Posts Tagged ‘OSFI’

OSFI sets sights on cyber security threats with release of guidance

October 28th, 2013

Earlier today, the Office of the Superintendent of Financial Institutions Canada (OSFI) issued Cyber Security Self-Assessment Guidance.  The guidance follows on the heels of the release of the U.S. National Institute of Standards and Technology’s (NIST) Preliminary Cybersecurity Framework earlier this month, revelations of billions of dollars lost by cyber crime, and the continuing disclosures about surveillance by the NSA and others.

OSFI described the need for the guidance and how it expects federally regulated financial institutions (FRFIs) to use it as follows:

Contracting for a cloud computing deal?

May 23rd, 2012

Cloud computing is on the mind of many CIO’s these days. Its also on the mind of lawyers. Lawyers know contracting for cloud services can be difficult given the potential risks associated with these services. For regulated entities like Canadian financial institutions, a material public cloud transaction also poses serious OSFI compliance challenges. The standard form contracts of many cloud providers also contributes to the difficulties. For a survey of these terms, see Simon Bradshaw et al Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services.

B-10 Outsourcing Guideline applies to cloud computing says OSFI

March 1st, 2012

Yesterday, OSFI released a memorandum reminding financial institutions that its outsourcing B-10 Guideline applies to new technology-based outsourcing arrangements including cloud computing. In the short memorandum, OSFI stated the following:

Information technology plays a very important role in the financial services business and OSFI recognizes the opportunities and benefits that new technology-based services such as Cloud  Computing can bring; however, FRFIs should also recognize the unique features of such services and duly consider the associated risks.