Deadline-driven readiness

OSFI B-13 Readiness

OSFI Guideline B-13 sets expectations for how federally regulated financial institutions manage technology and cyber risk. If you’re a FRFI, or a fintech partnering with one, we help you assess your program against B-13 and build the governance, controls, and documentation examiners expect to see.

Book a discovery call See pricing & SKUs

Built for teams that...

  • Canadian federally regulated financial institutions (FRFIs)
  • Fintechs and processors whose bank partners push B-13 expectations down to them
  • Risk and technology leaders preparing for a supervisory review
  • Teams that need a fractional security leader to own the program

What we do

  • Assessment of your technology and cyber risk program against OSFI Guideline B-13 domains
  • Review of governance, risk management, technology operations, cyber resilience, and third-party risk
  • Gap analysis with a prioritized, risk-ranked remediation roadmap
  • Support standing up the policies, standards, and control evidence the guideline expects
  • Optional fractional CISO coverage to own and run the program over time

What you walk away with

You get a clear, evidence-backed picture of where your technology and cyber risk program stands against B-13, and a roadmap to close the gaps, so a supervisory review finds a managed program, not surprises.

Explore related work

Frequently asked questions

Who does OSFI B-13 apply to?

B-13 sets OSFI’s expectations for technology and cyber risk management at federally regulated financial institutions. If you are a FRFI, it applies directly; if you supply or partner with one, its expectations often flow to you contractually.

Is B-13 a certification we pass?

No. It is a supervisory guideline, not a pass/fail certification. The goal is a demonstrably managed technology and cyber risk program. We help you get there and document it so a review goes smoothly.

Can you run the program, not just assess it?

Yes. We can hand off a roadmap, or provide fractional CISO coverage to own governance, controls, and reporting on an ongoing basis.

How long does readiness take?

It depends on the maturity of your current program and the size of your technology estate. We scope timelines qualitatively on a discovery call rather than promising a fixed date up front.

OSFI B-13 Readiness, on your timeline

Book a free 30-minute call. We’ll tell you whether it fits, what it costs, and when we can start.

Book a call