Backgrounder
A redacted version of the National Security and Intelligence Review Agency’s (NSIRA) Annual Review of Select Canadian Security Intelligence Service (CSIS) Activities (ARSCA), 2024, was previously released under the Access to Information Act.
Under the CSIS Act, CSIS is required to provide NSIRA with information related to seven categories of CSIS activities. NSIRA reviews this information as part of its mandate to assess whether CSIS activities are carried out in accordance with Canadian law, Ministerial Direction, and internal policies.
In addition to reviewing the information CSIS is required by statute to provide, NSIRA examined a range of CSIS activities and identified trends and issues related to governance, accountability, information management, and operational processes.
As part of the review, NSIRA also followed up on issues and recommendations identified in previous reviews. This included a technical inspection involving datasets, where NSIRA confirmed that CSIS had deleted certain datasets in line with an earlier NSIRA recommendation.
Key observations
The review identified several areas where additional work or improvements may be needed, including:
- how CSIS reports potentially unlawful conduct;
- financial intelligence collection procedures and engagement with financial institutions;
- how updated Ministerial Directions are reflected in CSIS policies.
As part of the review, NSIRA issued a compliance report under section 35 of the NSIRA Act concerning reporting obligations under section 20(2) of the CSIS Act. NSIRA found that CSIS may not have acted in compliance with the law when it failed to submit reports regarding potentially unlawful conduct by CSIS employees, including possible Charter-related violations, to the Minister. However, the review also noted that, in 2025, the CSIS Director approved a memorandum endorsing a broader interpretation of the reporting requirements of the CSIS Act and that NSIRA expects to see implementation of the required reporting.
Moreover, the review examined CSIS’s first use of a court-authorized Threat Reduction Measure in 2024 and recommended that CSIS establish a formal approval process for these measures.
Next steps
NSIRA made six recommendations aimed at strengthening accountability, improving reporting practices, updating policies, and supporting privacy protections.
NSIRA stated that it will continue monitoring these issues and may undertake additional targeted reviews in the future.
