OSFI Initiates Consultation on Technology Risks in Financial Sector

At this time, OSFI is not presenting any firm proposals and intends to follow this consultation process with one or more consultative documents. Through this paper, OSFI shares some of its thinking and recent work, inviting stakeholder feedback on a range of issues surrounding technology and related risks, including:

• Operational risk and resilience and the need for a holistic assessment of the overarching regulatory architecture for technology and other non-financial risks
• Understanding technology risk and the role of prudential regulators with respect to technology and data risk management
• Core principles to guide future regulatory guidance development in relation to three priority areas—cyber security, advanced analytics, and the technology third-party ecosystem

Data is foundational to each theme of this paper; thus, this paper includes a separate discussion on data risk management. Each thematic section presents the perspective of OSFI in the respective area and, where applicable, the existing regulatory guidance and supervisory work of OSFI. The Canadian regulator OSFI is interested in receiving stakeholder feedback based on questions posed in each section. The consultation supports a strategic objective of OSFI to ensure that federally regulated financial institutions and pension plans are better prepared to identify and develop resilience to non-financial risks, before these risks negatively affect the financial condition of institutions. 

Related Links

• Press Release
• Letter
• Discussion Paper (PDF)

Comment Due Date: December 15, 2020

 Keywords: Americas, Canada, Banking, Insurance, Technology Risk, Operational Risk, Cloud Computing, Third Party Risk, Fintech, Cyber Risk, Artificial Intelligence, OSFI