Regulatory Alerts2023-04-01
OSFI’s Intelligence-led Cyber Resilience Testing (I-CRT) Framework
The Office of the Superintendent of Financial Institutions (OSFI) has introduced its Intelligence-led Cyber Resilience Testing (I-CRT) framework to systematically evaluate the cyber resilience of federally regulated financial institutions against sophisticated, real-world threats. The framework mandates targeted, intelligence-driven red team assessments of live Critical Business Functions, requiring institutions to coordinate with independent threat intelligence and red team providers while maintaining strict operational secrecy. OSFI will conduct these regulatory-led evaluations on a three-year cycle for systemically important banks and internationally active insurance groups, using the results to track remediation actions and strengthen overall financial sector stability.