Cyber risks - Financial institutions concerned about cyber risks

Insurance Deposit institutions Organization

Montréal - Financial institutions operating in Québec are concerned about the cybersecurity threats facing them. They are adopting concrete measures to protect their operations while recognizing that further efforts are needed to improve their practices.

These are some of the findings derived from a self-evaluation questionnaire sent by the Autorité des marchés financiers ("AMF") in the summer of 2015 to 80 deposit institutions and insurers operating in Québec. It was intended to assess their cybersecurity readiness and their practices related to cyber risks.

The sound practices covered in the questionnaire are in line with those implemented by a number of recognized international agencies and are based on the principles set forth in the AMF guidelines on sound and prudent management practices. The questionnaire focused on four themes:

  • Cybersecurity governance, risks and compliance;
  • Resources, awareness and training;
  • Cyberincident prevention and detection;
  • Cyberincident management and recovery.

The responses provided by financial institutions underscore their heightened concerns about cyber risks and cybersecurity. In light of the importance and increasing frequency of cyberthreats, the AMF will be paying special attention to this issue, while remaining mindful that risk mitigation cannot be perfect. The AMF will utilize the information gathered from the self-evaluation to better adapt its interventions with financial institutions. In addition, it will continue to raise awareness about the importance of cyber risks among decision-making bodies at these institutions.

In this regard, the AMF wishes to stress that cyber threats must form an integral part of the risks managed by institutions and that integrated risk management must be underpinned by a solid governance structure that assigns accountability to senior management and the board of directors. As part of their decision-making processes, these bodies must be able to draw on comprehensive and consistent strategies, policies and procedures pertaining to cyber risk management.

It should be noted that details of the responses provided as part of the self-evaluation will remain confidential and that the AMF will not publish a report on its data analysis.

The Autorité des marchés financiers (AMF) is the regulatory and oversight body for Québec's financial sector.

- 30 -


Media only:
Sylvain Théberge: 514-940-2176

Information Centre:
Québec City: 418-525-0337
Montréal: 514-395-0337
Toll-free: 1-877-525-0337
Twitter: @lautorite This link will open in a new window