For Federally Regulated Financial Institutions (FRFIs) in Canada, the new year has brought new requirements. Guideline B-13 on Technology and Cyber Risk Management, published by the Office of the Superintendent of Financial Institutions (OSFI), took effect on January 1, 2024.
The new Guideline comes as no surprise to FRFIs. Many organizations have been preparing for B-13 since the final version was released on July 13, 2022. Much of the guidance consists of long-established, industry leading practices. To ensure adherence, OSFI has strongly encouraged FRFIs to self-assess their current posture against the Guideline and be ready to provide a holistic risk-based assessment of how they meet the B-13 outcomes.
As FRFIs readied themselves for B-13, many non-financial risks intensified in the Canadian financial landscape: cyber-attacks increased in sophistication and severity, technology-driven disruptions and the digitization of money put more pressure on financial business models and operations, and the increased reliance on third-party providers has given rise to new concentration risks.1
As FRFIs prepared for B-13 to take effect, KPMG in Canada launched an industry survey to…
