OSFI published a discussion paper that focuses on risks arising from rapid technological advancement and digitalization. The discussion paper presents the recent work of OSFI on a wide range of risks in technology. The discussion paper addresses operational risk and resilience and data risk, with cyber security, advanced analytics (including artificial intelligence and machine learning), and use of third-party services (such as cloud computing) as the key focus areas. The paper shares preliminary direction of OSFI on the key focus areas and seeks stakeholder views to inform future prudential policy development. Stakeholders can provide feedback by December 15, 2020.
At this time, OSFI is not presenting any firm proposals and intends to follow this consultation process with one or more consultative documents. Through this paper, OSFI shares some of its thinking and recent work, inviting stakeholder feedback on a range of issues surrounding technology and related risks, including:
- Operational risk and resilience and the need for a holistic assessment of the overarching regulatory architecture for technology and other non-financial risks
- Understanding technology risk and the role of prudential regulators with respect to technology and data risk management
- Core principles to guide future regulatory guidance development in relation to three priority areas—cyber security, advanced analytics, and the technology third-party ecosystem
Data is foundational to each theme of this paper; thus, this paper includes a separate discussion on data risk management. Each thematic section presents the perspective of OSFI in the respective area and, where applicable, the existing regulatory guidance and supervisory work of OSFI. The Canadian regulator OSFI is interested in receiving stakeholder feedback based on questions posed in each section. The consultation supports a strategic objective of OSFI to ensure that federally regulated financial institutions and pension plans are better prepared to identify and develop resilience to non-financial risks, before these risks negatively affect the financial condition of institutions.
Comment Due Date: December 15, 2020
Keywords: Americas, Canada, Banking, Insurance, Technology Risk, Operational Risk, Cloud Computing, Third Party Risk, Fintech, Cyber Risk, Artificial Intelligence, OSFI
Previous ArticleNBB Issues Circular on Determining WAM Under Securitization Tranche
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.
The use cases of generative AI in the banking sector are evolving fast, with many institutions adopting the technology to enhance customer service and operational efficiency.
As part of the increasing regulatory focus on operational resilience, cyber risk stress testing is also becoming a crucial aspect of ensuring bank resilience in the face of cyber threats.
A few years down the road from the last global financial crisis, regulators are still issuing rules and monitoring banks to ensure that they comply with the regulations.
The European Commission (EC) recently issued an update informing that the European Council and the Parliament have endorsed the Banking Package implementing the final elements of Basel III standards
The Swiss Federal Council recently decided to further develop the Swiss Climate Scores, which it had first launched in June 2022.
The Basel Committee on Banking Supervision (BCBS) launched consultation on a Pillar 3 disclosure framework for climate-related financial risks, with the comment period ending on February 29, 2024.
The U.S. President Joe Biden signed an Executive Order, dated October 30, 2023, to ensure safe, secure, and trustworthy development and use of artificial intelligence (AI).
The Monetary Authority of Singapore (MAS) launched an integrated digital platform, Gprnt, also known as “Greenprint.”