On July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI) announced the final version of its new Guideline B-13 – Technology and Cyber Risk Management. The Guideline establishes OSFI’s expectations for how federally regulated financial institutions (FRFIs) manage technology and cyber risks. Many FRFIs will be required to make substantial changes to their information technology and cybersecurity policies, practices and procedures before the Guideline comes into effect on January 1, 2024. The Guideline is also an important summary of best practices for other kinds of organizations.
OSFI and cybersecurity
OSFI is an independent agency of the Government of Canada that regulates and supervises FRFIs, including banks, federally incorporated or registered trust and loan companies, insurance companies, and pension plans subject to federal oversight. Over the years, OSFI has emphasized the importance of cybersecurity and issued guidance and requirements to help FRFIs implement policies and practices to manage cyber risks and effectively respond to cyber incidents, including OSFI’s Cyber Security Self-Assessment (issued in 2013 and updated in 2021)…
