OSFI to Amend Guideline on Technology and Cyber Risk Management
The Office of the Superintendent of Financial Institutions (OSFI) published, in the form of a letter, its response to the feedback received on the draft Guideline B-13 on technology and cyber risk management. The response explains the changes made to the guideline as a result of the comments received and informs that the final guideline will be published in the coming weeks.
The Guideline B-13 on technology and cyber risk management will be applicable to all federally regulated financial institutions. The final guideline should be read from a risk-based perspective that allows federally regulated financial institutions to compete effectively and take full advantage of digital innovation, while maintaining sound technology risk management. OSFI received feedback from interested stakeholders during the three-month consultation on draft Guideline B-13 and implemented the following changes to the final Guideline B-13:
- OSFI removed several expectations and examples that were overly prescriptive in some areas and included fewer prescriptive expectations and examples, with added emphasis on approaching Guideline B-13 from a risk-based perspective.
- OSFI streamlined the final Guideline B-13 to focus on three core domains, instead of the earlier five domains: Governance and Risk Management, Technology Operations and Resilience, and Cyber Security. OSFI achieved this by moving third-party expectations to the revised draft Guideline B-10 (Third Party Risk Management) and by consolidating and streamlining Technology Operations and Resilience domain.
- OSFI clarified the definitions in final Guideline B-13 by advancing a single definition of “technology risk” that includes cyber risk. OSFI also noted that the Guideline B-13 definitions were informed by recognized standard-setting bodies.
- Respondents had identified expectations that were overlapping and confusing in some areas and OSFI clarified these in the final Guideline B-13, in addition to removing or consolidating expectations, where appropriate.
Related Link: Letter
Keywords: Americas, Canada, Banking, Insurance, Securities, Guideline B-13, Cyber Risk, Technology Risk, Regtech, Operational Resilience, OSFI
Related Articles
FINMA Approves Merger of Credit Suisse and UBS
The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.
BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks
The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.
OSFI Finalizes on Climate Risk Guideline, Issues Other Updates
The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.
APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.
BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending
BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.
HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks
The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.
MFSA Sets Out Supervisory Priorities, Issues Reporting Updates
The Malta Financial Services Authority (MFSA) outlined its supervisory priorities for 2023
German Regulators Issue Multiple Reporting Updates for Banks
Deutsche Bundesbank published the nationally deactivated validation rules for the German Commercial Code (HGB) users on the taxonomy 3.2, which became valid from December 31, 2022
BCBS Report Examines Impact of Basel III Framework for Banks
The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.
PRA Consults on Prudential Rules for "Simpler-Regime" Firms
Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.