The regulator, the Office of the Superintendent of Financial Institutions, sent the email to chief technology officers, chief information security officers, and chief risk officers across the financial industry, including the big banks and insurers, according to documents Reuters obtained through an access-to-information request.