The Office of the Superintendent of Financial Institutions Canada (OSFI) recently announced certain enhancements to the OSFI Supervisory Framework (Framework) regarding its supervision of federally regulated financial institutions (FRFIs). Full text of the Framework is availablehere. The Framework describes the principles, concepts and core processes that OSFI uses as a guide. According to OSFI, these enhancements were made because of developments in the past decade related to changes in the nature of risks and the management of these risks by financial institutions; and developments in international regulation and supervision (such as the introduction and revision of supervisory principles of the Basel Committee on Banking Supervision; the Financial Stability Board’s recommendations for enhancing the supervision of systemically important financial institutions; upgrades to capital rules; and heightened requirements for liquidity, risk management and corporate governance).

The primary goal of supervision is to safeguard depositors and policyholders from loss by focusing on the impact of current and potential future events on the risk profile of the FRFIs.

General Approach

The general approach of the Framework highlights the following principles:

  • Consolidated Supervision: The supervision of the FRFI is conducted on a consolidated basis (which involves an assessment of its subsidiaries, branches and joint ventures in Canada and internationally).
  • Relationship Manager: OSFI designates a relationship manager responsible for maintaining an up-to-date risk assessment and to serve as the main contact for the FRFI.
  • Principles-Based Supervision: The supervision is principles-based.
  • Supervisory Intensity and Intervention: The intensity of supervision depends on the nature, size, complexity and risk profile of the FRFI and the potential consequences of its failure.
  • Board and Senior Management Accountability: The Board of Directors and Senior Management are responsible for the management of the FRFI and ultimately accountable for its safety, soundness and compliance with governing legislation.
  • Risk Tolerance: The Office of the Superintendent of Financial Institutions Act recognizes that FRFIs operate within a competitive environment, take reasonable risks and may experience financial difficulties that could lead to failure.
  • Reliance on External Auditors: OSFI relies upon the FRFIs’ external auditors for the fairness of the financial statements.
  • Other Professionals/Experts: OSFI uses, where appropriate, the work of other experts, to reduce the scope of its supervisory work and minimize duplication of effort (for example, external auditors or risk management committees).

 Key Principles of Risk Assessment

The Framework sets out the following seven principles that are relevant when assessing risk:

  • Focus on Material Risk: OSFI’s supervisory work is focused on identifying material risk and eliminating the potential for loss to depositors or policyholders.
  • Forward-Looking, Early Intervention: To facilitate early identification of issues or problems and timely intervention, risk assessment is forward-looking.
  • Sound Predictive Judgment: Risk assessment relies upon sound, predictive judgment by the regulator.
  • Understanding the Drivers of Risk: Risk assessment requires understanding the drivers of material risk to the FRFI (which requires having sufficient knowledge of the FRFI’s business model and its external environment).
  • Differentiating Inherent Risks and Risk Management: Risk assessment requires differentiating between the risks inherent to the activities undertaken by the FRFI, and the management of those risks.
  • Dynamic Adjustment: Risk assessment is continuous and dynamic in order that changes in risk, arising from both the FRFI and its external environment, are identified early.
  •  Assessment of the Whole Institution: Risk assessment is made on a consolidated basis - an assessment of earnings and capital in relation to the overall net risk of the FRFI’s significant activities, as well as liquidity - to arrive at a consolidated view.

Primary Risk Assessment Concepts

The Framework uses the following primary concepts to facilitate a common approach to risk assessment across FRFIs and over time:

  • Significant Activities: A significant activity is a line of business, unit or process that is fundamental to the FRFI’s business model and its ability to meet its overall business objectives. If such activity is not well managed, there is a significant risk to the organization as a whole.
  • Inherent Risk: Inherent risk is the probability of a material loss due to exposure to, and uncertainty arising from, current and potential future events. A material loss is a loss or combination of losses that could impair the adequacy of the capital of the FRFI such that there is the potential for loss to depositors or policyholders. OSFI uses the following six categories to assess inherent risk: credit; market; insurance; operational; regulatory; compliance; and strategic risk.
  • Quality of Risk Management: OSFI assesses the quality of risk management (QRM) at two levels of control. The first level of control is assessing operational management. The primary concern is whether or not management is capable of identifying the potential for material loss an action may trigger/produce, and that there are adequate controls in place. The second level of control is assessing oversight functions and their responsibility for providing independent, enterprise-wide oversight. There are seven oversight functions that may exist within the FRFI: Financial; Compliance; Actuarial; Risk Management; Internal Audit; Senior Management; and the Board of Directors.
  • Net Risk: For each significant activity the level of net risk is determined based on judgment that considers all of the key inherent risk ratings and relevant QRM ratings for the activity.
  • Importance and Overall Net Risk: The importance of the net risk of the significant activity is a judgment of its contribution to the overall risk profile of the FRFI.
  • Earnings: Earnings are an important contributor to the FRFI’s long-term viability. Earnings are assessed based on their quality, quantity and consistency as a source of internally-generated capital.
  • Capital: Capital is assessed based on the appropriateness of its level and quality, both at present and in the future, and under both normal and stressed conditions, given the FRFI’s overall net risk. FRFIs with higher overall net risk are expected to maintain a higher level and quality of capital and stronger capital management processes.
  • Liquidity: OSFI assesses liquidity by considering the level of its liquidity risk and the quality of its liquidity management.
  • Risk Matrix: A Risk Matrix (included as an appendix to the Framework document) is used to record all of the assessments described above. The purpose of the Risk Matrix is to facilitate a holistic risk assessment of the FRFI.

The Core Supervisory Process

In summary, OSFI uses a defined three-part process to guide its FRFI-specific supervisory work.

  • Planning Supervisory Work: A supervisory strategy for each FRFI is prepared annually. This strategy identifies the supervisory work necessary to keep the FRFI’s risk profile current. The intensity of supervisory work is driven by the nature, size, complexity and risk profile of the FRFI.
  • Executing Supervisory Work and Updating the Risk Profile: The execution of supervisory work includes a number of activities including monitoring, limited off-site reviews and extensive on-site reviews, including testing or sampling where necessary (FRFI-specific and external).
  • Reporting and Intervention: In addition to ongoing discussions with the FRFIs’ senior management, OSFI communicates through various formal, written reports. The relationship manager writes supervisory letters to the FRFI annually or more frequently if appropriate. These letters summarize key findings and recommendations (and requirements, as necessary) and disclose or affirm the FRFI’s composite risk rating. OSFI shares this with the Canada Deposit Insurance Corporation and, as appropriate, with foreign regulators with which it has a home-host relationship and a Memorandum of Understanding. OSFI reports annually to the Minister of Finance on the safety and soundness of FRFIs and their compliance with the governing legislation.