On September 15, the Office of the Superintendent of Financial Institutions (OSFI) published Developing Financial Sector Resilience in a Digital World: Selected Themes in Technology and Related Risks (Discussion Paper) for comment. Although OSFI’s mandate concerns federally regulated financial institutions, we believe that the Discussion Paper’s themes are relevant to the wider financial services sector including securities dealers, advisers and investment fund managers. Among other things, the Discussion Paper discusses the evaluation of technology risks in light of supervisory trends that are shifting from process-based, operational risk management (ORM) to more holistic and outcome-oriented operational resilience. OSFI then proposes three sets of core principles focusing on:
- Cyber-security (principles relating to confidentiality, availability, and integrity);
- Advanced analytics (principles relating to soundness, explainability and, and accountability); and
- The third-party ecosystem (principles relating to transparency, reliability, and substitutability).
The Discussion Paper includes references to OSFI standards as well as research, standards and proposals published by international organizations such as the Financial Stability Board and therefore represents a useful compilation of research and standards in this field.
September 30, 2020