OSFI Updates on Cyber Security Incident Reporting

  • November 14, 2021
  • Elif Babaoglu

The Office of the Superintendent of Financial Institutions (OSFI) is an independent agency of the Government of Canada that contributes to the safety and soundness of the Canadian Financial system by regulating and monitoring federally regulated financial institutions (FRFIs), such as federally registered banks and insurers, trust and loan companies, as well as private pension plans subject to federal oversight. Recently, OSFI released updated requirements regarding the cyber security incident reporting requirements expected of FRFIs.

The updated Technology and Cyber Security Incident Reporting Advisory (the “Advisory”) applies to all FRFIs and provides guidance on reporting requirements with regards to technology and cyber incidents, such as “cyber-attacks, extortion threats, third-party outages and data breaches.” The Advisory defines a technology or cyber security incident as “an incident that has an impact, or the potential to have an impact on the operations of a FRFI, including its confidentiality, integrity or the availability of its systems and information.”