On February 24, 2011, the Office of the Superintendent of
Financial Institutions (Canada) (OSFI), the Canadian federal
prudential insurance regulator, released
an updated version of its "Supervisory Framework"
(Framework), which contains the principles, concepts and core
processes used by OSFI to guide its supervision of
federally-regulated financial institutions (FRIs) (including
deposit-taking institutions and life and property and casualty
insurance companies incorporated in Canada or licensed to carry on
business in Canada).
In its cover letter to FRIs, OSFI noted that there have been
significant changes in the nature of risks faced by FRIs, and the
way those risks are managed, since the original version of the
Framework was issued in 1999. In addition, there have been
significant developments in international regulation and
supervision, including:
- the introduction and revision of the core (supervisory) principles of the Basel Committee on Banking Supervision (Basel) and the International Association of Insurance Supervisors (IAIS), respectively, which have been adopted by OSFI;
- the Financial Stability Board's recommendations for enhancing the supervision of systemically important financial institutions;
- upgrades to capital rules and expectations (as per the Basel II Accord and the Basel III reforms); and
- in general, heightened requirements for liquidity, risk management and corporate governance.
OSFI recently conducted a thorough review of the Framework in
light of these developments and the lessons learned from the
application of the Framework over the last decade, and the updates
made to the Framework are a result of this review. While the
approach, principles and concepts contained in the Framework were
not changed significantly, important enhancements were made.
Specifically, the Framework now includes:
- specific references and linkages to the Basel and IAIS core principles;
- required assessment of liquidity for a FRI as a whole;
- that the responsibilities of a FRI's board of directors expressly include the approval of the FRI's overall risk appetite and oversight of corporate compensation systems and practices; and
- that the oversight function includes the actuarial function, in recognition of the actuarial function's important role in the oversight of risks in FRIs with insurance operations.
Background to the Framework
As OSFI noted, supervision involves assessing the safety and
soundness of FRIs, providing feedback as appropriate and using
regulatory powers for timely intervention when necessary. The
primary goal is to safeguard depositors and policyholders from
loss. Accordingly, the focus of supervisory work is determining the
impact of current and potential future events, both internal to a
FRI and from its external environment, on the risk profile of the
FRI. The Framework's principles, concepts and core processes
apply to all FRIs in Canada, regardless of their size. Since the
Framework was first introduced in 1999, significant developments in
the financial services industry have changed the nature of the
risks faced by, and risk management practices of, financial
institutions. For example, products have become more sophisticated,
globalization has caused risks to become more systemic and certain
financial institutions have experienced multiple and severe
stresses to their solvency and liquidity. Meanwhile, international
standards and requirements for supervising financial institutions
have also been strengthened. In particular, OSFI has adopted the
Basel "Core Principles for Effective Banking Supervision"
and the IAIS "International core principles and
methodology" as its sources for detailed supervisory standards
and criteria. These methodologies, which specify international
expectations for banking and insurance supervision, are applied by
OSFI within the context of its mandate and the nature of the
financial services industry in Canada.
OSFI's general approach is based on a number of foundations,
including consolidated supervision, a designated relationship
manager for each FRI, principles-based supervision, appropriate
supervisory intensity and intervention, board and senior management
accountability, risk tolerance which recognizes that FRIs can
experience financial difficulties that could lead to their failure,
and reliance on external auditors for the fairness of financial
statements.
Primary Risk Assessment Concepts
The Framework utilizes a number of concepts to enable a common
approach to risk management across FRIs and over time, including
the fundamental risk assessment concept within the Framework, which
is that of a "significant activity" (a line of business,
unit or process that is fundamental to the FRI's business model
and its ability to meet its overall business objectives). Under the
Framework, the key inherent risks are assessed for each significant
activity of the FRI. Inherent risk is the probability of a material
loss due to exposure to, and uncertainty arising from, current and
potential future events. OSFI uses six categories to assess
inherent risk: credit risk; market risk; insurance risk;
operational risk; regulatory compliance risk; and strategic risk.
OSFI does not view reputational risk as a separate category of
inherent risk; rather, it is viewed as a consequence of each of the
six inherent risk categories and, accordingly, is an important
consideration in the assessment of each inherent risk category.
Based on the key inherent risks identified for a significant
activity and their levels, OSFI then develops expectations for the
quality of risk management. The greater the level of inherent risk,
the more rigorous the day-to-day controls and oversight expected.
State-of-the-art controls are expected where appropriate. OSFI then
assesses the quality of risk management at the operational
management level of control and at the level of oversight
functions.
For each significant activity, a level of "net risk" is
determined based on all of the key inherent risk ratings and the
relevant quality of risk management ratings for each activity. From
this, OSFI determines an "overall net risk" assessment,
which is an evaluation of the potential adverse impact that the
significant activities of the FRI collectively could have on the
earning performance and adequacy of capital of the FRI, and hence
on depositors or policyholders. OSFI also considers earnings,
adequacy of capital and adequacy of liquidity.
A risk matrix is used to record the assessments and to develop a
holistic view of the FRI. The process cumulates in the
determination of the FRI's Composite Risk Rating (CRR), which
is an assessment of the FRI's risk profile after considering
the assessments of the FRI's earnings and capital in relation
to overall net risk from significant activities, and the assessment
of the FRI's liquidity. The CRR is OSFI's overall
assessment of the safety and soundness of the FRI with respect to
depositors and/or policyholders. CRR is rated as low, moderate,
above average or high, and the direction of the CRR is also rated
as decreasing, stable or increasing. OSFI uses the CRR in
determining the appropriate stage of regulatory intervention, which
is described in OSFI's publication "Guide to Intervention
by OSFI for Federal Financial Institutions".
The Framework also includes an updated description of OSFI's
core supervisory practices, and a number of appendices containing
greater detail on the various risk categories and ratings.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.