In November 2017, the Office of the Superintendent of Financial Institutions (OSFI) released for public comment a revised draft of its Corporate Governance Guideline (CG Guideline). The proposed revisions follow Superintendent Jeremy Rudin’s announcement in June 2016 that OSFI intended to streamline and simplify the governance guidance for federally regulated financial institutions. In the draft CG Guideline, OSFI provides a clearer delineation of board and senior management responsibilities, removes some of the more prescriptive elements of the existing CG Guideline, and consolidates expectations relating to board responsibilities that are currently set out in OSFI’s capital and risk-management guidelines into the CG Guideline.
BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES
The draft CG Guideline makes a clearer distinction between the board’s primary and advisory responsibilities. OSFI expects that the primary responsibilities, noted below, should be the main focus of the board’s attention and activities, while the extent and nature of the board’s advisory input is left at the discretion of the board.
Specifically, the board’s primary responsibilities are to approve and oversee the following:
- Strategy: A financial institution’s short-term and long-term business plan and strategy, as well as significant strategic initiatives
- Risk Management: A financial institution’s risk appetite framework, internal control framework, code of conduct and significant policies or strategic initiatives relating to capital and liquidity management (such as internal capital targets or share issuance)
- Key Appointments: Appointment, performance review, compensation and succession plans for the financial institution’s chief executive officer (CEO), other key members of senior management and heads of the oversight functions (where appropriate), succession plan for the board, and the mandate, resources and budgets for the oversight functions
- Audit Plans: External and internal audit plans.
In addition to the above primary responsibilities, OSFI will expect the board to challenge, advise and guide senior management in respect of the following duties, which, OSFI recognizes, are the responsibility of senior management:
- Operational and Business Policies: A financial institution’s significant operational, business, risk-management and human resources compensation policies
- Business Performance and Effectiveness of Risk Management: How the financial institution performs relative to board-approved business plan and strategy and how effective the financial institution’s oversight functions, risk appetite framework, internal control framework and capital and liquidity management plans are.
The draft CG Guideline reiterates that the board should satisfy itself that senior management decisions are consistent with the board-approved business plan, strategy and risk appetite and that the internal controls are sound. But it also expressly recognizes that the board has discretion to determine the extent and nature of its input in these and other matters that fall within senior management’s responsibilities. This approach reflects Superintendent Rudin’s 2016 remarks that OSFI has “chosen not to attempt to draw a bright line that separates where the board’s responsibilities end and where senior management’s responsibilities begin”. As the Superintendent noted, “deciding where to put the dividing line, and moving it when necessary, is one of the most important responsibilities of the board” and “can appropriately vary depending on the nature of the institution, and its specific circumstances.”
The draft CG Guideline does not otherwise materially change the scope of senior management responsibilities. As under the existing CG Guideline, senior management comprises the financial institution’s CEO and individuals who are directly accountable to the CEO and may include the executives of the oversight functions. Senior management is responsible for directing the financial institution’s operations within the board-delegated authority in compliance with applicable laws.
FEWER PRESCRIPTIVE REQUIREMENTS
OSFI has also trimmed away from the existing CG Guideline some of the more prescriptive requirements for the board and board committees and has generally made the CG Guideline more focused and succinct (it is 25 per cent shorter than the current version). Specifically, the draft changes remove the non-exhaustive catalogue of issues that the audit committee must discuss with senior management and the external auditor and the audit committee’s considerations when selecting an external auditor. In addition, the discussion around board interaction with oversight functions and the principles of board effectiveness have been shortened. These revisions, OSFI notes, are to focus the CG Guideline more on what the board should achieve rather than how the Board meets those objectives.
Here’s a comparison between the proposed CG Guideline and the current version.
BOARD REQUIREMENTS CONSOLIDATED
The draft CG Guideline is intended to serve as a one-stop shop for OSFI’s expectations for board responsibilities. To this end, discussion of board responsibilities that are included in OSFI’s risk management and capital guidelines are consolidated into the principles outlined in the revised CG Guideline (or recast as duties of senior management). The revised CG Guideline also incorporates the key requirements of OSFI’s Advisory – Changes to the Membership of the Board and Senior Management (Advisory). When the final CG Guideline is issued in 2018, OSFI will release the revised risk management and capital guidelines with respective board requirements removed (these revisions have not been released in draft form for the current consultation) and will remove the Advisory.
OTHER NOTABLE CHANGES
Other proposed changes to the CG Guideline include the following:
- Risk Culture: There is an express reference to risk culture, consistent with OSFI’s past pronouncements on this topic. The board and senior management are expected to promote a risk culture that stresses integrity and effective risk management throughout the financial institution.
- Board Diversity: The draft CG Guideline provides that diversity should be a consideration in board composition and succession or renewal plans.
- Corporate Groups: The draft CG Guideline offers more direct guidance on board oversight for financial institutions included in a larger corporate group. Specifically, where a federally regulated financial institution is part of a larger Canadian or foreign corporate group and is subject to its parent’s policies and practices governing strategy, risk oversight and controls, OSFI expects that the subsidiary institution’s board should be satisfied that these policies and practices are appropriate for the subsidiary’s business plan, strategy and risk appetite and comply with Canadian regulatory requirements. If, on the other hand, the parent is another federally regulated financial institution, then OSFI expects that the parent institution’s board will oversee the activities of the subsidiary institution to be satisfied that the parent institution’s board meets its enterprise-wide oversight responsibilities.
- OSFI Assessment of Boards: In assessing the effectiveness of a financial institution’s corporate governance, OSFI will look to gain insight into the discussions and deliberations at the board and board committee level, including those with and without senior management. OSFI’s assessment will focus on understanding the board’s behaviour and the objectivity, degree of challenge and independence in its decision-making process.
Superintendent Rudin suggested in his June 2016 remarks that the revised CG Guideline would include an annex setting out more detailed expectations for large and complex financial institutions. The draft CG Guideline released by OSFI for consultation does not include such annex and it appears OSFI has dropped the idea.
The comment period for the proposed changes ends on December 22, 2017 and OSFI expects to issue the final CG Guideline in spring 2018.