- On September 18, 2018, Canada’s federal financial institutions regulator, the Office of the Superintendent of Financial Institutions (“OSFI”), released the final version of its revised and updated Corporate Governance Guideline (the “Final Updated Guideline”).
- The Final Updated Guideline sets forth OSFI’s current expectations for corporate governance of federally-regulated financial institutions (“FRFIs”), other than foreign bank branches and foreign insurance company branches.
- The release of the Final Updated Guideline follows a consultation process which included the release last fall of a draft updated guideline (the “Draft Updated Guideline”). The changes from the Draft Updated Guideline are mostly limited to minimal fine-tuning in response to comments received.
- The main reason for the update is to reflect the continuing evolution of corporate governance standards since the previous Guideline was released in 2013. Over the years, OSFI had issued more than 60 documents dealing with board expectations and it was of the view that the time was right to consolidate and simplify access to those requirements by gathering them together in a single updated document.
Key Changes from the Draft Updated Guideline
Significant changes from the Draft Updated Guideline include the following, which track the headings used in the document:
The role of the board
- To reinforce the distinct roles of boards and senior management, the following sentence was added: “The board is not responsible for the ongoing and detailed operationalization of its decisions; this is the responsibility of senior management.”
- A statement that the board should be satisfied that the decisions of senior management are consistent with the board-approved business plan, strategy and risk appetite has been supplemented to refer to the board being satisfied with the decisions and actions of senior management.
The board and senior management
- A reference to senior management’s responsibility for directing the operations of the FRFI has been supplemented to refer to senior management’s responsibility for implementing the board’s decisions and directing the operations – further reinforcing the differing roles of the board and senior management (the latter being defined as the CEO and individuals directly accountable to him or her, including the heads of the oversight functions and of major business platforms or units).
The board and the oversight functions
- A reference to the oversight functions providing independent and objective assessments has been revised to refer to objective assessments only (and not to independent assessments).
- A reference to the board’s responsibility to regularly assess the effectiveness of the oversight functions has been revised to state that such assessments are to be conducted with the approval of senior management.
- While the Draft Revised Guideline would have required the board to provide independent oversight, the Final Updated Guideline requires that it be independent and provide objective oversight, again emphasizing the importance of the independent status of the board.
- Similarly, while the Draft Revised Guidance indicated that the board should be independent from senior management, the Final Updated Guideline has been revised to refer to independence from both senior management and the operations of the FRFI.
- A reference to the importance of the board’s behavior and decision-making processes being “objective and effective” has been changed to “independent, objective and effective”. The director independence policy has also been more fully explained as promoting independence of thinking.
Risk appetite framework
- A reference to the implementation of the required Risk Appetite Framework has been revised to provide more concisely that “On an ongoing basis, the FRFI should be satisfied that the Risk Appetite Framework remains appropriate relative to the risk profile of the FRFI, its long term strategic plan and its operating environment.”
Oversight of risk
- A reference in the Draft Updated Guideline to the Chief Risk Officer (“CRO”) having a direct reporting line to the board or the risk committee has been revised to refer instead to a functional reporting line to the board or the risk committee. This is a variation on the wording of the previous Guideline, which required “for functional purposes, a direct reporting line to the board or the risk committee”.
- A footnote in relation to the CRO comments that while in smaller, less complex institutions, the CRO role can be held by another executive, such a dual role must not compromise the independence required of the CRO.
The role of the audit committee
- A number of changes were made to the audit committee section, including that the committee should review, and recommend for approval by the board, the engagement letter and remuneration of the external auditor (instead of approving the engagement letter and issuing a recommendation to shareholders with respect to auditor remuneration).
- The Final Updated Guideline also notes that the audit committee should meet with the external auditor, the Chief Internal Auditor and the other heads of the oversight functions, as appropriate, with and without the CEO or other members of senior management present.
- The Final Updated Guideline also requires that the Audit Committee be satisfied that the financial statements present fairly the financial position, results of operations and cash flows, rather than being specifically required to “probe, question and seek assistance from the external auditor”.
OSFI’s supervisory assessment
- It is noted that OSFI expects to be promptly notified of substantive issues affecting the institution. In the previous Guideline, that notification duty was framed as an obligation of the board.
Other Comments from the Public Consultation
As is OSFI’s current practice, together with the Final Updated Guideline it released a summary of non-attributed public consultation comments on the Draft Updated Guideline and OSFI responses. Several respondents requested clarity regarding board independence and on a number of terms used in the Guideline, including “culture”, “challenge”, “satisfied”, “sufficient stature and authority”, “adopt” and “diversity”. OSFI indicated that, in keeping with a principles and outcomes-based approach, the Final Updated Guideline does not define those terms, in order to ensure flexibility and avoid a prescriptive approach.
Implications for Other Governance Documents and Processes
Concurrently with the release of the Final Updated Guideline, OSFI:
- reissued revised risk management and capital Guidelines and Advisories with the board requirements deleted;
- retired its previous Advisory on Changes to the Membership of the Board and Senior Management; and
- aligned its current Assessment Criteria for Boards with the Final Updated Guideline.
In addition, OSFI will resume work on an update to its governance expectations for chief agents of foreign insurance company branches, as set out in Guideline E-4A. That exercise had been on hold during the updating of the Corporate Governance Guideline and, when completed, is widely anticipated to increase the governance expectations for branches and home offices.