identify and develop resilience to non-financial risks, before these risks negatively affect the financial condition of institutions.
Comment Due Date: December 15, 2020
Keywords: Americas, Canada, Banking, Insurance, Technology Risk, Operational Risk, Cloud Computing, Third Party Risk, Fintech, Cyber Risk, Artificial Intelligence, OSFI
Previous ArticleHKMC Enhances Terms of SME Loan Guarantee Scheme Amid Pandemic
FED finalized a rule that updates capital planning requirements to reflect the new framework from 2019 that sorts large banks into categories, with requirements that are tailored to the risks of each category.
ECB published results of the quarterly lending survey conducted on 143 banks in the euro area.
ESAs published the final draft implementing technical standards on reporting of intra-group transactions and risk concentration of financial conglomerates subject to the supplementary supervision in EU.
EBA published the annual report on asset encumbrance of banks in EU.
MAS revised the guidelines that address technology and cyber risks of financial institutions, in an environment of growing use of cloud technologies, application programming interfaces, and rapid software development.
FED updated the reporting form and instructions for the FR Y-9C report on consolidated financial statements for holding companies.
EBA issued a consultation paper on the guidelines on monitoring of the threshold and other procedural aspects of the establishment of intermediate EU parent undertakings, or IPUs, as laid down in the Capital Requirements Directive.
EC published Regulation 2021/25 that addresses amendments related to the financial reporting consequences of replacement of the existing interest rate benchmarks with alternative reference rates.
BIS published a bulletin, or a note, that examines the cyber threat landscape in the context of the pandemic and discusses policies to reduce risks to financial stability.
HM Treasury, also known as HMT, has updated the table containing the list of the equivalence decisions that came into effect in UK at the end of the transition period of its withdrawal from EU.