Better protecting consumers against harmful IT risks: FSRA

FSRA releases final IT Risk Management Guidance

Toronto, ON (Nov. 8, 2023) – The Financial Services Regulatory Authority of Ontario (FSRA) is pleased to announce it is taking active steps to further protect consumers and their data against harmful IT risks, such as cyber threats, with the release of the final Information Technology (IT) Risk Management Guidance, following robust consultation.

The Guidance will help FSRA-regulated sectors and individuals effectively manage threats to their IT systems, infrastructure and data.

The Guidance includes:

  • Seven practices for effective IT risk management
  • A process to notify FSRA in the event of an IT risk incident
  • Sector-specific requirements for credit unions and caisses populaires, Ontario-incorporated insurance companies and reciprocals, and pension plan administrators

Regulated entities must still comply with existing requirements related to IT risk and the protection of personal information, including the requirements of the Personal Information Protection and Electronic Documents Act (“PIPEDA”).

In response to the feedback gathered from January 23 to March 31, 2023, FSRA amended the proposed guidance as identified in the consultation summary. Some changes include:

  • The effective date of the Guidance has been changed from June 2023 to April 1, 2024
  • The IT incident reporting timeframe has been updated to “as soon as feasible, which would normally fall within the 48 to 72 hours range”
  • More flexibility to inform FSRA in the event of a material incident, including using a secure portal

FSRA thanks all stakeholders for their comments and feedback. The final Guidance and summary of feedback are now available on FSRA’s website.

Learn More

FSRA continues to work on behalf of all stakeholders, including consumers, to ensure financial safety, fairness, and choice for everyone.

About FSRA

FSRA is an independent regulatory agency created to improve consumer and pension plan beneficiary protections in Ontario.

FSRA was established to replace the Financial Services Commission of Ontario (FSCO) and the Deposit Insurance Corporation of Ontario (DICO). The agency is flexible, self-funded and designed to respond rapidly to an evolving commercial and consumer environment. In this capacity, FSRA will:

  • Promote high standards of business conduct;
  • Foster a sustainable, competitive financial services sector;
  • Respond to market changes quickly;
  • Promote good administration of insurance and pension plans; and
  • Encourage innovation.

Learn more about FSRA and our approach to achieving safety, fairness and choice in non-securities financial services at

SOURCE: Financial Services Regulatory Authority of Ontario (FSRA)