OFSI Publishes Draft Guidelines on Technology and Cyber Risk Management
OFSI | Nov 11, 2021
Purpose and Scope
This Guideline establishes OSFI’s expectations related to technology and cyber risk management and applies to all federally regulated financial institutions (FRFIs). These expectations aim to support FRFIs in developing greater resilience to technology and cyber risks.
See: Decentralized Finance—Risks, Regulation, and the Road Ahead
FRFIs should implement the expectations in this Guideline commensurate with its size; the nature, scope and complexity of its operations; and risk profile. OSFI’s expectations are technology-neutral, anticipating the need for FRFIs to compete effectively and take full advantage of digital innovation while maintaining a sound technology posture.
Structure
A.2.1 This Guideline is organized into five domains. Each sets out key components of sound technology and cyber risk management.
- Governance and Risk Management – Sets OSFI’s expectations for the formal accountability, leadership, organizational structure and framework used to support risk management and oversight of technology and cyber security.
- Technology Operations – Sets OSFI’s expectations for management and oversight of risks related to the design, implementation and management of technology assets and services.
- Cyber Security – Sets OSFI’s expectations for management and oversight of cyber risk.
- Third-Party Provider Technology and Cyber Risk – Expanding on OSFI’s existing guidance for outsourcing and third-party risk, sets expectations for FRFIs that engage with third-party providers to obtain technology and cyber services and/or other services that give rise to cyber and/or technology risk.
- Technology Resilience – Sets OSFI’s expectations for capabilities to deliver technology services through operational disruption.
See: Cyber Risk is the New Threat to Financial Stability
Desired outcomes
- Technology and cyber risks are governed through clear accountabilities and structures, and comprehensive strategies and frameworks.
- A technology environment that is stable, scalable and resilient. The environment is kept current and supported by robust and sustainable technology operating processes.
- A secure technology posture that maintains the confidentiality, integrity and availability of the FRFI’s technology assets.
- Reliable and secure technology and cyber operations from third-party providers.
- Technology services are delivered, as expected, through disruption.
Continue to the full article –> here
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada’s Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
Related Posts
- &
- 11
- ADvantage
- affiliates
- All
- article
- Assets
- availability
- blockchain
- cache
- Canada
- community
- Crowdfunding
- crypto
- cryptocurrency
- Current
- cyber
- cyber risk
- cyber security
- decentralized
- Design
- digital
- Digital Assets
- Disruption
- domains
- ecosystem
- Education
- Environment
- expanding
- finance
- financial
- Financial institutions
- fintech
- Framework
- fraud
- full
- funding
- Global
- Government
- guidelines
- hack
- HTTPS
- industry
- information
- Innovation
- innovative
- institutions
- Insurtech
- Intelligence
- investment
- issues
- Key
- Leadership
- management
- Market
- Members
- networking
- operating
- Operations
- opportunities
- Other
- Outsourcing
- partners
- payments
- Profile
- projects
- Regtech
- Regulation
- Risk
- risk management
- Sectors
- security
- Services
- Size
- Stability
- support
- Supported
- sustainable
- tech
- Technology
- Tokens
- works
