Â鶹ÊÓƵ

Skip to content

Banking regulator launches consultations on tech and cyber risk guidelines

OTTAWA — Canada's banking regulator says it is launching consultations on proposed guidelines for the management of technology and cyber risks in the industry.
20211109111120-618aa018f100accf8ece05a1jpeg

OTTAWA — Canada's banking regulator says it is launching consultations on proposed guidelines for the management of technology and cyber risks in the industry. 

The Office of the Superintendent of Financial Institution says the guidelines are meant to support banks and insurers in developing greater resiliency by outlining expectations in areas like accountability, risk identification, and disaster recovery. 

The guidelines come as recent ransomware attacks against Newfoundland and Labrador’s health system and the Toronto Transit Commission underline the potential cybersecurity threats posed to a wide variety of institutions. 

The cybersecurity aspect of the proposed guidelines include a range of expectations including the need to identify risks, conduct threat modelling, adopt secure-by-design practices, and integrate incident response capabilities. 

OFSI's draft guidelines build on several related guidelines such as ones on operational risk management and outsourcing, as well as recently updated requirements on cyber incident reporting.

The regulator says it will conduct consultations for three months as it looks to formalize guidelines that strike a balance between risk management and allowing financial institutions to compete.

This report by The Canadian Press was first published Nov. 9, 2021.

The Canadian Press

push icon
Be the first to read breaking stories. Enable push notifications on your device. Disable anytime.
No thanks