OSFI addresses non-financial risks for financial system resiliency
News release - Ottawa -
Today, the Office of the Superintendent of Financial Institutions (OSFI) released two draft guidelines:
-
An Integrity and Security Guideline, which sets expectations for the integrity and security of financial institutions, including protection against foreign interference.
-
An enhanced Guideline E-21 on Operational Resilience and Operational Risk Management, which sets out expectations for operational resilience and operational risk.
The draft Integrity and Security Guideline provides clarity on what integrity and security entail for financial institutions, how they relate to one another, and where they are already reflected in our current guidelines. It also signals new expectations in risk areas not covered in our existing guidelines. There will be a six-week public consultation on this draft Guideline. Input can be sent to IS@osfi-bsif.gc.ca until November 24, 2023.
Enhanced Guideline E-21 sets expectations for operational resilience. It modernizes OSFI’s guidance on operational risk management, including new expectations for business continuity management, crisis management, change management, and data risk management. It builds on the consultation we held in 2021 and supports Guideline B-13, Technology and Cyber Risk Management and Guideline B-10, Third-Party Risk Management. There will be a four-month public consultation on this enhanced guideline. Input can be sent to resilience@osfi-bsif.gc.ca until February 5, 2024.
These two consultations are being announced at the same time given that operational resilience and operational risk management contribute to the integrity and security of financial institutions.
“Public confidence in financial institutions depends, not only on sound financial management, but also their integrity and security. These guidelines represent an incremental but critical step in clarifying our expectations of them. We hope they help financial institutions identify how to be more secure and more resilient.”
- Peter Routledge, Superintendent of Financial Institutions
Quick facts
Guideline E-21
- Guideline E-21 first came into effect in June 2016.
Draft Integrity and Security Guideline
- New legislation (C-47) expanded OSFI’s mandate upon receiving Royal Assent on June 22, 2023. The OSFI-related amendments in Bill C-47 complement our existing purpose, which is to contribute to public confidence in the Canadian financial system.
- Following the public consultation period, OSFI will assess the comments and feedback received before issuing a final Integrity and Security Guideline by end of January, 2024.