Consultation on Information Security Extraprovincial Insurance Corporations and Extraprovincial Trust Corporations

BCFSA safeguards confidence and stability in B.C.’s financial sector through consumer protection while also allowing the financial sector to take reasonable risks and compete effectively.

With the growing adoption of digital technology in the financial services sector, B.C.’s citizens and its economy are increasingly exposed to the risk of information security incidents that could compromise critical services or sensitive information.

Given the important role that BCFSA plays to oversee financial institutions’ management of these risks, BCFSA has launched a public consultation requesting feedback from extraprovincial insurance and trust companies and industry stakeholders on a proposed Information Security Incident Reporting Guideline for Extraprovincial Insurance Corporations and Extraprovincial Trust Corporations.

The Information Security Incident Reporting Guideline for Extraprovincial Insurance Corporations and Extraprovincial Trust Corporations outlines expectations regarding the reporting of material information security incidents by insurance and trust companies incorporated in other provinces, and federally regulated insurance and trust companies that are authorized to conduct business in B.C.

Consultation Timeline

• Phase 1: Pre-Engagement
  (May – June 2024)
• Phase 2: Public Consultation
  (June — August 2024)
• Phase 3: Implementation
  (2025)

Phase 2: Public Consultation

BCFSA invites stakeholder input from extraprovincial insurance corporations and extraprovincial trust corporations, industry stakeholders and the public from June 17, 2024 to August 17, 2024.

• Proposed Guideline on Information Security Incident Reporting Guideline for Extraprovincial Insurance Corporations and Extraprovincial Trust Corporations
• Consultation Feedback Form

Responses and comments received during the consultation will be reviewed by BCFSA and will inform the final version of the guideline.

BCFSA values the feedback it receives during consultations and will treat submissions as confidential records and will not publish individual submissions or attribute content. However, please note that all submissions are subject to the Freedom of Information and Protection of Privacy Act.

Phase 1: Pre-Engagement

BCFSA has engaged with industry stakeholders to request feedback on specific policy issues related to the reporting of information security incidents to the regulator while harmonizing with other regulators to the extent possible.