Canada’s banking regulator has released final guidelines on how it expects banks to protect themselves against foreign interference and other risks related to integrity and security.
The guidelines from the Office of the Superintendent of Financial Institutions come after the federal government expanded the regulator’s mandate last June to cover those areas, a move that has also led the regulator to increase its focus on money laundering prevention.
The formalized expectations cover everything from ensuring the “good character” of board members and senior leadership and conducting background checks on employees, to managing who has access to buildings, servers and other key infrastructure.
Tolga Yalkin, assistant superintendent of OSFI, said that while the guidelines overlap with many areas the regulator has already weighed in on, it’s also a fundamental change as it has comprehensively defined the concepts of integrity and security.
He said OSFI has set out new expectations around promoting a culture that underscores the importance of ethical behaviour, and around ensuring employees are protected from threats.
There are also clear guidelines on reporting to law enforcement any incidents or events that may relate to undue influence, foreign interference or malicious activity.
The need to report such incidents is in effect immediately, while banks have a year to comply with all of the new and expanded expectations.
Yalkin said it’s important to have these guidelines in place to fortify the system, and make it more rooted in integrity.
“The public’s confidence in the financial sector really does hinge on the integrity and security of, ultimately, the financial institutions that make it up.”