top of page
  • Writer's pictureDeborah

In its Discussion Paper: information Security Incident Reporting released on January 17, the British Columbia Financial Services Authority (BCSFA) is proposing to impose mandatory reporting requirements on financial institutions (i.e. credit unions, insurance and trust companies) that experience information security incidents.


The Information Security Incident Reporting Rule will be established under the Financial Institutions Act and will require financial institutions to report material IS incidents to the regulator in a timely and accurate manner.


An Information Security (IS) Incident being defined as an incident that would include an unauthorized, illegal, or accidental use, disclosure, access to, modifications, or destruction of personal information, business information, or data; and/or impairment of network systems.


The proposed reporting requirements cover among others:

  • The reporting criteria, with a focus on the reporting of material incidents (e.g. incidents that may or have adversely affected the operations of critical information systems or data).

  • Notification Requirement, with the requirement to notify as soon as possible and no later than 24 hours after the incident is identified.

The new Rule aims at ensuring that the BCFSA is aware of material IS incidents at financial institutions authorized to do business in the province and will enable the regulator to take the necessary actions (monitoring, analysis, information sharing…).


Stakeholders must submit their feedback by February 25, 2022 to policy@bcfsa.ca.

Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page