Overview

On April 21, 2023, the Office of the Superintendent of Financial Institutions (OSFI) released this framework to help identify areas where the financial sector could be vulnerable to sophisticated cyber-attack. The Intelligence Led Cyber Resilience Testing (I-CRT) framework outlines a methodology and serves as an implementation guide for federally regulated financial institutions (FRFIs) conducting I-CRT assessments. 

Under the I-CRT framework, OSFI provides guidance and oversight throughout the assessment, while FRFIs manage overall testing. Consistent with OSFI’s Guideline B-13 – Technology and Cyber Risk Management, OSFI expects FRFIs to have measures in place that create resilience against cyber attacks and disruptions. The I-CRT framework is a supervisory tool that supplements Guideline B-13 with I-CRT assessments that allow FRFIs to proactively identify and address issues with their cyber resilience.

The I-CRT framework currently applies to Canada’s systemically important banks (SIBs) and internationally active insurance groups (IAIGs). OSFI recommends that these institutions conduct an I-CRT assessment at least once during each three-year supervisory cycle, beginning in 2023.

Re­view  the press re­lease and the Framework  on OSFI's Web site.

Recent developments

Amendments under consideration

• None