On January 1, 2024, Canada’s financial sector witnessed a significant stride towards enhanced technology and cyber risk management with the enforcement of the Office of the Superintendent of Financial Institutions’ (OSFI) new Guideline B-13. This guideline marks a pivotal shift in how federally regulated financial institutions (FRFIs) are expected to manage and mitigate technology and cyber risks, integrating it with other risk areas for comprehensive protection.
Understanding Guideline B-13
Guideline B-13 sets forth OSFI’s expectations on managing technology and cyber risk, defining it broadly to include any inadequacy or failure in technology assets that could disrupt operations or result from unauthorized access. By encompassing IT failures, data incidents, and cyber incidents, as well as risks from enabling processes and people, B-13 advocates for an enterprise-wide approach to technology risk management at both technical and governance levels. Furthermore, it emphasizes the importance of aligning these practices with other OSFI guidelines like B-10 (Third-Party Risk Management) and E-21 (Operational Risk…
