OSFI Consults on Technology and Cyber Risk Management Guideline
The Office of the Superintendent of Financial Institutions (OSFI) is consulting on the draft guideline B‑13 on technology and cyber risk management. The proposed guideline sets out expectations for sound technology and cyber risk management across five domains. Each domain is guided by a desired outcome and related technology-neutral principles that collectively contribute to operational resilience. The Annex to the consultation letter also sets out the feedback OSFI received as a result of the Fall 2020 discussion paper on technology and related risks. The comment period for this consultation ends on February 09, 2021.
The expectations outlined in the guideline aim to support federally regulated financial institutions in developing greater resilience to technology and cyber risks in the areas of—
- Governance and Risk Management: Covers expectations for the formal accountability, leadership, organizational structure, and framework used to support risk management and oversight of technology and cyber security
- Technology Operations: Sets expectations for management and oversight of risks related to the design, implementation and management of technology assets and services.
- Cyber Security: Covers expectations for management and oversight of cyber risk
- Third-Party Provider Technology and Cyber Risk: Expands on he existing OSFI guidance for outsourcing and third-party risk, to set expectations for institutions that engage with third-party providers to obtain technology and cyber services and/or other services that give rise to cyber and/or technology risk
- Technology Resilience: Sets expectations for capabilities to deliver technology services through operational disruption
Related Links
Comment Period: February 09, 2021
Keywords: Americas, Canada, Banking, Cyber Risk, Guideline B-13, Operational Resilience, Governance, Operational Risk, Regtech, OSFI
Previous Article
HM Treasury Issues Proposals on Future Regulatory Framework ReviewRelated Articles
EBA Launches Stress Tests for Banks, Issues Other Updates
The European Banking Authority (EBA) launched the 2023 European Union (EU)-wide stress test, published annual reports on minimum requirement for own funds and eligible liabilities (MREL) and high earners with data as of December 2021.
EBA Proposes Standards for IRRBB Reporting Under Basel Framework
The European Banking Authority (EBA) proposed implementing technical standards on the interest rate risk in the banking book (IRRBB) reporting requirements, with the comment period ending on May 02, 2023.
FED Issues Further Details on Pilot Climate Scenario Analysis Exercise
The U.S. Federal Reserve Board (FED) set out details of the pilot climate scenario analysis exercise to be conducted among the six largest U.S. bank holding companies.
US Agencies Issue Several Regulatory and Reporting Updates
The Board of Governors of the Federal Reserve System (FED) adopted the final rule on Adjustable Interest Rate (LIBOR) Act.
ECB Issues Multiple Reports and Regulatory Updates for Banks
The European Central Bank (ECB) published an updated list of supervised entities, a report on the supervision of less significant institutions (LSIs), a statement on macro-prudential policy.
HKMA Keeps List of D-SIBs Unchanged, Makes Other Announcements
The Hong Kong Monetary Authority (HKMA) published a circular on the prudential treatment of crypto-asset exposures, an update on the status of transition to new interest rate benchmarks.
EU Issues FAQs on Taxonomy Regulation, Rules Under CRD, FICOD and SFDR
The European Commission (EC) adopted the standards addressing supervisory reporting of risk concentrations and intra-group transactions, benchmarking of internal approaches, and authorization of credit institutions.
CBIRC Revises Measures on Corporate Governance Supervision
The China Banking and Insurance Regulatory Commission (CBIRC) issued rules to manage the risk of off-balance sheet business of commercial banks and rules on corporate governance of financial institutions.
HKMA Publications Address Sustainability Issues in Financial Sector
The Hong Kong Monetary Authority (HKMA) made announcements to address sustainability issues in the financial sector.
EBA Updates Address Basel and NPL Requirements for Banks
The European Banking Authority (EBA) published regulatory standards on identification of a group of connected clients (GCC) as well as updated the lists of identified financial conglomerates.