Publication
International Restructuring Newswire
Welcome to the Q2 2024 edition of the Norton Rose Fulbright International Restructuring Newswire.
Canada | Publication | September 1, 2021
The Office of the Superintendent of Financial Institutions (OSFI) recently released an updated Technology and Cyber Security Incident Reporting Advisory and new requirements for the Cyber Security Self-Assessment (the Self-Assessment). Both updated guidance documents are effective immediately. The updates seek to clearly outline OSFI’s expectations for federally regulated financial institutions (FRFIs) when assessing their cybersecurity posture and reporting incidents.
To read part one of this update on the changes made to the advisory, click here. Part two of this update tackles OSFI’s Self-Assessment tool, which is seeing its first update since 2013. In particular, OSFI is enhancing its Self-Assessment to reflect the current cybersecurity risks associated with the digitization of financial services.
OSFI notes that the risk-rating levels are intended to help the FRFI gauge the maturity of its security controls. For each item, a control statement states a best practice, process, responsibility or other safeguard against which the FRFI should compare its internal processes.
With FRFIs accelerating digitization and digital transformation initiatives, the frequency, severity, and sophistication of cyber threats have increased, resulting in a higher risk of attack. OSFI’s objective is to ensure that, in part through the Self-Assessment, FRFIs understand their cybersecurity posture and implement any requirements or remedial actions to achieve (and maintain) the highest rating possible.
Although the Self-Assessment is not mandatory, FRFIs are encouraged to complete the assessment to gain a better understanding of their level of cyber preparedness. This in turn will allow FRFIs to develop and maintain their cyber security practices and be ready in the event of a cyber attack. That said, organizations should be prepared to share their self-assessment with OSFI and be able to effectively justify why they have selected a particular rating for a given category.
Furthermore, OSFI has announced forthcoming guidance that will supplement the Self-Assessment and be regularly refreshed. FRFIs should look out for future OSFI announcements to ensure their cyber security measures are up to date.
The authors wish to thank articling student Marisa Kwan for her help in preparing this legal update.
Publication
Welcome to the Q2 2024 edition of the Norton Rose Fulbright International Restructuring Newswire.
Publication
The Canadian Federal Budget 2024 proposes to broaden the scope of certain powers allowing CRA to request information from taxpayers, and sets out new consequences for non-compliant taxpayers.
Publication
The alternative minimum tax is an additional income tax imposed under the Income Tax Act on individuals and certain trusts who would otherwise be able to reduce their ordinary Canadian federal income tax through the use of certain deductions, exemptions or credits.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023