Mark Taylor
Senior Editorial Manager
Canada’s financial regulators have unveiled the most significant revision of their supervisory framework in a quarter of a century.
New risk categories for financial services firms have been introduced, alongside an expansion of the supervisor's risk rating scale, with more transparency for regulated firms into how the regulators calculate their importance to the financial system.
The Office of the Superintendent of Financial Institutions (OSFI), which reports to the Ministry of Finance, launched its new Supervisory Framework (SF) for federally regulated financial institutions in April.
“The new framework will enhance the transparency of OSFI’s risk assessments and thereby deepen the resilience of the Canadian financial system,” said Peter Routledge, Superintendent of Financial Institutions at OSFI.
Such is the level of change, OSFI will review the updated guidelines immediately following implementation, and at least once every five years.
The regulator has previously stated its intention to evolve into an early-intervention, risk-based supervisor. As the risk environment of modern financial services is dynamic and interconnected, OSFI believes this requires a “refined approach to supervision”, which is reflected in the framework.
“OSFI acknowledges the inherent risk-based nature of the sector and its need to balance risk-taking that is necessary for growth, and mitigating the fallout on society from an institutional failure,” said Darcy Ammerman, banking partner at McMillan Law Firm in Canada. “As such, the emphasis in the new supervisory framework is on prevention, early detection, and early resolution.”
What does the new OSFI framework contain?
The new framework broadens the prior four-point intervention risk rating scale to an eight-point Overall Risk Rating (ORR) scale.
This aligns with OSFI’s existing intervention stage ratings to give an earlier indication of changes in the regulator’s risk assessment of particular banks.
The new ORR scale outlines the level of risk to the viability of the bank and reflects issues OSFI would like that organisation to address.
The new SF has introduced a Tier Rating system based on the size and complexity of a bank, along with its own perspective of the potential fallout a failure could have on the wider financial system.
The Tier Ratings, which are fluid, are:
- Tier 1 (High): Large and/or complex firms with highest system impact;
- Tier 2 (Medium-High): Large and/or complex firms with significant system impact;
- Tier 3 (Medium): Mid-size firms with moderate system impact;
- Tier 4 (Medium-Low): Smaller and/or less complex firms with low system impact; and
- Tier 5 (Low): Smallest, least complex firms with minimal system impact.
A slew of new risk assessment categories have been introduced including business risk, financial resilience, operational resilience and risk governance.
The new framework will also include more information for banks on how their risk rating scores were calculated.
The supervisory ratings are not available to the public, and the organizations will be notified whenever their ratings change. OSFI may also contact and share information with other regulators if the need arises.
The new framework algins methodologies with international principles, including those from the Basel Committee on Banking Supervision, the International Association of Insurance Supervisors, and the International Organisation of Pension Supervisors, said Ammerman.
“A more analytic and data-driven approach to risk supervision will be an important element of the new framework, allowing for more timely responses to potential issues,” said Stuart Carruthers, financial services partner at Stikeman Elliot law firm.
What are the new OSFI risk categories?
Having expanded the risk assessment for determining a firm’s risk rating, the new categories are:
- Business Risk: A forward-looking assessment of how sustainable the firm’s business model is.
- Financial Resilience: If the business can withstand financial stress, considering its financial risk profile, capital, and liquidity.
- Operational Resilience: Ability to sustain operations, including critical operations through disruption, and is related to effective operational risk management.
- Risk Governance: Ability to identify, assess, and manage risks appropriately.
The OSFI added that climate change risks are evolving and are relevant to all Risk Categories.
Climate risks can influence the ORR analysis if OSFI determines such risks are significant in its assessment of the FRFI’s viability risk.
“However, because the new framework is designed to be more responsive to changes in the risk environment, financial institutions should be prepared for more frequent fluctuations in their ratings – a change that OSFI anticipates will assist the institutions’ own efforts to respond more effectively to potential issues,” said Andrew Cunningham, lawyer at Stikeman Elliot in Canada.
CUBE comment
The most radical overhaul of Canada’s financial supervisory framework in 25 years will impact the compliance operations of every single bank inside the country.
Such is the scale of OSFI’s revision, immediate changes to risk management, and regulatory compliance processes required.
In a speech before the launch of the new framework, OSFI said its focus had expanded significantly, and it expected banks to go along with it on the journey.
In modernizing its supervisory approach, the watchdog has broadened its remit from so-called traditional risks like credit, market, and liquidity risk to also include non-financial risks, like risks arising from operations, climate change, tech and cyber, third parties, and institutional culture.
“We know we need to change the way we work to stay ahead of the curve,” said OSFI Deputy Superintendent, Ben Gully.
Compliance functions must do the same.
From horizon scanning to obligation management, automatic policy and control updates, regulatory inventory, and change management, CUBE enhances compliance operations of large, complex banks with the market’s most comprehensive automated solution.
Talk to CUBE today and learn how Automated Regulatory Intelligence can help your organisation meet the challenges of a new era in compliance.