Publication
UK Carbon Border Adjustment Mechanism: how will it work?
In February, we reported on the Department of Energy Security and Net Zero’s confirmation that a UK Carbon Border Adjustment Mechanism (CBAM) would be bought into force by 2027
Author:
Canada | Publication | August 23, 2021
On August 13, the Office of the Superintendent of Financial Institutions (OSFI) released an updated Technology and Cyber Security Incident Reporting Advisory (the Advisory) and new requirements for the Cyber Security Self-Assessment. These changes are both effective immediately. The updates aim to enhance OSFI’s awareness and response to technology and cyber security incidents at federally regulated financial institutions (FRFIs).
Part one of this update will discuss the changes in the Advisory, notably reducing the initial reporting period and broadening the notion of reportable incident. An upcoming part two will tackle the self-assessment tool provided by OSFI, which is seeing its first changes since 2013.
OSFI recommends FRFIs define priority and severity levels within the organization’s internal incident management framework. While it does not provide a model framework, the Advisory contains an updated list of characteristics indicative of a reportable incident, including but not limited to:
OSFI also provides examples of reportable incidents, which include cyber attacks, technology failure at data centers, third-party breaches and extortion threats. For incidents that do not contain these characteristics or fall into one of these scenarios, the FRFI is encouraged to consult its designated lead supervisor and notify OSFI as a precautionary measure.
OSFI’s Advisory highlights the importance of incident reporting by FRFIs when faced with a technology or cyber security incident. If faced with an incident, FRFIs should use this opportunity to update and strengthen their policies and procedures to ensure they and the industry at large are better equipped to proactively prevent such incidents from occurring in the future.
When an incident happens, the FRFI needs to keep in mind its reporting obligations. FRFIs must first report an incident to OSFI within 24 hours, and keep in mind the broader definition of what is now considered a reportable incident. This preliminary report should be done promptly via the form provided by OSFI.
FRFIs should also provide regular updates to OSFI on the incident as new information becomes available, as well as situation updates, which include any short- and long-term remediation actions and plans. Additionally, a post-incident review should be submitted to OSFI once an incident has been contained.
The authors wish to thank articling students Marisa Kwan and Roxanne Caron for their help in preparing this legal update.
Publication
In February, we reported on the Department of Energy Security and Net Zero’s confirmation that a UK Carbon Border Adjustment Mechanism (CBAM) would be bought into force by 2027
Publication
International financial markets have started to show significant interest in nature and biodiversity. Whilst climate change and greenhouse gas emissions have made the headlines in recent years, there has been much less focus on their equally important counterparts, nature and biodiversity. However, that has started to change.
Publication
In April 2024, the UK Government published details of its sustainable aviation fuel mandate (the UK SAF Mandate) and launched a consultation on proposals for a revenue certainty mechanism to support UK sustainable aviation fuel (SAF) production.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023