OSFI Guideline E-21 is the Office of the Superintendent of Financial Institutions' guideline on operational risk and resilience for federally regulated financial institutions in Canada. It sets expectations for how institutions withstand and recover from disruptions, including cyber incidents and third-party failures. It pushes firms to identify critical operations and set tolerances for disruption.
E-21 reframes the question from "can we prevent every incident?" to "can we keep critical operations running through a severe-but-plausible disruption?" Institutions must map critical operations, set tolerances, and test against them.
It applies to banks, insurers, and other federally regulated institutions, and its expectations flow down to the vendors that serve them. Selling into Canadian financial institutions increasingly means answering to E-21.
traztech delivers OSFI E-21 operational-resilience readiness for startups and growth-stage companies, led by a published CVE researcher.
Book a call