OSFI published a discussion paper that focuses on risks arising from rapid technological advancement and digitalization. The discussion paper presents the recent work of OSFI on a wide range of risks in technology. The discussion paper addresses operational risk and resilience and data risk, with cyber security, advanced analytics (including artificial intelligence and machine learning), and use of third-party services (such as cloud computing) as the key focus areas. The paper shares preliminary direction of OSFI on the key focus areas and seeks stakeholder views to inform future prudential policy development. Stakeholders can provide feedback by December 15, 2020.
At this time, OSFI is not presenting any firm proposals and intends to follow this consultation process with one or more consultative documents. Through this paper, OSFI shares some of its thinking and recent work, inviting stakeholder feedback on a range of issues surrounding technology and related risks, including:
- Operational risk and resilience and the need for a holistic assessment of the overarching regulatory architecture for technology and other non-financial risks
- Understanding technology risk and the role of prudential regulators with respect to technology and data risk management
- Core principles to guide future regulatory guidance development in relation to three priority areas—cyber security, advanced analytics, and the technology third-party ecosystem
Data is foundational to each theme of this paper; thus, this paper includes a separate discussion on data risk management. Each thematic section presents the perspective of OSFI in the respective area and, where applicable, the existing regulatory guidance and supervisory work of OSFI. The Canadian regulator OSFI is interested in receiving stakeholder feedback based on questions posed in each section. The consultation supports a strategic objective of OSFI to ensure that federally regulated financial institutions and pension plans are better prepared to identify and develop resilience to non-financial risks, before these risks negatively affect the financial condition of institutions.
Comment Due Date: December 15, 2020
Keywords: Americas, Canada, Banking, Insurance, Technology Risk, Operational Risk, Cloud Computing, Third Party Risk, Fintech, Cyber Risk, Artificial Intelligence, OSFI
Previous ArticleHKMC Enhances Terms of SME Loan Guarantee Scheme Amid Pandemic
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.
The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.
The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).
The Monetary Authority of Singapore (MAS) set out the Financial Services Industry Transformation Map 2025 and, in collaboration with the SGX Group, launched ESGenome.
The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.
The International Organization of Securities Commissions (IOSCO) welcomed the work of the international audit and assurance standard setters—the International Auditing and Assurance Standards Board (IAASB)
The Bank of England (BoE) published a Statistical Notice (2022/18), which informs that due to the Bank Holiday granted for Her Majesty Queen Elizabeth II’s State Funeral on Monday September 19, 2022.
The French Prudential Control and Resolution Authority (ACPR) announced that the European Banking Authority (EBA) has updated its filing rules and the implementation dates for certain modules of the EBA reporting framework 3.2.
The European Central Bank (ECB) published a paper that examines how credit rating agencies accepted by the Eurosystem, as part of the Eurosystem Credit Assessment Framework (ECAF)
The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility (CLF) for authorized deposit-taking entities to ~USD 33 billion on September 01, 2022.