In July of this year, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of its Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need to ensure that they have taken steps to comply with the requirements of the Guideline prior to it coming into effect on January 1, 2024.   

In our previous publication regarding this Guideline, we discussed key themes and practical tips addressed in the Guideline’s first two categories, namely (i) Governance and Risk Management; and (ii) Technology Operations and Resilience.  In this update, we will be taking a closer look at some of the key requirements set out in the Guideline concerning incident and problem management, disaster recovery and cybersecurity.

In this update we discuss the following:

  • Identification and evaluation of cybersecurity weaknesses
  • Implementing an enterprise disaster recovery program
  • Preventative cybersecurity controls
  • Continuous learning and improvement

Read full update here