top of page
  • Writer's pictureDeborah

On July 13, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of Guideline B-13, Technology and Cyber Risk Management(the “Guideline”).

First released in November 2021, the Guideline sets out OSFI expectations regarding the management of technology and cybersecurity risks by federally regulated financial institutions (FRFIs) (see our previous article here for more details).

While the Draft Guideline was divided into 5 domains that provide key components required for a robust technology and cyber risk management, notably (i) governance and risk management, (ii) technology operations, (iii) cyber security, (iv) third-party provider technology and (v) cyber risk and technology resilience; this final version is divided into three domains:

  • Governance and Risk Management which wets out OSFI’s expectations for the formal accountability, leadership, organizational structure and framework.

  • Technology Operations and Resilience – which sets out OSFI’s expectations for management and oversight of risks related to the design, implementation, management and recovery of technology assets and services.

  • Cyber Security – which sets out OSFI’s expectations for management and oversight of cyber risk.

The detailed provisions pertaining to third-party providers, including cloud service providers have been removed from the final version.

Guideline B-13 must be read in conjunction with other OSFI’s existing guidance and tools, including the revised Draft Guideline B-10: Third-Party Risk Management, the Technology and Cyber Security Incident Reporting Advisory and the Cyber Security Self-Assessment tool.

The Guideline will become effective on January 1, 2024.

Recent Posts

See All

Product Corner - VAs : Quèsaco

Virtual Assets (VAs) or crypto assets refer to : “any digital representation of value that can be digitally traded, transferred or used for payment. It does not include digital representation of fiat

Upcoming Regulatory Deadlines to Watch

10 Aug 2023 - Deadline to submit comments to FCA Guidance Consultation (GC23/1) on crypto asset financial promotions. 5 Sep 2023 - Effective date of SEC Cybersecurity Risk Management, Strategy, Govern


bottom of page