Consequential amendments to Guidelines B-10 and B-13 related to foreign branches
Information
Table of contents
Today, the Office of the Superintendent of Financial Institutions (OSFI) is publishing changes to Guideline B-10: Third-Party Risk Management and Guideline B-13: Technology and Cyber Risk Management. These changes clarify how those guidelines apply to foreign bank branches and foreign insurance company branches. They result from the release of the Integrity and Security Guideline on January 31, 2024.
Foreign bank branches and foreign insurance company branches are vulnerable to non-financial risks and events that could affect their ability to meet requirements and expectations. Their operations can be disrupted, and their data can be lost, stolen, or corrupted.
We’ve amended Guideline B-10 to clarify that it applies to foreign bank branches and foreign insurance company branches to the extent it is consistent with applicable requirements and legal obligations related to the branch’s business in Canada.
Branches have until March 31, 2025, to adhere to Guideline B-10 in the manner set out above. We expect third-party arrangements starting on or after that date will adhere to Guideline B-10. Third-party arrangements entered-into before that date should be reviewed and updated at the earliest opportunity so that they adhere to Guideline B-10 by March 31, 2025, or as soon as possible thereafter.
We’ve also amended Guideline B-13 with the same clarification for branch operations in Canada. This clarification does not change the guideline’s practical application to branches. Branches should already adhere to Guideline B-13.