Making it easier to report an IT risk incident

To help make it easier for regulated entities and individuals to inform FSRA of IT risk incidents, Ontario’s financial services regulator (FSRA) will allow the reporting of IT risk incidents online. In addition to notifying FSRA of the incident, supporting documents can be uploaded online in a safe and secure way. FSRA will maintain confidentiality of any incidents reported by regulated entities and individuals to the extent allowable by the law.

On April 1, 2024, FSRA’s Information Technology (IT) Risk Management Guidance came into effect. The guidance helps FSRA-regulated sectors and individuals effectively manage threats to their IT systems, infrastructure, and data.

As part of the guidance, regulated entities and individuals are expected to notify FSRA in the event of a material IT risk incident, such as a significant cyber break which disrupts operations or compromises consumer data.

Regulated entities must still comply with existing requirements related to IT risk and the protection of personal information, including the requirements of the Personal Information Protection and Electronic Documents Act (“PIPEDA”).

 Learn more:

• Report Sector IT Risk Incident
• Final Information Technology (IT) Risk Management Guidance
• Consultation feedback summary

FSRA continues to work on behalf of all stakeholders, including consumers, to ensure financial safety, fairness, and choice for everyone.   

Learn more at www.fsrao.ca.