CA · Framework

OSFI B-13 — OSFI Guideline B-13

Guideline B-13 sets expectations for the sound management of technology and cyber risk at Canadian federally regulated financial institutions, across three domains and seventeen principles.

What it is

Guideline B-13 sets expectations for the sound management of technology and cyber risk at Canadian federally regulated financial institutions, across three domains and seventeen principles.

Canada · Effective 1 January 2024

Who it binds

All federally regulated financial institutions in Canada, including foreign bank and insurance branches.

Key obligations

Technology and cyber governance and risk management
Resilient technology operations
Cyber security: secure-by-design, detection, response and recovery
Outcome-based reporting to the board

How CCI addresses it

DORA-MAST and CySSURANCE map the B-13 principles and compute resilience; the audit practice covers Canadian FRFIs.

DORA-MAST →

Official source

OSFI Guideline B-13, Technology and Cyber Risk Management

https://www.osfi-bsif.gc.ca/en/guidance/guidance-library/technology-cyber-risk-management

The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.

← All frameworks