On February 28, 2023, the Office of the Superintendent of Financial Institutions ("OSFI") announced the release of a draft Culture and Behaviour Risk Guideline ("Draft Guideline"). In response to feedback received in response to OSFI's 2022 Culture Risk Management Letter, the Draft Guideline includes more precise definitions of key concepts. OSFI is also planning to provide a self-assessment tool to assist with compliance efforts. The consultation period will run until May 31, 2023.

Structure of the Draft Guideline

OSFI has taken a principles-based and outcomes-focused approach and is not intending to impose uniform "culture and behaviour" practices across all Federally Regulated Financial Institutions ("FRFIs"). OSFI acknowledges that each FRFI has a unique culture. The Draft Guideline should be read in conjunction with other OSFI guidance, in particular:

Expected Outcomes

The expected outcomes are:

  • Integration of culture into governance structures: culture and behaviour are designed and governed through clear accountabilities and oversight;
  • Proactive promotion and reinforcement: desired culture and expected behaviours are proactively promoted and reinforced; and
  • Behavioural risk management: risks emerging from behavioural patterns are identified and proactively managed.

Principles

Achievement of the expected outcomes is to be guided by the following five principles, as discussed below:

  1. Desired culture and expected behaviours are designed to align with the purpose and strategy of the FRFI and governed through appropriate structures and frameworks.
  2. Leaders, at all levels, consistently promote and reinforce the desired culture and expected behaviours through their words, actions and decisions.
  3. Talent and performance management strategies and practices promote and reinforce the desired culture and expected behaviours.
  4. Compensation, incentives and rewards promote and reinforce the desired culture and expected behaviours.
  5. FRFIs proactively monitor for, assess, and act to address risks related to culture and behaviour that may influence their resilience.

Key definitions

"Behaviour risks" – behavioural patterns that threaten a FRFI's desired culture by being misaligned with it and/or by increasing financial and non-financial risks.

"Culture" – values, mindsets, beliefs and assumptions held in common within an organization and which shape its purposes and its expectations of employee behaviour.

Outcome 1: Integration of Culture into Governance Structures

Only one principle is associated with the first outcome. As discussed below, it generates obligations relating to governance and culture design:

Principle 1: Desired culture and expected behaviours are designed to align with the purpose and strategy of the FRFI and governed through appropriate structures and frameworks.

Governance

The Draft Guideline notes the responsibility of senior managers for the design and oversight of institutional culture and expected behaviours. Responsibilities should be clear and sufficient resources should be allocated. While the appropriate governance structure will depend on the FRFI's size, structure, strategies, etc., it may include frameworks related to some or all of the following (among others):

  • Remuneration, performance and talent management;
  • Ethics and conflict management;
  • Risk and resilience;
  • Whistleblowing and escalation.

Governance policies, processes and structures should be applied consistently by the FRFI and be regularly reviewed and updated as required.

Culture design

The Draft Guideline reminds FRFIs that OSFI expects them to define the culture that supports their institutional strategies and implement a plan for promoting the desired culture within the FRFI. This includes:

  • Clear articulation of the culture, including its values and expected behaviours;
  • A statement of how the culture aligns with the institution's vision, strategy and approach to risk management;
  • Consideration of HR strategies;
  • Consideration of polices, processes, practices and systems to support the desired culture;
  • Implementation of accountability frameworks, mandates and objectives; and
  • Proactive monitoring, assessment and reporting in support of oversight and improvement.

Outcome 2: Proactive Promotion and Reinforcement

At a minimum, OSFI expects FRFIs to promote the desired culture and expected behaviours through leadership, talent management practices and compensation and incentive plans. Three principles support the "proactive promotion and reinforcement" outcome.

Principle 2: Leaders, at all levels, consistently promote and reinforce the desired culture and expected behaviours through their words, actions and decisions.

This principle requires a consistent "tone from the top" on the part of senior management and leaders of oversight functions and embodiment of the desired culture at all levels of management, including ensuring consistent accountability at all levels.

Principle 3: Talent and performance management strategies and practices promote and reinforce the desired culture and expected behaviours.

All aspects of talent management – hiring, training, retention, succession, etc. – should be carried out consistently with the promotion of the FRFI's desired culture. Performance management, such as goal setting, promotion, discipline and termination, should also promote the desired culture.

Principle 4: Compensation, incentives and rewards promote and reinforce the desired culture and expected behaviours.

Compensation and incentive arrangements should be designed to promote the expected behaviours throughout the organization. Practices and decisions relating to compensation should:

  • Reflect the FRFI's desired culture and expected behaviours;
  • Promote sound decision-making and effective risk management; and
  • Be consistent with the institution's performance and talent management decisions.

Outcome 3: Behavioural Risk Management

FRFIs are expected to implement risk management "mechanisms and techniques" focused on behavioural patterns that are inconsistent with the desired culture and expected behaviours. Examples referred to in the Draft Guideline include complacency, excessive risk taking, poor communication and a failure to raise concerns.

There is one principle under this outcome:

Principle 5: FRFIs proactively monitor for, assess, and act to address risks related to culture and behaviour that may influence their resilience.

According to the Draft Guideline, behaviour risks must be identified, assessed and responded to, as follows:

Identification

OSFI is expecting FRFIs to use quantitative and qualitative methods to identify behavioural patterns. These can include surveys, interviews, focus groups and informal conversations with employees as well as analysis of employment data such as turnover and retention patterns and performance indicators, among others.

Assessment

Where a divergence between expected and actual behaviour patterns is detected, the FRFI should conduct an assessment that focuses on:

  • Root causes;
  • Potential impacts;
  • Unintended consequences; and
  • Extent of the patterns across the institution.

Priority should be given to risks that could affect the resilience of the FRFI or a specific part of its business.

Response

The FRFI should decide which behavioural patterns and behaviour risks require a response, and what that response should be. Potential responses referred to in the Draft Guideline include ongoing monitoring of existing behavioural patterns, actions to modify behavioural patterns that create risks for the FRFI or, where the behavioural patterns support the desired culture, actions to reinforce those patterns. Any such response should be supported by a rationale and appropriately tracked and evaluated.

Going Forward

  • Industry participants can submit comments on the Draft Guideline until May 31, 2023. Instructions for doing so are included in OSFI's News Release.
  • OSFI's News Release indicates that a self-assessment tool will be provided to assist industry participants in their compliance efforts.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.