OSFI Guideline B-13 sets expectations for how federally regulated financial institutions manage technology and cyber risk. If you’re a FRFI, or a fintech partnering with one, we help you assess your program against B-13 and build the governance, controls, and documentation examiners expect to see.
You get a clear, evidence-backed picture of where your technology and cyber risk program stands against B-13, and a roadmap to close the gaps, so a supervisory review finds a managed program, not surprises.
B-13 sets OSFI’s expectations for technology and cyber risk management at federally regulated financial institutions. If you are a FRFI, it applies directly; if you supply or partner with one, its expectations often flow to you contractually.
No. It is a supervisory guideline, not a pass/fail certification. The goal is a demonstrably managed technology and cyber risk program. We help you get there and document it so a review goes smoothly.
Yes. We can hand off a roadmap, or provide fractional CISO coverage to own governance, controls, and reporting on an ongoing basis.
It depends on the maturity of your current program and the size of your technology estate. We scope timelines qualitatively on a discovery call rather than promising a fixed date up front.
Book a free 30-minute call. We’ll tell you whether it fits, what it costs, and when we can start.
Book a call