FSRA releases final guidance on managing IT risks

Regulator releases final guidance on managing IT risks

FSRA releases final guidance on managing IT risks

Insurance News

By Mika Pangilinan

Ontario’s financial services regulator has released its final guidance document on managing information technology (IT) risks.

The Financial Services Regulatory Authority of Ontario (FSRA) said the guidance was developed with the goal of equipping regulated sectors and individuals with tools to navigate and mitigate risks to their IT systems, infrastructure, and sensitive data.

The guidance includes best practices aimed at bolstering effective management of IT risks. These practices cover the areas of governance, risk management, data management, outsourcing, incident preparedness, continuity and resiliency, and the notification of material IT risk incidents.

The guidance also specifies a reporting process in the event of IT risk incidents and sector-specific requirements tailored to credit unions, caisses populaires, Ontario-incorporated insurance companies and reciprocals, and pension plan administrators.

The FSRA also noted that it incorporated the feedback it had gathered for an earlier version of the IT risk management guidance.

The changes it made per this feedback include updating the IT incident reporting timeframe to “as soon as feasible, which would normally fall within the 48 to 72 hours range.”

The regulator also introduced more flexibility in reporting material incidents, providing the option to use a secure portal.

FSRA recently held a public consultation on its proposed statement of priorities and budget for 2024-2025, which included a plan to modernize its systems and processes and strategies to support reform and new regulations.

Prior to soliciting feedback for 2024-2025, FSRA hinted at plans to introduce a new regulatory framework for distribution networks. It said it wanted to address issues related to agent recruitment, training, and conduct that were highlighted in two compliance reports covering “troubling” business practices in the life insurance sector.

What are your thoughts on this story? Feel free to comment below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!