OSFI has set out the schedule for release of draft guidance on the management of technology risks by federally regulated financial institutions and private pension plans. This follows an OSFI discussion paper on a range of technology risk areas such as cyber security, advanced analytics, and third-party technology ecosystem. The feedback period on the paper ended on December 15, 2020, with respondents expressing broad support for emerging principles-based and technology-neutral perspectives on technology risk management.
In the feedback, the respondents indicated that OSFI should first leverage its existing guidance and align any additional guidance with existing international and information technology standards. In light of the feedback received on the discussion paper, OSFI plans to release draft guidance and industry letters as per the following schedule:
- OSFI plans to publish an industry letter on operational resilience and a new draft guideline on technology and cyber risk in the third and fourth quarters of 2021, respectively.
- In the first quarter of 2022, OSFI plans to publish a draft of the revised guideline on third-party risk and an industry letter on advanced analytics and model risk.
- In 2022-23, OSFI plans to publish the revised Guideline E-21 on operational risk management and the revised guidance on model risk.
Keywords: Americas, Canada, Banking, Insurance, Technology Risk, Operational Risk, Operational Resilience, Third-Party Risk, Cyber Risk, Regtech, OSFI
Next ArticleEBA Publishes Phase 1 of Reporting Framework 3.1
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.
The use cases of generative AI in the banking sector are evolving fast, with many institutions adopting the technology to enhance customer service and operational efficiency.
As part of the increasing regulatory focus on operational resilience, cyber risk stress testing is also becoming a crucial aspect of ensuring bank resilience in the face of cyber threats.
A few years down the road from the last global financial crisis, regulators are still issuing rules and monitoring banks to ensure that they comply with the regulations.
The European Commission (EC) recently issued an update informing that the European Council and the Parliament have endorsed the Banking Package implementing the final elements of Basel III standards
The Swiss Federal Council recently decided to further develop the Swiss Climate Scores, which it had first launched in June 2022.