Information Security Guideline and Outsourcing Guideline

BCFSA has identified information security and outsourcing (also referred to as third party risk) as key risks currently facing regulated entities. In response, BCFSA has developed draft Guidelines to set out its expectations for mitigating these risks.

Given the connection between information security and outsourcing risks, BCFSA plans to hold separate consultations on both Guidelines over the same period of time. Following the release of the draft guidelines, BCFSA will undertake a 60-day consultation process that will include meeting with various stakeholder organizations and targeted sector representatives. Details regarding those meetings will be released along with the draft Guidelines. BCFSA values the feedback it receives during its consultations and, where appropriate, feedback will be used to amend and strengthen the guidelines. Feedback received during the consultation will also be summarized and BCFSA’s responses will be published on the BCFSA website.