Better protecting consumers against harmful IT risks: FSRA
FSRA releases final IT Risk Management Guidance
Toronto, ON (Nov. 8, 2023) – The Financial Services Regulatory Authority of Ontario (FSRA) is pleased to announce it is taking active steps to further protect consumers and their data against harmful IT risks, such as cyber threats, with the release of the final Information Technology (IT) Risk Management Guidance, following robust consultation.
The Guidance will help FSRA-regulated sectors and individuals effectively manage threats to their IT systems, infrastructure and data.
The Guidance includes:
- Seven practices for effective IT risk management
- A process to notify FSRA in the event of an IT risk incident
- Sector-specific requirements for credit unions and caisses populaires, Ontario-incorporated insurance companies and reciprocals, and pension plan administrators
Regulated entities must still comply with existing requirements related to IT risk and the protection of personal information, including the requirements of the Personal Information Protection and Electronic Documents Act (“PIPEDA”).
In response to the feedback gathered from January 23 to March 31, 2023, FSRA amended the proposed guidance as identified in the consultation summary. Some changes include:
- The effective date of the Guidance has been changed from June 2023 to April 1, 2024
- The IT incident reporting timeframe has been updated to “as soon as feasible, which would normally fall within the 48 to 72 hours range”
- More flexibility to inform FSRA in the event of a material incident, including using a secure portal
FSRA thanks all stakeholders for their comments and feedback. The final Guidance and summary of feedback are now available on FSRA’s website.
FSRA continues to work on behalf of all stakeholders, including consumers, to ensure financial safety, fairness, and choice for everyone.
About FSRA
FSRA is an independent regulatory agency created to improve consumer and pension plan beneficiary protections in Ontario.
FSRA was established to replace the Financial Services Commission of Ontario (FSCO) and the Deposit Insurance Corporation of Ontario (DICO). The agency is flexible, self-funded and designed to respond rapidly to an evolving commercial and consumer environment. In this capacity, FSRA will:
- Promote high standards of business conduct;
- Foster a sustainable, competitive financial services sector;
- Respond to market changes quickly;
- Promote good administration of insurance and pension plans; and
- Encourage innovation.
Learn more about FSRA and our approach to achieving safety, fairness and choice in non-securities financial services at www.fsrao.ca.
SOURCE: Financial Services Regulatory Authority of Ontario (FSRA)