top of page
  • Writer's pictureDeborah

On July 13, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of Guideline B-13, Technology and Cyber Risk Management(the “Guideline”).

First released in November 2021, the Guideline sets out OSFI expectations regarding the management of technology and cybersecurity risks by federally regulated financial institutions (FRFIs) (see our previous article here for more details).

While the Draft Guideline was divided into 5 domains that provide key components required for a robust technology and cyber risk management, notably (i) governance and risk management, (ii) technology operations, (iii) cyber security, (iv) third-party provider technology and (v) cyber risk and technology resilience; this final version is divided into three domains:

  • Governance and Risk Management which wets out OSFI’s expectations for the formal accountability, leadership, organizational structure and framework.

  • Technology Operations and Resilience – which sets out OSFI’s expectations for management and oversight of risks related to the design, implementation, management and recovery of technology assets and services.

  • Cyber Security – which sets out OSFI’s expectations for management and oversight of cyber risk.

The detailed provisions pertaining to third-party providers, including cloud service providers have been removed from the final version.

Guideline B-13 must be read in conjunction with other OSFI’s existing guidance and tools, including the revised Draft Guideline B-10: Third-Party Risk Management, the Technology and Cyber Security Incident Reporting Advisory and the Cyber Security Self-Assessment tool.

The Guideline will become effective on January 1, 2024.

Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page