OSFI releases new cyber rules for insurers
The Office of the Superintendent of Financial Institutions (OSFI) has implemented regulatory reporting requirements on technology and cybersecurity incidents for insurers. OSFI’s Advisory on Technology and Cybersecurity Incident Reporting mandates that federally regulated financial institutions (FRFI) which include insurance (life and P&C), federally incorporated trust and loan companies, as well as banks must report “high or critical severity” technology or cybersecurity incidents to the OSFI.