On September 18, 2018 the Office of the Superintendent of Financial Institutions (OFSI) issued the final version of its Corporate Governance Guideline (the CG Guideline). The CG Guideline applies to OSFI-regulated financial institutions, including banks, bank holding companies, trust and loan companies, cooperative credit and retail associations, fraternals, insurance companies, and insurance holding companies. A draft version of the CG Guideline was published by OSFI in November 2017. It has now been finalized after a period of public consultation. In keeping with usual practise, very few changes were made to the draft CG Guideline after OSFI’s consideration of comments made by stakeholders during the public consultation, and the changes that were made are not overly substantive.
According to Assistant Superintendent Carolyn Rogers as stated in her cover letter dated September 18, 2018 that accompanied the final CG Guideline, the revised CG Guideline contains clear principles that replace OSFI’s expectations of boards contained in various OSFI risk management and capital guidelines and advisories. Accordingly, OSFI has removed specific requirements relating to the board’s responsibilities from those particular guidance documents and advisories because they have now been consolidated in the CG Guideline. These requirements are therefore no longer decentralized in separate documentation.
Examples of OSFI guidelines (relating to insurers) that have been amended to remove references to the board’s role and responsibilities relating to the subject matter of the guidance include:
- A-4 Regulatory Capital and Internal Capital Targets
- B-3 Sound Reinsurance Practices and Procedures
- B-9 Earthquake Exposure Sound Practices
- B-10 Outsourcing of Business Activities, Functions and Processes
- B-11 Pledging
- E-13 Regulatory Compliance Management (RCM)
- E-19 Own Risk and Solvency Assessment
In place of the board-related requirements previously contained in such guidelines (which, in some cases, were detailed and prescriptive), OSFI has inserted language that refers the reader to the CG Guideline for OSFI’s expectations of insurer boards of directors with respect to policies relating to capital management and operational, business, risk and crisis management.
OSFI has also rescinded its previous advisory entitled Changes to the Membership of the Board and Senior Management (no longer available on OSFI’s website) which contained an elaborate protocol for pre-notification to OSFI of changes in board membership and senior management. A scaled down requirement with respect to advising OSFI of these kinds of personnel changes was contained in the draft CG Guideline and remains in the final version.
OSFI has also revised its Assessment Criteria with respect to the role of boards of directors in light of the final revised CG Guideline. This document includes a description of the criteria OSFI will use to assess the quality of board stewardship and oversight of the institution.
As stated above, there were relatively few changes made to the final guideline following comments from stakeholders. A comparison version of the CG Guideline marked to show the changes made to the draft version can be found at this link. Some of the noteworthy changes can be summarized as follows (references to page numbers are to the blacklined comparison version):
- A footnote was removed which referred to the Commission of Sponsoring Organizations of the Treadway Commission (COSO) as a specific example of a model for an effective internal control framework (see page 3).
- The following sentence was added clarifying the delineation of board and management responsibilities: “The Board is not responsible for the ongoing and detailed operationalization of its decisions; this is the responsibility of Senior Management” (see page 4).
- Reference to the Implementation Standards of the Financial Stability Board (FSB) was removed, although the FSB’s Principles for Sound Compensation remain included as a model for compensation policies (see page 4).
- The specific requirements for board committee member key competencies, including “financial industry and risk management expertise” were removed both with respect to the Risk Committee and the Audit Committee (see pages 9 and 12). These were likely considered to be redundant since the draft CG Guideline already specified that “The Board should, collectively, bring a balance of diversity, expertise, skills, experience, competencies and perspectives”. However, this wording was slightly changed in the final CG Guideline to state that “The Board should be diverse and, collectively, bring a balance of expertise, skills…”. (see page 6).
- References to direct reporting lines between the heads of Oversight Functions and the Board/Board Committees were changed to “functional” reporting lines (see pages 5 and 11).
There may be somewhat of a tension between “operational management”, “Senior Management” and the “heads of the Oversight Functions”. The heads of the Oversight Functions are to be independent from operational management (see page 5), and elsewhere the CG Guideline includes the heads of the Oversight Functions as members of Senior Management (see page 3) and persons directly accountable to the CEO (see page 4). In some smaller institutions, it is possible that the heads of the Oversight Functions, Senior Management and operational management are the same individuals. At the public consultation stage, some commentators had asked OSFI to clarify what is meant by “operational management”, among other terms, and OSFI referred to the definition contained in OSFI’s Supervisory Framework. The Supervisory Framework states, among other things, that “Operational management is responsible for planning, directing and controlling the day-to-day operations of a significant activity of a FRFI.” (see page 14 Appendix B of the Supervisory Framework).
Some organizations may have corporate governance practices and procedures, such as board and committee agendas/work plans, which cross-reference previous versions of OSFI guidance and advisories to identify the particular board-related requirement. These references should be updated to identify the CG Guideline as the source for the requirements, although a list of the various guidelines or advisories should be preserved because it is not OSFI’s intention to reduce the board’s role in approving and overseeing those matters. Nevertheless, by removing prescriptive expectations as to the board’s role and responsibility from such individual guidance, arguably the extent of OSFI’s expectations could seem to be less clear. As a practical matter, effort should be made to keep track of all significant policies and procedures that should be overseen by the board; otherwise, it is possible that certain board oversight could fall through the cracks.
On a final note, the updated Assessment Criteria (hyperlink above) is a concise but comprehensive description of OSFI’s approach to assessing the effectiveness of boards of directors for the institutions that OSFI supervises. For boards, corporate secretaries and legal personnel, this document can function as a checklist for designing and assessing the company’s overall board governance structure and practices. In addition, it would prove to be useful for boards and board committees when conducting their own self-assessments.
The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.