Read: 2023 Defined Benefit Investment Forum: How policy-makers, plan sponsors can manage, mitigate cybersecurity risks
Pension plans are particularly vulnerable to IT risk. They often hold significant assets and confidential member data, which can make them attractive targets for cyberattacks. Failures in a plan sponsor’s IT system increase the likelihood of a cyberattack occurring and can compromise a pension plan administrator’s ability to effectively manage the plan and pay out benefits.
Canadian pension regulators have begun to issue regulatory policy on this topic. In 2021, the British Columbia Financial Services Regulatory Authority released a guideline on information security for administrators of pension plans registered in B.C. The guideline identifies the BCFSA’s expectations with respect to how pension plan administrators monitor for and address risk, including integrating references to IT risk into the plan’s governance policy.
The guideline also provides that pension plan administrators must report “material incidents” to the BCFSA within 72 hours of the incident. Notably, plan administrators are responsible for determining whether an IT risk incident is…