OSFI Revises Guidance on G-SIB Disclosure and Cyber Incident Reporting
The Office of the Superintendent of Financial Institutions (OSFI) published final revisions to its advisory on public disclosure requirements for global systemically important banks (G-SIBs). OSFI also published an updated cyber-security self-assessment template to help federally regulated financial institutions gauge and improve their current state of readiness in the face of emerging and expanding cyber threats. The self-assessment template covers criteria for reviewing third-party providers, including the providers of cloud services. It examines the capability of a financial institution to respond to a cyber incident in areas ranging from organization and resources, to how it manages threats, risks, and incidents, and allows an institution to rate each element on a scale from non-existent to continuous improvement. In a related development, OSFI updated the requirements governing how federally regulated financial institutions should disclose and report technology and cyber-security incidents to OSFI.
The updated advisory on technology and cyber-security incident reporting, which becomes effective from August 13, 2021, supports a coordinated and integrated response to technology and cyber-security incidents when they occur at federally regulated financial institutions. As updated, the federally regulated financial institutions must report a technology or cyber-security incident to the Technology Risk Division of OSFI as well as their Lead Supervisor at OSFI within 24 hours. Other changes to the advisory include a new "failure to report" section. In case a federally regulated financial institution does not report a cyber incident, it could be subject to increased supervisory oversight by OSFI, could be placed on a watchlist, or could be assigned one of the stages in the OSFI supervisory intervention approach, among other measures.
The revised advisory on G-SIB disclosures addresses changes to the disclosure requirements included in the updated assessment methodology of the Basel Committee on Banking Supervision, which was published in July 2018 and will take effect for the 2022 G-SIB assessment exercise; the key changes relate to the new Trading Volume indicator and the inclusion of insurance activities for certain existing G-SIB indicators. The revised advisory also provides guidance on the availability of publicly disclosed G-SIB indicators and the nature of qualitative information to accompany the disclosure requirements. This advisory applies to federally regulated banks with a Basel III leverage ratio exposure measure (including exposures arising from insurance subsidiaries) exceeding EUR 200 billion at financial year-end, or a bank that was included in the assessment sample by OSFI based on supervisory judgment.
Related Links
- Letter on Revised G-SIB Advisory
- Advisory on G-SIB Disclosures
- Cyber Security Self-Assessment
- Self-Assessment Template (XLSX)
- News Release on Cyber Incident Reporting
- Cyber Incident Reporting Advisory
Keywords: Americas, Canada, Banking, G-SIBs, Basel, Incident Reporting, Reporting, Cyber Risk, Regulatory Capital, Self-Assessment Template, OSFI
Featured Experts

María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer

Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.

Patrycja Oleksza
Applies proficiency and knowledge to regulatory capital and reporting analysis and coordinates business and product strategies in the banking technology area
Next Article
FSC Taiwan Issues Multiple Regulatory UpdatesRelated Articles
OSFI Finalizes on Climate Risk Guideline, Issues Other Updates
The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.
BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending
BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.
HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks
The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.
BCBS Report Examines Impact of Basel III Framework for Banks
The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.
PRA Consults on Prudential Rules for "Simpler-Regime" Firms
Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.
DNB Publishes Multiple Reporting Updates for Banks
DNB, the central bank of Netherlands, updated the list of additional reporting requests and published additional data quality checks and XBRL-Formula linkbase documents for the first quarter of 2023.
NBB Sets Out Climate Risk Expectations, Issues Reporting Updates
The National Bank of Belgium (NBB) published a communication on climate-related and environmental risks, issued an update on XBRL reporting
EBA Updates Address Securitization Standards and DGS Guidelines
The European Banking Authority (EBA) published the final draft of the regulatory technical standards that set out conditions for assessment of homogeneity of the underlying exposures in simple, transparent, and standardized (STS) securitizations.
FSB Publishes Letter to G20, Sets Out Work Priorities for 2023
The Financial Stability Board (FSB) published a letter intended for the G20 Finance Ministers and Central Bank Governors, highlighting the work that FSB will take forward under the Indian G20 Presidency in 2023
ISSB Standards May Become Effective from January 2024
The International Organization of Securities Commissions (IOSCO) welcomed the confirmation statement by the International Sustainability Standards Board (ISSB) setting out its progress in the development of its first sustainability-related corporate disclosure standards.