Five pillars: ICT risk management, ICT incident reporting, resilience testing, third-party risk, information sharing - Effective January 17, 2025 — the most comprehensive regulatory technology risk framework to date - Applies to financial institutions AND critical ICT third-party providers - Materia