FSRA releases final guidance on managing IT risks

FSRA releases final guidance on managing IT risks | Insurance Business Canada

Insurance News

Regulator releases final guidance on managing IT risks

Insurance News

By
Mika Pangilinan

Ontario’s financial services regulator has released its final guidance document on managing information technology (IT) risks.

The Financial Services Regulatory Authority of Ontario (FSRA) said the guidance was developed with the goal of equipping regulated sectors and individuals with tools to navigate and mitigate risks to their IT systems, infrastructure, and sensitive data.

The guidance also specifies a reporting process in the event of IT risk incidents and sector-specific requirements tailored to credit unions, caisses populaires, Ontario-incorporated insurance companies and reciprocals, and pension plan administrators.

The changes it made per this feedback include updating the IT incident reporting timeframe to “as soon as feasible, which would normally fall within the 48 to 72 hours range.”

The regulator also introduced more flexibility in reporting material incidents, providing the option to use a secure portal.

FSRA recently held a public consultation on its proposed statement of priorities and budget for 2024-2025, which included a plan to modernize its systems and processes and strategies to support reform and new regulations.

Prior to soliciting feedback for 2024-2025, FSRA hinted at plans to introduce a new regulatory framework for distribution networks. It said it wanted to address issues related to agent recruitment, training, and conduct that were highlighted in two compliance reports covering “troubling” business practices in the life insurance sector.

What are your thoughts on this story? Feel free to comment below.