Tag: OSFI

OSFI sets sights on cyber security threats with release of guidanceOSFI sets sights on cyber security threats with release of guidance



Earlier today, the Office of the Superintendent of Financial Institutions Canada (OSFI) issued Cyber Security Self-Assessment Guidance.  The guidance follows on the heels of the release of the U.S. National Institute of Standards and Technology’s (NIST) Preliminary Cybersecurity Framework earlier this month, revelations of billions of dollars lost by cyber crime, and the continuing disclosures about surveillance by the NSA and others.

OSFI described the need for the guidance and how it expects federally regulated financial institutions (FRFIs) to use it as follows:

The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile for many organizations around the world.

Contracting for a cloud computing deal?Contracting for a cloud computing deal?



Cloud computing is on the mind of many CIO’s these days. Its also on the mind of lawyers. Lawyers know contracting for cloud services can be difficult given the potential risks associated with these services. For regulated entities like Canadian financial institutions, a material public cloud transaction also poses serious OSFI compliance challenges. The standard form contracts of many cloud providers also contributes to the difficulties. For a survey of these terms, see Simon Bradshaw et al Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services.

B-10 Outsourcing Guideline applies to cloud computing says OSFIB-10 Outsourcing Guideline applies to cloud computing says OSFI



Yesterday, OSFI released a memorandum reminding financial institutions that its outsourcing B-10 Guideline applies to new technology-based outsourcing arrangements including cloud computing. In the short memorandum, OSFI stated the following:

Information technology plays a very important role in the financial services business and OSFI recognizes the opportunities and benefits that new technology-based services such as Cloud  Computing can bring; however, FRFIs should also recognize the unique features of such services and duly consider the associated risks.

As such, and in light of the proliferation of new technology-based outsourcing services, OSFI is reminding all FRFIs that the expectations contained in Guideline B-10 remain current and continue to apply in respect of such services.