The Financial Services Regulatory Authority of Ontario (FSRA) has released its final guidance on cybersecurity preparedness in an effort to better protect and prevent unauthorized access to sensitive client information in the mortgage brokering sector.
The guidance adopts the Mortgage Broker Regulators' Council of Canada's Cybersecurity Guidance which provides leading practices for preventing cyber incidents and appropriately responding to them when they occur.
In response to consultation feedback gathered in April and May, the council updated its guidance to emphasize flexibility in achieving outcomes. The revised guidance clarifies that businesses should identify cybersecurity preparedness practices appropriate for their size, operations and IT capabilities.
FSRA's 2021 annual information return shows that more than half of mortgage administrators and 40 per cent of mortgage brokerages already have policies, procedures and insurance in place to manage cybersecurity risks. However, FSRA wants to get more businesses in the sector focused on preventing or responding appropriately to cybersecurity incidents.
Mortgage brokerages and administrators have a legal obligation under federal law to ensure personal data collected is maintained securely and protected from personal loss, unauthorized access and data theft. They must also protect their clients' information in accordance with the council’s code of conduct.
The FSRA guidance is effective August 18, 2022.
