To better protect and prevent unauthorized access to sensitive client information in the mortgage brokering sector, FSRA is releasing final guidance on cybersecurity preparedness.
This guidance adopts the Mortgage Broker Regulators’ Council of Canada’s Cybersecurity Guidance which provides leading practices for preventing cyber incidents and appropriately responding to them when they occur.
Mortgage brokerages and administrators have a legal obligation under federal law to ensure personal data collected is maintained securely and protected from personal loss, unauthorized access, and data theft. They must also protect their clients’ information in accordance with the MBRCC Code of Conduct.
FSRA’s 2021 annual information return shows that more than half of mortgage administrators and 40 per cent of mortgage brokerages already have policies, procedures and insurance in place to manage cybersecurity risks. However, FSRA seeks to help more businesses in the sector prevent or respond appropriately to cybersecurity incidents.
In response to consultation feedback gathered in April and May, MBRCC updated its guidance to emphasize flexibility in achieving outcomes. The revised MBRCC guidance clarifies that businesses should identify cybersecurity preparedness practices appropriate for their size, operations and IT capabilities.
The FSRA guidance is effective August 18, 2022.