Abstract
This paper focuses on the IMF report on detailed assessment of observance of Basel Core Principles (BCP) for effective banking supervision in Canada. The Canadian banking supervisor (OSFI) adopts a close and cooperative approach that supports the close network of federal authorities in identifying and seeking to mitigate prudential risks to the federal system. As a world-leading regulator, OSFI could be expected to issue a comprehensive suite of risk management standards to be available to all banks, even if at a relatively high level or based largely on Basel Committee for Banking Supervision guidance.
Summary, Key Findings, and Recommendations
A. Introduction
1. Canada has a very high level of compliance with the Basel Core Principles for Effective Banking Supervision (BCPs). The Canadian banking system is recognized as having performed well during the turbulence of the financial crisis and subsequently. The system is highly concentrated in six domestic players, with only limited foreign presence in the market. In response to the challenges and structure of this market, the Canadian banking supervisor (OSFI) has developed and is a strong proponent of risk based, proportionate, supervisory practices and applies a “close touch” approach with its supervised entities who perceive OSFI as authoritative but accessible. Entry to the Canadian market is subject to demanding prudential entry standards and any new entrant to the market, whether domestic or foreign, has undergone an intensive process of gaining familiarity with OSFI’s expectations and developing its relationship with the supervisor.
2. OSFI’s mandate emphasizes an early intervention approach although it also works within a risk tolerance framework that does not seek to deliver a zero failure regime. The protection of the depositor’s interests is a central objective in OSFI’s mandate and motivates OSFI’s early intervention supervisory strategy. The supervisory approach is well structured, forward looking and maintained on as dynamic a basis as possible to ensure that risks in institutions are identified, prioritized and acted upon as soon as possible.
3. Although OSFI is equipped with a comprehensive range of supervisory powers, it does not resort to legal intervention quickly. Since OSFI practices close relationship supervision a rapid use of legal powers could be seen as counterproductive to the openness and effectiveness of that relationship. However, such a system does require the early identification of failure to meet minimum standards and puts a premium on maintaining direction, momentum and closure in resolving supervisory issues in a timely manner.
4. OSFI adopts a close and cooperative approach in its relationships with other authorities. OSFI’s open and collaborative attitude has contributed significantly to the respect in which it is held by its international peers. Domestically, OSFI’s cooperative approaches support the close network of federal authorities in identifying and seeking to mitigate prudential risks to the federal system. Fragilities in the consistency and quality of communication with relevant provincial regulators exist, however. A proactive approach to information sharing would be appropriate and fall within existing mandates.
5. OSFI is responding proactively to the demands of the international regulatory reform agenda and is an early adopter of many standards. By articulating its supervisory standards and expectations through the medium of guidelines, rather than legal regulations, OSFI has a great degree of nimbleness and flexibility which has enabled it to be proactive in its adoption of Basel 3 as well as the standard for D-SIBs. Guidelines, while not legally binding, are treated as such by firms not least due to OSFI’s wide range of supervisory powers of intervention in the event that a guideline is breached.
6. OSFI operates at a relatively principles-based level and does not tend to issue extensive, detailed risk management guidance. While this approach is more flexible and potentially responsive to differing institutions and risks, as a world-leading regulator, OSFI could be expected to issue a comprehensive suite of risk management standards to be available to all banks, even if at a relatively high level or based largely on BCBS guidance.
B. Information and Methodology Used for Assessment
7. This assessment of the Basel Core Principles for Effective Supervision (BCP) is part of the 2013 FSAP update for Canada. The assessment of OSFI was conducted during an IMF mission that visited Canada from June 12 to 28, 2013. 1 Canada is among the first countries to be assessed against the BCP methodology issued by the Basel Committee on Banking Supervision (BCBS) in September 2012. In their self-assessment the authorities addressed both essential and additional criteria and the assessors based their conclusions on compliance with both criteria. The last BCP assessment was conducted in 2000, and a targeted assessment of four principles was carried out in 2008.
8. It should be noted that the ratings assigned during this assessment are not directly comparable to previous assessments. Gradings cannot be compared between this assessment and former assessments as each has taken place under a separate iteration of the methodology, which was revised in 2006 and again in 2012. In revising the Core Principles to reflect the lessons from the recent financial sector crisis, the BCBS has sought to raise the bar for sound supervision and to update the principles on the basis of emerging supervisory best practices. New principles have been added to the methodology along with new essential criteria (EC) for each principle that provide more detail and additional criteria (AC) that raise the bar even higher. Altogether, the revised Core Principles now contain 247 separate essential and additional criteria against which a supervisory agency may now be assessed. In particular, the revised BCPs strengthen the requirements for supervisors, the approaches to supervision and supervisors’ expectations of banks. While the BCP set out the powers that supervisors should have to address safety and soundness concerns, there is a heightened focus on the actual use of the powers, in a forward-looking approach through early intervention.
9. The assessment team reviewed the framework of laws, rules, and guidance and held extensive meetings with officials of OSFI, and additional meetings with the BoC, Department of Finance, auditing firms, and banking sector participants. The authorities provided a comprehensive self-assessment of the CPs, as well as detailed responses to additional questionnaires, and facilitated access to supervisory documents and files, staff and systems.
10. The team appreciated the very high quality of cooperation received from the authorities. The team extends its thanks to staff of the authorities, who provided excellent cooperation, including extensive provision of documentation and technical support, at a time when many other initiatives related to domestic and global regulatory initiatives were in progress.
11. The standards were evaluated in the context of the Canadian financial system’s sophistication and complexity. The CPs must be capable of application to a wide range of jurisdictions whose banking sectors will inevitably include a broad spectrum of banks. To accommodate this breadth of application, a proportionate approach is adopted within the CP, both in terms of the expectations on supervisors for the discharge of their own functions and in terms of the standards that supervisors impose on banks. An assessment of a country against the CPs must, therefore, recognize that its supervisory practices should be commensurate with the complexity, interconnectedness, size, and risk profile and cross-border operation of the banks being supervised. In other words, the assessment must consider the context in which the supervisory practices are applied. The concept of proportionality underpins all assessment criteria. For these reasons, an assessment of one jurisdiction will not be directly comparable to that of another.
12. An assessment of compliance with the BCPs is not, and is not intended to be, an exact science. Reaching conclusions required judgments by the assessment team. Banking systems differ from one country to another, as do their domestic circumstances. Furthermore, banking activities are undergoing rapid change after the crisis, prompting the evolution of thinking on, and practices for, supervision. Nevertheless, by adhering to a common, agreed methodology, the assessment should provide the Canadian authorities with an internationally consistent measure of the quality of its banking supervision in relation to the revised Core Principles, which are internationally acknowledged as minimum standards.
13. To determine the observation of each principle, the assessment has made use of five categories: compliant; largely compliant, materially noncompliant, noncompliant, and non-applicable. An assessment of “compliant” is given when all EC and ACs are met without any significant deficiencies, including instances where the principle has been achieved by other means. A “largely compliant” assessment is given when there are only minor shortcomings, which do not raise serious concerns about the authority’s ability to achieve the objective of the principle, and there is clear intent to achieve full compliance with the principle within a prescribed period of time. A principle is considered to be “materially noncompliant” in case of severe shortcomings, despite the existence of formal rules and procedures, and there is evidence that supervision has clearly not been effective, the practical implementation is weak, or that the shortcomings are sufficient to raise doubts about the authority’s ability to achieve compliance. A principle is assessed “noncompliant” if it is not substantially implemented, several essential criteria are not complied with, or supervision is manifestly ineffective. Finally, a category of “non applicable” is reserved (though not used) for those cases that the criteria would not relate to the Canadian authorities.
C. Overview of Institutional Setting and Market Structure
14. Canada’s banking system is highly concentrated and the financial system is distributed across a small number of banks and insurance companies.2 The financial system structure described here refers to the subsystem of federally regulated financial institutions. In March 2013 OSFI designated six of the federally regulated banks as domestic systemically important banks (D-SIBSs). Besides these federally incorporated D-SIBs, the Québec-headquartered bancassurance group, DesJardins, has also been designated as a D-SIFI by the provincial supervisor. While the banks currently hold 61 percent of the federal system assets, 93 percent of the bank assets are held by the D-SIBs. Assets held by banks represented 212 percent of GDP as at end-2012. Reviewing previous FSAPs (2000 and 2008) it can be seen that, broadly, the structure of the banking sector has remained stable for an extended period, though the level of concentration in the D-SIBs has increased as has the size of the banking sector relative to GDP. The 2000 FSAP noted that the banks held 60 percent of the financial system assets and bank assets represented 150 percent of GDP, while the 2008 FSAP report (using 2006 data) noted that the concentration of assets in the D-SIBs were 85 percent of bank assets.
Table 1.
Financial Sector Structure, end 2012
Table 1.
Financial Sector Structure, end 2012
| C$mn | Total Assets (%) |
GDP (%) | |
|---|---|---|---|
| Banks | 3,846,877 | 61% | 212% |
| Life insurers and segregated funds | 980,340 | 16% | 54% |
| Investment funds | 782,179 | 12% | 43% |
| Credit unions and caisses populaires | 297,894 | 5% | 16% |
| Non-depository credit intermediation | 227,285 | 4% | 13% |
| Trust and mortgage loan companies | 50,490 | 1% | 3% |
| Property and casualty insurance | 97,989 | 2% | 5% |
| Total | 6,283,054 | 100% | 346% |
Table 1.
Financial Sector Structure, end 2012
| C$mn | Total Assets (%) |
GDP (%) | |
|---|---|---|---|
| Banks | 3,846,877 | 61% | 212% |
| Life insurers and segregated funds | 980,340 | 16% | 54% |
| Investment funds | 782,179 | 12% | 43% |
| Credit unions and caisses populaires | 297,894 | 5% | 16% |
| Non-depository credit intermediation | 227,285 | 4% | 13% |
| Trust and mortgage loan companies | 50,490 | 1% | 3% |
| Property and casualty insurance | 97,989 | 2% | 5% |
| Total | 6,283,054 | 100% | 346% |
15. Canadian D-SIBs have large international operations concentrated primarily in the U.S. and the Caribbean region. The U.S. operations of Toronto Dominion, Royal Bank of Canada and Bank of Montreal constitute a large share of the consolidated business operations of these banks. The lion’s share of the D-SIBs’ international business activities is commercial banking—credit intermediation funded by local deposits—rather than global investment banking and trading operations.
16. Canada’s banking system is well capitalized and profitable with low nonperforming loans (NPLs). Banks reported solid earnings in 2012, driven by growth in consumer and commercial loan volumes, improved capital markets results, and higher fees. Tier 1 capital levels have remained above 13 percent, while leverage is still below pre-crisis levels.
17. Market-based financing activities3—CP, ABCP, asset securitizations and repo finance—are comparable in size to traditional lending activities of the banks. Following pressures in particular in the ABCP sector early in the financial crisis, the Canadian non-bank ABCP market underwent industry-led restructuring based on a plan prepared by the Pan-Canadian Investors Committee. The federal government together with the provincial governments of Ontario, Québec and Alberta provided a senior funding facility to help this restructuring (completed in January 2009). Since then, several steps have been taken to improve the level of disclosure and transparency of the ABCP market.
D. Preconditions for Effective Banking Supervision
1. Sound and sustainable macroeconomic and financial sector policies
18. Canada has a well-established framework of fiscal, monetary and other macroeconomic policies. The Government of Canada prepares and publishes an annual federal government budget within the context of a medium term fiscal strategy, which is currently to return to balanced budgets by 2015–6. It publishes a debt issuance strategy and a program for debt issues. The Bank of Canada has a monetary policy strategy based on inflation targeting, flexibly applied to take account of prevailing monetary and financial conditions, including at present the deleveraging of the banking sector in response to the financial crisis. The current target is an annual rate of 2 percent.
19. Financial sector policy and legislation are subject to regular review. All financial sector legislation includes provisions requiring review and renewal five years from enactment. Unless an amendment is passed, the legislation authorizing banks to conduct business lapses due to a sunset clause, presenting a strong discipline upon government to keep to the timetable. There is consultation on prospective necessary or desirable changes during the review period.
2. Well established framework for financial stability policy formulation
Federal and provincial powers
20. The federal and provincial governments share jurisdiction over the financial services sector. Under the Canadian Constitution, the Government of Canada has exclusive jurisdiction over banks and banking, although deposit taking entities can be incorporated and regulated at provincial level.
21. Responsibilities for supervision of financial institutions and markets are divided among federal and provincial authorities. Only the securities sector is wholly regulated at the provincial level. The other financial sectors, namely insurance, trust and loan, credit unions can be incorporated and regulated at the federal or provincial level. Entities, such as trust and loan and credit unions, undertake deposit and lending activities but are not defined or regulated as banks but as provincial entities. Trust and loan companies may also be regulated by both levels of government. Companies are regulated for market conduct at the provincial level and those that are federally incorporated are regulated federally for prudential purposes by OSFI under the Trust and Loan Companies Act. Although all credit unions and caisses populaires are currently provincially incorporated and regulated, a new federal framework (established December 2012) will allow for the establishment of federal credit unions. The Credit Union Central of Canada (‘CUCC’), which is federally-incorporated and solely regulated at the federal level by OSFI, functions as the national trade association for the Canadian credit union system. Credit union centrals, which function as liquidity managers and payments processors for member credit unions, are provincially incorporated, and regulated and supervised at the provincial level. Most provincial centrals have chosen to register federally under the Cooperative Credit Associations Act (CCAA) and thus voluntarily subject themselves to federal oversight consistent with the CCAA.
Federal bodies
22. Canada has five federal agencies with distinct and complementary mandates. There are a number of mechanisms to facilitate ongoing collaboration and information sharing.
The Minister of Finance: responsibility for all matters relating to the financial affairs of Canada, including the overall stability of the financial system. The Minister of Finance has overarching authority over federal financial sector legislation, including the governing legislation that establishes the mandates and powers of financial sector regulatory agencies. The Department of Finance supports the Minister in fulfilling this mandate (see: http://www.fin.gc.ca/fin-eng.asp).
The Bank of Canada: Canada’s central bank has four main areas of responsibility: monetary policy, currency, financial system, and funds management. The Bank promotes the stability and efficiency of the Canadian financial system by providing liquidity; overseeing key domestic payment, clearing and settlement systems; participating in the development of financial system policies in Canada and globally; and assessing risks to the overall stability of the financial system.
The Office of the Superintendent of Financial Institutions (OSFI): OSFI is an independent agency of the Government of Canada established in 1987 to contribute to public confidence in the Canadian financial system. OSFI supervises and regulates all banks and federally regulated life and property & casualty insurers, trust and loan companies, cooperative credit associations, fraternal benefit societies, as well as private pension plans subject to federal oversight (http://www.osfi-bsif.gc.ca). OSFI is also responsible for reviewing and monitoring the safety and soundness of Canada Mortgage and Housing Corporation’s (CMHC) commercial activities. CMHC is a Crown corporation that offers mortgage insurance and securitization products to Canadian lenders (http://www.cmhc-schl.gc.ca).
The Canada Deposit Insurance Corporation (CDIC): Canada’s federal deposit insurer and resolution authority for federally regulated deposit-taking institutions which includes banks, federally and provincially regulated trust and loan companies, federally regulated retail cooperative credit associations and federal credit unions. CDIC is an agent of Her Majesty in right of Canada and is a Crown corporation, established in 1967 by the Canada Deposit Insurance Corporation Act. (http://www.cdic.ca).
The Financial Consumer Agency of Canada (FCAC): a federal regulatory body working to protect and inform consumers of financial products and services (http://www.fcac-acfc.gc.ca).
Interagency coordination on issues of financial stability
23. Several mechanisms have been created to facilitate cooperation and information sharing across the various agencies:
The Financial Institutions Supervisory Committee (FISC): established in 1987, is mandated in the Office of the Superintendent of Financial Institutions Act to facilitate consultation and the exchange of information on matters relating to the supervision of financial institutions between OSFI, CDIC, the Bank of Canada, FCAC, and the Department of Finance. FISC provisions contained in the OSFI Act provide that every member of the committee is entitled to any information on matters relating directly to the supervision of financial institutions, bank holding companies or insurance holding companies that is in the possession or under the control of any other member. The Superintendent of Financial Institutions chairs the committee. It meets at least quarterly, and more often as needed. Among other roles, FISC is responsible for coordination and communication amongst federal agencies with respect to strategies and action plans for addressing problem financial institutions and other emerging issues that may have an impact on the financial system, as well as ensuring the effective coordination of responses to events and requests.
The Senior Advisory Committee (SAC): the same membership as FISC but is chaired by the Deputy Minister of Finance. SAC acts as a discussion forum for financial sector policy issues, including financial stability and systemic vulnerabilities in order to inform the advice provided to the Minister of Finance. When appropriate, other government agencies are invited to this discussion (e.g., the CMHC). Each SAC member formulates policies to address identified vulnerabilities consistent with their mandates. Policy issues are discussed at SAC to ensure coordination and assess how such policies may affect the banks and the financial system.
The CDIC Board of Directors: responsible, under the CDIC Act for making decisions and/or recommendations on the use of resolution tools for federally-regulated member institutions. The Board comprises the Deputy Minister of Finance, the Governor of the Bank of Canada, the Superintendent of Financial Institutions, a Deputy Superintendent of Financial Institutions, the Commissioner of the Financial Consumer Agency and six others drawn from the Canadian private sector, including the Chair. Use of some of CDIC’s resolution tools requires the approval of the Minister of Finance and/or the Governor-in-Council (Cabinet).
The Heads of Agencies (HoA) Committee: chaired by the Governor of the Bank of Canada includes the Department of Finance, OSFI, and four provincial Securities Regulators (the Ontario Securities Commission (OSC), Autorité des marchés financiers (AMF), Alberta Securities Commission (ASC), and British Columbia Securities Commission (BCSC)). This forum allows federal authorities and provincial securities market regulators to exchange information, and to coordinate actions on issues of mutual concern.
Members of the Canadian Securities Administrators (CSA): established a Systemic Risk Committee in October 2009 among other reasons to develop a process to identify and analyze systemic risks in the Canadian capital markets. The Committee works with other CSA committees, as well as with other domestic regulators or agencies (such as the Investment Industry Regulatory Organization of Canada (IIROC), the Bank of Canada, and OSFI) on common issues related to systemic risk.
3. Well-developed public infrastructure
24. There are four federal financial institutions statutes. The Bank Act, Trust and Loan Companies Act, Insurance Companies Act, and Cooperative Credit Associations Act, governing the operations of banks and federally chartered insurance and trust and loan companies, and cooperative credit associations. The Government, consulting broadly with stakeholders, reviews the statutes that govern federally regulated financial institutions every five years. The most recent review was completed in 2012.
25. The Canadian corporate law framework operates at both the federal and provincial levels. The framework includes, but is not limited to: the Canada Business Corporations Act; Ontario Business Corporations Act; the Bankruptcy and Insolvency Act (BIA), and the Companies’ Creditors Arrangement Act (CCAA). The BIA, the CCAA and the Winding Up and Restructuring Act (WURA) provide a strong insolvency framework and contain court administered processes for dealing with insolvencies. In addition to the overall corporate and insolvency legal framework, Canada has a well-developed contractual law framework (e.g., provincial Sale of Goods Acts).
26. Privacy and data information is protected under legislation. The Privacy Act (1983) imposes obligations on federal government departments and agencies to respect privacy rights by limiting the collection, use and disclosure of personal information. The Privacy Act also gives individuals the right to access and request correction of personal information about themselves held by these federal government organizations.
27. Canada’s consumer policy framework consists of a suite of measures to protect consumers. The financial consumer protection framework rests on disclosure, limits on practices not beneficial to consumers, the consumer’s right to exercise choice, and access to an effective and efficient complaint handling system. The Government has brought forward legislation to require all banks and authorized foreign banks to belong to an external complaints body that conducts impartial reviews of customer complaints. Government proposals in 2013 also include the development of a comprehensive financial consumer code addressing issues raised by a digital and remote banking environment, as well as the needs of vulnerable Canadians.
28. The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) is the main legislative basis for Canada’s anti-money laundering and countering the financing of terrorism (AML/CFT) regime. The PCMLTFA establishes Canada’s financial intelligence unit, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) which is an independent agency that reports to the Minister of Finance and is also the competent authority for AML/CFT regulation in Canada.
An efficient and independent judiciary
29. The courts system and other legal infrastructure in Canada is highly developed and the independence of the judiciary is respected. There is a comprehensive body of business laws, including on insolvency and on contractual and property rights. All legislation must be passed by the Federal Parliament or provincial legislative assembly. The Constitution recognizes a strict separation at federal and provincial levels between the judiciary, parliament and government. The principle of judicial independence, i.e., freedom from legislative or executive interference, is secured in practice through provisions in law or in practice for security of tenure, financial security and administrative independence. A number of institutions foster judicial independence, notably the Canadian Judicial Council, the Commissioner for Federal Judicial Affairs and the National Judicial Institute.
Comprehensive and well defined accounting principles and rules that are widely accepted internationally
30. Canada has adopted the International Financial Reporting Standards. The use of IFRS became a requirement for Canadian “publicly accountable profit-oriented enterprises for financial periods beginning January 1, 2011.” This includes public companies and other “profit-oriented enterprises that are responsible to large or diverse groups of shareholders.”
31. Application of IFRS has been mandatory since 2011. For rate regulated entities and investment companies, IFRS is permitted but not required for 2011. Investment companies have a deferral until January 1, 2014. Rate regulated entities have a deferral until January 1, 2015. Many Crown Corporations or State Entities must apply IFRS. Similarly, brokerage firms and investment companies not listed but with a broad number of investors are required to apply IFRS.
A system of independent external audits
32. Banks must be audited in accordance with Generally Accepted Auditing Standards, as required under the Bank Act. The audit standards are as set out in the Handbook of the Canadian Institute of Chartered Accountants (CICA), except where otherwise specified by OSFI. The Bank Act further requires that a firm of accountants and the member of the firm designated to conduct the audit of the bank are independent of the bank. (http://laws-lois.justice.gc.ca/eng/acts/B-1.01/FullText.html).
33. The ASB is involved in the International Accounting Standards Board’s standard-setting process. Oversight of the two bodies (including nomination of members) is undertaken on a public interest basis by bodies established by the Canadian Institute of Chartered Accountants (CICA): the Accounting Standards Oversight Council and the Auditing and Assurance Standards Oversight Council.
34. The Canadian Auditing and Assurance Standards Board (AASB) establishes auditing standards based on International Standards on Auditing. The AASB adopted International Standards on Auditing (ISAs) for financial statement audits for periods ending on or after December 2010. Audits of federally-regulated financial institutions are conducted in accordance with ISAs. In particular, ISA 700 Forming an Opinion and Reporting on Financial Statements, includes the requirement that the report of the bank’s independent auditor states the auditor’s opinion on whether the financial statements present a fair view of the financial position and performance of the audited entity.
35. The Canadian Public Accountability Board (CPAB) oversees the quality of the work of the external audit firm. CPAB is the national body responsible for the regulation of public accounting firms and is a Federal not-for-profit corporation. CPAB was created by the Canadian Securities Administrators, the Office of the Superintendent of Financial Institutions and the Canadian Institute of Chartered Accountants. CPAB is a member of the International Forum of Independent Audit Regulators.
Availability of competent, independent and experienced professionals
36. Canada’s accounting profession is self-regulated by the Canadian Institute of Chartered Accountants (CICA) and provincial/territorial institutes. The CICA helps the Canadian accounting profession maintain an international presence through the Global Accounting Alliance and being a founding member and active participant of the International Federation of Accountants.
37. Canada’s legal profession is self-regulated by provincial/territorial law societies. For example, the Law Society of Upper Canada provides oversight for Ontario’s lawyers seeking to ensure that lawyers meet high standards of competence and professional conduct.
Well defined rules governing, and adequate supervision of, other financial markets and, where appropriate, their participants
38. Securities regulation in Canada is currently undertaken under a system of provincial and territorial regulation and supervision. Each province and territory has its own securities regulatory authority or regulator (a Securities Regulator) and its own set of securities laws and regulations, although most regulations are harmonized across the provinces. Generally, the objectives of securities legislation in each province and territory are consistent, i.e., promoting investor protection and fostering fair and efficient capital markets. Discussions continue on the possible creation of a common securities regulator to oversee Canada’s capital markets.
39. The Canadian Securities Administrators (CSA) is a voluntary umbrella organization of the Securities Regulators. CSA members except Ontario, have developed a “passport system,” through which market participants can use a “principal regulator” as a conduit for approval in all other jurisdictions in which they pay fees for the purposes of prospectus approval, discretionary exemption decisions and registration.
Efficient and effective credit bureaus that make available credit information on borrowers
40. Credit bureaus are provincially regulated, and are required to maintain accurate and up-to-date records and to permit consumers access to their credit file.
Public availability of basic economic, financial and social statistics
41. Canada’s central statistical office, Statistics Canada, is legislated to produce statistics on population, resources, economy, society and culture at provincial, territorial and federal level.
Secure, efficient, and well regulated payment and clearing systems.
42. The payment clearing and settlement infrastructure is subject to regulation and oversight by the Minister of Finance, the Bank of Canada (the Bank), OSC, AMF, ASC, and Manitoba Securities Commission (MSC). The Minister of Finance has oversight powers respecting the Canadian Payments Association, (CPA) and payments systems under the Canadian Payments Act (CP Act). The Minister oversees the CPA and its systems, the Automated Clearing and Settlement System (ACSS), Canada’s national retail payment system, and the Large Value Transfer System (LVTS), which deals with large-value Canadian-dollar payments. Under the Payment Clearing and Settlement Act, the Bank has a mandate to identify clearing and settlement systems in Canada that could be operated in a manner that could pose systemic risk. Subject to approval by the Minister of Finance the Bank oversees these systems. Five systems have been designated as systemic: the LVTS; the CDSX, (securities clearing and settlement); the Canadian Derivatives Clearing Service (CDCS); CLS Bank, (foreign-currency transactions); and LCH Clearnet’s SwapClear (OTC interest rate swaps).
4. Clear framework for crisis management, recovery and resolution
Dealing with troubled financial institutions
43. Canada has a supervisory framework that is coordinated with its intervention regime. The authorities are OSFI as the prudential regulator, the Bank of Canada which can provide liquidity to illiquid but solvent financial institutions, the CDIC which is the resolution authority for federally regulated deposit-taking institutions, and the Department of Finance which advises the Minister. These agencies, along with the FCAC, meet regularly through FISC and the CDIC Board.
44. There are a range of options for dealing with troubled financial institutions. These include supervisory actions, taking control of a federally regulated financial institution (e.g., where the Superintendent believes the institution is, or is likely, to be non-viable), as well as options open to the CDIC (noted below). Further, the Government, under the Financial Administration Act, has the power to enter into a wide variety of contracts, including purchasing, lending, selling, or pledging of securities, as well as providing loans, lines of credit, guarantees, loan insurance or credit insurance with any entity operating in Canada. This authority can only be used if the Minister of Finance is of the opinion that entering into a contract is necessary to promote the stability or maintain the efficiency of the financial system in Canada.
45. The Government comprehensive risk management framework for Canada’s systemically important banks is planned to be consistent with the Financial Stability Board’s Key Attributes of Effective Resolution Regimes for Financial Institutions. It is proposed that it will include a “bail-in” regime. The Government will consult stakeholders on how best to implement such a regime.
Early Intervention Framework
46. An early intervention policy forms part of OSFI’s statutory objectives, The statue requires that it “promptly advise the management and board of a financial institution in the event the institution is not in sound financial condition or is not complying with its governing statute law or supervisory requirements under that law and, in such a case, to take, or require the management or board to take, the necessary corrective measures or series of measures to deal with the situation in an expeditious manner”. OSFI’s powers of intervention are discussed in more detail in CP11.
Emergency Lending Assistance
47. The Bank of Canada can provide Emergency Lending Assistance (ELA) to any member of the CPA that is facing serious and persistent liquidity problems and that the Superintendent judges to be solvent. Lending may be against a range of collateral that is broader than it is for typical operations, and is subject to a maximum term-to-maturity of six months. These loans can be renewed as often as the Bank deems appropriate.
Resolution powers
48. CDIC is the resolution authority for CDIC-member financial institutions. CDIC’s statutory mandate is to provide deposit insurance, and promote and contribute to financial stability. Tools available to resolve a failing member institution include: liquidation and payout, agency agreement (an administrative arrangement whereby an agent, on a fee paid basis, will dispose of the assets and honor deposits and other liabilities as they come due); assisted transaction; forced sale (share or asset); open bank assistance; (assistance can range from a one-time, finite loan to a blanket guarantee for all creditors of the institution); and bridge bank arrangements. Canada’s largest banks have been required to develop recovery plans and CDIC has developed resolution plans. Both recovery and resolution plans will be reviewed, updated and enhanced regularly.
5. Appropriate level of systemic protection (or public safety net)
49. Canada’s system of deposit insurance includes both federal and provincial schemes. The CDIC is the federal Crown Corporation that insures eligible deposits up to a maximum of $100,000 per depositor, per member institution. Deposits with provincially regulated cooperative financial institutions (i.e., credit unions) are covered by provincial deposit insurance programs.
50. Mortgage default insurance is an important component of Canada’s financial stability framework. Federally regulated lenders are required by law to obtain insurance on their residential mortgage loans when borrowers provide less than 20 percent of the equity. Mortgage default insurance in Canada is provided either by the Canada Mortgage and Housing Corporation (CMHC) or by private mortgage insurers. CMHC is a Crown corporation and as such its liabilities are fully backed by the Government of Canada. The Government also provides a 90 percent guarantee of the mortgage insurance obligations made by the private insurers.
6. Effective market discipline
51. Canada has well-developed arrangements promoting market discipline. General corporate governance requirements are set out in Canadian federal and provincial corporate statutes, including the Canada Business Corporations Act (CBCA). The statutes prescribe certain requirements in respect of the structure of the board of directors, basic qualifications of directors and requirements for a minimum number of independent directors. Securities laws set out other requirements in relation to companies issuing securities, including requirements for disclosure of governance arrangements. Institutional investors actively monitor corporate governance practices at Canadian public corporations. The Toronto Stock Exchange sets governance and disclosure requirements as conditions of listing. Financial analysis is widely available from media, rating agencies, brokers etc. Canadian regulatory authorities set disclosure requirements on federally regulated institutions (see, for example CP 28). Banks are expected to comply with the BCBS Pillar 3 requirements.
52. More stringent public disclosure obligations apply to Domestically Systemically Important Banks (D-SIBs). OSFI has outlined, among other requirements, more stringent public disclosure obligations that explicitly referenced the recommendations of the Financial Stability Board’s Enhanced Disclosure Task Force (EDTF). Canadian D-SIBs are expected to have public information disclosure practices covering their financial condition and risk management activities that are among the best of their international peers. Moreover, D-SIBs are expected to adopt the EDTF disclosure recommendations in the banking arena, as well as evolving domestic and international bank risk disclosure best practices.
53. OSFI publishes institution-specific data on its website for public access. This includes balance sheet and income statement data, capital and derivative components, and premiums written, among other financial information, for various federally regulated financial institutions.
Detailed Assessment
A. Supervisory Powers, Responsibilities, and Functions
| Principle 1 | Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups. A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorise banks, conduct on-going supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns. |
| Essential criteria | |
| EC1 | The responsibilities and objectives of each of the authorities involved in banking supervision are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps. |
| Description and findings re EC1 | Canada’s Constitution confers to Parliament exclusive jurisdiction over banking and the incorporation of banks. Parliament has delegated responsibility for prudential banking regulation and supervision to the Office of the Superintendent of Financial Institutions (OSFI). OSFI is accountable to Parliament through the federal Minister of Finance. OSFI’s mandate, responsibilities and objectives are publicly defined in its governing legislation, the Office of the Superintendent of Financial Institutions Act (OSFI Act), as follows:
The Bank Act and the governing statutes of each of the identified organizations in the federal financial sector are publicly available (from the |
| EC2 | The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it. |
| Description and findings re EC2 | OSFI functions solely as a prudential supervisor and its primary object (subsection 4(2) of the OSFI Act) is the safety and soundness of financial institutions. OSFI does not have other objectives, such as consumer protection.8 OSFI’s other statutory objectives help to facilitate safety and soundness considerations by requiring that OSFI: intervene early, promote the adoption by institutions of policies and procedures to control risks, and consider and evaluate system-wide risks. |
| EC3 | Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance. |
| Description and findings re EC3 | The Bank Act and its supporting regulations provide the framework for the setting and enforcing of minimum prudential standards for banks. For example, the Bank Act sets, and empowers the Superintendent to set, minimum prudential standards upon incorporation and on an on-going basis with respect to, among other things, ownership, governance, capital, liquidity, self-dealing, investments, specialized financing, and borrowing. As a complement to this legislative framework, OSFI is administratively empowered to publish several forms of guidance, as described below, which serve to clarify the legislative, regulatory and supervisory frameworks, and to articulate OSFI’s regulatory and supervisory expectations and best practices on matters within its discretion. As these forms of guidance are not legislative in nature, and are issued by OSFI at its discretion, they are not subject to direct influence from governmental or other bodies. OSFI has an internal protocol for issuing guidance: Guidelines Guidelines are used to establish policy on minimum best or prudent practices, and set out OSFI expectations and requirements for banks in order to govern industry activities and behaviour. Guidelines, which set standards for industry activities and behaviour, are generally static for a period of time ranging from one to several years, depending upon the need to incorporate revisions to reflect changes in the environment. Guidelines generally fit into one of four categories: capital, accounting, prudential limits and restrictions, and sound business and financial practices. Advisories In general, advisories are more technical and narrower in scope than guidelines. Advisories are used to inform stakeholders such as banks of OSFI’s view or concerns regarding the supervisory or regulatory regime, best practices or risk prevention measures. Advisories can also be used to inform banks about OSFI’s interpretation of legislation, regulations or guidelines. Advisories thus clarify the position of OSFI regarding certain policy issues or describe how OSFI generally administers and interprets provisions of the Bank Act, regulations or guidelines. Banks are expected to consider the relevance of these advisories, which are not case-specific, to their own particular circumstances and to take action, if needed. It should be noted that OSFI’s expectations for banks’ compliance with guidelines or advisories are the same. In the area of capital adequacy, advisories are often used when an issue of interpretation of the Capital Adequacy Requirements (CAR) guideline arises. Advisories can generally be produced in a shorter time period due to their more focused nature. This allows for a pressing issue to be addressed more quickly than would be the case if a guideline were to be amended. OSFI points to this flexibility as the reason why it is rapidly able to adopt international Guidance as in the case for the D-SIB and Pillar III requirements. The Pillar 3 Disclosure requirements were issued in the form of an Advisory because of its technical nature and very limited scope of coverage, i.e., it focussed on form and substance of disclosure. Letters Letters are used to provide detailed guidance that would not be found in a guideline or advisory. They may be used to inform FRFIs of international guidance or to provide more general information such as implementation timelines, e.g., implementation of IFRS or of Basel III. In some cases, a letter may be used to clarify a very specific item. Advisories and letters are often transitory in nature and are incorporated in guidelines when they are updated. For example, about 20 advisories and letters were incorporated into the 2013 version of the CAR guideline. OSFI can use any of its intervention tools to address breaches of guidance, and the form of that tool (prudential agreement, direction of compliance, capital order) would be chosen to fit the circumstance. Staging would normally be the first approach if other informal tools don’t work. The use of guidance does not require Ministerial or Parliamentary involvement. There are two additional tools of communication to convey OSFI’s expectation:
In the event that prudential standards are not met the Bank Act provides the Superintendent with a wide range of discretionary enforcement powers. Examples of such powers include: special examinations, prudential agreements, directions of compliance, application to a court for an order of compliance and ultimately the taking control of the bank. See CP 11 for a summary of the full suite of corrective, enforcement and sanctioning powers of the Superintendent. In general, non-compliance with the provisions of the Bank Act is also an offence that may be subject to certain sanctions, including criminal sanctions and civil monetary penalties that the Superintendent may impose under the Administrative Monetary Penalties (OSFI) Regulations. Enforcement of restrictions and directions of compliance can be pursued through the courts, if necessary. OSFI’s legislative framework supports a risk-based approach to supervision. As such, the Bank Act permits the Superintendent to apply quantitative and qualitative judgement when deciding which enforcement and/or corrective measures to use and to what degree. For example, although OSFI’s minimum capital requirements are uniform, the actual capital requirements vary by institution. Each institution is required to hold a unique level of capital, as is determined by the institution’s activities, risk profile, and systemic importance. The Bank Act (section 485(3)) provides the underpinning legal power for OSFI to require higher capital than is set out in guidelines or regulations that are made pursuant to the Bank Act (i.e., guidelines or regulations made under section 485(2)). |
| EC4 | Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate. |
| Description and findings re EC4 | There are a range of options available to the authorities to ensure that the banking law - the Bank Act – is updated in a timely and flexible manner. In the first instance, the Bank Act contains a “sunset” clause (Section 21) that results in a review of the statute every five years to enable the laws to remain current and effective. The amendment can be minimal to satisfy the demands of the Act but it is required in order to ensure that the banks are permitted to continue business, otherwise the legal authorization for all banks to continue business lapses. Since the enactment of the sunset clause in 1992, the Bank Act has undergone substantial reviews in 1996, 1997, 1999, 2001, 20079 and, most recently, in 2012. The five-year legislative review process provides a statutorily mandated window during which OSFI can seek to align the legislative framework with changing industry and regulatory practices. The federal Department of Finance leads a broad public consultation process during legislative reviews, seeking submissions and proposals for legislative amendment. OSFI often consults directly with stakeholders during this process. The legislative review process concludes with a public review and debate on the proposed amendments by Parliament. Notwithstanding the legislative review process, in practice, amendments to the Bank Act can be made on a more regular basis through other vehicles, such as the federal government’s annual budget implementation legislation, which implements various fiscal, tax and other policy measures. This annual legislative window can be used to adapt the regulatory and supervisory framework to address emerging issues, evolving markets, and regulatory and supervisory developments, thus allowing OSFI to continue to meet its regulatory and supervisory objectives. Key stakeholders are consulted, as is the case for other legislative processes. Further, regulations made under the Bank Act may be amended at any time through a “Governor-in-Council” process (i.e., through the executive branch of government), a streamlined regulatory process that does not require the approval of Parliament. The regulation-making process requires public consultations to be conducted, including the publication of draft amendments for public review and comments. To ensure that OSFI’s guidance remains current and effective, OSFI has created a Guideline Review Committee and given it a mandate, among others, to monitor the status of OSFI’s guidelines, discuss potential changes, and oversee effectiveness reviews of older and recently issued guidelines. Such reviews allow OSFI to monitor and assess whether the desired impact of a particular guideline is being achieved. When updating or developing its guidance, OSFI carries out formal public consultations. Consultation papers and/or draft versions of new or revised guidance are posted for comment on OSFI’s website. To facilitate transparency, a summary of industry’s comments and OSFI’s responses to such comments are published on OSFI’s website concurrent with the final guidance. Recent examples of public consultations include the guidelines issued on Capital Adequacy Requirements, Mortgage Underwriting and Corporate Governance. |
| EC5 | The supervisor has the power to: |
| (a) | have full access to banks’ and banking groups’ boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations; |
| Description and findings re EC5(a) | OSFI has a range of powers of information access granted to it under the Bank Act:
|
| (b) | review the overall activities of a banking group, both domestic and cross-border; and |
| Description and findings re EC5(b) | The supervision of Canadian financial institutions is conducted on a consolidated basis, which involves an assessment of all of an institution’s material entities (including all subsidiaries, branches and joint ventures), both in Canada and internationally. In addition to the legislative authorities listed in EC5(a), section 635 of the Bank Act allows the Superintendent to direct a person who controls a bank or any entity that is affiliated with a bank to provide the necessary information to satisfy the Superintendent that the bank is in sound financial condition and in compliance with the provisions of the Bank Act. Also, section 470 of the Bank Act may be used to require a bank to provide undertakings to provide access to records of controlled domestic and foreign subsidiaries. In practice, OSFI’s Supervisory Framework focuses on identifying material risks to a bank or banking group. As such, OSFI identifies a bank’s “significant activities”—a line of business, unit, or process, which may be domestic or cross-border—that are fundamental to the bank’s business model and its ability to meet its overall business objectives. Supervisory work is planned at the significant activity level, and ranges from ongoing monitoring of the significant activity to extensive reviews of the bank’s operations at its domestic or foreign premises. |
| (c) | supervise the foreign activities of banks incorporated in its jurisdiction. |
| Description and findings re EC5(c) | OSFI supervises banks on a fully consolidated basis, irrespective of location of the legal entities of the group or their activities. Information sharing, which is permitted under Subsection 22(2) of the OSFI Act and which authorizes the Superintendent to enter into agreements with foreign regulators to share information about banks, facilitates the supervision of banks’ activities outside Canada. The powers iterated in EC5(a) and (b) above enable and support the ability of OSFI to supervise such activities. OSFI will usually enter into Memoranda of Understanding with foreign regulators to facilitate the confidential sharing of information, as appropriate, to increase awareness and understanding of group-wide issues and contribute to supervisory efficiency and effectiveness (please see CP3 and CP13). The assessors discussed with OSFI practices of non-domestic on-site inspections, file reviews, visits and coordination with host supervisors, including colleges of supervisors. |
| EC6 | When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardise the bank or the banking system, the supervisor has the power to: |
| (a) | take (and/or require a bank to take) timely corrective action; |
| Description and findings re EC6(a) | As discussed in EC1, OSFI’s statutory mandate requires that it promptly advise the management and board of a financial institution in the event the institution is not in sound financial condition or is not complying with its governing statute law or supervisory requirements under that law and, in such a case, to take, or require the management or board to take, the necessary corrective measures or series of measures to deal with the situation in an expeditious manner. To fulfill its mandate, OSFI supervises banks in accordance with its Supervisory Framework. The Framework describes the principles, concepts, and core process that OSFI uses to assess the safety and soundness of financial institutions, and to identify issues or areas of concern early in order that timely corrective actions may be taken. When OSFI identifies urgent issues or requires a bank to take significant remedial actions, supervisory processes would be expedited, and the frequency and intensity of monitoring and reporting would be enhanced. OSFI’s Supervisory Framework is supported by a Guide to Intervention, which supports early intervention to minimize losses. The Guide to Intervention outlines the types of involvement that banks can normally expect from OSFI (as well as from CDIC) and summarizes the circumstances under which certain intervention measures may be expected and escalated. The Bank Act provides a wide range of discretionary, early intervention powers that allow OSFI to intervene to address concerns that may arise with a bank. Examples of such powers include: special examinations, prudential agreements, directions of compliance, application to a court for an order of compliance and, ultimately, taking control of the bank. The aforementioned Supervisory Framework, Guide to Intervention, and details of the applicable legislative provisions are discussed in detail in BCP 11 on corrective and sanctioning powers, and below in EC6(b). |
| (b) | impose a range of sanctions; |
| Description and findings re EC6(b) | OSFI has the power to impose a range of sanctions under the Bank Act:
OSFI’s Guide to Intervention outlines how a bank may expect a range of supervisory tools, including sanctions, to be applied at each stage of intervention as the severity of the situation escalates. |
| (c) | revoke the bank’s licence; and |
| Description and findings re EC6(c) | The Bank Act (Section 973.03) provides the Minister and Superintendent with authority to revoke, suspend or amend any approval. This includes the revocation of the Letters Patent by the Minister and the revocation of the Order to Commence and Carry-on Business (OCCB) (i.e., a bank’s license), respectively. In other words, the authority to revoke approval is tied to the authority to grant approval so that the Minister cannot revoke an approval that was granted by the Superintendent, but instead can revoke any approval that was granted by the Minister. Neither the Minister nor the Superintendent have ever used the powers to revoke an approval granted by section 973.03 of the Bank Act. Were these powers to be used, in practice the Superintendent would recommend to the Minister that Letters Patent be revoked even though the legislation does not expressly require the Superintendent to make such recommendation. However, once the Superintendent revokes the order to commence business then the bank cannot continue to operate as a bank. The firm would still remain a legal entity and also a bank, so it can continue to have a corporate presence/operations (retain office space, have staff, hold board meetings, etc.), but it cannot engage in the business of banking (including taking deposits and making loans). In the hypothetical event that the Minister were not minded to revoke the Letters Patent, the Superintendent therefore retains the ability to prevent the bank from operating as a bank. In practice OSFI would be more likely to exercise its powers under Section 54 of the Bank Act, whereby it can make the OCCB subject to conditions or limitations, or amending or revoking any authorization contained in the OCCB or any condition or limitation to which the OCCB is subject. Subsection 973.03(2) is broad in scope as it applies to any approval and is largely duplicative of section 54. The subsection was added to legislation in 2007. OSFI might also seek to take control of the bank. This is a defined term that is part of the process leading to liquidation of a bank (as opposed to assuming governance of an institution on an on-going basis) but OSFI must consult with the Minister before seeking to exercise this power. |
| (d) | Cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate. |
| Description and findings re EC6(d) | The Bank Act provides a wide range of discretionary, early intervention powers that allow OSFI to intervene to address concerns that may arise with a bank, and, in so doing, to cooperate and collaborate with all relevant authorities (domestic and foreign). OSFI and CDIC jointly developed, documented, and publicly disclosed the Guide to Intervention, which also outlines their coordinated approach at each increasing stage of intervention. In addition, the Bank Act (sections 648 to 656) clearly defines a role for the Superintendent in deciding when and how to trigger the orderly resolution of a problem bank. When the Superintendent determines that an institution is at the stage of “non-viability/insolvency imminent”, the Superintendent’s activities and responsibilities may involve:
|
| EC7 | The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group. |
| Description and findings re EC7 | The Superintendent has powers to access information in respect of a person who controls a bank or an entity that is affiliated with a bank (subsection 635(1) of the Bank Act). The definition of an affiliate, under the Bank Act (section 6) includes an entity that exerts control over another. The Bank Act empowers the Superintendent to issue an order to direct a person who controls a bank or any entity that is affiliated with a bank to provide information or documents where the Superintendent believes that the production of such information or documents is necessary in order to be satisfied that the provisions of the Bank Act are being duly observed and that the bank is in sound financial condition. It may be noted that ownership rules for banks require certain domestic banks to be “widely held”. This restriction applies to banks with equity of more than 12 billion Canadian dollars and covers the five largest domestic banks in Canada. In addition, the Bank Act (section 378) “deems” certain banks “to be a bank with equity of twelve billion dollars or more”. In practice the Act seeks to widen the “widely held” restriction. Three banks (National Bank, Laurentian Bank and Canadian Western Bank) are deemed to have equity of 12 billion or more under section 378. The shares of these banks trade directly on the stock exchange as there are no holding companies at the top of the corporate structure (i.e., all of these banking groups have a bank at the top of the group). In practice, therefore, there is no parent entity for the major banks in Canada. A major shareholder is permitted for banks under the threshold of 12 billion dollars. Furthermore, a smaller bank, below 2 billion dollars in equity can be “closely” held and the parent can be a commercial entity. For these institutions the information powers under subsection 635(1) of the Bank Act noted above are pertinent. Although OSFI’s consolidated approach to supervision focuses primarily on the assessment of the federally regulated financial institution (i.e., the bank) and its subsidiaries, OSFI’s risk assessment also considers the activities of parent companies and affiliates (where they exist) and their impact on the regulated bank. During the review of an application for incorporation, ownership and related considerations are evaluated. Pursuant to section 27 of the Bank Act, OSFI reviews the financial resources of the applicant and the extent to which the proposed corporate structure of the applicant and their affiliates may affect the supervision and regulation of the bank, having regard to:
See also CP12. |
| Assessment of Principle 1 | Compliant |
| Comments | OSFI has the sole legal mandate for the supervision of banks in Canada. As an institution OSFI demonstrates a strong consciousness of its mandate and of working within the scope of its mandate at all times. The Bank Act, the main statue under which OSFI operates, provides OSFI with a wide range of powers that are essential to the performance of effective supervision. The mandatory five-year revision to the Bank Act provides a legal framework with a ready capacity to be periodically updated to reflect the demands of the financial system and expectations placed on supervisory practice. The first Core Principle of the BCP standards requires that laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards and further requires that the supervisor must have powers to increase the prudential requirements for individual banks and banking groups to reflect their risk profile and systemic importance. OSFI meets the standard of the CP as the Bank Act provides these powers. The Bank Act requires banks and banking groups to adhere to minimum prudential standards and empowers OSFI to set higher individual standards and provides OSFI with a range of powers and sanctions to enforce compliance if the bank or banking group fails to meet the requisite standards. It is worth noting the role of guidelines issued by OSFI. The guidelines are a means whereby OSFI is able to swiftly, explicitly, and outside the political process, articulate its supervisory expectations and how the requirements, including adequate prudential standards, of the Bank Act should be met. While the guidelines are not directly enforceable in law, failure to meet a guideline is indicative of failure to meet the underlying legal standard. If OSFI determines that a bank has not met the standard by other means, OSFI has sufficient tools to compel compliance. The guidelines are therefore indirectly enforceable under the law. In practice the guidelines are viewed as equivalent to regulations by the industry. In order for this approach of indirect enforcement to be effective and lead to desired supervisory outcomes, it is essential for the supervisory authority to closely monitor the industry’s compliance with the guidelines and to be prepared to increase supervisory pressure as soon as it identifies institutions out of compliance. OSFI has an explicit and legal mandate for early intervention and its supervisory approach flows from its mandate. OSFI must maintain its supervisory approach of close touch and focused pressure on banks if supervision is to continue to be effective. Over time, it is recommended that ways be explored to strengthen the enforceability of guidelines through statutory changes to the powers of OSFI under the Bank Act. It is further recommended that consideration is given to whether there are any key prudential standards that would benefit from a migration to the format of a regulation. |
| Principle 2 | Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor. |
| Essential criteria | |
| EC1 | The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision. |
| Description and findings re EC1 | OSFI is a government agency, established by Parliament as a separate Office under the Office of the Superintendent of Financial Institutions Act (OSFI Act, subsection 4(1)) with the stated purpose of contributing to public confidence in the Canadian financial system (section 3.1). The Minister of Finance presides over and is responsible for OSFI and the Superintendent is the Deputy Head of OSFI. In contrast to powers held with respect to other government agencies, the Minister of Finance has no statutory powers of direction under the OSFI Act and therefore has no authority to issue Ministerial Directions to the Superintendent. OSFI is fiscally independent of government and its budget is not dependent on government appropriations.10 OSFI is instead financed through fees levied on federally regulated financial institutions (subsection 17(2) and section 23 of the OSFI Act). OSFI has the power to act independently in order to meet staffing and other resource requirements in pursuing the agency’s statutory objects by virtue of its categorization as a separate agency (Schedule V of the Financial Administration Act (FAA)), and the delegation of powers to the Superintendent. Furthermore, the Superintendent is authorized to exercise powers that relate to the determination of terms and conditions of employment and the responsibility for employer and employee relations. See also EC6 below in relation to staffing matters. OSFI’s employees must, however, be appointed in accordance with the Public Service Employment Act (PSEA), which is administered by the Public Service Commission (PSC). The PSEA prescribes the staffing framework – appointments, complaints and dispute resolution, and the revocation of appointments – applicable to most government employers. Although the PSC has delegated its staffing authorities to the Superintendent, subject to terms and conditions, OSFI does not have discretion to establish its own framework, a status that has been granted to other government employers meaning that they have full discretion to establish their own staffing frameworks. OSFI’s current agreement with the PSC imposes on OSFI certain operational requirements and reporting requirements for OSFI to demonstrate that it has complied with the PSC’s framework and policies. For example, prior to recruiting externally, OSFI is required to consider public service employees that are on a priority hiring list, even though the skills sets that OSFI seeks for supervisory and/or regulation staff are not typically available in the broader public service. OSFI staff explained that the practical impact of this process is extremely limited as confirmation of whether there are public service employees who must be considered is typically obtained within two to three working days. Moreover, as it is necessary for a successful candidate to meet the relevant and specific criteria for the roles within OSFI, the supervisory authority is not at risk of being obliged to accept staff unsuited to its posts. Finally, the Superintendent is responsible for the administration of the Bank Act (section 6 of the OSFI Act), and is provided with operational independence in carrying out OSFI’s core mandate. OSFI has authority over supervisory and prudential matters and is empowered to exercise discretion when taking supervisory actions or decisions respecting banks. Where there are ministerial approval requirements in the Bank Act, OSFI’s focus is prudential in nature and the Minister’s focus is on policy considerations. The Bank Act provides different approval processes depending on the determination in question (e.g., whether licensing or change of control or investment in a federally regulated entity). In practice, all ministerial approvals are processed by OSFI, and the Superintendent provides a recommendation to the Minister based on statutory and prudential considerations. The assessors clarified that applications for approval must be submitted to OSFI (the Superintendent) and not the Minister and that OSFI does not, in practice, provide “negative recommendations” to the Minister. In cases where the application relates to a matter that requires only the Minister’s approval, OSFI reviews the application to ensure it is complete. OSFI then reviews the application to determine whether it raises prudential concerns, and makes its recommendation to the Minister. The Minister may take into account any relevant considerations, including the Superintendent’s recommendations on prudential matters. In cases where OSFI provides a positive recommendation for the Minister to approve, OSFI only presents the arguments for approval. OSFI does not provide the underlying information that would enable the Minister to second guess the prudential determination or overturn a prudential veto. In other words, when OSFI has rejected an application for approval on prudential grounds, OSFI does not, as a matter of course, provide a negative recommendation to the Minister or provide an opportunity for the Minister to intervene in the process. As an agency of the government, OSFI has clear and statutorily prescribed lines of accountability. Pursuant to section 4 of the OSFI Act, OSFI is accountable to Parliament through the Minister of Finance. The Minister presides over and is responsible for OSFI, and the Superintendent is the Office’s Deputy Head. OSFI must produce an Annual Report detailing its operations for the year, which the Minister must table before Parliament under section 40 of the OSFI Act. Section 6 of the OSFI Act requires the Superintendent to report to the Minister from time to time on all matters connected with the administration of the Bank Act. It is important to note that, despite these accountability structures and reporting requirements, which are critical in a parliamentary system such as Canada’s, there is no government interference that would compromise OSFI’s operational independence in carrying out its mandate. As discussed in EC4 and EC5, the OSFI Act and OSFI’s internal policies establish a number of conflict of interest measures and codes of conduct designed to prevent undue influence from industry, such as a prohibition on owning shares of federally regulated financial institutions, disclosure with respect to borrowings from federally regulated financial institutions, the prohibition on the acceptance of any grant or gratuity, and the consequences of contravening those requirements. OSFI is subject to the imposition of government-wide fiscal restraints such as wage freezes (when in force), as well as the administrative guidance of the |
| EC2 | The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed. |
| Description and findings re EC2 | The Superintendent is the “Deputy Head” of OSFI, supported by an Executive Management Team. OSFI does not have a separate “governing body”, such as a board of directors. The Superintendent has sole power to appoint the executive management team. Section 5 of the OSFI Act provides that OSFI will be headed by a Superintendent who is appointed by the Governor in Council for a fixed term of seven years, a term that is not linked to the usual four-year mandate of the government in power. Further, the appointment is made “during good behaviour” (as opposed to “during pleasure”, where the incumbent can be easily replaced during a term),11 meaning that the Superintendent can only be removed for cause (e.g., misconduct) by the Governor in Council. However, the specific reasons for which the Superintendent can be removed are not specified in the OSFI Act and common law precedence would apply in determining reasonable cause. The OSFI Act requires that where the Superintendent is removed from office, the Order in Council providing for the removal must be laid before Parliament and is thus public. The details of the reason for removal from office would be set out. The appointment of a Superintendent follows a competitive hiring process, including a public call for applicants. The selection process is coordinated by the Privy Council Office (Senior Personnel Secretariat) on behalf of the Prime Minister’s Office. The Superintendent is appointed by the Governor in Council (i.e., the Governor of the Privy Council). The Superintendent, on the expiration of any term of office, may be re-appointed for a further term of office. In the event of absence or incapacity of the Superintendent, or if the office of Superintendent is vacant, the Governor in Council may appoint a qualified person to hold office instead of the Superintendent for a term not exceeding six months, with all of the powers, duties and functions of the Superintendent. This interim appointment may be renewed for subsequent six month terms. |
| EC3 | The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives. |
| Description and findings re EC3 | OSFI’s objectives and its performance against objectives are made public on an annual basis in several publications, including:
OSFI discloses a significant amount of information about its business and the institutions it regulates, including financial data, speeches, media interviews, external consultations and reports. OSFI has an internal audit group and a formal Audit Committee (which is discussed in detail in EC4), its financial statements are audited by a private audit firm, and it is subject to periodic “value for money” audits by the OSFI is also subject to the Access to Information Act, a statutory process by which the public can request specific information on topics or issues (subject to certain statutory exclusions related to supervisory activities, institution-specific confidential information, privacy, national security, etc.). |
| EC4 | The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest. |
| Description and findings re EC4 | OSFI has developed a Framework for Exercising the Superintendent’s Powers (FESP), (section 10 of the OSFI Act), which outlines the regulatory and supervisory powers that are retained directly by the Superintendent and those that are assigned to specific positions within the organization. This delegation of authorities is based on the principle that only persons in positions of sufficient authority can exercise the Superintendent’s powers. The framework establishes lines of communication and accountability and makes it clear that in cases of doubt the appropriate response is to refer to the senior level of authority. It also seeks to ensure that timely supervisory decisions can be taken at the level appropriate to the significance of the issue. These responsibilities and accountabilities are reflected in job descriptions that are created for every position at OSFI. This framework has been reviewed and refreshed five times since it was first prepared in 2002, the most recent occasion being 2007. OSFI has written procedures for each of its sectors (Regulation, Supervision, and Corporate) to address key regulatory and supervisory functions (e.g., risk assessment and examination, approvals, rule making, etc.). These procedures complement the FESP and individual job descriptions by providing additional operational detail on authorities, responsibilities and expectations, and communications. OSFI’s governance framework is enhanced through an Enterprise-wide Risk Management (ERM) framework, which facilitates discussion on the risks faced by the organization. The ERM framework is an explicit and structured office-wide method for OSFI to identify, evaluate, prioritize and develop initiatives to mitigate risks to OSFI where exposure is greatest. OSFI also has an Audit Committee that advises the Superintendent on non-prudential (i.e., corporate) matters. The role of the committee is to provide objective advice and recommendations to the Superintendent regarding the sufficiency, quality, and results of assurance on the adequacy and functioning of OSFI’s risk management, control and governance frameworks and processes, including accountability and auditing systems. In order to give this support to the Superintendent, the committee focuses on core areas of OSFI’s management, control, and accountability, including reporting, in an integrated, risk-focused, and systematic way. As noted in EC3, OSFI also maintains an internal audit function, its financial statements are audited by a private audit firm, and it is subject to “value for money” audits by the OAG. Reports from OSFI’s internal audit group and the OAG are publicly available on OSFI’s website. To facilitate timely discussion and decisions on supervisory matters, OSFI conducts regular meetings between senior operational management both within sectors and between sectors. There are also regular executive management meetings with the heads of all sectors (i.e., the Superintendent; Deputy Superintendent, Supervision Sector; Assistant Superintendent, Regulation Sector; and Assistant Superintendent, Corporate Services). In the event of an emergency afflicting the Superintendent, section 5 of the OSFI Act provides for the appointment of a qualified person, either in the absence or incapacity of the Superintendent, who can exercise all the powers, duties and functions of the Superintendent for a period of up to six months. The FESP also contains provisions for the emergency exercise of certain powers, powers that are normally exercised only by the Superintendent. Finally, OSFI has developed a Business Recovery Plan that covers all aspects of business interruption, including decision making in emergencies, whether external or internal to OSFI. Each OSFI employee, including OSFI’s governing executive, must abide by OSFI’s Statement of Values and Code of Conduct, which sets out the organization’s core values of professionalism, integrity and respect for people. This is complemented by a Conflict of Interest Policy that requires employees to uphold, and be seen to uphold, the highest ethical standards, so as to enhance public confidence in OSFI’s integrity, objectivity and impartiality. Further, section 19 of the OSFI Act establishes a number of conflict of interest measures for the Superintendent,12 Deputy Superintendent and members of the Financial Institutions Supervisory Committee (FISC)13 designed to prevent undue influence from industry, such as a prohibition on owning shares of federally regulated financial institutions, disclosure on borrowings from federally regulated financial institutions, the prohibition on the acceptance of any grant or gratuity, and the consequences of contravening those provisions. These same statutory requirements are reflected in OSFI’s Conflict of Interest Policy, which applies to all OSFI employees. |
| EC5 | The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed. |
| Description and findings re EC5 | OSFI sets out its core values of professionalism, integrity and respect for people in its Statement of Values and Code of Conduct. Since 1998, OSFI has commissioned regular consultations with its key stakeholders to assess its effectiveness and to fulfill its commitment to continuous improvement. These consultations are carried out by independent third-party consultants who interview industry executives and advisors to collect their anonymous impressions and assessment of OSFI’s operations and staff. The consultation includes an assessment of OSFI and its employees against matters addressed in the Statement of Values and Code of Conduct. The recent 2012-2013 consultations for the deposit-taking institutions sector Consultation confirm OSFI’s professionalism citing that OSFI were regarded as professional, reasonable, fair, focused on relevant risks and successfully contributed to public confidence in the financial services industry. Relationship Managers (RMs) were described as capable, responsive and hardworking. To increase transparency and accountability, survey results are always published on OSFI’s website. Sections 19 through 21 of the OSFI Act establish rules for the Superintendent, Deputy Superintendent, and members of FISC on how to avoid real and perceived conflicts of interest. More specifically, for these individuals, the OSFI Act:
This statutory framework requires that the Superintendent must be satisfied that when information is shared, it will be treated as confidential and exclusively for lawful supervisory purposes. These statutory requirements are reflected and expanded upon in OSFI’s internal Conflict of Interest Policy and its Statement of Values and Code of Conduct. Employees are expected to review these policies annually and are required to sign documents confirming compliance with certain requirements, such as the prohibition on owning shares of federally regulated financial institutions. OSFI has discretion to apply sanctions, including dismissal, if the laws or workplace policies are breached by employees. Furthermore, section 980 of the Bank Act provides that every person, who without reasonable cause, contravenes any provision of the Bank Act (including section 636 mentioned above) or its associated regulations may be punished by way of monetary fines and/or imprisonment. |
| EC6 | The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. |
| This includes: | |
| (a) | a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; |
| Description and findings re EC6(a) | As noted in EC1, section 11 of the OSFI Act provides the authority to staff the office, in accordance with the Public Service Employment Act, with the necessary number of employees to enable OSFI to meet its mandate and objectives. As discussed in EC1, OSFI’s supervisory budget is not dependent on government appropriations, but is authorized by subsection 17(2) and section 23 of the OSFI Act to be financed through assessments to federally regulated financial institutions and, to a lesser extent, a user-pay program for certain legislative approvals and other selected services. OSFI’s funding model and budget were designed to provide the needed autonomy and independence for OSFI to conduct effective supervision and oversight. OSFI has been able to increase its budget sufficiently in recent years to obtain the necessary resources to take on the increased regulatory and supervisory responsibilities resulting from the fiscal crisis. As an example, between fiscal year-end 2008-2009 and 2011-2012, OSFI’s staff complement has increased by approximately 120 persons or 24 percent. As noted in EC1, the federal government can impose government-wide fiscal restraints such as wage freezes, normally in extraordinary circumstances, which would also be applicable to OSFI. There are no such restraints at this time. OSFI cannot be required to shed staff by the federal government. |
| (b) | salary scales that allow it to attract and retain qualified staff; |
| Description and findings re EC6(b) | Pursuant to sections 13 and 15 of the OSFI Act, OSFI determines its own compensation regime. It maintains a philosophy of targeting the 75th percentile of base salary of the competitive financial services market. OSFI recently reviewed its executive compensation structure with a view to ensuring this target is met. This has allowed OSFI to offer pay scales for executive staff that differ from those in the larger federal government in order to be able to attract staff with specialized skills from the private sector as needed. While OSFI has the ability to establish and adjust its own compensation structure for executive staff, it must seek a mandate from the |
| (c) | the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; |
| Description and findings re EC6(c) | OSFI has the legal authority and the necessary budget to commission outside experts to conduct supervisory tasks or to deal with special situations, and regularly draws on such experts (e.g., specialized credit consultants). OSFI’s contracting and human resource policies and procedures ensure that all external experts have the necessary skills and independence. All external experts are subject to the same confidentiality rules that apply to regular OSFI staff. |
| (d) | a budget and programme for the regular training of staff; |
| Description and findings re EC6(d) | OSFI demonstrates its commitment to professional development and training by providing an estimated two percent of its human resources budget towards training ($1.5 million expensed in fiscal 2011-2012), and by targeting an average of five days of training per year per employee. In recognition of the new expectations of supervisors arising from the recent financial crisis, additional resources for OSFI’s Professional Development and Training Division were approved in fiscal year 2011-2012 to assist with the implementation of new training programs. OSFI reviews its training needs based on its human resource planning processes and continuing discussions with senior management. OSFI’s Executive provides direction on training priorities via quarterly training updates. Individual sectors and divisions have their own training budgets to target specialized needs. In addition, learning plans are a required element of employees’ annual goal commitment documents. These learning plans seek to ensure that adequate and practical training is identified on an on-going basis. OSFI offers both internal and external training. For example, the Supervision Sector offers detailed training for senior examiners with specialized training guides as well as courses in the Supervisory Framework. OSFI has also created formal developmental programs for regulatory officers and supervisors, which consist of formal training and on-the-job development. OSFI maintains a large inventory of external training providers and supports training towards professional designations. |
| (e) | a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and |
| Description and findings re EC6(e) | OSFI has a designated Chief Information Officer (CIO) and a separate budget for the Information Management/Information Technology (IM/IT) Division that is managed according to IM/IT best practice portfolio management guidelines. Technologies, applications, and information are strategically managed and operationally maintained based on a defined IM/IT strategy, a long-term IT renewal program, and implemented according to life-cycle management policies to ensure currency and effectiveness. IM/IT is regarded as integral to OSFI’s ability to carry out its mandate and consequently, $12.8million, representing approximately 10 percent of OSFI’s overall budget, was allocated to this function in 2011-2012. OSFI’s IT/IM investment includes such applications and tools as OSFI’s Business Intelligence Tool (BI Tool), which consolidates a number of quantitative and qualitative inputs about individual financial institutions and allows the supervisor to quickly assess the institution, its peers, and observe trends. Another example relates to OSFI’s document storage and retrieval capabilities, which are being upgraded to leading-edge software that will increase efficiencies. |
| (f) | a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges). |
| Description and findings re EC6(f) | OSFI’s travel budget for the 2010-2011 to 2013–2014 fiscal years ranges between 2.8 and 3.1 percent of its total budget. A travel budget of this nature has been sufficient to meet the needs for domestic and international on-site visits, cross-border cooperation, and international regulatory commitments. OSFI has a range of international commitments stemming from its membership of the G20 nations, including but not limited to membership and support for the Basel Committee on Banking Supervision and the Financial Stability Board and their subsidiary committees, working groups and task forces. OSFI develops annual supervisory strategies and plans for each banking group, including a group’s foreign operations. Periodically, planned supervisory work may target a significant activity that is carried out in a foreign jurisdiction. In such cases, OSFI would not only conduct an on-site review of the bank’s foreign operations, but it would also meet with the host country supervisor. In line with Financial Stability Board (FSB) recommendations, OSFI participates in or hosts various cross-border commitments, such as supervisory colleges. OSFI’s travel budget is also sufficient to support its continued participation on international rule making bodies, such as the Financial Stability Board, Basel Committee on Banking Supervision, International Association of Insurance Supervisors, and Joint Forum. |
| EC7 | As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified. |
| Description and findings re EC7 | OSFI operates on a three-year planning cycle, but reviews its plans at least annually. OSFI reviews its training needs based on its human resource planning processes and continuing discussions with senior management about upcoming plans and priorities. OSFI’s Executive provides direction on training priorities via quarterly training updates. Individual sectors and divisions have access to individual operational and training budgets to bridge identified gaps. For example, to deal effectively with the global financial crisis, the many lessons learned, the magnitude of new and on-going work related to international commitments, and the evolving risks within the Canadian financial services industry and its institutions, OSFI observed a short-and medium-term need to increase its risk assessment and supervisory resources. Between fiscal year-end 2008-2009 and 2011-2012, OSFI’s staff complement increased by approximately 120 persons or 24 percent. To ensure that OSFI could continue to meet its mandate, it added staff with specialized knowledge in the areas of corporate governance, credit, market and operational risks and to support the development of new and more sophisticated risk-sensitive liquidity and capital rules. OSFI admitted that some specialist areas have been more difficult to staff due to a scarce skillset, such as the technical specialists for model reviews. However, OSFI noted that it has to date always been able to fill vacancies with appropriately skilled staff. OSFI further noted that the organization underwent a conscious program of refreshing the skills including bringing in more staff from the industry and remained conscious of the need for continued refreshing of such skills. Discussions with the industry confirmed a consistent view that OSFI staff had the skills necessary to understand and to challenge the banks and several banks noted that OSFI had some outstanding individuals in its staff. Banks recognized that the large intake of new hires over a relatively short period was an institutional challenge for OSFI to manage in terms of embedding new staff into OSFI culture and standards but overall the process appeared to be smooth and successful. Some firms expressed concerns that OSFI might not be able to retain the highest caliber staff given competition from the industry itself. |
| EC8 | In determining supervisory programmes and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available. |
| Description and findings re EC8 | OSFI employs a risk-based approach to supervision. This approach is embedded in OSFI’s Supervisory Framework, which describes the principles, concepts, and core process that OSFI uses to assess the safety and soundness of financial institutions, and to identify issues or areas of concern early in order that timely corrective actions may be taken. Under the framework, OSFI annually prepares a supervisory strategy, which outlines the supervisory work planned for the next three years to keep the bank’s risk profile current. This general strategy forms the basis for a more detailed plan that guides resource allocation decisions for the upcoming year. The intensity of planned supervisory work depends on the nature, size, complexity and risk profile of the bank and the banking group. Supervisory work is planned and prioritized around a bank’s significant activities after considering the “net risk” of these activities (i.e., inherent risks of the activities after consideration of the quality of risk management), the need to update OSFI’s information on the activities, and the importance of the activities to the bank’s overall risk profile. When there are shifts in the risk assessment of the bank throughout the year, OSFI adjusts work priorities set out in the supervisory strategy and annual plan, as necessary. The relative systemic importance of each institution is not only reflected in OSFI’s supervisory plans, but also in OSFI’s corporate structure and design of its supervisory programs. OSFI has established dedicated supervisory teams for conglomerate banks and banking groups the resources for which can be and are adjusted according to changes in the nature, size, and complexity of the groups that are supervised. |
| EC9 | Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith. |
| Description and findings re EC9 | Section 39 of the OSFI Act provides legal protection to OSFI and its staff against lawsuits for actions taken while discharging their duties in good faith. The Government of Canada, through |
| Assessment of Principle 2 | Largely Compliant |
| Comments | OSFI is a government agency whose formal head is the Minister of Finance and is hence subject to some governmental disciplines. Despite this structure, operational independence is in evidence in OSFI’s practices and decision making and is confirmed by all stakeholders including the industry. Nevertheless the Bank Act could better distinguish OSFI’s and the Superintendent’s prudential responsibilities from those of the Minister, who must naturally take a separate range of considerations into account. The concern is to ensure that a prudential veto is securely in place regarding decisions that the Superintendent must make, such as those relating to change of control of a federally regulated bank or major acquisitions or investments made by such entities. There are numerous instances within the Bank Act where approvals are required not from the Superintendent alone but from the Minister, either alone or in addition to the Superintendent of OSFI. Under the current Bank Act, just under 40 approvals belong to the Superintendent and just under 60 belong to the Minister. Broadly, Ministerial approvals are required at significant institutional moments, meaning the creation, change of control, merger or failure of a bank. It should be noted, however, that in 2012, only 18 of 116 Bank Act approvals granted were Ministerial approvals. In 2011, 28 of 132 approvals granted were Ministerial approvals. In addition to the change of control and acquisition approvals that are discussed in more detail in CPs 6 and 7, the power for the Superintendent to act quickly with respect to the taking control of a bank is indicative of OSFI’s operational independence and ability to address prudential issues (see CP11 for further detail). Records indicate that OSFI’s opinion has never been disregarded. Processes and procedures put in place (but which are not expressly required under the Bank Act) lead to the outcome that OSFI is making the sole prudential determination in matters requiring supervisory decisions. (See also CPs 6 and 7 for greater detail). De jure, however, the position is less clear and at various points in the Act (for example, section 396) matters that are listed for the consideration of the Minister are prudential in character, thus implying that the Minister is actively making, or has the capacity to “reassess” the prudential decision. It is recommended therefore that the Bank Act be amended to ensure there are clearly separate legal processes for the prudential decisions to be made solely by OSFI (the Superintendent). It is not suggested that OSFI’s prudential decision should be binding on the Minister in the sense that the Minister must approve a decision recommended (on purely prudential grounds) by OSFI, only that the law should clearly ensure that the Minister cannot issue an approval that was not recommended by OSFI. The Minister must of course be free to make a determination on grounds other than prudential. This is what happens in practice, so the recommendation is to codify the prudential veto clearly in the Bank Act. From the same perspective of legal clarity it is recommended that the Bank Act be revisited with respect to the powers to take control of the assets of a bank. The Act currently permits the Superintendent to take control of a bank, but if this control extends beyond 16 days the Minister may intervene (i.e., Section 648(1)(b): control may extend beyond 16 days “unless the Minister advises the Superintendent that the Minister is of the opinion that it is not in the public interest to do so”). While this provision may have been designed as a failsafe measure for the Superintendent to act quickly, and also to permit the Minister to intervene on public interest grounds, it is implied but not required that an alternative resolution method must at once be put in place in order to ensure that a potentially vulnerable institution in a crisis or emergency situation is dealt with expeditiously and effectively. It is also recommended that the authorities consider exempting the supervisors from the government’s fiscal controls and administrative guidance, as in the case of some other financial agencies, in order to enhance OSFI’s financial autonomy. |
| Principle 3 | Cooperation and collaboration Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information. |
| Essential criteria | |
| EC1 | Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary. |
| Description and findings re EC1 | In addition to OSFI, the prudential supervisor for federally regulated financial institutions, the There are several formal mechanisms to facilitate collaboration between the regulatory bodies at the federal level and along with the main provincial securities commissions, including the following committees:
In addition to these formal mechanisms for the exchange of information, OSFI maintains close contact with representatives of the The assessors were able to confirm in the context of successive meetings that there were well established relationships between officials at the federal authorities and that close and open contact between them is normal practice. Provincial regulators of deposit taking institutions, or other provincially incorporated and regulated financial institutions are not represented on the FISC or the SAC, although provincial securities regulators participate in the Heads of Agencies discussions on capital markets issues. OSFI confirmed that provincial regulators did contact OSFI on an ad hoc basis and that there are meetings at the provincial level where OSFI provides updates on its activities. |
| EC2 | Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary. |
| Description and findings re EC2 | OSFI has entered into formal information-sharing and cooperation arrangements (Memoranda of Understanding – MoUs) with over 30 foreign supervisory authorities. OSFI routinely exchanges information with foreign home and host regulators pursuant to the terms of these MoUs. OSFI regularly receives requests for information from other regulators and will share information where OSFI is assured in writing that the other regulator will maintain confidentiality. Often these requests seek due diligence about an institution or are in relation to an application that a Canadian bank has made to carry on business in another jurisdiction. OSFI participates in collaborative onsite reviews that take place in host jurisdictions. For example, OSFI has led a joint on-site review performed in collaboration with a host authority and which included:
|
| EC3 | The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party. |
| Description and findings re EC3 | Subsection 22(1) of the OSFI Act establishes a strict confidentiality regime for information in OSFI’s possession as well as for any information prepared from it. This extends, as explained below and to the extent possible, to parties with whom information is shared. OSFI has the legal authority to share confidential information with domestic and foreign supervisory authorities pursuant to subsection 22(2) of the OSFI Act and subsection 636(2) of the Bank Act. While broad legal gateways, noted above, exist for information sharing, it is OSFI policy not to exchange written documentation with other authorities until the MoU process has been completed and the due diligence with respect to confidentiality has been complated. With regard to information sharing with foreign regulators, all MoUs entered into by OSFI provide that the information OSFI shares will be treated as confidential. Parties to such MoUs agree to take all possible steps to preserve the confidentiality of the information received. In addition, the MoUs state that employees of both parties to the MoU are bound to hold confidential all information obtained in the course of their duties. The MoUs expressly state that all confidential information received from the other Authority will be used exclusively for lawful supervisory practices. Where a party to an MoU is compelled (e.g., by a court) to disclose to third parties any information obtained from OSFI, the MoU requires that the other regulator will advise OSFI of the information that the regulator is compelled to release and the circumstances surrounding the release. |
| EC4 | The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information. |
| Description and findings re EC4 | Confidential information that OSFI receives from other supervisors is used only pursuant to the terms of OSFI’s MoUs with those supervisors. As set out in all of its bilateral MoUs, OSFI will not pass on any confidential information obtained from another regulator without obtaining explicit prior consent to do so. If OSFI is legally compelled to release confidential information it has received from another regulator, its procedure would be to notify the regulator in question promptly and if said regulator does not provide consent, OSFI would seek to use every available means to resist or protect the confidential information. At this point in time, there have been no cases where OSFI has been legally compelled to disclose information obtained from a third party. |
| EC5 | Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions. |
| Description and findings re EC5 | The CDIC is the Canadian resolution authority and there are a number of coordinating mechanisms between the relevant authorities as discussed in CP 1, EC1 and CP3, EC1. OSFI and CDIC maintain a close working relationship and regularly participate in recovery and resolution planning meetings. OSFI also participates in the Resolution Planning Working Group, which is chaired by CDIC and includes membership from all FISC agencies (individual institutions are discussed at FISC). The purpose of the working group is to discuss issues relevant to the development of the resolution plans of institutions and to keep all agencies informed of the banks’ progress in developing resolution plans. OSFI also participates in any meetings that take place directly between CDIC and the banks on the topic of resolution planning. OSFI and CDIC jointly organize and host annual Crisis Management panels that are used to discuss recovery planning and resolution planning with relevant domestic and international stakeholders. The most recent Panel took place in May 2013. A panel with more of a resolution focus will take place later in 2013. Publicly available guidelines are in place (the Guide to Intervention for Federally Regulated Deposit-Taking Institutions) that describe the coordination and cooperation between OSFI and the CDIC in the event that a bank’s condition starts to deteriorate, experiences distress and needs to be moved to resolution. The processes include classifying institutions at each “stage” including, e.g., “early warning,” “risk to financial viability,” or “Non-viability” and clarifying the expected actions of the relevant agencies as well as the coordination between them. (See also CPs 8, 9 and 11). Recovery plans are prepared by financial institutions based on direction and administrative guidance provided by OSFI (with input from the FISC partners). CDIC as Canada’s resolution authority has assumed the responsibility to draft resolution plans. OSFI provides the institutions’ recovery plans to CDIC for the purpose of assisting CDIC with preparing the resolution plans. CDIC obtains any further information that it requires to advance resolution planning from the banks. |
| Assessment of Principle 3 | Compliant |
| Comments | Cohesive cooperation and collaboration are the keynotes of OSFI’s relationships with relevant authorities. Federal level cooperation is supported by a common desire among the agencies and authorities to assure the safety and soundness of the Canadian financial system and its institutions. Cooperative arrangements are well established over decades and proved to be responsive and effective during the financial crisis. Foreign authorities comment very favourably on the quality of their interactions with OSFI. Moreover a number of regulatory authorities, both domestic and foreign, have turned to OSFI for technical assistance to develop their skills, confirming the degree of confidence invested in OSFI’s practices and standards. Nevertheless there are weaknesses in the Canadian arrangements when considering the relationship between the federal and provincial authorities. Touch points with the provincial regulators, while orderly and regular, are potentially less well developed than they could be and may represent a potential frailty in an otherwise well functioning system. In the specific context of the BCP assessment, which is an assessment of the federal level of supervision, it is important that there is full and free flow of information to ensure that OSFI has access to all the information it needs to carry out its mandate. There are two aspects that are relevant in the relationship between the federal and provincial spheres. One is the fact that some financial groups span the federal-provincial spectrum. In some cases the parent entity and consolidation for the group is federal and in others it is provincial, so functional relationships between the agencies are necessary to support effective and meaningful group wide supervision. The other aspect is that financial institutions within Canada, whether provincially or federally regulated and whether active in one or more province (which will depend on the terms of the regulation in the specific province) constitute the financial system in Canada when all taken together. It is important for all agencies to play their role, according to their respective mandates, to ensure that risk in the system, to the system and from the system can be effectively monitored and mitigated. It is noted that there is communication between federal and provincial authorities, for example, in the context of annual updates of risk assessments, and also that OSFI responds to queries as needed and attends functions such as the annual meeting of CUPSA (Credit Union Prudential Supervisors Association) at which each of the provincial jurisdictions provides an update on their credit union system. It is, though, recommended that more frequent and structured arrangements, modeled perhaps on current formats, are put in place to ensure that relevant information is shared actively and proactively as necessary, rather than only on request, in order to enhance firm and group specific supervision and as appropriate wider systemic understanding. |
| Principle 4 | Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled. |
| Essential criteria | |
| EC1 | The term “bank” is clearly defined in laws or regulations. |
| Description and findings re EC1 | The Bank Act (section 2)16 defines a bank as: “a bank listed in Schedule I or II”. As such the legal definition does not provide a description of what a bank is but identifies institutions in a list, by name, that are recognized as banks under the Bank Act. Only those entities licensed by the Minister of Finance under Schedule I or II to the Bank Act are banks. Schedule Schedule III of the Bank Act lists authorized foreign banks (i.e., foreign bank branches), which are also defined in section 2 as “a foreign bank that is the subject of an order under subsection 524(1)”. Section 2 also defines a foreign bank as “…an entity incorporated or formed by or under the laws of a country other than Canada……” |
| EC2 | The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations. |
| Description and findings re EC2 | The Bank Act, Part VIII (Business and Powers) defines the permissible activities of banks. Banks may only engage in the business of banking, which includes the activities set out in section 409, namely:
Foreign bank branches have the same powers (sections 538-556), and are subject to the same restrictions as Schedule I and II banks, except for the fact that a foreign bank branch does not have the ability to take a material amount of retail deposits (i.e., deposits of less than $150,000). A “full-service” foreign bank branch is permitted to accept deposits in Canada of $150,000 or greater (section 545) and a “lending” foreign bank branch is generally prohibited from accepting deposits (section 540). Part IX (Investments) of the Bank Act clearly sets out the permissible investment powers of banks. The investment regime is, in essence, an extension of the business and powers regime. All investments by a bank in an entity are subject to the “reasonable and prudent person” standard (section 465) with a view to ensuring that banks do not expose themselves to undue financial or other risks via their investments. All acquisitions of substantial investments in, and/or control of, a single entity by a bank are subject to specific rules. Part XII (Foreign Banks) of the Bank Act sets out permitted investments in Canada for a foreign bank. While the foreign bank itself may not be licensed or subject to supervision by OSFI, its permitted investments in Canada generally mirror those investments permitted to a Schedule I or II bank. Part XI (Self-Dealing) of the Bank Act sets out limited permissible transactions for banks with related parties. OSFI Advisory: Business and Powers—Ownership Interests in Commodities provides clarity on circumstances in which taking an ownership interest in commodities (which would other violate the section 410(2) prohibition on dealing in goods) would be a permissible activity and prudential standards to be followed in respect thereof. Certain guidelines impose parameters/limitations on permissible activities. |
| EC3 | The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled. |
| Description and findings re EC3 | The use of the word “bank” and its derivations is not wholly limited to banks as defined under the Bank Act. The Bank Act generally restricts the use of the word “bank, “banker” or “banking” in a name, or to describe a business in Canada, to banks and authorized foreign banks (i.e., foreign banks that have received approval to establish foreign bank branches in Canada) (section 983). The general restriction includes any of the abovementioned words in any language and any equivalent words (subsection 983(13)). A subsidiary of a bank may use the name of its parent bank in its name (subsection 983(5)). There is an exception to the general rule, which states that a person may use the word “bank”, “banker” or “banking” in its name, or to describe a business in Canada, if the use of the word is in relation to a business that is not engaged in financial activities, a circumstance in which it is unlikely that the general public would be misled (subsection 983(5.1)). Provincial legislation mirrors this general restriction. For example, the General Regulation to Ontario’s Business Corporations Act (paragraph 16(1)(c)) states that no word or expression that suggests an Ontario business corporation carries on the business of a bank shall be used in a corporate name without the appropriate consent (that consent would have to come from OSFI). There is a protocol with “Industry Canada” whereby new business entities are referred to OSFI if there is any possibility that there may be a misleading use of the word “bank” in the name of the business. OSFI confirmed that not only has Industry Canada taken a very cautious approach (eg referring blood banks to OSFI) there have been a handful of cases of enforcement on the use of the word “bank”. |
| EC4 | The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks. |
| Description and findings re EC4 | The majority of deposit-taking from the public is undertaken by federally regulated financial institutions (e.g., banks and trust and loan companies). At the federal level, institutions incorporated pursuant to the Bank Act, Trust and Loan Companies Act and Cooperative Credit Associations Act are all subject to the same licensing requirements and ongoing supervision/regulation as banks, including the requirement to obtain OSFI’s approval to take deposits. The Canada Business Corporations Act (paragraph 3(4)(a)) and the Canada Not-for-profit Corporations Act (subsection 3(3)), which are the general incorporating statutes at the federal level, state that no (federal) corporation may carry on the business of a bank or other entity to which the FRFI legislation applies. The Canada Cooperatives Act (subsection 3(5)) likewise states that no federal cooperative may carry on the business of a bank or other entity to which the FRFI legislation applies. Indirectly, this prohibits the taking of deposits by other non-FRFI federal entities. Entities can, however, also be incorporated provincially. Approximately 10 percent of all deposits taken in Canada were held outside federally regulated banks as at March 2013. Deposits may also be taken by provincially regulated institutions such as credit unions or, in the case of Alberta, a crown incorporation owned by the provincial government. In either case, the institutions in question are regulated by the relevant provincial authority. Thus a credit union will be regulated by its provincial regulator and Alberta Treasury Branch is regulated by the Alberta government. Whether or not a provincially incorporated entity can carry out business outside its province will depend on the terms of its provincial license and regulatory regime of the other jurisdiction. Provincial credit unions, which are supervised and regulated by provincial authorities, are permitted to take deposits in their jurisdictions of incorporation. In respect of deposits, as at March 31, 2012, credit unions reported $126.3 billion in deposits and deposits held with all Canadian banks, as at June 30, 2012, amounted to $2.3 trillion (the latter figure does not include deposits with other federally regulated financial institutions and hence is not the figure representing all deposits taken by federally regulated financial institutions in Canada). It is also the case that in Canada the prudential framework for Investment Dealers permits them to use free cash held on behalf of clients. The Investment Dealer must be able to give back these uninvested moneys to the clients on demand. Such funds can be seen to have the character and quality of a deposit. |
| EC5 | The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public. |
| Description and findings re EC5 | The OSFI website makes available a current list of all banks, foreign bank branches and foreign bank representative offices operating in Canada. In addition, pursuant to the Bank Act, Schedules I, II and III to the Bank Act list all banks and foreign bank branches (sections 14 and 14.1). The Bank Act is accessible in printed form as well as on the federal government’s Department of Justice website. |
| Assessment of Principle 4 | Compliant |
| Comments | Under Canadian federal law a bank is an entity that is incorporated and regulated at the federal level. A bank, by definition, cannot exist at the provincial level. Canadian federal law does not, however, apply to all financial institutions which may take deposits from the public. Deposit taking institutions can be incorporated and regulated at the provincial level. In practice the considerable majority of public deposits – approximately 90 percent – are taken by the federal banking system. The provision of credit is also largely at the federal level – ie 75 percent (figures from the Bank of Canada, 2012). However, there are some institutions which are systemically significant for their provinces, notably DesJardins, the credit union group based in Québec, and Alberta Treasury Branches, which is a Crown incorporation owned and regulated by the province of Alberta and which is the 10th largest lender in Canada. Also, funds with deposit-like characteristics are being taken from clients in investment dealers. As noted above, this BCP assessment focuses on the federal level in Canada and does not offer any assessment of the adequacy and appropriate laws, regulation and supervision applying to provincial deposit taking entities. However, it is clear that the scope of the federal system does not, and legally cannot, include all deposit taking entities of significance. The Canadian authorities are recommended to assess and as necessary make remedy to laws and arrangements to ensure the soundness and stability of the financial system within Canada, not merely the federal aspect of that system. |
| Principle 5 | Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management) of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organisation is a foreign bank, the prior consent of its home supervisor is obtained. |
| Essential criteria | |
| EC1 | The law identifies the authority responsible for granting and withdrawing a banking licence. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate. |
| Description and findings re EC1 | There is a two step licensing process in Canada. The Minister of Finance holds the licensing power in Canada and acts on the advice of the Superintendent of OSFI as set out in the Bank Act. Granting a bank license There are two steps to the application process for incorporating a bank in Canada. The first step is the requirement to obtain letters patent of incorporation, which are issued by the Minister of Finance (section 2217 of the Bank Act) upon recommendation of the Superintendent. The Bank Act states that an application for letters patent must be filed with the Superintendent, together with such information, material and evidence as the Superintendent may require (subsection 25(1)). All applications for a banking license are accompanied by an analysis and recommendation by the Superintendent. In practice, the application is not presented to the Minister unless OSFI has already made a favorable prudential determination. The original submission materials, including prudential data and analysis, are not presented to the Minister. The assessors were able to review papers relating to an application for a license. The information provided to the Minister presents the Superintendent’s determination of whether an approval is appropriate but does not supply information that would enable the Minister to second guess a supervisory determination or overturn a “prudential veto”. The second step is to obtain an order to commence and carry on business, issued by the Superintendent (section 49). A newly licensed bank may not commence operations (subsection 48(1)) until it completes the second step, which is used to ensure the bank in question has the requisite policies and procedures, governance and other controls in place to begin operations. Hence, a bank may not commence operation until the Superintendent is satisfied that all regulatory requirements have been met. Furthermore, the entity must meet the Superintendent’s requirements within a year and thus obtain the order of commencement from the Superintendent or the letters patent will lapse—as noted above. A similar process is followed when a company incorporated under another federal statute (e.g., the Trust and Loan Companies Act or the Canada Business Corporations Act) seeks to continue (i.e., obtain a licence) as a bank. However, in this instance the letters patent of continuance and the order to commence and carry on business are generally issued at the same time. OSFI noted that it is very rare for there to be an instance where letters patent have been obtained but due to failure to meet OSFI’s final requirements, an order to commence business was not issued. It was explained that some supervisory and prudential requirements are not insisted upon until the entity has obtained the letters patent. In essence, once the letters patent have been issued, OSFI moves to confirm that policies, procedures and personnel are in place and are functional. A key step in this process is the on-site review (the “pre-commencement review”) conducted by OSFI which is mandatory before OSFI staff can recommend that the Superintendent issue the order to commence business. The assessors were able to review files detailing the analysis and procedures, including conditions and undertakings that OSFI required of the newly licenced entity. Such undertakings and requirements might include, for example, capital adequacy levels, leverage restrictions and identification of related parties (transactions with related parties are tightly restricted—see CP20). Withdrawing a bank license License revocation initiated by the Minister or Superintendent The Minister or Superintendent can revoke any approval, including letters patent and orders to commence and carry on business, if he or she considers it appropriate to do so. In the Minister’s case, he or she may take into account all matters he or she considers relevant in the circumstances and in the Superintendent’s case, he or she may consider any prudential considerations he or she considers relevant in the circumstances (section 973.03). As noted in CP1 EC6, the power to revoke is directly linked to the power to approve (ie OSFI or the Minister can respectively revoke the approval that was given in the first place, but cannot revoke an approval given by the other body). License revocation initiated by a bank The process for withdrawal or revocation of a bank license can also be voluntary initiated by the bank. Should the bank wish to continue operations under other federal legislation (section 39.1) Ministerial approval is required. Upon such continuance, the entity would no longer be a bank and – depending upon the legislation under which it is continued—could be a cooperative association, insurance company, trust or loan company or other entity as specified in the legislation (Transaction Instruction A No. 14 sets out information requirements in respect of such an application for approval). The bank’s license is effectively revoked at the time of continuance (section 39.2). The Bank Act sets out the requirement for Ministerial approval in respect of voluntary liquidation & dissolution (sections 342-346) and Transaction Instruction A No. 11 sets out information requirements. The Superintendent (or other interested persons) may apply to a court, at any time during the liquidation process, for the continuance of the voluntary liquidation under court supervision (section 347). Granting a branch license to a foreign bank As with establishing a bank in Canada, there are two steps to the application process for establishing a foreign bank branch in Canada. The first step is the requirement to obtain an order permitting the foreign bank to establish a branch in Canada, issued by the Minister (subsection 524(1)), upon the Superintendent’s recommendation. The Minister may only make such an order if, after consultation with the Superintendent, the Minister is of the opinion that the applicant is a bank in its home jurisdiction and is regulated in a manner acceptable to the Superintendent and the applicant’s principal activity is financial services or services permitted by the Bank Act if they were provided by a bank in Canada (subsection 524(4)). Upon receiving an order, a new branch may not commence operations (subsection 534(2)) until it completes the second step, which is to obtain an order approving the commencement and carrying on of business in Canada by the branch, issued by the Superintendent (subsection 534(1)). Withdrawing a branch license of a foreign bank The Minister or Superintendent can revoke any approval (section 973.03). In problem situations, the Superintendent may request the Attorney General of Canada to apply for a winding up order of a foreign bank branch where the assets of the branch are under the Superintendent’s control (section 621). Withdrawal or revocation of a foreign branch license can also be voluntary. Where a foreign bank branch wishes to discontinue operations in Canada, it must seek the approval of the Superintendent for the release of its assets maintained on deposit in Canada (subsection 599(1)). Upon receipt of approval for this release, the subsection 524(1) order is deemed to be revoked. Consideration of OSFI’s views The Minister is responsible for issuing letters patent of incorporation establishing a bank. The decision to issue the letters patent is made on the basis of a recommendation received from OSFI. No direct application can be made to the Minister. Hence, if OSFI does not recommend the issuance of letters patent the Minister’s decision making process is not initiated and therefore OSFI holds a prudential veto on the establishment of a new bank. The Minister, however, is not obliged to accept OSFI’s recommendation and may have other factors to take into consideration beyond OSFI’s prudential remit, such as competition and structure of the financial system. Nevertheless, there is no history of the Minister having denied OSIF’s recommendation and the Bank Act states that the Minister must take into account the Superintendent’s opinion regarding the extent to which the proposed corporate structure of the applicant or applicants and their affiliates may affect the supervision and regulation of the bank, having regard to the nature and extent of the proposed financial services activities and the nature and degree of supervision and regulation applying to the proposed financial services activities (paragraph 27(g)). The Minister shall also take into account all other matters that he or she finds relevant such as (but not limited to) the consideration of adequacy of financial resources, business plans and fit and proper assessments. A final protection for OSFI’s prudential remit is that even once letters patent have been issued a newly licensed bank may not commence operations until the Superintendent approves the issuance of an order to commence and carry on business. The order will not be issued until any outstanding concerns have been addressed, and as noted above, the letters patent will lapse if an order to commence and carry on business is not made within a year of the issuance of the letters patent. The same approach applies to foreign bank branches and there is also a requirement for the Minister to consult with the Superintendent to determine that the applicant is a bank in the jurisdiction under whose laws it was incorporated and is regulated in a manner acceptable to the Superintendent; and that the applicant’s principal activity is the provision of financial services, or services that would be permitted by this Act if they were provided by a bank in Canada before making an order to establish a branch (subsection 524(4)). Note that a bank or foreign bank branch will generally only be able to accept deposits when authorized by the Superintendent, which is reflected in the order to commence and carry on business (section 53 and subsection 534(5)). Provision of information In respect of the licensing authority providing the supervisor with material information, the Bank Act states that a bank/branch application shall be filed with the Superintendent (subsections 25(1) and 525(1)). Because of the nature of the relationship between OSFI and the federal Department of Finance (i.e., the Superintendent makes recommendations to the Minister in respect of letters patent of incorporation and an order to establish a branch and is directly responsible for the issuance of orders to commence and carry on business) the supervisor has in its possession all application materials and is the point of contact with the applicant throughout the licensing process. As such, OSFI has all information material to the supervision of the newly licensed bank and uses this information to make its recommendation to the Minister. The Minister does not receive the application material independently and is reliant on OSFI to supply relevant information to the Minister to permit the Minister to make the decision. Prudential conditions or limitations Pursuant to the Bank Act, the Minister has the ability to impose such terms and conditions in respect of the issuance of letters patent (subsection 28(3)), and the order to establish a branch (subsection 527(3)), as the Minister considers appropriate. This power would typically be exercised on recommendation of the Superintendent. Pursuant to the Bank Act, an order approving the commencement and carrying on of business by a bank or foreign bank branch may contain such conditions or limitations that are consistent with the Bank Act and relate to the business of the bank or branch as the Superintendent deems expedient and necessary (section 53 and subsection 534(5)). Furthermore, in relation to any approval, including that of issuing letters patent, the Minister or Superintendent may impose any terms, conditions, or undertakings that they consider appropriate (note that this power rests with the person responsible for approval) (section 973.02). In practice, OSFI obtains various forms of commitments and undertakings in the context of new entry applications. OSFI requires that a support principle letter be signed by the controlling shareholder(s) of a new bank upon entry (referenced in Instruction Guide for Incorporating Banks) in which they acknowledge that OSFI expects them to act as an ongoing source of financial, managerial and operational support. The letter’s effect is to provide a basis upon which OSFI can exert influence over the controlling shareholder. Where appropriate, OSFI may require that the controlling shareholder of a bank undertake to maintain a sufficient amount of common equity at the bank in order to maintain a certain capital level, risk based ratio or capital multiple. In addition, the Superintendent can apply to a court for an order directing compliance with the terms of such an undertaking (paragraph 973.04(2)(b)). In a recent application to establish a foreign bank branch, OSFI obtained an undertaking from the foreign bank to maintain a certain amount and type of assets in Canada to support Canadian liabilities in the event of wind-up. The assessors were able to look at commitments and undertakings that were required in relation to a number of applications for approval. All new banks are required to acknowledge and commit to their initial business plans. This is accomplished by way of the bank’s CEO acknowledging and committing (in writing) to the following: “If the bank intends to deviate materially from the Business Plan or any subsequent business plans the bank has submitted to OSFI, the bank will advise its OSFI Relationship Manager by written notice of that intent early enough in the conceptual and/or development stage to allow OSFI sufficient time to assess the impact on the supervisory and regulatory risk profile of the bank.” This commitment letter has also been expanded in recent cases to permit enhanced monitoring by OSFI. Where OSFI has supervisability concerns, it can designate persons or entities as related parties (see CP20) or require that a bank holding company be created under the Bank Act to hold the banks in the group. The assessors saw evidence that OSFI has in fact exercised this power in order to facilitate its overall supervisory oversight of the wider group. Another mechanism that has been used consistently to deal with supervisability concerns is an information undertaking and the assessors saw examples of such undertakings. Such undertakings help in assessing group-wide risk as well as in identifying possible contagion risk. These undertakings are provided by the ultimate controlling shareholder of the bank and provide access to information on group entities that are financial in nature and are not controlled by the bank, as well as notifications where a financial services entity is to be acquired by a group entity not controlled by the bank. In addition to an information undertaking, where the ultimate controlling shareholder is an unregulated entity and the group is primarily engaged in financial activities, OSFI may require an undertaking that imposes the calculation of certain capital ratios by the ultimate controlling shareholder and notification where the ratios do not accord with OSFI’s expectations. |
| EC2 | Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or supervisor determines that the licence was based on false information, the licence can be revoked. |
| Description and findings re EC2 | The Bank Act sets out licensing criteria and the ability to reject or revoke an application. The issuance of letters patent by the Minister and the order to commence and carry on business by the Superintendent are discretionary powers. Licensing criteria—banks The Bank Act sets out criteria the Minister will take into account before issuing letters patent to incorporate a bank, including “all matters that the Minister considers relevant to the application” (section 27). These criteria include (not limited to):
Where a proposed bank would be a subsidiary of a non-WTO member foreign bank, the Bank Act specifies that the Minister may only issue letters patent if reciprocal treatment is accorded to banks to which the Bank Act applies in the foreign bank’s home jurisdiction (section 24). The Bank Act sets out that, in respect of an application for letters patent, the Superintendent has the authority to request such information, material and evidence the Superintendent requires. An applicant must also publish notice of its intention to apply to incorporate a bank (section 25). The Bank Act sets out that the Superintendent must not issue an order to commence and carry on business to the newly incorporated bank until he or she is satisfied that, among other listed requirements, “all other relevant requirements of this Act have been complied with” (section 52). Note that the Bank Act states that, in addition to any matters or conditions provided for in the Bank Act that are relevant to the granting of an approval and to any prudential considerations the Superintendent considers relevant in the circumstances, the Superintendent may, in considering whether to grant the approval, take into account all matters that he or she considers relevant in the circumstances, including national security and Canada’s international relations and international legal obligations (subsection 973.01(2)). The Bank Act prevents governments, or agencies thereof, from applying to incorporate a bank (section 23). Other ownership restrictions are set out in Part VII of the Bank Act. OSFI’s Instruction Guide for Incorporating Banks sets out prudential requirements designed to help ensure safety and soundness, and legislative requirements. The Guide identifies the legislative criteria an applicant must meet to incorporate and commence operating a bank, the information that must be submitted in support of an application and the procedures to be followed in making an application. Note that the information requirements are not necessarily all-encompassing, as OSFI has the power to request additional information as circumstances require (section 25). In practice, specific information is requested that is relevant to the business model proposed by the applicant. Licensing criteria—foreign bank branches The Bank Act sets out criteria the Minister will take into account before making an order to establish a foreign bank branch, including “all matters that the Minister considers relevant to the application” (section 526). In developing a recommendation to the Minister in respect of the issuance of an order, OSFI takes into account the legislative criteria as well as any other matters it deems relevant. As set out above, subsection 973.01(1) is also applicable here. OSFI’s risk tolerance for foreign bank branch entry is higher than for new incorporations given the legal status of a branch (i.e., not a separate legal entity) and the sophisticated nature of depositors (a branch is only permitted to accept deposits greater than or equal to $150,000). The Bank Act specifies that the Minister may only make an order if, where the application is made by a non-WTO member foreign bank, reciprocal treatment is accorded to banks to which the Bank Act applies in its home jurisdiction (subsection 524(3)). The Bank Act also specifies that the Minister may only make an order if, after consultation with the Superintendent, the Minister is of the opinion that the applicant is a bank in its home jurisdiction and is regulated in a manner acceptable to the Superintendent and its principal activity is the provision of financial services or services that would be permitted by the Bank Act if they were provided by a bank in Canada (subsection 524(4)). The Bank Act prohibits a foreign bank from establishing a branch in Canada if the foreign bank or any of its affiliates/substantial investments engage in personal property leasing activities in Canada in which a bank or its investments would not be permitted to engage (section 524.1). The Bank Act sets out that, in respect of an application for an order to establish a branch, the Superintendent has the authority to request such information, material and evidence the Superintendent requires. An applicant must also publish notice of its intention to apply for an order to establish a branch (section 525). The Bank Act states that the Superintendent may make an order to commence and carry on business only if satisfied that the branch has deposited specified assets in Canada, submitted a power of attorney for the branch’s principal officer and complied with all other relevant requirements of the Bank Act (subsection 534(3)). As set out above, subsection 973.01(2) is also applicable here. OSFI’s Guide to Foreign Bank Branching sets out the legislative criteria that must be met by a foreign bank to establish and operate a foreign bank branch in Canada, as well as the specific information that must be submitted to OSFI in support of an application as well as the procedures to be followed in making such an application. Note that the information requirements are not necessarily all-encompassing as OSFI has the power to request additional information as circumstances require (section 525). Power to reject an application The Minister and the Superintendent are not obliged by the Bank Act to issue letters patent and the order to commence and carry on business, respectively, and thus have the power to reject an application (sections 22 and 49). Pursuant to the Bank Act, the Superintendent must not make an order approving the commencement and carrying on of business by a bank more than one year after the day on which the bank comes into existence (subsection 52(2)). Therefore, where the requirements to satisfy the issuance of an order to commence business have not been met and the year timeframe expires, the letters patent will lapse and the bank will cease to exist (section 57). As in the establishment of a bank, the Bank Act grants the Minister and Superintendent discretionary power to establish a branch and issue the order to commence and carry on business (subsection 524(1) and 534(1)). Pursuant to the Bank Act, the Superintendent must not make an order approving the commencement and carrying on of business by a branch more than one year after the day on which the branch is established by Ministerial order (subsection 534(9)). Therefore, where the requirements to satisfy the issuance of an order to commence business have not been met and the year timeframe expires, the order establishing the branch is revoked (subsection 534(10)). In respect of revocation in the case of false information, see details under EC1. In particular, the Bank Act provides authority to the Minister and Superintendent to revoke any approval (section 973.03). In addition, it is an offence under the Bank Act to knowingly provide false information in relation to any matter under the Act or Regulations and punishment is set out (fines, prison) in respect of offences (sections 980.1 and 985). OSFI confirmed that should a license (or indeed other approval) have been obtained on the basis of false information then OSFI can move immediately to revocation. It should be noted, though, that the close contact and on-site pre-commencement reviews in the period between the issuance of the letters patent and the order to commence business would have the likely effect of making the possibility of obtaining a licence on false information quite limited. |
| EC3 | The criteria for issuing licences are consistent with those applied in ongoing supervision. |
| Description and findings re EC3 | The criteria noted in EC2 above apply, as relevant, on an ongoing basis for banks and foreign bank branches. Pursuant to the Supervisory Framework (referenced in Instruction Guide for Incorporating Banks), OSFI applies a risk-based approach to assessing bank/branch safety and soundness on a consolidated basis, focusing on higher areas of risk. For each activity that OSFI identifies as significant, OSFI assesses the level of risk, and considers the impact of risk mitigation by evaluating the quality of risk management. This approach, as used with existing banks/branches, is mirrored in the assessment of new bank/branch applicants. As an example, one of the Ministerial considerations under the Bank Act in respect of the issuance of letters patent to a bank is the nature and sufficiency of the financial resources of the applicant as a source of continuing financial support for the bank (paragraph 27(a)). To determine required capital for the bank, OSFI requires that applicants prepare a draft Internal Capital Adequacy Assessment Process report (ICAAP) (using OSFI’s ICAAP Guideline) in the same format as existing banks. The ICAAP determines the new bank’s required capital in the same manner as it does for an existing bank. |
| EC4 | The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis. The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future. |
| Description and findings re EC4 | In the course of its review, OSFI determines that the structure of the bank and its group will not hinder effective supervision and, where appropriate, the effective implementation of corrective measures in the future. This concept is underpinned in particular by section 27(g) of the Bank Act which requires the Minister to have regard to the opinion of the Superintendent with respect to whether the corporate structure of the entity may hinder supervision and regulation. Banks The Bank Act states that, before issuing letters patent to incorporate a bank, the Minister must take into account all matters that the Minister considers relevant to the application, including the opinion of the Superintendent regarding the extent to which the proposed corporate structure of the applicant or applicants and their affiliates may affect the supervision and regulation of the bank, having regard to the nature and extent of the proposed financial services activities to be carried out by the bank and its affiliates, and the nature and degree of supervision and regulation applying to the proposed financial services activities to be carried out by the affiliates of the bank (paragraph 27(g)). In assessing the extent to which the proposed corporate structure of an applicant may affect the supervision and regulation of a bank, OSFI considers, among others, the following factors: the proposed activities of the bank, the predominant nature of the group’s financial activities, the independence of the bank, and the regulatory oversight (if any) to which the group is subjected (Instruction Guide for Incorporating Banks). OSFI also considers whether the proposed corporate structure results in parallel-banking (i.e., a situation where two banks, under common control, are not subject to consolidated supervision). The risks identified by the Bank for International Settlements (BIS) with respect to parallel banking (i.e., self-dealing, group-wide risk, and contagion) also apply to circumstances where an OSFI regulated bank has, as sister companies, other financial institutions, and the bank and the sister company(ies) are not subject to consolidated supervision. Historically, OSFI has made use of various mechanisms to address supervisability concerns, including: the designation of related parties, business plan commitments, and, in one instance, the requirement that a bank holding company be created to hold the banks in the group. Another mechanism that has been used consistently is an information undertaking, as discussed in EC1. The ultimate goal of supervisability undertakings is to obtain a view of the consolidated risk in the group, with a view towards being able to promptly ring-fence the bank if necessary. Pursuant to the Instruction Guide for Incorporating Banks, OSFI receives information relating to the ownership and financial strength of the applicant, including an organization chart (and details of these other entities) for all entities in the corporate group. Using this information, OSFI assesses the ownership structure, determining its transparency/complexity. Managerial/Operational – OSFI’s Corporate Governance Guideline sets out expectations regarding the relationships between a bank’s board, senior management and other stakeholders, and the system through which the strategy and performance of the bank are monitored. New banks are expected to comply with this Guideline at inception, and OSFI’s analysis of board and senior management composition (Instruction Guide for Incorporating Banks) and their respective roles as set out in draft mandates, policies and procedures assist in determining OSFI’s ability to supervise the new bank effectively. Effective oversight of the business and affairs of a bank by its board and senior management is essential to the maintenance of an efficient and cost-effective supervisory system (Corporate Governance Guideline). OSFI’s Guideline B-10 Outsourcing of Business Activities, Functions and Powers sets out expectations for a bank applicant that contemplates outsourcing one or more of its business activities to a service provider and further states that OSFI’s supervisory powers should not be constrained, irrespective of whether an activity is conducted in-house, outsourced or otherwise obtained from a third party. Pursuant to the above, and as set out in the Instruction Guide for Incorporating Banks, OSFI determines, where appropriate, that these structures will not hinder future corrective measures. Foreign bank branches OSFI places significant reliance on a foreign bank’s home regulators (see also EC10). As such, the Minister may make an order permitting the foreign bank to establish a branch only if the Minister is of the opinion, after consultation with the Superintendent, that the applicant is a bank in the jurisdiction under whose laws it was incorporated and is regulated in a manner acceptable to the Superintendent (subsection 524(4)). OSFI assesses the home jurisdiction’s framework of supervision and regulation to determine if OSFI will be able to effectively supervise the branch. OSFI considers the following factors, among others: Memoranda of Understanding between OSFI and the home regulator to facilitate the exchange of information; BIS and BCBS memberships; and recent FSAP reports. Pursuant to the Guide to Foreign Bank Branching, OSFI receives information relating to the ownership structure and financial strength of the applicant, including an organization chart (and details of these other entities) for all entities in the corporate group. Using this information, OSFI assesses the ownership structure, determining its transparency/complexity. Managerial/Operational—OSFI’s Corporate Governance Guideline recognizes that branches do not have boards and accordingly, it is inappropriate to apply the specific provisions of this guideline directly to branch operations. OSFI looks to the Principal Officer to oversee the management of a branch, including matters of corporate governance. Guideline E-4B (Role of the Principal Officer) describes OSFI’s expectations with respect to the role of the Principal Officer. OSFI’s analysis of the Principal Officer and other local/foreign bank management involved in the operation of the branch (see Guide to Foreign Bank Branching for information requirements) and their respective roles as set out in draft mandates, policies and procedures assist in determining OSFI’s ability to supervise the new branch effectively. OSFI expects the Principal Officer to retain overall accountability for the branch operations and where the Principal Officer does not have direct responsibility for a significant function this should be documented in written mandates/policies or service level agreements. Such arrangements would be considered outsourcing under Guideline B-10 Outsourcing of Business Activities, Functions and Powers. Shell banks Pursuant to the above comments and the following requirements in the Bank Act, OSFI does not license shell banks. Canadian law prescribes a number of conditions that a bank or a foreign bank branch must meet in order to commence operations (see below) which would have the effect of supporting the supervisor’s ability to supervise the institution effectively and impose corrective measures if necessary. Banks – The head office of a bank is to be situated in Canada section 237) and shareholders’ meetings must be held in Canada (section 136). At least one half of the directors of a bank that is a subsidiary of a foreign bank and a majority of the directors of any other bank must be resident Canadians (subsection 159(2)) and the directors must not transact business at a meeting of directors unless, in the case of a bank that is a subsidiary of a foreign bank, at least one half of the directors present are resident Canadians or, in any other case, the majority of the directors present are resident Canadians (section 183); although there is some flexibility for recognizing presence via telephone (subsection 2). Recent federal legislation implementing Budget 2013 removed residency requirements for committees. The CEO must also be ordinarily resident in Canada (section 196). With respect to record keeping requirements, bank records are to be kept in Canada and the Superintendent has the power to require a bank to process information in Canada (sections 239 and 245). Lastly, the bank’s central securities register must be maintained in Canada (section 251). Foreign bank branches – The Minister may only make an order to establish a branch if the applicant is a bank in the jurisdiction under whose laws it was incorporated and regulated in a manner acceptable to the Superintendent (subsection 524(4)). The principal office of the branch must be located in Canada (section 535). The branch must maintain a capital equivalency deposit (as described in EC6) in Canada with a Canadian financial institution approved by the Superintendent (subsection 534(4) and section 582). In addition, in specific circumstances where OSFI has prudential concerns, OSFI has required that the branch maintain additional assets in Canada. The branch’s Principal Officer must be ordinarily resident in Canada and branch records must be kept in Canada (section 536 and subsection 597(2)). |
| EC5 | The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed. |
| Description and findings re EC5 | In the course of its review, OSFI determines the suitability of major shareholders, the transparency of the ownership structure and initial/future capital sources. OSFI pursues checks to identify the ultimate beneficial owner (frequently a natural person) and are wary of the possibilities of disguised ownership. OSFI noted that in the course of due diligence they also involve the Royal Canadian Mounted Police whose forensic accounting capabilities can potentially be of assistance in this regard. Banks Any person that would have a significant interest in, and/or control of, a bank must receive approval from the Minister to acquire this significant interest/control (see BCP 6 for additional details in this regard). The considerations for this approval mirror the considerations which relate to licensing via letters patent. Pursuant to the Bank Act, the Minister considers the nature and sufficiency of the financial resources of the applicant as a source of continuing financial support for the bank, the business record and experience of the applicant and the character and integrity of the applicant, among other considerations (sections 27 and 396). OSFI’s recommendation in respect of the incorporation of a new bank and the acquisition of significant interest/control takes into account these legislative considerations. The Instruction Guide for Incorporating Banks sets out information requirements that assist in this determination. Suitability – OSFI requires (in the Instruction Guide for Incorporating Banks) that applicants provide details of whether the applicant has been the subject of any criminal proceedings or administrative sanctions. Where the applicant is a foreign financial institution, OSFI engages in discussion with the foreign regulator regarding suitability. Where the applicant is a corporate entity, OSFI engages the Canadian Security Intelligence Service (CSIS) to conduct a security assessment. Where individuals would have a significant interest/control in the new bank, OSFI obtains personal information, including curriculum vitae and a completed OSFI Security Information Form so that law enforcement (Royal Canadian Mounted Police (RCMP)) and intelligence (CSIS) agencies can conduct security assessments. OSFI also discusses with the applicant its commitment to the new bank, including expected rate of return. When a new shareholder is applying for approval to acquire a significant interest in a bank, similar criteria for suitability are applied. Where a financial services group wishes to establish a bank, OSFI expects the group to select as the applicant the entity through which most of the group’s banking business or financial activities is conducted. There may, however, be valid reasons for choosing another applicant in the group depending on the particular circumstances of the group. Please note that the Bank Act prevents governments, or agencies thereof, from applying to incorporate a bank (section 23). Transparency of the ownership structure—Pursuant to the Instruction Guide for Incorporating Banks, OSFI requires that an applicant identify all entities in the corporate group, entities in which the applicant beneficially owns 10 percent or more of the voting rights, details of any voting agreements that involve control of the applicant, and the names and personal details of all persons owning more than 10 percent of any class of shares or ownership interests in the applicant. Sources of initial capital/ability to provide additional support—OSFI requires applicants to provide evidence that the nature and sufficiency of the applicant’s financial resources are such that it would be capable of providing continuing financial support to the bank or that it would have access to financial resources to enable it to do so. An applicant is required to submit a capital plan and funding policies (Instruction Guide for Incorporating Banks) and corporate applicants are required to submit three years of audited consolidated financial statements for themselves and their ultimate parent. In the case of individuals that would control the new bank, OSFI may request net worth statements. Note that OSFI requires a Support Principle acknowledgement letter, usually from the controlling shareholder, with respect to supporting the operations and capital needs of the bank. In addition, paid-in capital must be deposited prior to the issuance of an order to commence and carry on business (section 52). Foreign bank branches Pursuant to the Bank Act, before making an order to establish a branch, the Minister must take into account the nature and sufficiency of the financial resources of the foreign bank as a source of continuing financial support for the carrying on of business in Canada, the business record and past performance of the foreign bank and the reputation of the foreign bank for being operated in a manner that is consistent with the standards of good character and integrity (section 526). In order to make a recommendation to the Minister in this regard, and pursuant to the Guide to Foreign Bank Branching, OSFI obtains details on the foreign bank’s ownership structure, financial information for the past five years, the most recent credit-rating agency reports on the foreign bank and any controlling company, and, for the past five years, details of any material regulatory actions, criminal convictions or breaches of statutory or other administrative or regulatory enactments. OSFI also obtains details of any refusal by regulatory authorities in any jurisdiction to permit the foreign bank from establishing or acquiring an entity, subsidiary or branch to carry on financial activities. Note that OSFI also engages in dialogue with the home country regulator/supervisor in respect of the aforementioned. |
| EC6 | A minimum initial capital amount is stipulated for all banks. |
| Description and findings re EC6 | The Bank Act stipulates a minimum initial capital amount for all banks. Banks—The initial paid-in capital of a bank must be at least $5 million or any greater amount specified by the Minister (paragraph 52(1)(b)). In practice, OSFI requires that initial capital be the greater of: $5 million; the total amount of capital required to remain above the applicant’s target risk-based capital ratio (as determined by the bank’s internal capital adequacy assessment process or ICAAP) for the longer of the first three years of the bank’s operations or until the bank is profitable under the base case scenario; or the total amount of capital required for the bank to remain below its authorized assets to capital multiple (with an appropriate buffer) for the longer of the first three years of its operations or until it is profitable under the base case scenario. Initial capital should be sufficient to cover expected losses during the first years of operation. Note that the deposit of paid-in capital is a condition that must be met in order for the Superintendent to make an order approving the commencement of business. The above practice also applies in the context of a continuance. Foreign bank branches—A foreign bank applying to establish a branch must demonstrate that its risk-based capital ratio meets the minimum international standards established by BIS and set out in OSFI’s Capital Adequacy Requirements Guideline. In addition, a full-service branch is required to maintain, on deposit in Canada, assets equal to at least 5 percent of the branch’s Canadian liabilities or $5 million, whichever is greater, and a lending branch is required to maintain assets on deposit equal to $100,000 (section 582). Pursuant to the Bank Act, the Superintendent may only make an order approving the commencement of business once the deposit has been made (subsection 534(3)). Guideline A-10 (Capital Equivalency Deposit) addresses capital equivalency deposits for foreign bank branches in respect of their business in Canada. The purpose of the capital equivalency deposit is to cover the costs of the liquidator in the event of a wind-up of the branch’s business in Canada. |
| EC7 | The licensing authority, at authorisation, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank. The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks. |
| Description and findings re EC7 | In the course of its review, OSFI evaluates proposed Board members and senior management as to expertise and integrity. Banks Pursuant to the Bank Act, the Minister takes into account whether the bank will be operated responsibly by persons with the competence and experience suitable for involvement in the operation of a financial institution (paragraph 27(e)). For directors, the Bank Act sets out residency requirements, disqualified persons, limitations regarding affiliated directors and limitations on directors who are employees of the bank or a subsidiary of the bank (sections 159, 160, 163, 164). OSFI conducts the fit and proper assessment at the point of licensing but not thereafter. Subsequent to receiving the letters patent and order to commence business the bank is deemed responsible for conducting fit and proper checks. OSFI sets out its expectations in the Guideline on Background Checks on Directors and Senior Management of FREs. It is a Bank Act requirement to keep OSFI updated on the composition of and changes to the Board (section 632). OSFI noted that it expects to be notified of any and all new board members. Also OSFI has the power to remove or suspend a director or senior officer of the bank (Section 647.1(1)) on fit and proper grounds. Finally, failure to meet OSFI’s expectations as set out in the Guideline would denote failure to meet prudential standards and would also trigger OSFI’s sanctioning powers. In order to make a recommendation to the Minister in respect of paragraph 27(e), and pursuant to the Instruction Guide for Incorporating Banks, OSFI obtains personal details, including curriculum vitae and details of any material regulatory actions or criminal convictions, for all directors and senior officers of the bank who will be responsible for oversight of the operations. An applicant must also provide a description of the composition of the board and its committees; its role, responsibilities, policies and practices; the mandate of the committees, and the self-assessment programs the board intends to put in place. OSFI’s Corporate Governance Guideline notes that there should be a reasonable representation of relevant financial industry and risk management expertise on a bank’s board and board committees. Additional details in this regard are set out in OSFI’s Supervisory Framework (esp. in the assessment criteria for the board of directors and senior management). OSFI also evaluates potential conflicts of interests on the board by looking at the individual directors’ employment and other directorships. OSFI obtains a completed OSFI Security Information Form from all senior officers and directors so that law enforcement (RCMP) and intelligence (CSIS) agencies can conduct security assessments. Where the fit and proper criteria are not met in respect of proposed board members and/or senior management, OSFI will inform the applicant, stating that these persons need to be replaced in order to move forward on an application. All new banks are expected to comply with relevant guidelines including the Corporate Governance Guideline at inception. OSFI assesses the strength of the board at the time of incorporation and the board’s effectiveness going forward. Post-authorisation, OSFI relies on the bank’s or foreign bank branch’s internal processes for assessing the ongoing suitability and integrity of these individuals. OSFI’s Guideline on Background Checks on Directors and Senior Management of FREs provides guidance to banks and foreign bank branches in this regard. Foreign bank branches Pursuant to the Bank Act, the Minister takes into account whether the proposed branch will be operated responsibly by persons with the competence and experience suitable for involvement in the operation of a financial institution (paragraph 526(e)). In order to make a recommendation to the Minister in respect of paragraph 526(e), and pursuant to the Guide to Foreign Bank Branching, OSFI obtains personal details, including curriculum vitae and details of any material regulatory actions or criminal convictions, for all senior executive officers and directors of the foreign bank directly responsible for oversight of the branch and for the Principal Officer and each officer who will work in the branch. OSFI also obtains completed OSFI Security Information Form from the Principal Officer and senior officers who will work in the branch so that law enforcement (RCMP) and intelligence (CSIS) agencies can conduct security assessments. Where the fit and proper criteria are not met in respect of specific persons, OSFI will inform the applicant, stating that these persons need to be replaced in order to move forward on an application. |
| EC8 | The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank. |
| Description and findings re EC8 | In the course of its review, OSFI analyses the strategic and operating plans of the proposed bank. As noted below the Instruction Guide for Incorporating Banks provides detail to firms on the information that they must submit for assessment which is carried out by OSFI in accordance with its Supervisory framework. Banks Pursuant to the Bank Act, the Minister considers the soundness and feasibility of the plans of the applicant for the future conduct and development of the bank (paragraph 27(b)). Pursuant to the Instruction Guide for Incorporating Banks, the business plan included in an application must contain an analysis of target markets, opportunities and competitors as well as the bank’s overall strategy for achieving success. The business plan includes an overview of each line of business and the products and services to be offered. An applicant must also describe any anticipated material outsourcing arrangements and ensure that they comply with OSFI Guideline B-10 Outsourcing. As part of the incorporation process, applicants provide a description of the major risk management and control processes and policies for the new bank as well as a description of board policies and practices, a conflict of interest policy and a description of the system of internal controls and policies the bank will follow to ensure legislative compliance, including compliance with legislation in respect of terrorist financing and money laundering. OSFI’s review of the aforementioned enables it to assess (pursuant to the Supervisory Framework) the proposed bank’s ability to manage and mitigate the risks inherent in its business activities and comply with the Bank Act, regulations and OSFI Guidelines. During the license review process, the scope of OSFI’s work includes a review of all policy statements that will govern the operations of the bank. This includes the outsourcing policy and a review of material outsourcing agreements to related or third parties as well as policies relative to money laundering and terrorist financing. The review also includes a full vetting of the characteristics of each of the risk management control functions, covering all aspects of corporate governance, risk management and the overall control environment. This review is conducted concurrently with the review of the business plan, to ensure that policy statement content is sufficiently comprehensive relative to the level of risk anticipated in the business plan. OSFI advises applicants seeking a bank license that any weaknesses in policies and procedures must be remedied before OSFI will grant an order to commence and carry on business. Foreign bank branches Pursuant to the Bank Act, the Minister must consider the soundness and feasibility of the plans of the foreign bank for the future conduct and development of its business in Canada (paragraph 526(b)). Pursuant to the Guide to Foreign Bank Branching an application must include an analysis of target markets and opportunities and an overview of each line of business and the products and services to be offered. The applicant must also identify the risks to which the branch will be exposed in executing its business plan and a detailed description of the risk management and control systems that will be utilized by the branch to control its risk exposure, and how these systems are integrated with those of the foreign bank on a global basis. The included description of branch management should indicate reporting lines back to the foreign bank and the level of involvement that senior foreign bank management will have in branch operations. OSFI’s review of the provided materials is similar to that undertaken for a proposed bank, including a review of policies relative to money laundering and terrorist financing. |
| EC9 | The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank. |
| Description and findings re EC9 | In the course of its review, OSFI analyses the proposed bank’s pro forma financial statements and projections. Banks Pursuant to the Instruction Guide for Incorporating Banks, as part of the business plan applicants are required to submit pro forma financial statements for the first three years of operations, contingency plans resulting from variations associated with key assumptions and a breakdown of all elements used to calculate capital ratios. An applicant must also provide details regarding the sources of initial capital and future capital in the form of a capital plan and funding policies. The assessment of the adequacy of financial strength is addressed in part through ICAAP (OSFI requires submission thereof in the application process) and, on the basis of required capital as determined by the ICAAP, OSFI requires that initial capital be sufficient to remain onside capital requirements until profitable (see EC6). Where a principal shareholder is a corporate entity, OSFI will review audited financial statements to determine financial strength and where a principal shareholder is an individual, OSFI will review net worth statements. Pursuant to the Instruction Guide for Incorporating Banks, OSFI may also seek a Support Principle acknowledgement, usually from the controlling shareholder, with respect to supporting the operations and capital needs of the bank. Foreign bank branches Pursuant to the Guide to Foreign Bank Branching, an applicant must provide pro forma financial statements for the first three years of the operations of the branch and a breakdown of funding requirements for the same period. A foreign bank applicant must also provide annual reports and copies of financial statements in the form submitted to the home supervisor for the last five years, detailed capital calculations according to the applicant’s home jurisdiction methodology and based on OSFI’s capital rules and recent credit-rating agency reports. (See EC5 and EC6.) OSFI also requires a foreign bank applicant to provide its current ICAAP (or equivalent document) as submitted to its home regulator. The adequacy of financial strength of the foreign bank applicant is also assessed through dialogue with the home country regulator/supervisor and independent research conducted by OSFI in respect of the applicant’s financial strength as well as the financial strength of the home jurisdiction. |
| EC10 | In the case of foreign banks establishing a branch or subsidiary, before issuing a licence, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision. |
| Description and findings re EC10 | Pursuant to the Bank Act, guidance and established practice, in the case of foreign banks establishing a branch or subsidiary, OSFI establishes that the home supervisor does not object and whether it practices global consolidated supervision. Foreign bank subsidiary (Schedule II bank)—The Instruction Guide for Incorporating Banks requires that, if the applicant is a foreign-owned financial institution, as part of its application it must provide information on the type and scope of supervision that applies in its home jurisdiction and whether it is subject to comprehensive consolidated supervision and regulation. The applicant is also required to confirm that its home regulatory authority is aware of its intention to establish a Canadian bank, and whether the applicant needs regulatory approval from the home regulator to do so. The name of the home regulatory contact must also be provided to OSFI. OSFI requires confirmation from the home regulator that it reports favourably on the applicant. In the course of OSFI’s review of the application, OSFI will contact the home regulator to confirm the applicant’s submissions in relation to the above, discussing consolidated supervision and the home regulator’s opinion regarding the applicant’s intention to establish a Canadian bank. OSFI may also engage in open-source research (recent FSAPs, other third-party reviews) and discussions with other host regulators in relation to the home supervisor’s practices regarding global consolidated supervision. Where OSFI is unfamiliar with a home country’s system of supervision and regulation we may prepare an internal home country report that covers, amongst other topics, regulation and supervision in the home country. While more common in relation to branch applications, OSFI may also ask the home country to complete a questionnaire that covers the home regulatory regime. Also note that the Bank Act specifies that the Minister must take into account the opinion of the Superintendent regarding the extent to which the proposed corporate structure of the applicant and their affiliates may affect the supervision and regulation of the bank, having regard to the nature and degree of supervision and regulation applying to the proposed financial services activities to be carried out by the affiliates of the bank (paragraph 27(g)). The assessors were able to review the questionnaire. Foreign bank branch—The Guide to Foreign Bank Branching requires that an applicant provide OSFI with contact information for its home regulator/supervisor and a statement from the home country supervisor consenting to the establishment of a branch. Similar to OSFI’s analysis of a foreign bank subsidiary, we contact the home regulator to confirm the applicant’s submission in relation to the above, discussing consolidated supervision and the home regulator’s opinion on the applicant establishing a branch. OSFI may also engage in open-source research (recent FSAPs, other third-party reviews) and discussions with other host regulators in relation to the home supervisor’s practices regarding global consolidated supervision. Where OSFI is unfamiliar with a home country’s system of supervision and regulation OSFI may prepare an internal home country report that covers, amongst other topics, regulation and supervision in the home country. OSFI may also ask the home country to complete a questionnaire that covers the home regulatory regime. Also note that the Bank Act specifies that the Minister may make an order only if he or she is of the opinion, after consultation with the Superintendent, that the applicant is a bank and is regulated in a manner acceptable to the Superintendent (paragraph 524(4)(a)). |
| EC11 | The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the licence approval are being met. |
| Description and findings re EC11 | The supervisory process leading up to the issue of the order to commence business requires close contact between OSFI and the institution. A pre-commencement on-site review is part of this process and can be extended as necessary to respond to issues that are identified – as the assessors noted from file review. The pre-commencement review will identify issues that need to be resolved prior to the issue of the order of commencement and also issues that will require monitoring and follow up immediately thereafter. Hence, when the new bank commences business there is a tailored supervisor program already in place. Business performance is measured against the business and strategic plans as presented during the license application process. Additionally, there are the standard sector wide regular quarterly monitoring procedures are designed to identify and evaluate the quantity and quality of business conducted by the new entrant during each quarter. Specific review procedures to assess compliance with commitments and/or undertakings entered into with OSFI at commencement of operations include: analytical review of performance against established metrics within the business plan; discussion with senior management and the board regarding performance against the business plan and; discussion with the new entrant’s Internal Audit and Compliance Division management regarding their respective reviews of the new entrant’s compliance with operating policies and all commitments and/or undertakings entered into with OSFI and/or the Minister at the commencement of operations. In addition, when a bank applies for an order to commence and carry-on business it must commit to providing adequate advance notification of any material proposed changes to the business plan that was submitted in support of the application for letters patent. |
| Assessment of Principle 5 | Largely Compliant |
| Comments | Entry into the Canadian banking system is a carefully vetted process either for domestically or foreign owned entities. OSFI’s risk tolerance around new entrants is low and focused on prudential and national security considerations as required by law. There have been only fifteen new entrants in the last five years. The criteria for licensing are established in law and articulated in OSFI guidelines. Licensing is a two step process, sometimes called a “two key” process in Canada. OSFI maintains prudential control over candidates for licensing as a bank. This means that although an applicant needs to obtain approval from both OSFI and the Minister in order to carry out business as a bank, in practice, the Minister’s approval is not and cannot be sought unless OSFI has already made a favourable prudential determination. Furthermore, the institution cannot commence business unless and until OSFI is satisfied that all prudential standards are met and the Superintendent issues the order to commence business. OSFI has established rigorous and well executed policies and processes surrounding the licensing process. Standards established for licensing also apply for ongoing supervision except in one regard. OSFI does not, after licensing, carry out a fit and proper assessment of new directors and senior management on an ongoing basis. In mitigation OSFI has issued guidelines outlining its expectations for the assessment of fitness, probity, integrity and skills for board members and senior executives. Banks are required to notify OSFI of new board members and senior executives and OSFI monitors the application of its guideline in the context of its normal supervision and has powers to remove directors or senior executives if deficiencies are identified. Nonetheless, the continuing “gatekeeping” role for the prudential authority is not being fully exercised by OSFI at present and it is recommended that the change to policy and practice is made in order to assess such individuals as and when they join the regulated firm. |
| Principle 6 | Transfer of significant ownership. The supervisor has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties. |
| Essential criteria | |
| EC1 | Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”. |
| Description and findings re EC1 | The Bank Act contains clear definitions of significant interest and control. Significant ownership The Bank Act states that a person has a significant interest in a class of shares of a bank if the aggregate of any shares of that class beneficially owned by that person and any shares of that class beneficially owned by entities controlled by that person exceed 10 percent of all the outstanding shares of that class of shares (section 8). The threshold to be considered a major shareholder under the act is 20 percent of voting shares or 30 percent of non voting shares (section 2.2). Control The Bank Act sets out the circumstances in which a person would be considered to control a body corporate (greater than 50 percent of the beneficial ownership of voting shares to elect a majority of the board), an unincorporated entity other than a limited partnership (greater than 50 percent of the beneficial ownership of the ownership interests and the person is able to direct the business and affairs of the entity) and a limited partnership (the general partner controls) (subsection 3(1)). A person controls any entity if the person has any direct or indirect influence that, if exercised, would result in control in fact of the entity. The Bank Act also specifies that a person who controls an entity is deemed to control any entity that is controlled, or deemed to be controlled, by the entity (subsection 3(2)). In relation to voting shares and ownership interests, securities beneficially owned by entities controlled by the person (subsection 3(3)) are taken into consideration. OSFI’s Advisory on “control in fact” provides guidance on factors that OSFI considers in determining whether control in fact exists in a particular situation and Rulings (2007-02, 2008-03) detail determinations of control in fact by OSFI in specific cases. Also note that Guidelines Respecting Control in Fact for the Purpose of Subsection 377(1) of the Bank Act describes the policy objectives and factors the Minister will consider in determining a specific application (under section 396(2)) regarding whether or not the acquisition of a significant interest more than 10 percent but less than 20 percent in a widely-held bank (a bank with equity of greater than twelve billion dollars) constitutes control in fact. Acting in Concert For the purposes of ownership of banks, the Bank Act deems persons “acting jointly or in concert” in respect of a bank’s shares, or in respect of the ownership interests of an entity that holds a bank’s shares, that these persons beneficially own, to be a single person who is acquiring beneficial ownership of the aggregate number of those share or ownership interests (section 9). Ownership Restrictions No person may be a major shareholder of a bank with equity of $12 billion or more (section 374) although there are some permitted exceptions, such as a regulated bank holding company that is itself widely held. A major shareholder of a bank is defined under section 2.2 as the beneficial ownership and control of entities with ownership greater than 20 percent of voting shares or 30 percent of non-voting shares. Moreover, no person can “control in fact” a bank with equity of $12 billion or more (section 377). A public holding requirement applies to any bank with equity of $2 billion or more but less than $12 billion. The bank must have at least 35 percent of its voting shares listed and posted for trading on a recognized stock exchange in Canada and not owned by a major shareholder (section 385). A Ministerial exemption with respect to this requirement is provided for in the Bank Act (section 388). In fact section 377.1(1) permits control of a bank with equity of less than twelve billion dollars subject to the approval of the Minister. |
| EC2 | There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest. |
| Description and findings re EC2 | Pursuant to the Bank Act, the approval of the Minister is required to acquire, or increase by at least 5 percent (in most cases), a significant interest in (directly or indirectly), and to acquire control of, a bank. The Ministerial considerations for this approval mirror the statutory Ministerial considerations for letters patent of incorporation (sections 373, 377.1, 382 and 396). Transaction Instruction A No. 23 (Acquisition of a Significant Interest and/or Acquisition of Legal Control of a Federally Regulated Entity) sets out information requirements and administrative guidance in respect of applications for significant interest and/or control. Absent Ministerial approval, the Bank Act prohibits the registration by a bank in its securities register of a transfer or issue of any share of a bank to any person where a significant interest would be triggered (section 379). Also note that, pursuant to the Bank Act, if a person does not seek the required significant interest or control approval, the Minister may, if the Minister deems it in the public interest to do so, direct the person to dispose of its shares (section 402). The Minister would take such action upon OSFI’s recommendation. The Bank Act states that the Minister may impose any terms and conditions in respect of an ownership approval that the Minister considers necessary to ensure compliance with the Bank Act (section 397). The Bank Act also contains the ability to impose any terms, conditions, or undertakings that the Minister considers appropriate (section 973.02). Please see BCP 5, EC 1 for OSFI practice in this regard. It should be noted that while the approvals discussed under EC2 are made by the Minister, it is OSFI to whom the application for approval must first be made pursuant to section 395. If OSFI does not recommend the approval to the Minister, then the application cannot be successful. |
| EC3 | The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership. |
| Description and findings re EC3 | The Bank Act provides the scope to reject applications for acquisitions of a significant interest to ensure that criteria comparable to those used in licensing banks are met as well as the ability to revoke, suspend or amend an approval where based on false information. As noted in EC2, the power of approval rests with the Minister. However, pursuant to the Bank Act, applications for approval of the Minister must be filed with the Superintendent and contain the information, material and evidence the Superintendent may require (section 395). As also noted above, and consistent with the approach to licensing, OSFI does not forward “negative recommendations” to the Minister. Hence a recommendation is only made for the Minister’s consideration if OSFI has made a favourable prudential determination. In respect of the power to reject such applications, section 396 states that, “the Minister, in deciding whether or not to approve the transaction, shall take into account all matters that the Minister considers relevant to the application,…” and goes on to set out specific considerations. OSFI takes these considerations into account in making its recommendation to the Minister. This Ministerial power may be exercised with discretion where these considerations, including any unlisted consideration the Minister considers relevant, are not met. As in licensing, in practice the Minister relies on OSFI’s analysis and recommendation in respect of whether to grant such an approval. The considerations listed under section 396 are the same Ministerial considerations as under section 27 (licensing). Please see CP 5, EC2. Where a change in significant ownership was based on false information, section 973.03 would apply. This section provides that the Minister may revoke, suspend or amend any approval granted by the Minister if he or she considers it appropriate to do so. In addition, it is an offence under the Bank Act to knowingly provide false information in relation to any matter under the Bank Act or Regulations and punishment is set out (fines, imprisonment) in respect of offences (sections 980.1 and 985). OSFI noted that, as with a licence obtained on the basis of false information OSFI would be able to act to remove or suspend the bank’s authorization or cease its business very quickly and would have a range of remedies at its disposal (see CP1 EC6 and CP11 for a wider discussion of potential remedies). |
| EC4 | The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. |
| Description and findings re EC4 | All domestic banks must submit an annual report of shareholders to OSFI, within 60 days of the annual general meeting of shareholders. The format of the report is not prescribed by OSFI and the supervisor does not look through to seek to identify possible ultimate beneficiary holdings. It may be noted that for major banks significant holdings are prohibited under law as banks with equity of $12 billion or more must be widely held and no person shall control in fact such a bank (subject to certain exemptions such as being held by a bank holding company that is itself widely held as discussed under EC1). As such this EC can be seen as is primarily applicable to the smaller banks. Ownership thresholds under the Bank Act are tightly drawn and prior approval is necessary for any acquisition of significant interest/control, meaning that OSFI ought to be in a position to maintain accurate information detailing significant shareholders or those that exert controlling influence. Note that the legislative definition of significant interest refers to beneficial ownership of shares by that person as well as by entities controlled by that person and that control includes control in fact (see EC1 and EC2). OSFI noted that reliance is placed on the bank to identify and seek approval where a proposed ownership change requires approval. In specific circumstances (e.g., supervisory concerns with a bank’s legislative compliance management system), OSFI obtains information regarding significant ownership/control from the bank or other sources. OSFI indicated that it might, for example, consult with the RCMP. In addition, regular on-going monitoring work by OSFI includes reviewing board minutes of banks and monitoring press /news articles relating to banks and their groups. It is also OSFI practice to prioritize and seek additional verifications regarding the status of significant shareholders whenever elements of dependency (for capital, managerial or other support) are observed. |
| EC5 | The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor. |
| Description and findings re EC5 | The Bank Act provides the power to address a change in control that has taken place without the necessary approval. Pursuant to the Bank Act, if a person does not seek the required significant interest or control approval, the Minister may, if the Minister deems it in the public interest to do so, direct the person to dispose of its shares (section 402). The Minister would take such action upon OSFI’s recommendation. Also note that the Bank Act prohibits the exercise of voting rights attached to the shares in question where a person has not sought the requisite significant interest or control approval (section 392). It would also be possible to process an approval after the fact per EC2. In addition, the acquisition of a significant interest/control without approval would be an offence under the Bank Act (section 980). The Bank Act sets out sanctions for offences, speaks to the ability of a court to order compliance and sets out the ability of the Superintendent to apply to a court for an order to comply or a restraining order (section 646, subsection 985(2) and section 989). |
| EC6 | Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest. |
| Description and findings re EC6 | Due to the widely held regime governing banks with equity of over twelve billion dollars, this notification would not be relevant for the majority of the banking system. However, it would be pertinent for banks with equity under the threshold. There is no specific requirement for banks to notify the supervisor of a material adverse change in major shareholder or controller. Instead, OSFI approaches the risk through its relationship management approach, in the context of which firms understand that OSFI is to be informed of any material issue that might impact the bank. The assessors discussions with banks supported the view that the major banks have a strong understanding of the need to inform OSFI in such an event. There is scope for a weaker understanding of OSFI’s expectation in the smaller banks. |
| Assessment of Principle 6 | Largely Compliant |
| Comments | The grading of this CP reflects two issues, namely the absence of periodic checking of ultimate beneficial ownership and lack of notification regarding any material adverse changes that would affect the suitability of a major shareholder. The issue concerning a prudential veto is not reflected in the grading and noted here for completeness. The comments on this issue should be read in conjunction with the comments found in CPs 2 and 7 and the recommendation as set out in CP2 applies here. OSFI maintains a close relationship with its regulated entities, and there are requirements for approval set out in the Bank Act, which would trigger notification to OSFI. All domestic banks are required to file an annual “Return of Shareholders” that shows the registered shareholders although this does not always identify beneficial shareholders. While this risk is significantly mitigated with respect of the major banks due to the widely held regime which prohibits such holdings/control, and because approvals are needed for changes resulting in increased control, it is a more meaningful issue for the smaller institutions and even small changes in shareholdings can act as a trigger to check on possible indirect or disguised holdings. It may be of particular assistance when a significant shareholder or controller reduces part of the shareholding, potentially bringing the holding below the threshold of significance or control. In the case of diminishing control, although the supervisory relationship is likely to lead to a notification, it is not an automatic guarantee the notification will take place or that the institution would understand that a notification is expected. It is recommended that OSFI consider whether to introduce a standard format for the annual shareholder reporting requirement. OSFI is recommended to look through the shareholding structure to identify ultimate beneficial ownership and thus be assured that larger scale disguised holdings are not being accrued. This practice should provide comfort that OSFI will be notified should indirect holdings or changes in ownership and control – whether increasing or decreasing – take place. There is no specific requirement for banks to notify OSFI of material adverse changes affecting the suitability of a major shareholder or controller. This risk is managed in the context of the supervisory relationship with the institution, and is, again, negligible in the context of the widely held banks but not necessarily so for smaller institutions. It is recommended that at a minimum OSFI reinforce the discipline through an explicit reporting requirement or supervisory guideline. An alternative would be to include the requirement to report to the Superintendent in the next revision of the Bank Act. Broadly, it should be noted that the ownership regime, which is triggered in the case of change of control, merger, amalgamation and acquisition, is drawn relatively tightly and thus changes discussed in this principle ought to trigger notifications and applications for approval which must be filed with OSFI pursuant to the Bank Act. It is not possible for a change of control to take place without triggering the provisions of the Bank Act. Importantly, however, the approval for change of ownership rests with the Minister and not the Superintendent. The Basel Core Principles do not require the supervisor to have final approval but do require that the supervisor should be able to prevent a change of control of a bank for prudential reasons. Clearly there are other considerations in play when the control and ownership of a bank is under discussion and not all relevant considerations belong to the supervisor. Canadian law ensures that the Minister is able to take additional appropriate factors into consideration before applying the final decision. Where the law is not clear is in respect of whether a “prudential veto” is in place. In terms of actual practice it is undoubtedly the case that the supervisory authority has a de facto veto. In practice, an application is not presented to the Minister unless the Superintendent is prepared to recommend the application on prudential grounds. In practice, OSFI does not make a “negative recommendation.” In fact, the Minister is generally not even informed by OSFI that an application has been submitted unless and until the supervisor is content that there is a reasonable prospect of success. Hence there is no practical opportunity for the Minister to overturn the supervisory judgment. Additionally, all evidence points to a close and collegiate approach between the relevant authorities. There is no evidence that the supervisory voice has ever been disregarded or overturned. However, the law (specifically section 396 (1) of the Bank Act) sets out matters for the consideration of the Minister. The law states that the opinion of the Superintendent must be taken into consideration in one specific respect (related to the supervisability of the proposed new structure) but the remainder of the considerations, such as the financial soundness, the fit and proper requirements and feasibility of the business plan, are prudential considerations where the Minister is invited to make his or her own determination separate from that of the Superintendent. While the assessors have full confidence in the de facto outcome that the Minister would not overturn the Superintendent’s view on prudential grounds, the law could more clearly separate the decisions that need to be made so that any prudential determination is made by OSFI and the final determination, which will incorporate additional relevant factors, rests with the Minister. For example, the current practice of OSFI passing an application to the Minister only when satisfied on prudential grounds could be codified in the law, and the considerations that the Minister takes are limited to purely non-prudential matters. |
| Principle 7 | Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision. |
| Essential criteria | |
| EC1 | Laws or regulations clearly define: |
| (a) | what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and |
| Description and findings re EC1(a) | To preface the discussion, it is worth noting that Canadian law has a general principle which seeks to avoid the necessity of dual approvals for the same transaction. Thus, the Bank Act permits exemptions to the need to acquire the Superintendent’s approval under this section if the transaction requires the Minister’s or Superintendent’s approval under a different section of the Act. For example, if the transaction were to trigger the provisions relating to ownership of a bank, then all the assessment and approvals would be carried out under the relevant provisions of the Act. |
| As an overview summary: Under the Bank Act, in contrast to the incorporation regime, the investment regime is not a “dual key” Minister/Superintendent approval system. Acquisitions of substantial investments in, or control of, entities are subject either to (i) the Minister’s approval only, (ii) the Superintendent’s approval only, or (iii) no approval. Under the investment regime, the Minister’s approval is required only in cases of acquisitions of substantial investments in, or control of, the following:
The acquisition of a “specialized financing entity”, which is an entity that makes merchant banking / venture capital investments, is subject to the Superintendent’s approval rather than the Minister’s approval. In more specificity, there are two main areas of regulation applying to and governing acquisition and investment by banks: material asset transactions and substantial investments. Material Asset Transactions The Material Asset Transaction regime under the Bank Act imposes a requirement for the approval from the Superintendent whenever the acquisition would exceed 10 percent of the total value of the assets of the bank. Substantial Investments Except as permitted under the Bank Act, a bank may not acquire control of, or a substantial investment in, another entity. Permitted investments are set out in the Bank Act (section 468) and may require prior approval from the Minister or the Superintendent ((subsection 468(5) and subsection 468(6)). One purpose of section 468 is to ensure that a bank cannot acquire an unregulated deposit taker. The list of permitted investments is wide and includes banks and other federally regulated financial entities. However, such investments fall under the approvals regime required by ownership (as discussed under CP6). In other words, if a bank were to seek ownership of all or part of another Canadian bank, it would require approval under the ownership regime as opposed to the investments regime. The intent and design of the act is that if a bank were to seek an investment in a financial entity it should generally obtain full control of that entity, and providing that where such an investment is in a Canadian bank, it must be compatible with the requirements governing the ownership of banks (ie the widely held regime). The definition of substantial investment, pursuant to the Bank Act, is if the bank, directly or via a subsidiary, acquires over 10 percent of the voting shares of an incorporated entity or over 25 percent of the ownership interests of an incorporated or a non-incorporated entity (section 10). The law is designed so that approval is required from the Minister or the Superintendent but not both. The authorities note that approvals required from the Minister are those that generally involve public policy considerations, while those required from the Superintendent as those that generally involve material market or credit risk (prudential) considerations. Where Ministerial approval is required, (as with the situation described in CP6) OSFI reviews the application for approval and provides its recommendation to the Minister. In practice, the Minister relies on OSFI’s recommendation. Certain permitted investments that would not generally raise prudential or policy concerns do not require supervisory approval. See EC1(b) and AC1. The Advisory on substantial investments provides an overview of how OSFI administers and interprets the substantial investment regime. Prudential Conditions As part of the approval process, the Bank Act allows the Minister or Superintendent to impose any terms, conditions, or undertakings in relation to an approval that the Minister or Superintendent considers appropriate (note that this power rests with the person responsible for approval) section 973.02). In addition, all investments by a bank in an entity are subject to the “reasonable and prudent person” standard (section 465), with a view to ensuring that banks do not expose themselves to undue financial or other risks via their investments. |
|
| (b) | cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital. |
| Description and findings re EC1(b) | Substantial Investments – No Approval The Bank Act defines cases for which prior supervisory approval is required and those for which no approval is required. Where no approval is required, laws or regulations do not reference notification after the acquisition or investment as the prudential issues arising from such acquisitions are limited nor are any public policy issues at play. Substantial investments that do not require prior supervisory approval, ie have been given an exemption, fit into the following four categories:
While neither law nor regulations specify notification requirements in respect of the above, the Advisory on substantial investments addresses notification in categories #1 and #2 above by noting that OSFI may review a bank’s investment in the course of its ongoing supervisory process, and may require a bank to provide detailed information regarding the investment. If prudential issues are identified, OSFI would require the bank to take appropriate corrective measures. While the Advisory on substantial investments speaks only to categories #1 and #2, as per the general understanding between OSFI and the large banks, there is open communication (hence advance notice) of all material acquisitions as any material transaction requires OSFI to assess its potential impacts on the bank’s risk profile and our supervisory actions / intervention. As such, OSFI receives advance notice on material acquisitions, regardless of any requirement for approval. Material Asset Transactions It is also important to note that where no approval is required under the investments regime, approval is required pursuant to the Bank Act where the bank acquires assets (including securities of an entity) valued in excess of 10 percent of the total value of the assets of the bank (section 482). This section acts as a backstop to ensure that even where an investment may fall into one of the four categories described above, it will be subject to prior supervisory approval if it is material. |
| EC2 | Laws or regulations provide criteria by which to judge individual proposals. |
| Description and findings re EC2 | Advisory The law is broadly drawn and indicates that the Minister may take into consideration matters relevant to the granting of an approval. Where the Minister’s approval is required for the acquisition of a large foreign financial institution, the law also indicates the Minister may take into consideration matters including the stability of the financial system in Canada and the best interests of the financial system in Canada. The law itself does not provide criteria in relation to acquisitions requiring the Superintendent’s approval. However, the Regulatory and legislative Advisory on substantial investments_sets out primary criteria to ensure that the proposed investment would not expose the bank to undue risk or hinder OSFI’s ability to supervise the bank, as set out in the. The advisory provides substantial information on the types of investments permitted, the criteria that are considered by the authorities and also strongly highlights the fact that the institution should notify OSFI in the event it is considering an investment that would trigger the provisions of the Act. |
| EC3 | Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future. The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis. |
| Description and findings re EC3 | Advisory As mentioned in EC2, the Advisory on substantial investments provides that the approval process permits OSFI to ensure that the proposed investment would not expose the bank to undue risk or hinder OSFI’s ability to supervise the bank. The assessors reviewed files that illustrated the steps OSFI took to ascertain and ensure adequate control of risk. Transaction Instructions The transaction instructions for requests for Superintendent or Ministerial approval in relation to substantial investments (DA No. 13, A No. 8) and asset transactions greater than 10 percent of the bank’s assets (DA no. 18) specify that OSFI may request information to satisfy itself that the effective implementation of corrective measures in the future will not be hindered. This could include information in respect of recovery and/or resolution. Consolidated Supervision The Superintendent and Minister have the discretion to refuse approval where the criteria for approval are not met. This discretion includes circumstances where OSFI is not satisfied that it would be able to exercise adequate consolidated supervision. A bank is required to obtain approval to directly acquire control of, or acquire or increase a substantial investment in, a PFFI. The Advisory on substantial investments notes that OSFI’s approval process includes assessing the regulatory framework that applies to the PFFI being acquired (i.e., the “host country” regulator post-acquisition). If prudential issues are identified, OSFI may enter into an agreement with that regulator concerning the activities of the PFFI being acquired, or any other matter OSFI considers appropriate (subsection 470(3)). In addition, OSFI can require the bank to provide undertakings concerning the PFFI, addressing access to information and the investment activities of the PFFI, for example (section 470). Note that, under the Bank Act, a bank must not control a PFFI unless it obtains an undertaking from the PFFI to permit access to records (subsection 470(4)). OSFI (pursuant to the transaction instructions noted in EC2) receives foreign regulatory contact information and, as necessary, assesses country-specific factors in the review of acquisitions (including the existence of a memorandum of understanding with a foreign regulator). |
| EC4 | The supervisor determines that the bank has, from the outset, adequate financial, managerial and organisational resources to handle the acquisition/investment. |
| Description and findings re EC4 | The information requirements for substantial investments include a detailed description of the business of the entity to be acquired, a business case (including rationale for investment, amount and type of consideration, anticipated impact of investment on capital adequacy), a business plan with three years financial projections, the most recent financial statements of the entity and, if applicable, the identity of the primary regulator other than OSFI for the entity, the regulatory contact person and details of any required regulatory approvals. Financial Resources: OSFI considers the amount and type of consideration paid, the impact on the bank’s capital adequacy (present and future impact) and the business plan for the acquisition (including three years of financial projections) in arriving at a determination. In addition, OSFI will consider any capital support expectations in respect of the acquisition, including any formalized capital support arrangements. Where a bank would be close to its supervisory or internal minimum capital targets as a result of the proposed acquisition, OSFI may consider the bank’s contingency plans that ensure it does not breach these targets. Managerial and Organisational Resources: OSFI considers the business activities of the proposed acquisition as well as the bank’s rationale for the transaction. OSFI will consider this information in relation to the bank’s business strategy and its familiarity with the bank’s managerial and operational strengths and weaknesses. OSFI has sought to apply a pre-emptive approach in this regard and the assessors saw files confirming that OSFI takes pains to confirm the ability of a bank to control a new investment. Transaction Instructions: OSFI’s website contains transaction instructions for requests for Superintendent or Ministerial approval in relation to substantial investments (DA No. 13, A No. 8), the extension of holding periods or divestiture periods for temporary investments (DA No. 15, 16, 17 and A No. 16, 17, 18) and asset transactions greater than 10% of the bank’s assets (DA no. 18). The transaction instructions set out information requirements and provide administrative guidance to applicants. The purpose of the information requirements is to obtain the information necessary for the Superintendent or the Minister to determine whether the proposed investment would expose the bank to undue risk or hinder OSFI’s ability to supervise the bank or where public policy considerations are raised, respectively. |
| EC5 | The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities. |
| Description and findings re EC5 | Legislative/Regulatory Perspectives The Bank Act provides that a bank must not engage in, or carry on any business, other than the business of banking and such business generally as appertains thereto (section 409). The investment regime for banks is, in essence, an extension of the business and powers regime and, subject to certain exceptions, restricts a bank’s investments to financial service entities. These exceptions permit a bank to invest in non-banking activities on a limited basis and include investments noted in the EC1(b) response (investments made by PFFIs, temporary investments, specialized financing investments) as well as investments in entities that engage in information technology services or services to members of the bank’s group. As noted in EC1(b), the Bank Act allows banks to make limited investments in non-permitted entities to enhance banks’ abilities to carry on merchant banking and venture capital activities (subsection 466(4)). OSFI recently surveyed Canada’s largest banks to gain awareness of the types of investments that are being made under the “Specialized Financing Regime”. This survey concluded that these investments do not pose material non-banking risks, as they are relatively small and are often financial in nature. Banks may invest in non-permitted activities also indirectly through a regulated provincial or foreign subsidiary, not just through a SFV (see section 466 (2)). They may also hold non-permitted investments on a temporary basis subject to subsection (3). While establishment of a Specialized Financing Entity does require Superintendent approval, approval is not required for non-financial investments made either directly by the bank or by a Specialized Financing Entity. Corporate Structure Perspectives The corporate structures for Canada’s largest banks (as at November 30, 2012, the five largest Canadian banks held 88 percent of market assets) all have the bank as the ultimate parent (i.e., there is no holding/parent company). In terms of considering the bank’s ability to manage risks prior to permitting investment; where there is an approval requirement OSFI would consider these risks in the context of its review of the request for approval. See EC1 for OSFI’s consideration of the risks where there is no approval requirement. With respect to investments where no approval is required there would be, by definition, no specific legislative permission, but OSFI can use prudential agreements (section 644.1), directions of compliance (section 645), staging, or moral suasion to remedy/mitigate any prudential risks arising from such investments. Some of the smaller Canadian banks are commercially owned (i.e., unregulated parent companies). The parent company and its investments (i.e., sister companies of the bank) are not subject to OSFI supervision and consequently OSFI has no direct legislative powers in relation to the activities/investments of these entities. However, at the time of licensing, OSFI considers the group’s activities in the context of supervisability (please see CP5 EC1 and EC4). Pursuant to the Bank Act, OSFI assesses the extent to which the group’s corporate structure may affect the supervision and regulation of the bank (paragraph 27(g)). In some situations, OSFI has obtained an undertaking at the licensing stage to address these concerns. The assessors saw numerous examples of undertakings. |
| Additional criterion | |
| AC1 | The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future. Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments. |
| Description and findings re AC1 | Legislative/Regulatory Perspectives Pursuant to the Bank Act definition of substantial investment, a substantial investment by a controlled subsidiary of the bank would be considered a substantial investment for the bank and is generally subject to approval, depending on the investment (section 10). See EC1, EC2 and EC3. The exception to this control is when the investment is made by a provincially/foreign regulated financial subsidiary. Nonetheless OSFI expects to be advised by the bank of material acquisitions/investments made by the provincially/foreign regulated entity and reviews as necessary. This expectation is stated strongly in the OSFI Regulatory and Legislative Advisory on substantial investments. OSFI’s approval process for the acquisition of a PRFI includes assessing the regulatory framework that applies to the PRFI being acquired. Where an acquisition or investment is not subject to approval under the substantial investments regime, it remains subject to approval if the investment involves acquiring assets that represent more than 10 percent of the bank’s consolidated (pre-acquisition) assets. In order for investments made by a bank subsidiary to expose the banking group to undue risk or hinder effective supervision, OSFI generally expects that the investment/acquisition is large enough to trigger this approval. Where no approval is required, the Superintendent could – ex ante – use prudential agreements (section 644.1), the issuance of divestment orders where prudent person standards are not met (section 480), “staging” (see CPs 8, 9 and 11) or moral suasion to address risks to the bank arising from downstream acquisitions/investments. For acquisitions or investments subject to approval, the approach discussed in EC3 applies to OSFI’s determination in relation to future corrective measures. Corporate Structure Perspectives As noted in EC5, the corporate structures for Canada’s largest banks all have the bank, which must be widely held, as the ultimate parent. However, some of the smaller Canadian banks are commercially owned. For these smaller banks, OSFI has no direct legislative powers in relation to the activities/investments of the parent company and its investments (i.e., sister companies to the bank). However, at the time of licensing, OSFI considers the group’s activities in the context of supervisability (see BCP5 EC1 and EC4). Depending on the group’s structure and activities, OSFI may request information undertakings from group members, or may also impose other prudential limits. The assessors saw examples of such undertakings. These undertakings are typically provided by the ultimate controlling shareholder of the bank and provide access to information on group entities that are financial in nature and are not controlled by the bank, as well as notifications where a financial services entity is to be acquired by a group entity not controlled by the bank. Information undertakings allow the opportunity for OSFI review where no approval is required and help in assessing group-wide risk as well as in identifying possible contagion risk. |
| Assessment of Principle 7 | Compliant |
| Comments | The Bank Act sets clear limits upon and requirements for Ministerial approval of major acquisitions carried out by banks. Where an acquisition is subject to Ministerial approval, the regime of acquisition and investment is implemented through OSFI and the Minister acting in conjunction as the preparation work for approval on prudential grounds is performed by OSFI and a recommendation to the Minister for approval is only put forward if OSFI is satisfied it is suitable to do so. In carrying out its assessment OSFI considers all the requirements of prudential soundness, including the future supervisability of the group following the acquisition. There is no approval required for acquisitions made through a foreign or provincially regulated subsidiary. Such approval is not required for compliance with the principal. However, lack of an approval process exposes OSFI and the bank itself to the risk that acquisitions are approved by foreign regulator with differing standards or powers. While in practice banks are likely to seek informal OSFI endorsement, and OSFI would, at the consolidated level, have powers to put pressure on the bank (see CP11) to require tighter management standards around the indirect subsidiary, or in extremis, to divest, it would be preferable to remove this exemption from the Bank Act and ensure that OSFI holds a clearly defined “gatekeeper” role to review the entire group structure for the federally regulated entities. In common with the ownership regime discussed in CP6, where approvals are required from the Minister, it is unclear that there is a “prudential veto” securely in place. Again, this issue is mentioned here for completeness of the picture and should be read in conjunction with CPs 2 and 6. The recommendation set out in CP2 applies here. It is also noted that the regulatory and legislative advisory issued in respect of substantial investments is dated 2003 and while the contents remains current, the authorities may wish to review and refresh the document to ensure that the prudential criteria are as clear as possible. |
| Principle 8 | Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable. |
| Essential criteria | |
| EC1 | The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks:
|
| Description and findings re EC1 | OSFI’s Supervisory Framework, revision date December 2010, provides the overall supervisory approach that OSFI uses to supervise banks and banking groups in Canada. The Framework is designed to assist OSFI in meeting its statutory obligations as specifically set out in section 4 of the Office of the Superintendent of Financial Institutions Act (OSFI Act). OSFI’s supervisory approach is founded on seven principles which are set out in the Supervisory Framework. The principles are: focus on material risk; forward-looking, early intervention; sound predictive judgment (judgments must have a clear supported rationale); understanding the drivers of risk; differentiate inherent risks and risk management; dynamic adjustment; and assessment of the whole institution. The principles are articulated through the application of the Supervisory Framework in order to provide a consolidated assessment of risk to a bank. This assessment combines an assessment of earnings and capital in relation to the overall net risk from the banks’ significant activities, as well as an assessment of the bank’s liquidity. The composite risk assessment of a firm is built through analyzing the Significant Activities (which include significant enterprise-wide processes) of the group. Both qualitative and quantitative factors are used to assess the materiality or significance of an activity to the firm. OSFI uses various sources of information in this identification including the bank’s organization charts, strategic business plan, capital allocations, and internal and external reporting. Judgment is used in selecting significant activities, which may be chosen for quantitative reasons (such as the activity’s percentage of total bank assets, revenue, premiums written, net income, allocated capital, or its potential for material losses), and/or qualitative reasons (such as its strategic importance, planned growth, risk, effect on brand value or reputation, or the criticality of an enterprise-wide process). For each Significant Activity, the key risks inherent in the activity are identified and assessed. OSFI uses six categories of inherent risk: credit risk; market risk; insurance risk; operational risk; regulatory compliance risk; and strategic risk. OSFI does not view reputational risk as a separate category of inherent risk, but rather a factor to be considered in the assessment of each inherent risk category. The Quality of Risk Management is then evaluated based on how effectively the key risks are being managed within the Significant Activities to arrive at the Net Risk (low, medium, above average and high), and Direction of Risk (decreasing, stable, or increasing) for each activity. In assessing the Quality of Risk Management, both Operational Management and the independent Oversight Functions (ie Financial; Compliance; Actuarial; Risk Management; Internal Audit; Senior Management; and the Board) of an institution are reviewed. Once the Net Risks of Significant Activities have been assessed, the importance of each activity is taken into account to arrive at the level and direction of Overall Net Risk. The Overall Net Risk is a weighted aggregation of the Net Risks in the institution’s Significant Activities. Additionally, earnings, capital and liquidity are assessed as they are core to the viability and soundness of the institution and are rated as strong, acceptable, needs improvement, or weak, and their direction is assessed as improving, stable, or deteriorating. The Overall Net Risk, Earnings, Capital and Liquidity ratings are combined to determine the “composite risk rating” for the institution as a whole. The composite risk rating relates to the “intervention rating” (0–4) which is a key determinate in the intensity of the supervisory process. Supervisory intensity, restrictions and more onerous requirements apply when an institution is “staged” at level 1 or above. Hence, the methodology is designed to ensure that the intensity of supervisory work reflects the nature, size, complexity and risk profile of the bank, including the potential consequences of a bank’s failure. (More detail on the supervisory process is noted below in EC2). OSFI has also developed a Risk Tolerance Framework and supporting processes to identify institutions where OSFI’s utilization of resources should be higher and those where fewer resources can be allocated. The Framework considers risk in the context of loss to OSFI’s primary stakeholders, i.e., depositors, policyholders, and pension plan members. It also considers risk to OSFI’s reputation and credibility, which affect its ability to do its job. Moreover, as part of its broader work to update risk profiles, OSFI gathers information broadly from the external environment and industry to identify emerging issues. OSFI has an Emerging Risk Committee (ERC) with representation from all divisions within OSFI. Issues discussed by the ERC include both bank-specific and system-wide concerns. In terms of the risks posed by banks and banking groups to the soundness of the system, FISC and SAC provide the main fora for discussion. The recent guidelines on mortgage underwriting had been discussed between agencies to assess all system relevant issues. Resolvability is taken into consideration in the Risk Matrix analysis as a “significant activity” (as it is a core process). See EC6. |
| EC2 | The supervisor has processes to understand the risk profile of banks and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis |
| Description and findings re EC2 | OSFI’s supervisory processes are designed to be dynamic, iterative and continuous to guide its bank-specific supervisory work. OSFI’s documents including Supervisory Framework, Assessment Criteria and Corporate Governance Guideline provide for fuller detail than is possible here, but the outline of the processes and methodology is as follows: A supervisory strategy identifying the work necessary to keep the bank’s risk profile current is prepared annually for each bank. The strategy has a three year horizon with a fuller description of work for the upcoming year. The intensity of the work plan reflects the nature, size, complexity and risk profile of the bank, including the potential consequences of a bank’s failure. The OSFI supervisory year runs from April to end March and the main “planning season” takes place for all institutions in September, and is refreshed towards the end of the supervisory year in February. The supervisory strategy contains a summary of historic work carried out on the institution and supervisory activity is monitored against the plan. Planning and prioritisation for each significant activity and relevant oversight function is based on the net risk assessment of the activity (see EC1), the need to update OSFI’s information on the activity due to information decay, and the importance of the activity. The supervisory strategy explicitly documents the extent to which OSFI’s information and analysis is at risk from information decay and aged information is a sufficient basis to undertake a supervisory activity. As OSFI’s approach does not include a “baseline” guideline that states certain activities or reviews need to be carried out at least according to a minimum defined frequency, the information decay component of the annual process is very important. OSFI has not set formal, dated, cycles for supervisory activity as it wishes to avoid a mechanical approach to refreshing data and the potential to overlook growing risks between the review periods. OSFI’s also compares work across banks to ensure that assessments of risk for individual banks are subject to a broader standard, and that supervisory resources are allocated effectively to higher-risk banks and significant activities. Supervisory activity comprises: 1) monitoring (bank-specific and external), 2) limited off-site reviews, and 3) extensive on-site reviews that may include testing or sampling where necessary. In terms of ensuring a forward looking approach, OSFI periodically requires banks to perform specific stress tests which OSFI uses to assess the potential impact of changes in the operating environment on individual banks or industries. Capital is assessed based on the appropriateness of its level and quality, both at present and prospectively, and under both normal and stressed conditions, given the bank’s Overall Net Risk. In the case of foreign branches, OSFI considers the adequacy of capital equivalency deposits. The effectiveness of the bank’s capital management processes for maintaining adequate capital relative to the risks across all of its significant activities is also considered in the assessment. Banks with higher Overall Net Risk are expected to maintain a higher level and quality of capital and stronger capital management processes. With respect to liquidity, banks are required to maintain, both at present and prospectively, a level of liquidity risk and liquidity management processes that are prudent, under both normal and stressed conditions. As supervisory work is conducted, the Relationship Manager updates the overall risk profile of the bank and OSFI adjusts the work priorities set out in the supervisory strategy and annual plan, as necessary. The Risk Matrix and supporting documentation detail OSFI’s formal assessment of the bank’s associated safety and soundness, both current and prospective, including its business model. Key documents are subject to sign-off protocols within OSFI. The following are key documents maintained in OSFI’s supervisory process:
|
| EC3 | The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements |
| Description and findings re EC3 | OSFI supervisors assess compliance with prudential regulations and legal requirements as part of its normal supervisory work performed using the Superintendent’s general powers of information gathering and examination pursuant to sections 628, 643 and 644 of the Bank Act. Supervisors are provided with supervisory guides and assessment criteria to assist them in assessing inherent risk and controls and oversight of the risk. Both the regulatory compliance inherent risk in each of the bank’s significant activities and the quality of the oversight function in relation to the significant activity are assessed for each bank or banking group. The assessments of regulatory compliance for the inherent risks in each of the bank’s significant activities and compliance of the bank’s oversight and control functions are contained in various supervisory documents such as significant activity section notes, Compliance/Senior Management/Board section notes and the Risk Assessment Document (RAD). Following the assessments, supervisors make recommendations to the bank to address any concerns regarding risk, controls or oversight of regulatory compliance by the bank. The assessors saw examples of OSFI’s detailed recommendations to firms outlining how firms can achieve compliance. In addition, OSFI sets out requirements in the Corporate Governance Guideline and Legislative Compliance Management for banks to demonstrate that they properly manage compliance with prudential regulations and other legal requirements in all jurisdictions in which they operate. |
| EC4 | The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators. |
| Description and findings re EC4 | The ERC (noted above) assesses the macroeconomic environment, financial system, and industry trends including cross-sectoral developments and institution specific emerging risks on a regular basis. The ERC is composed of representatives from various divisions in the Supervision and Regulatory Sectors and meets at least monthly. Staff in the Risks, Surveillance and Analytics Division is responsible for day to day environmental scanning and coordinating the ERC meetings. OSFI staff commented that the ERC documents helped supervisors to understand cross cutting themes. On occasion, the work of the ERC triggered changes to supervisory plans, or specific projects. An assessment of brokered deposits was one such project that had been undertaken. Supervisors are required to specifically include an Operating Environment assessment in the RAD for the bank. This section highlights the key environmental and industry issues and trends that currently (or may potentially) affect the institution’s risk profile given its business model. The specific Significant Activities impacted, and the degree of impact, are identified, as well as the necessary follow up actions under the supervisory plan. Ongoing market surveillance and analysis also captures key emerging risk issues such as those related to residential lending (RESL). Where appropriate, more focused work is undertaken to fully understand the materiality of risks from both a systemic and bank-specific perspective. For example, market surveillance would include housing market performance including sub-sectors like condos and regional distribution, and related markets such as condo construction. RESL market analysis is often supplemented with bank-specific risk profiles. Examples would include: condo mortgage profiles, mortgage origination and related portfolio analysis including types of mortgages (insured, uninsured, bulk insured), and specific aspects such as IRB (internal ratings based) models and capital allocation. Bank exposure to condo construction financing is also undertaken. Regular meetings are held with various provincial regulators to enhance understanding of RESL issues that may be emerging outside the banks and which could impact market dynamics. Frequency of such meetings would be on the basis of the current risk assessment. The Heads of Agency meetings (see also CP3) also inform OSFI’s understanding of the non-bank financial sector though it may be noted that in Canada, significant parts of the “non-bank” sector, i.e., wealth management, mortgage trust, securities dealer, insurance, etc. are owned or controlled by the large Canadian banks. As such, OSFI, through consolidated supervision of banks/banking groups, is aware of activities in a large portion of the non-bank sector. The assessors confirmed that OSFI has contact with non-bank supervisors but communication was not necessarily consistent, but more ad hoc and sporadic. |
| EC5 | The supervisor, in conjunction with other relevant authorities, identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability |
| Description and findings re EC5 | The FISC, (see CP1 and CP3), which meets quarterly, is a senior level committee and is focused on matters relating to the supervision of financial institutions. OSFI also works closely with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), which is responsible for anti-money-laundering and anti-terrorist financing monitoring. OSFI’s Anti-Money Laundering and Compliance Division conducts assessments and reviews of the banks’ anti-money laundering and anti-terrorist processes and procedures, and shares its results with FINTRAC. The Superintendent meets, at least quarterly, with the Relationship Managers for the large banks and the ERC. These meetings include reports from the various specialist groups such as Credit risk, Operational Risk, etc. on trends. RMs also utilise information and analysis received from the Superintendent (or FISC, via the Superintendent or OSFI Executive) in their ongoing assessments. RMs and their teams will also incorporate the information and analysis from the ERC into their risk assessment of the bank or banking group. Conversely, through the Superintendent, the RMs and ERC share information and analysis with FISC. The ERC may recommend and co-ordinate any specific supervisory actions (information requests, guidance, advisories, etc.) necessary to address systemic threats. The assessors saw examples of risk identification by the ERC, including supervisory actions taken. |
| EC6 | Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business |
| Description and findings re EC6 | While CDIC has the lead role in preparing and assessing the banks’ Resolution Plans and OSFI is the lead on recovery plans, OSFI does incorporate the resolvability of an institution into its risk analysis. It is assessed in the context of the risk matrix as a “significant activity” (ie a critical process for the firm) and the analysis takes place through the line supervisors rather than through specialist groups not least to ensure integration into the core assessment of the bank/banking group. The first iteration of the Resolvability Plans was completed in 2012. Resolvability assessments are still at an “early stage”. CDIC will coordinate discussion of the Plans with OSFI and others. As part of its early intervention mandate, OSFI assesses an “Intervention Stage” of each bank. There are specific supervisory and regulatory measures attached to each stage rating. These measures are coordinated with CDIC, which has primary responsibility for resolution matters. The Guide to Intervention clarifies the interaction between the two agencies at each phase of deterioration and heightened distress of an institution. Supervisors are assisted by a dedicated crisis management team who provide overall guidance including liaison with the banks, CDIC, host supervisors, and domestic agencies. Banks and supervisors are provided guides, assessment criteria and core principles to assist in development and assessment of the Recovery Plans. As an example of work in this area, large Canadian banks submitted revised Recovery Plans in 2012, and OSFI undertook a comparative assessment of these submissions. In addition, OSFI facilitated discussions of the Plans with CDIC, Bank of Canada, Department of Finance and US and UK regulatory authorities. CDIC has the lead role in assessing the Resolution Plans of banks. In discussion with the banks most indicated that the process of working with the authorities had been arduous but had yielded some benefits for their own understanding. The authorities frequently commented that the workstreams created by this project had “shone a light” on banks which was seen as stimulating new supervisory perspectives. OSFI does not have the direct power to require a bank to restructure but, through use of “staging” is able to bring pressure to bear on firms if necessary and can also use such tools as prudential agreements, undertakings and indeed the requirement to assess supervisability of a group at inception. The assessors saw examples of feedback to the banks following the submission of the Recovery Plans, which not only included specific recommendations but also indicated areas of future work where OSFI will be likely to refine supporting guidance. As noted above, CDIC has the lead role in preparing and assessing the actual Resolution Plans of banks. The first iteration of the Plans was completed in 2012. Resolvability assessments are at “early stage”. CDIC coordinates discussion of the Plans with OSFI and others. |
| EC7 | The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner |
| Description and findings re EC7 | In addition to the Guide to Intervention, which provides details for each level of stress that a bank experiences, OSFI has formal crisis management guidance which is set out in a “Problem Situation Binder”. This includes crisis checklists, communication plans, information gathering, resolution options, holding company issues, and discusses the lender of last resort and payment systems. As noted above, the Guide to Intervention sets out the actions to be expected from OSFI and the CDIC at each “stage” of stress, from level 0 to 4: No significant problem; early warning, risk to financial viability; financial viability in serious doubt; and non-viability/insolvency is imminent. Once a firm has been “staged” it will experience intensified supervision, and be subject to a range of supervisory measures which may include: higher capital requirements, limitations on its business activities as well as having to pay an assessment fee. The Guide to Intervention also describes the level of involvement of the CDIC at each “stage”. Also, the FISC is kept aware of institutions that are staged, and the CDIC in particular. Hence, all federal institutions are well informed and have the ability to be well prepared should an institution experience acute stress. At a system wide level, the FISC and its sub committees also functions as a coordinating mechanism between authorities. The experience of the financial crisis demonstrated that the mechanisms and relationships between the authorities functioned well and were capable of being intensified very rapidly as the situation demanded. |
| EC8 | Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this. |
| Description and findings re EC8 | The regulatory perimeter established in the Bank Act is monitored closely by OSFI although it should be noted that while banking is a federal activity, by definition, deposit taking and lending can take place in provincially incorporated institutions under provincial law. Given that a number of approvals or notifications relating to change of activity or investment are required under the Bank Act, OSFI is typically notified of any significant corporate restructurings and will assess such proposals where regulatory approval is required. When Ministerial or the Superintendent’s approval is required, the Minister or Superintended has powers to require any undertaking that they consider appropriate, thus providing scope for addressing any potential arbitrage concerns. To date OSFI has not been aware of any requests for approval, or notification of restructuring that does not require approval, in which avoidance of the regulatory perimeter has been an issue. OSFI noted that this issue could arise in large asset transactions (see the CP 7 self-assessment) or in the context of related party transactions in the course of a restructuring (see the CP 20 self-assessment). In order to provide clarity of expectation and understanding to the industry, the OSFI Advisory: Business and Powers – Ownership Interests in Commodities explains the circumstances in which taking an ownership interest in commodities would be a permissible activity and prudential standards to be followed in respect thereof. The Superintendent of Financial institutions is a member of the Heads of Agencies (HoA) Committee. This Committee is chaired by the Governor of the Bank of Canada and also includes representatives from the Department of Finance, and four provincial Securities Regulators (the Ontario Securities Commission (OSC), Autorité des marchés financiers (AMF), Alberta Securities Commission (ASC), and British Columbia Securities Commission (BCSC)). This forum allows federal financial sector authorities and provincial securities market regulators to exchange information and views, and to coordinate actions on issues of mutual concern, such as on hedge funds, the ABCP market, OTC derivatives, and shadow banking and other perimeter of regulation issues. As part of its mandate, OSFI monitors and evaluates system-wide or sectoral events or issues that may have a negative impact on the financial condition of financial institutions. Where these system-wide issues relate to the conduct of bank-like activities being performed fully or partially outside of the regulatory perimeter (e.g., use of bankruptcy remote special purpose entities (SPEs) and the growth of ABCP), these issues are raised and discussed with the responsible authorities at HoA or other fora, such as the FSIC or the SAC. |
| Assessment of Principle 8 | Compliant |
| Comments | OSFI has developed an excellent supervisory approach that supports the analysis of risk from multiple perspectives and incorporates a forward looking time dimension. In particular the OSFI approach marries its risk analysis to a supervisory outcome that can be clearly communicated to the institution, through the use of the intervention rating and the “stages” of supervisory intensity should matters of concern emerge. In terms of continuing to evolve and further enhancing the supervisory approach and, in particular, in the light of designating six banks as domestically systemically important, some areas of OSFI’s practice may be worth more attention. In the context of the conglomerate groups especially, it is recommended that OSFI intensify its analysis of groups from a legal entity based perspective to complement the understanding yielded by the examination of significant activities. OSFI should also review its communication and coordination with non-bank regulators for entities within the consolidated groups. |
| Principle 9 | Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks. |
| Essential criteria | |
| EC1 | The supervisor employs an appropriate mix of on-site and off-site supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed. |
| Description and findings re EC1 | All supervisory work (on and off site) is conducted using the Superintendent’s examination powers defined in sections 643 and 644 of the Bank Act. OSFI’s Supervisory Framework provides the overall approach that OSFI uses to supervise banks and banking groups in Canada. See the summarized version of the Framework in the Description and findings re EC 1 in BCP 8 – Supervisory approach. There is no separation between the on and off-site functions. OSFI’s organizational model is risk-based and separates the line supervisors dedicated to banks and the specialists (credit, models, market risk, etc). The effectiveness and integration of on-site and off-site supervisory work is therefore assessed throughout the supervisory process and changes are made, if and when required. Either line supervisors or the specialist teams may go on-site though the specialist teams will include at least one member of the line supervisory staff to promote understanding and integration. The quality and effectiveness of supervisory assessments is supported by an extensive set of supervisory guides and tools (ie templates for documentation of OSFI assessments which are annotated with guidance to the supervisor with respect to issues that must be considered). The number, knowledge and experience of assigned staff are based on the size, nature, complexity and risk profile of each bank. A team of approximately seven staff is dedicated specifically for each of the six major Canadian banks. Supervisory staff are also supported by risk and risk specialist teams (e.g., credit, market, operational, corporate governance). The same supervisory staff perform the full range of supervisory work (light off-site to extensive on-site) for any specific bank. As noted in CP8, a Supervisory Strategy is prepared for each bank annually and outlines the supervisory work planned, both on and off-site. The assessors were able to review Supervisory Strategy documents for a number of major banks. The assessors were able to discuss the balance of on-site reviews with firms of different sizes. For major firms an extensive on-site program can be executed. One firm quoted 15 significant reviews over a two year period, for example. Smaller institutions, mentioned between three to six on-site reviews and follow up visits over the course of a year. OSFI indicated that its preference was to initiate scoping visits in order to assess whether resource intensive programs needed to be established. The flexibility of the supervisory strategy, in terms of being able to adapt it to emerging risks, was felt to be instrumental in mobilizing resources quickly into an institution. Firms with whom the assessors spoke indicated that OSFI had demonstrated effectiveness in identifying the risks that needed to be examined in greater depth. Firms also noted that OSFI’s practice of pressing firms to identify whether a deficiency in one area of the bank had been replicated in another was an arduous but successful discipline. |
| EC2 | The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions. |
| Description and findings re EC2 | The planning and execution of OSFI’s continuum of supervisory activities (including on-site and off-site) are supported by extensive supervisory guidance and supervisory tools. Supervisory strategies are developed at both institution and sector level accompanied by internal supervisory guidance on how to complete the Supervisory Strategy document for an individual bank, and on the planning process for Supervision Sector as a whole. As noted in CP8, the supervisory planning “season” takes place in September and is refreshed in February. This will include discussion with the risk specialists to build a view on what is needed at the institution and sectoral level. The resulting strategy documents act as the work plan for the year ahead, and the work year runs April to March. During the course of on-going supervision through the year, OSFI monitors the progress of its supervisory activities. Off-site and on-site supervision executed by the same supervisory staff. Relationship Managers (RMs), supervisors and specialists conduct supervisory work across the continuum described in the Supervisory Strategy document. RMs coordinate this on and off-site work and are responsible for approving and signing off on any letters sent to the banks. The planning process is designed to enhance the utilization of supervisory resources based on the size, nature, complexity and risk profile of the institution, and seeks to ensure that the activities are conducted on a thorough and consistent basis, with clear responsibilities, objectives and outputs. The assessors saw examples of quarterly monitoring documents prepared by OSFI which drew on the output of both off-site and on-site supervisory work. |
| EC3 | The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable and obtains, as necessary, additional information on the banks and their related entities. |
| Description and findings re EC3 | OSFI makes use of prudential returns (see CP10) but also internal documents prepared by the firm for its own management and control proposes, including risk policies, limit structures, audit and compliance reports, capital planning reports, including economic capital, policies and strategies supporting the operational management function of the firm such as organization and operational structure, data on resources, staffing and training; compensation policies and practices. The information is verified through comparing multiples sources, selective testing of controls and interviews with bank management. |
| EC4 | The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as:
|
| Description and findings re EC4 | OSFI undertakes a range of reviews and types of analysis which feed into the primary assessment documents: the Risk Assessment Document and Risk Matrix.
In terms of communicating findings to a bank, in addition to ongoing discussions with the bank’s management, OSFI communicates to banks through various formal, written reports. Annually, or as appropriate, the RM writes a Supervisory Letter to the bank. The Supervisory Letter is the primary written communication to the bank. It summarizes OSFI’s key findings and recommendations (and requirements, as necessary) based on the supervisory work that was conducted since the last Supervisory Letter was issued, and discloses or affirms the bank’s Composite Risk Rating. During the year, OSFI may also issue Interim Letters to the bank so as to provide the bank with timely feedback on issues arising from a specific body of supervisory work. The Interim Letter is sent to the appropriate senior manager within the bank, and a copy may also be provided to other individuals within the bank, if warranted. Regular and timely follow up by OSFI on matters in these letters is a specific part of its supervisory process and is evidenced by a Follow Up Document (FUD). This document contains a list of findings, recommendations and requirements that have been communicated to the bank. Follow up occurs during ongoing supervisory contact, for example as part of monitoring meetings. |
| EC5 | The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any |
| Description and findings re EC5 | OSFI’s Emerging Risk Committee (ERC), has a set of tools and reports developed specifically for the systemic review of emerging risks arising from the national and international environment. For a list of some of these tools and reports, see below. The ERC assesses the macroeconomic environment, financial system, industry (including cross-sectoral developments) and institution-specific emerging risks on a regular basis. The systemic risks identified by the ERC can result in OSFI requiring banks to take significant actions. OSFI’s liquidity reporting requirements for banks were developed as a result of ERC findings on systemic liquidity risks. OSFI regularly requires banks to complete OSFI system-wide stress tests, whether macro stress test, retail, recession etc. Follow up work deriving from findings of the ERC or as a result of banks’ own stress testing would be fed back to banks and followed up as part of the normal supervisory process (which requires specific protocols around follow up practices, including the Follow Up Document (FUD)). The assessors noted records of OSFI providing information on its forward looking analysis to a range of firms. |
| EC6 | The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk |
| Description and findings re EC6 | As noted in the Supervisory Framework, “OSFI uses, where appropriate, the work of others to reduce the scope of its supervisory work and minimize duplication of effort. […]effectiveness. For example, as supervisors do not perform audit work, they may use the detailed testing performed by a FRFI’s external auditor and Internal Audit function to help them assess the effectiveness of controls.” OSFI notes that the Framework specifically employs the word “use”, and not the word “rely” on, the work of internal auditors. OSFI further notes that one objective in assessing the Internal Audit function is to determine the extent to which it can use the work of this function to ensure that appropriate controls are in place and are being followed at the operational level. Specific OSFI requirements for internal audit are described in OSFI’s Corporate Governance Guideline and Assessment Criteria for Internal Audit. The assessment of Internal Audit is a regular part of OSFI’s supervisory work and is completed using a combination of on-site and off-site work. In addition, OSFI maintains regular and close contact with the Audit Committees within banks as one of its conduits for assessing the quality of the internal audit function. |
| EC7 | The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models |
| Description and findings re EC7 | Specific OSFI requirements and expectations for board governance are described in OSFI’s Corporate Governance Guideline and Assessment Criteria for the Board of Directors and Senior Management. OSFI has access to the institution’s board as necessary. For larger institutions, OSFI meets with senior management and the audit and risk committees of the board at least semi annually to discuss the results of its supervisory activities and other material issues. The meetings with the audit and risk committees are structured to enable OSFI to meet with the members of the committees without the presence of management, at the discretion of the committee or OSFI. OSFI executives, including the Superintendent, participate in these meetings. For smaller institutions, these meetings are arranged on an as-needed basis. In addition, for larger institutions, meetings are held quarterly with Chairs of audit and risk committees of the board as well as following significant activity reviews based on findings. As part of their monitoring work, OSFI supervisors will also typically meet on a quarterly basis with members of the Bank’s senior and middle management such as the Chief Audit Executive, Chief Risk Executive, Chief Compliance Executive, Business Unit Heads, etc. Meetings with members of the Bank’s board, senior and middle management also take place as part of supervisory review work on specific significant activities of the bank. The frequency of the meetings with senior management and board committees generally increases in cases where OSFI has material prudential concerns. OSFI will make recommendations to the Bank’s board, senior and middle management if significant problems or weaknesses are discovered as a result of the supervisory review work on the bank. All firms the assessors met with commented on the close level of contact maintained by OSFI, not only through these “set pieces” and formal follow up contacts but on a more day to day basis. The assessors reviewed materials demonstrating OSFI’s identification of material deficiencies in significant activities (“intervention notices”); the communication of findings to the Board and the effectiveness of the outcome. It was clear that if OSFI considered that progress on or remedy of deficiencies was not taking place then it was prepared to escalate the issue to the Board. The records indicated that this strategy was successful. The assessors were also able to confirm with banks with whom they spoke that OSFI maintained a “close touch” with the individual institutions. Every firm with which the assessors spoke referred to the regularity and frequency of OSFI contact with the Board (executive and non-executive), the senior management including Chief Risk Officers, heads of risk functions, heads of compliance, and the chairs of the significant committees (audit, group risk and compliance). Meetings are supplemented by regular planned telephone contact (such as weekly calls with the CRO of the larger firms, but regular contact even with smaller institutions). |
| EC8 | The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary |
| Description and findings re EC8 | There are specific supervisory guides and letter templates related to documentation and communication of supervisory findings, recommendations and requirements to the bank on a timely basis. In addition, after a review of a significant activity, or at least once a year, a management report is issued to the institution indicating whether there are any prudential issues that need to be addressed. In cases where a number of significant activities are reviewed in a year, the results of these reviews are also summarized in an annual report to the institution. Issuance of the reports is preceded by meetings with top management and, in the case of larger institutions and followed by meetings with the board (Audit Committee) in order to explain any issues and seek resolution. In the case of smaller institutions, OSFI also meets with the board (Audit Committee) if there are material prudential issues. OSFI’s Management Reports are addressed to the CEO and copied to the chair of the audit committee. As noted in EC7, OSFI will meet with the bank’s Board and will hold in camera sessions with the non-executive board members. Firms commented that they had had the experience that closing sessions with management at the end of a review might communicate a softer message than the formal written document but that OSFI has been responsive and adapted to this feedback. |
| EC9 | The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner |
| Description and findings re EC9 | There is a specific standard template that supervisors use to complete follow-up of actions taken by banks to address supervisory concerns, recommendations and requirements. The Relationship Manager (RM) for the bank has the overall responsibility for making sure that appropriate and timely follow up is completed on a regular basis. This follow up is typically done on a quarterly basis although it may be more or less frequent depending on the nature of the issue and the timing of the bank’s actions. When the recommendations for follow up action were set by the specialist risk teams, the teams must confirm “closure” although the RM has overall responsibility for monitoring progress on the recommendations or requirements in the follow-up activities. The RM will take appropriate supervisory escalation if issues have not been addressed adequately or within the agreed deadlines. Regular and timely follow up is a specific part of OSFI’s supervisory process and is evidenced by a Follow Up Document (FUD). This document contains a list of findings, recommendations and requirements that have been communicated to the bank. An item might remain on the FUD for an extended period and this is because it is almost always insufficient for a firm simply to have performed the follow up action and informed the supervisor. An item is closed and removed from the FUD only when OSFI has returned to the bank and is satisfied that the outcome of the changes are what was required. Firms confirmed that this is the OSFI practice. The follow up process includes escalation to more senior supervisory staff and/or bank management, as necessary. This includes escalation to the Board for more significant matters, as the assessors were able to observe in the records. |
| EC10 | The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements. |
| Description and findings re EC10 | While there are many provisions in the Bank Act that require banks to obtain the prior notice and/or approval of the Superintendent for transactions that could result in significant changes in their activities, structure and overall condition there is no specific requirement to notify OSFI of a material adverse development. Nevertheless, a list of provisions requiring notice or approval is contained the Schedule to the Administrative Monetary Penalties (OSFI) Regulations. There are over seventy potential infringements noted in the Schedule related to failures to notify OSFI/the Superintended as required by the laws or agreements. Sections 157 and 158 of the Bank Act describe the duty to manage and duty of care for all directors and officers of the bank. Section 328 of the Bank Act requires auditors to report to CEO and CFO on “any transactions or conditions …..affecting the well-being of the bank”. The Superintendent is required to receive a copy of this report. OSFI sets a clear expectation that senior management should keep OSFI informed regarding any significant or material developments at the bank in advance of the developments. For example, OSFI’s Supervisory Framework notes:
|
| EC11 | The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties |
| Description and findings re EC11 | The use of work of third parties is specifically described in OSFI’s supervisory methodology (e.g., page 3 of the Supervisory Framework and as quoted in EC6 above), and is supported by documentation regarding the nature of the work and the extent of its use. OSFI notes that it “makes use” of third party work rather than “relies” upon it. It is, though, rare for OSFI to commission third party work for which it bears the expense. More often OSFI will require a firm to have work carried out – sometimes the choice of provider can include the firm’s external auditor and on other times it may not. Depending on the circumstance, OSFI may insist on participating in the scoping of such work to ensure it will focus on the relevant issue or deficiency. OSFI has identified instances of incorrect advice having been given to firms by external consultants and is cautious in the use it makes of any third party work. |
| EC12 | The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action |
| Description and findings re EC12 | OSFI has developed, and is continuing to upgrade and evolve, a powerful system of reports showing key metrics available for an individual bank, peer group or total industry. There sixty standardized reports and supervisors can also develop and run ad-hoc reports – including creating bespoke peer groups (and covering tailored time horizons) - on an as needed basis. This is the Business Intelligence (BI) tool. OSFI supervisors use an Electronic Data Management System (EDMS) to store and manage all electronic information received from banks. This will include such items as management information and audit reports. Key Performance Indicator reports automatically highlight outliers, notable movements and breaches of any thresholds for supervisory follow up and attention. |
| Additional criteria | |
| AC1 | The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate. |
| Description and findings re AC1 | OSFI has established a quality assurance (QA) framework. The Quality Assurance Function will conduct two different types of reviews: Supervisory Process Reviews and Specific Reviews. Supervisory Process reviews will cover key components of the core supervisory process (Planning, Execution and update of risk profile, and Reporting and intervention) and are the primary focus of QA reviews. Specific reviews form a smaller part of the QA work and are intended to assess current areas of supervisory importance and important Supervision processes (e.g., Supervision Business Planning Process). Periodic audits by an independent Internal Audit (IA) department are able to complement the quality assurance performed by line management. IA audits supervisory work for consistent application of the supervisory methodology and effectiveness in executing the methodology across institutions. Results of these reviews are provided to line management and the Superintendent and are discussed with OSFI’s Audit Committee and are published on OSFI’s website. Action plans are developed to address identified weakness both in the methodology and in its execution. However, in practice, assessors noted that IA has only done one review of a specialist area (CMRAS) in last three years and no reviews of deposit-taking supervision more broadly. OSFI’s Practices Division also monitors development of practices by other regulators, with a view to enhancing OSFI practices, where necessary. |
| Assessment of Principle 9 | Compliant |
| OSFI has high standards of supervisory practice and a supervisory style and structure that is oriented around a close touch principle that is consistently delivered. This approach underpins OSFI’s ability to articulate and reinforce its supervisory expectations. OSFI is perceived as accessible to the industry and its willingness to listen was widely praised. While OSFI’s perceived lack of rigidity was appreciated, OSFI’s authority with the firms was confirmed. The close touch approach yields many benefits to OSFI in terms of supervisory outcomes but the challenge that always remains is that close understanding of the counterpart can lead to a loss of direction and momentum such that OSFI must guard against being slow to be assertive. Although OSFI employs a number of tracking systems, some of them, such as the “Follow Up Document”, do not necessarily lend themselves to prioritization or re-prioritization, if needed, of key issues and an overarching clear view of whether suitable progress is being made on supervisory issues. It is recommended that OSFI consider whether its internal monitoring systems could be enhanced to further support the overarching, and risk focused view of the institution as well as acting as a tool to maintain pressure on an institution as appropriate. Given the nature of the close supervisory relationships that have been established it is very unlikely that OSFI would be surprised by a material adverse development in an institution of which it had not been pre-notified. Nonetheless, the assessors identified at least one occasion on which an institution had not communicated to OSFI in advance and it is recommended that this discipline be enforced through an amendment to the Bank Act, to avoid any doubt on the obligations of the firm towards OSFI. Importantly OSFI does not see its processes or analytics as static but seeks to develop its capacities over time, whether by refreshing its processes, IT system or staff skill sets. |
|
| Principle 10 | Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts. |
| Essential criteria | |
| EC1 | The supervisor has the power to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk |
| Description and findings re EC1 | OSFI has strong powers for information gathering which permits it to require any data that is deemed necessary, either consolidated or solo. The legal powers are noted below. In practice OSFI collects consolidated data for all banking groups as well as the consolidated data for all sub-groups of regulated entities and solo data for the parent entities of banking groups. Major features of the legal framework are as follows: Section 628 of the Bank Act specifies that a bank shall provide the Superintendent with such information, at such times and in such form as the Superintendent may require. Subsection 643(2) specifies that the Superintendent or a person acting under the Superintendent’s direction
Additionally, there are many cases within the Bank Act where there is more specificity provided on a requirement for reporting by federally regulated financial institutions (FRFIs) including banks, such as the requirement to file a copy of its annual statement with the Superintendent (Section 312). OSFI is a consolidated supervisor and as such has access to all records within the legal structure of any financial institution over which it has regulatory authority. This includes all domestic and foreign subsidiaries, branches, trust companies and other legal entities. Much supervisory information is obtained through a standardized schedule of regulatory returns (financial or non-financial) that are completed by all banks. Capital adequacy, balance sheet, profitability, liquidity, market risk and asset quality are covered by standard prudential returns. Related party transactions and large exposures are not in the suite of standard information requirements from OSFI. OSFI also obtains direct management information from firms. This includes standing requests for information packages provided to the board and senior management reports. OSFI also undertakes targeted ad-hoc data calls as the supervisory need arises. Additional information is obtained from banks using FIC data, a shared database of banking information of common interest that is shared with peer agencies (Bank of Canada and CDIC). OSFI maintains many of the regulatory returns, and the Bank of Canada maintains those returns for which they are the primary user of the data. With respect to data on large exposures, OSFI monitors exposures through management information submitted by the banks. (See CP19). Formal regular reporting on related parties is not required from all firms. (See CP20). |
| EC2 | The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally |
| Description and findings re EC2 | Subsection 308(4) of the Bank Act states that a bank’s financial statements shall, except as otherwise specified by the Superintendent, be prepared in accordance with Generally Accepted Accounting Principles (GAAP), the primary source of which is the Handbook of the Canadian Institute of Chartered Accountants. The Canadian Accounting Standards Board adopted International Financial Reporting Standards (IFRS) for publicly accountable enterprises commencing 2011. All banks reporting to OSFI are required to use IFRS, as communicated in April 2008. As noted above, subsection 308(4) provides the Superintendent with the authority to specify accounting treatment other than that required by GAAP (which for banks is IFRS); however, OSFI has not specified accounting requirements that are contrary to IFRS. OSFI has issued a Manual of Reporting Forms and Instructions for Deposit-Taking Institutions. The Manual is the primary source for information on instructions for completing many of OSFI’s regulatory returns. The instructions posted on OSFI’s website are approved by the Financial Information Committee (FIC) and by OSFI’s subject matter experts. Instructions are administered by the FRFI Data Management Division, within OSFI’s Corporate Services sector. The deposit-taking institution (DTI) instructions are updated on an annual basis at minimum, based on changes that are either being requested by the regulator or by new/modifications to applicable accounting standards for the upcoming year, through the Annual Housekeeping Exercise (see EC12 for further details). The instructions do not restate the language/wording used in the IFRS Standards but rather refer each return to the applicable accounting standard within the IFRS manual, and also provide additional clarification that the regulator feels would benefit the financial institutions in filling out those returns. Banks and their chartered accountants are ultimately responsible for properly researching and understanding each applicable accounting standard and OSFI provides guidance as necessary. OSFI has also issued guidance on existing accounting practices. These guidelines, while consistent with IFRS, outline OSFI’s additional expectations with respect to identified areas of risk. The objectives of these guidelines are to ensure that bank accounting and reporting is prudentially sound and aim to encourage Canadian Banks to adopt international best practices as developed by the Basel Committee on Banking Supervision (BCBS). (Also refer to BCP 27). |
| EC3 | The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximises the use of relevant and reliable inputs and are consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes. |
| Description and findings re EC3 | IFRS is the basis for both external and regulatory reporting for banks, supplemented by OSFI guidelines where required. In addition to IFRS requirements, OSFI has specifically asked banks to follow two guidance documents relating to valuation practices:
In situations where models are relied upon to provide valuations, the Guideline outlines additional requirements. As per sections 8.11.2 and 8.11.8 of the Guideline, as well as the Implementation Note - Approval of Regulatory Capital Models for Deposit-Taking Institutions (2009), a bank must have an independent unit that is responsible for initial and ongoing validation of all internal models including those used for valuation purposes. When marking to model or using third-party valuations, the Guideline requires banks to have procedures in place for considering valuation adjustments. OSFI expects the following valuation adjustments/reserves to be formally considered at a minimum: unearned credit spreads (i.e., credit valuation adjustments), close-out costs, operational risks, early termination, investing and funding costs, and future administrative costs and, where appropriate, model risk. For regulatory capital purposes, valuation adjustments must also be considered for less liquid positions. OSFI’s risk-based Supervisory Framework supports the use of the work of others, where appropriate, to reduce the scope of its supervisory work, minimize duplication of effort and to enhance OSFI’s efficiency and its effectiveness. This includes, but is not limited to the reliance of the work of External Auditors with respect to the fairness of audited financial statements which include fair value estimates prepared in accordance with the requirements of IFRSs. Please refer to the response at EC10 for a description of OSFI’s reliance on the banks’ appointed auditor. The assessors saw examples of supervisory work where concerns with respect to independent price verification processes had been identified and acted upon. The assessors also discussed instances when OSFI had required adjustments to reported data and also associated changes to its valuations and procedures. |
| EC4 | The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank |
| Description and findings re EC4 | Key supervisory information is collected on at least a quarterly basis and includes information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, risk concentrations, asset quality, loan loss provisioning, interest rate risk, and market risk. OSFI also requires significant levels of management information from banks, particularly from the systemic firms. This is consistent with the approach of assessing the significant activities of the firm. In more stressful situations that could deteriorate into significant systemic or bank risk issues, the frequency of collection is tailored to the risk and need to ensure there is no information decay. The assessors saw evidence of enhanced monitoring during stressed periods. |
| EC5 | In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data). |
| Description and findings re EC5 | Regulatory data is submitted per definitions and timelines as documented in the Financial Returns and Instructions available on OSFI’s web site. The frequency of information can vary by either calendar dates or banks’ fiscal time periods. The six systemically important banks have the same year end dates and most other banks also share the same fiscal year-end dates facilitating comparison of various peer groups. Quarter-end interim financial (stock and flow) information for banks is received, reviewed and analysed by OSFI supervisors. Quarterly meetings are held with the Superintendent and Assistant Superintendent, Supervision Sector to review and compare the current risk assessment of the large, conglomerate banks. Peer group comparisons are frequently used as part of OSFI’s supervisory work. The system responsible for regulatory return processing is the Tri-Agency Database System (TDS). This is a shared system with FIC partners (the Bank of Canada and CDIC), and is physically housed at the Bank of Canada. Data is transferred to OSFI and loaded into a data warehouse, which is accessed by OSFI Supervisory and Regulatory Sectors using a Business Intelligence (BI) tool. At OSFI, the regulatory returns are primarily maintained by the Regulatory Information Division, under the FRFI Data Management Division. Information Management/Information Technology (IM/IT) will support and maintain any technical requirements such as data storage facilities (databases and data warehouses). Defined “Information Steward” roles are identified within Supervision and Regulation Sectors, to provide data-specific subject matter expertise. Executive-level resources (Director and up) provide input into and guidance on data governance. See EC12 for details on data governance. OSFI undertakes a quarterly summary analysis of the risk profile of banks, including undertaking a peer group review. |
| EC6 | The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information. |
| Description and findings re EC6 | OSFI’s information access powers, as noted in EC1, are specified in the Bank Act sections 628 and 643. These powers are applicable to the consolidated operations of the bank or banking group and cover any and all geographies, product or business lines, legal entities, operations (including those that are outsourced) and assets on a global basis. The information power extends to the parent entity in cases where the parent entity is not a bank holding company (and could, for example, for a smaller bank be a commercial entity as discussed under CPs 6 and 7). This information is used to support the supervisors’ risk assessment of the bank including where appropriate, an assessment of the bank’s resolution plans. The assessment of bank resolution plans is the responsibility of CDIC. OSFI is responsible for assessing the recoverability plans for banks. The assessors saw examples of follow up information requirements sent by OSFI in relation to information deficiencies in a bank’s Recovery Plan. |
| EC7 | The supervisor has the power to access all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required. |
| Description and findings re EC7 | OSFI’s information access powers, as noted in EC1, are specified in the Bank Act sections 628 and 643. Furthermore, in respect of access to the bank’s Board, Section 187 of the Bank Act provides the power whereby:
|
| EC8 | The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended |
| Description and findings re EC8 | OSFI enforces compliance with regulatory return schedules using Late and Erroneous Filing Penalties (LEFP) Framework (see also OSFI’s LEFP Guide), which is based on the authorities provided under sections 24 through 37 of the OSFI Act and the associated Administrative Monetary Penalties (OSFI) Regulations (the Regulations). The Superintendent has authority to impose penalties against financial institutions or natural persons in respect of the violations set forth in the Regulations. Section 5 of the Regulations sets out the monetary penalties applicable to minor violations covered by the LEFP Framework. Under the Regulations, banks are assessed penalties for each day a bank has not submitted an error free return after the due date. OSFI expects the accuracy of financial reporting from a bank to be addressed through internal and external audit procedures. Additionally, banks are expected to have appropriate controls in place to ensure the accuracy of all information (financial or non-financial) submitted. There is, however, no management sign off to attest the accuracy of regulatory returns to OSFI. Information pertaining to return filing is posted on OSFI’s website under:
In setting the due dates for regulatory returns, OSFI considers the timeliness of the data required, in consultation with the appropriate industry associations and with FIC partners (see EC5). |
| EC9 | The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a programme for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts. |
| Description and findings re EC9 | The FRFI Data Management Division has validation rules to assist with checking the regulatory return data sent by the banks, prior to the data being accepted and loaded. The rules are created or modified as part of the process of maintaining regulatory returns (see EC12 for more details). The data subject matter experts (“Information Stewards”) provide the requirements for the validation rules. These validation rules are created in and maintained within the TDS application itself. Validation rules are posted to the Automated Data Transfer (ADT) site. Access to the site is restricted to banks and requires a login. The ADT user manual is posted on the OSFI website. (There are also data validation routines in the OSFI Business Intelligence data warehouse, once the data is in-house). Validation rules are used to spot data inconsistencies and to define positive and negative values. Cross-return validation rules will return an error if differences in specific data points are detected between returns. In addition Relationship Managers (RMs) (Supervision sector) and Regulatory Information Division (Corporate Services sector) personnel periodically check and verify the supervisory returns. Consistent with OSFI’s risk based approach, the verification of supervisory returns and the validity and integrity of other information collected is predicated on the risk profile and systemic importance of the bank. As part of their regular review and monitoring work, RMs will assess the quality of data or information received, particularly when the bank is an outlier relative to other banks or the information submitted may need additional clarification. OSFI expects the accuracy of financial reporting from a bank to be addressed through management and financial controls including internal and external audit procedures. Banks are expected to have appropriate controls in place to ensure the accuracy of all non-financial information submitted. OSFI’s FRFI Data Management Division is developing a plan to further enhance the quality of data in cooperation with the subject matter expert data user group. This work will begin in 2014. |
| EC10 | The supervisor clearly defines and documents the roles and responsibilities of external experts, including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilised for routine validation or to examine specific aspects of banks’ operations. |
| Description and findings re EC10 | OSFI’s Supervisory Framework supports the use of the work of others, where appropriate, to reduce the scope of its supervisory work, minimize duplication of effort and to enhance OSFI’s efficiency and its effectiveness. This includes, but is not limited to the use of the work of External Auditors. It is unusual for the Superintendent to appoint any person to access bank information and carry out supervisory work to be exercised to engage external experts to conduct specific focused reviews and assessment of bank operations. This power is typically only used in unusual or difficult situations, such as forensic work. It is, however, not uncommon for external parties to be used to review and assess bank operations as a result of recommendations that OSFI has made to the bank to improve operations. When this happens, OSFI is usually involved in setting expectations for the work (e.g., scope) of the external party and receives a copy of any report and recommendations resulting from the work. With respect to external auditors, OSFI relies upon banks’ external auditors to provide an opinion on whether the audited financial statements present fairly in all material respects. OSFI’s intent to rely on the opinion of the appointed auditor is communicated each year through OSFI’s reliance letter. With respect to independent consultant reviews, OSFI will provide input to the bank in terms of the competencies, expertise that the selected candidate must possess. OSFI will also provide input to the bank so that the proposed scope of the review meets OSFI’s requirements. If OFSI has concerns in terms of particular candidate being selected, this will typically be discussed with the bank prior to the final selection being made. Once the appropriate candidate has been selected, there is an opportunity for OSFI to conduct an opening in camera session to ensure there are no conflicts of interest, and to determine the work will be completed as required by both the Bank and OSFI. This meeting would include a review of the terms of reference, review scope, and credentials of the selected candidate. During the review, there is further opportunity for OSFI and the consultant to conduct in camera sessions to provide updates, concerns, etc., as necessary. At the end of the review there would be an in camera session to go over the results. Additionally the review results, and the quality of the work completed, would be assessed internally by OSFI. Any concerns could be discussed with both the consultant and the Bank as deemed necessary. The assessors saw examples of engagement letters from a bank to an external consultant regarding a review of the bank’s risk management function. OSFI supervisors were directly involved in developing the engagement letter. |
| EC11 | The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes |
| Description and findings re EC11 | Progress reports and meetings are a regular part of the engagement letter with the external experts when they are used and it is made clear in the scoping stage that material issues are brought to OSFI’s attention when the external expert is undertaking an activity for supervisory purposes. This practice is consistent with Section 328 of the Bank Act which requires the auditor of a bank to report in writing to the CEO and CFO of the bank any transactions or conditions that have come to the attention of the auditor affecting the well-being of the bank that in the opinion of the auditor are not satisfactory and require rectification. This includes reporting on transactions of the bank that in the opinion of the auditor are outside the powers of the bank, and loans owing to the bank by any person the aggregate amount of which exceeds one half of one percent of the regulatory capital of the bank and in respect of which, in the opinion of the auditor, loss to the bank is likely to occur. The auditor is required to provide the Superintendent with a copy of this report. |
| EC12 | The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need. |
| Description and findings re EC12 | Review of the scope and utility of data provided by firms falls to the Financial Information Committee (FIC) which is a sub-committee of the FISC and is mandated to support cost effective collection of data from financial institutions. FIC currently meets on a quarterly basis, and is chaired by the OSFI Director of Data Management. “Housekeeping” is a term used to describe the FIC agencies’ annual review of regulatory returns. Each FIC agency canvasses their organization for change requests to the regulatory returns, or requirements for new regulatory returns. Each FIC organization has their own internal governance for approving those change requests (see OSFI’s below). FIC will then coordinate the requirements to ensure that only the data relevant to business need is collected and that there is no duplication of ask between FIC agencies. The Industry Association ( In 2010-2011, a Financial Information Management Policy was written at OSFI and agreed to in principle. A centralized role of Director, Data Management was created in the Corporate Services sector to support its operationalization. Current data governance supporting supervisory work includes the Supervision Sector Data Governance Committee, with representation from the different Supervision groups, to challenge and assess Supervision data needs (both regulatory and ad hoc). At OSFI, major changes or new additions to bank data or regulatory returns are prioritized as part of overall OSFI planning to ensure they have adequate resources assigned. Information received from banks for planned supervisory work is designed to meet the particular needs of each review, and as such each request is specifically tailored. Data subject matter experts (including Supervisors) throughout OSFI dedicate time to reviewing the content and quality of the regulatory return data. The housekeeping process is managed by FRFI Data Management Division. |
| Assessment re Principle 10 | Compliant |
| Comments | OSFI receives a wealth of information from its supervised banks. There is a standard suite of prudential returns, although there are some gaps (large exposures and related party lending) which are not reflected here, but in CPs 19 and 20 respectively. OSFI makes financial data on the banks publicly available on its website. OSFI places considerable emphasis on obtaining management information from firms. This is consistent with the supervisory approach that focuses on significant activities carried out by the firms. Necessarily, though, management information is less susceptible to peer group analysis (between entity and over time) as it is not standardized for purposes of comparison. Also management and other ad hoc data arrangements are not necessarily subject to same controls, historical retention and good data management practices, though OSFI was mindful of the issue of reconciliation of view between prudential and management data and also of on ensuring the quality of banks’ validation and verification of their own information. In terms of verification of reliability of prudential information, OSFI pays close attention to the quality of key data metrics, notably reliability of capital data that is reported. There were instances of on-site investigation of data processes and controls. OSFI has established process for regular review of reporting requirements, and should ensure that this process is keeping pace with needs. It is recommended that there is greater emphasis on determining ongoing supervision data needs and incorporating into standardized returns. Moreover, as the work on recovery and resolution planning has stimulated more attention for the individual legal entities, and this may in turn trigger fresh thinking on standardized prudential data needs. |
| Principle 11 | Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking licence or to recommend its revocation. |
| Essential criteria | |
| EC1 | The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified. |
| Description and findings re EC1 | OSFI’s statutory mandate requires that it promptly advise the management and board of a financial institution in the event the institution is not in sound financial condition or is not complying with its governing statute law or supervisory requirements under that law and, in such a case, to take, or require the management or board to take, the necessary corrective measures or series of measures to deal with the situation in an expeditious manner (section 4 of the (OSFI Act). Section 4 also provides that OSFI should promote the adoption by management and boards of directors of policies and procedures designed to manage and control risk. To fulfill these objectives, OSFI supervises banks in accordance with its Supervisory Framework, which describes the principles, concepts, and core processes that OSFI uses to assess the safety and soundness of financial institutions, and to identify issues or areas of concern early in order that timely corrective actions may be taken. Acting in accordance with the Supervisory Framework OSFI issues a Supervisory Letter to a bank within 45 calendar days of the completion of supervisory work. The Supervisory Letter also indicates to the bank that a response is required within 30 calendar days of the date of the letter. Discussions with firms indicated that OSFI was clear in communicating its intent in such letters but at the same time was open to discussion in terms of clarifying its position if necessary. Recommendations coming out of supervisory work were signaled to firms prior to the conclusion of the review—with urgency and at a senior level if appropriate. For a bank incorporated in Canada, the Supervisory Letter is addressed to the Chief Executive Officer (CEO) and copied to the Chair of the Audit Committee (and Risk Committee, where applicable). OSFI’s recommendations and appropriate remedial actions are discussed with the bank’s management and, as appropriate, the CEO, board and/or Chair of the Audit Committee. When a bank is a subsidiary of a foreign bank, remedial actions may also be discussed with the CEO and the Chair of the Audit Committee at the parent company. For a Canadian branch of a foreign bank, the Supervisory Letter is addressed to, and discussed with, the Principal Officer of the branch. Remedial actions may also be discussed with the CEO and the Chair of the Audit Committee at the branch’s home office. In all cases, OSFI analyzes the appropriateness of the bank’s responses to any supervisory recommendations, and actively follows up on all responses until the issues are successfully resolved. This follow-up process is usually undertaken as part of OSFI’s regular supervision monitoring work, unless the issues are of such significance that they require special monitoring. Where issues are material and long-term in nature, OSFI requires financial institutions to provide quarterly progress reports, which are reviewed and discussed with the institution. When OSFI identifies urgent issues or requires a bank to take significant remedial actions, the foregoing process would be expedited, and the frequency and intensity of monitoring and reporting would be enhanced. This process of early identification, monitoring, reporting and escalation is reflected in OSFI’s Guide to Intervention for Federally Regulated Deposit-Taking Institutions (Guide to Intervention). The “stages” of intervention are set out in the Guide and should OSFI have concerns as identified deficiencies in respect of the institution and is concerned that these deficiencies could lead to the development of problems, then it will move to “stage” the institution. This process involves OSFI formally notifying management, board of directors and external auditor of the institution by way of a supervisory letter that the institution is at Stage 1 and that the institution is required to take measures to mitigate or rectify the identified deficiencies. In addition OSFI will meet with the management, board of directors (or a committee of the board) and/or the external auditor of the institution to outline concerns and discuss remedial actions. Furthermore OSFI will write to notify the firm of the surcharge that will apply to it during its period of being “staged.” There are four stages of escalation, the last of which might lead to OSFI “taking control” of the institution (a specific term under the act—typically a prelude to liquidation) and OSFI may apply for winding up. Any recommendation issued to a bank is recorded in a “follow up document” which is monitored closely by OSFI. An item cannot be removed from the tracking report, until OSFI has satisfied itself—typically by revisiting the institution—that changes had been made and were delivering the expected outcome. During the period during which the institution is “staged” OSFI increases the frequency and intensity of monitoring and reporting requirements; conducts enhanced and more frequent supervisory reviews; and may transfer responsibility for the troubled bank to OSFI’s Enhanced Assessment Team (this would be the case for the smaller institutions). OSFI might, if conditions warranted, establish an on-going presence at the bank and direct external specialists to assess certain areas of risk (at the bank’s expense). In such circumstances OSFI would be involved in the scoping of the work to be undertaken. OSFI noted, and banks confirmed, that the process of exiting from “staging” is lengthy and can be expected to last more than a year. |
| EC2 | The supervisor has available an appropriate range of supervisory tools for use when, in the supervisor’s judgement, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened. |
| Description and findings re EC2 | As previously noted, section 4 of the OSFI Act requires that OSFI supervise institutions in order to determine whether they are complying with their governing law and supervisory requirements, and requires that OSFI promptly advise the management and board of directors of a financial institution in the event that the institution is not in sound financial condition or is not complying with its governing law or supervisory requirements. In carrying out this mandate, section 4 also provides that OSFI’s is to strive to protect the interests of depositors. To ensure that OSFI can fulfill its obligations under section 4 of the OSFI Act, the Bank Act provides the Superintendent with a broad range of discretionary tools to address perceived concerns at an institution, including compliance issues and unsafe or unsound business activities. In addition to a comprehensive suite of statutory tools, OSFI is empowered to develop and use a number of administrative tools. A number of OSFI’s statutory tools are described in detail in EC3 of this Principle and also in ECs5 and6 of CP 1. OSFI’s administrative tools, and other applicable statutory tools that are not addressed in EC3, are discussed below. OSFI’s core administrative supervisory tools are expressed in its Supervisory Framework and Guide to Intervention and are also discussed in EC1. More specifically, the supervisory review process results in an institution-specific Composite Risk Rating18 and a Stage Rating. These ratings are tools that OSFI uses to measure and convey its views to management and the board of directors on the safety and soundness of a bank with respect to depositors. Where OSFI identifies concerns, the Supervisory Framework and Guide to Intervention summarize the range of additional supervisory tools that may be applied at each stage of intervention as the severity of the situation escalates, as noted in EC1. In addition to the statutory tools described in EC3 of this Principle, other tools include:
OSFI noted that it has not yet had to use its formal power to remove a director but on occasion when OSFI has indicated that it would be willing to move to this step, there was compliance with OSFI’s expressed wishes. It is OSFI’s preference not to wield its legal powers as a first resort, not least because its basis for acting with legal force is strongly drawn in the Bank Act. |
| EC3 | The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios. |
| Description and findings re EC3 | The Bank Act grants the Superintendent a number of different discretionary powers to act where a bank exceeds or falls below established prudential thresholds, ratios, or measures. The Superintendent is empowered to act regardless of the instrument by which a given threshold is established (i.e., by legislation, regulations, or administratively by guidelines). These powers can be used to address a range of scenarios and may be used jointly with other regulatory and supervisory tools.
OSFI has the power to intervene at an early stage to require a bank to take actions to prevent it from reaching its prudential thresholds and requirements. As noted in Principle 1, OSFI’s statutory mandate actually requires it to intervene at an early stage. More specifically, subsection 4(2) of the OSFI Act provides that OSFI must promptly advise the management and board of directors of a financial institution in the event that the institution is not in sound financial condition or is not complying with its governing statute law or supervisory requirements, which may include prudential thresholds, and in such a case, to take, or require the management or board to take, the necessary corrective measures or series of measures to deal with the situation in an expeditious manner. In discussion banks were conscious of OSFI’s mandate for “early intervention” and considered that OSFI acted on it. As also noted in CP 1, to fulfill its mandate, OSFI has developed its Supervisory Framework to ensure early intervention in order to increase the likelihood that corrective measures will be effective in maintaining the safety and stability of the institution and the sector. Further, OSFI’s Guide to Intervention outlines the types of involvement that banks can normally expect from OSFI (as well as from CDIC) and summarizes the circumstances under which certain intervention measures may be expected and escalated. These intervention measures may be used to ensure compliance with prudential thresholds. The assessors saw examples of OSFI’s actions when seeking to ensure that institutions meet or continue to meet prudential thresholds. In such cases the Supervisory Letters informed the bank that it was “staged” (see EC1 above), articulated clearly the grounds for OSFI’s concerns and outlined the actions required by the respective banks. Such requirements included: additional capital above the regulatory target levels; the development and delivery of concrete plans to reduce specific portfolios over time; to develop an alternative business strategy; and to strengthen risk management practices. OSFI has also acted to prevent a bank from repatriating capital to the parent company (e.g., dividends) until OSFI was satisfied that outstanding issues were properly addressed. OSFI noted that when it is working within the staging framework, it is conscious that it may need recourse to its statutory powers, although this is uncommon, and therefore OSFI prepares the grounds for its case accordingly. An OSFI decision could be challenged by judicial review. The test would be whether OSFI had acted within its authority under the law, not whether OSFI had grounds to pursue action. In other words, the correctness of the manner in which OSFI executed its action could be challenged but not OSFI’s judgment concerning the prudential basis for its action (eg that a bank were inadequately capitalized). |
| EC4 | The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking licence. |
| Description and findings re EC4 | ECs 2 and 3 of this Principle outline all of OSFI’s powers, tools, and measures to address, at an early stage, the scenarios described in EC2. As previously detailed, OSFI’s mandate requires that it intervenes early so that institutions are encouraged to respond expeditiously to address concerns. OSFI’s approach to supervision, as expressed through its Supervisory Framework and Guide to Intervention, are structured to support this mandate and outline the range of supervisory powers, tools, and measures that can be expected to be applied as the gravity of the situation escalates. While ECs 2 and 3 summarize the measures that may be used to address the examples listed in this EC, we briefly re-summarize them here with additional details:
|
| EC5 | The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein. |
| Description and findings re EC5 | Section 980 provides that every person who, without reasonable cause, contravenes any provision of the Act or the regulations is guilty of an offence. Such contraventions may be subject to punishment under section 985 of the Act, which can include monetary fines and/or imprisonment. The term “person” refers to both natural persons and legal entities, meaning that criminal sanctions may be applied to the bank, the Board, management or individuals therein. Further, sections 647 and 647.1 provide the Superintendent with the power to disqualify or remove senior officers and directors. In finding that a person is not suitable to hold office, the Superintendent may consider the person’s competence, business record, experience, conduct or character, and whether the person has contravened or, by action or negligence, has contributed to the contravention of the Bank Act, a direction, an order, or term or condition. Such disqualification may be thought of as a sanction. OSFI has also developed and published “fit and proper” standards for directors and senior management in its Guideline on Background Checks on Directors and Senior Management of Federally Regulated Entities. Banks are expected to adopt and apply these standards when establishing policies and procedures regarding the conduct of responsible persons. OSFI’s evaluation of an institution’s compliance with the Guideline may serve to identify areas of concern, which may then be used as a tool to guide or inform a decision to disqualify or remove a person. The Superintendent may also, pursuant to the Administrative Monetary Penalties (OSFI) Regulations, impose civil monetary penalties on a bank for a number of statutory violations, such as failure to: seek necessary transaction approvals; comply with terms and conditions, directions of compliance, orders, or prudential agreements; etc. There are no examples of OSFI having needed to proceed to formal exercise of its power (see EC 2). |
| EC6 | The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system. |
| Description and findings re EC6 | OSFI has generally defined the term “ring-fencing” as the concurrent or sequential application of any number of supervisory powers, tools, and measures to address perceived contagion risks to the bank that may result from the actions and/or activities of others in the corporate structure. In practice, enhanced oversight of the bank is often (but not always) preceded by staging of the bank. As with its Supervisory Framework and Guide to Intervention, OSFI’s use of ring-fencing measures can be intensified as concerns escalate. More detailed examples of the measures and powers that OSFI typically uses to support ring-fencing include:
|
| EC7 | The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution). |
| Description and findings re EC7 | OSFI would coordinate and collaborate with relevant domestic and, where applicable, international authorities in deciding when and how to effect the orderly resolution of a problem bank. Domestically, as discussed in Principle 1, the Financial Institutions Supervisory Committee (FISC) is the federal-level forum legislated to facilitate consultations and the exchange of information among its members on matters relating directly to the supervision of institutions. The role and function of FISC includes discussing confidential prudential concerns with problem institutions and giving consideration to when and how to effect the orderly resolution of problem banks. It is most likely that resolution would be preceded by staging of the institution pursuant to OSFI’s Guide to Intervention, which outlines the types of escalating involvement and coordination that banks can expect from OSFI and CDIC, and summarizes the circumstances when resolution may be triggered. More specifically, when a bank reaches Stage 4: Non-viability/Insolvency Imminent, the bank will have experienced severe financial difficulties and its condition deteriorated to such an extent that:
When the Superintendent has decided to take control, the Superintendent has the option to:
When evaluating which resolution mechanism to use, FISC will consider the nature, size and complexity of the bank and its problems, and the viability of its recovery plan. Canada’s large banks are required to prepare recovery plans based on OSFI’s direction and guidance (with input from the members of FISC). OSFI provides banks’ plans to CDIC for the purpose of assisting CDIC with resolution planning. The major banks are entering their third or fourth iteration of recovery plans though resolution plans are still first generation. There are plans to extend recovery and resolution planning to the smaller institutions later in 2013. Internationally, OSFI has entered into formal information sharing and supervisory cooperation arrangements (Memoranda of Understanding) with over 30 foreign supervisory authorities. OSFI routinely exchanges information with foreign home and host regulators. Where recovery or resolution actions are contemplated in respect of an internationally active bank, OSFI would also increase its efforts to coordinate and collaborate with foreign supervisors, as appropriate. To date, OSFI has not had any experience in the resolution of a bank since OSFI was established in 1987 in the wake of bank failures earlier in that decade. |
| Additional criteria | |
| AC1 | Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions. |
| Description and findings re AC1 | OSFI’s statutory mandate guards against undue delays in taking appropriate corrective actions. More specifically, pursuant to section 4 of the OSFI Act, OSFI’s mandate requires that it promptly advise the management and board of a financial institution in the event the institution is not in sound financial condition or is not complying with its governing statue law or supervisory requirements under that law and, in such a case, to take, or require the management or board to take, the necessary corrective measures or series of measures to deal with the situation in an expeditious manner. Discussions with staff and also banks confirmed that the mandate has instilled a culture of seeking to intervene with a bank at as early a stage as possible. |
| AC2 | When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them. |
| Description and findings re AC2 | The OSFI Act and the Bank Act grant the Superintendent and OSFI the discretionary authority to inform other domestic and foreign regulators of its actions, and to coordinate its actions with them, if deemed appropriate. As detailed in CP 2, section 22 of the OSFI Act and section 636 of the Bank Act establish rules for OSFI on the appropriate use of information obtained as a result of the administration or enforcement of any Act of Parliament. More specifically, these sections provide that, subject to a limited number of exceptions, information about federally regulated financial institutions obtained by OSFI, and OSFI’s interaction with them, is deemed confidential and may only be used for lawful supervisory purposes. One of the permitted exceptions allows for the sharing of confidential information with other government agencies or bodies that regulate or supervise financial institutions, for the purposes related to that regulation or supervision. Subject to securing MOUs with other regulators and supervisors, OSFI would rely on this exception to share information with, for example, domestic provincial insurance regulators that may regulate non-bank subsidiaries of banks. Internationally, OSFI shares information, as appropriate, with foreign regulators with which it has a home-host relationship and an MOU. Such information sharing may also take place when OSFI hosts or attends supervisory colleges or crisis management groups. See also CP3. |
| Assessment of Principle 11 | Compliant |
| Comment | OSFI has a wide range of corrective and sanctioning powers under the Bank Act. These powers do not extend to issues in connection with AML/CTF which is governed by separate legislation and is noted under CP29. OSFI’s mandate requires early intervention and OSFI has designed, in collaboration with the CDIC, a structured approach for applying progressively more intensive supervisory intervention. The intervention approach is predicated on OSFI’s direct powers, although OSFI’s preference is to obtain traction with the firm on a voluntary basis, where OSFI’s authority is underpinned by the existence of its legal powers. OSFI carries out its intervention carefully, with the understanding that it must build its legal case at each stage in the event it has recourse to the use of its powers. The “staging” process allows OSFI to intensify restrictions and requirements for an institution (limitation on business, higher capital etc) and it exerts a discipline on chief executives who must report to their boards that they have been staged. While this particular discipline of transparency may be less effective in smaller institutions, the financial consequences of restrictions are likely to be felt. It is possible for an institution to remain “staged” for a period of time. Partly this is in recognition of the fact that successful remedial and corrective actions, including OSFI’s satisfying itself on the changes in practice, is not a rapid process. The challenge for OSFI is to maintain pressure on the institution to make meaningful progress over a credible and situation specific appropriate timeline in order to exit staging (and not relapse in the near future). OSFI is conscious of this risk and broadly, with a few exceptions, the assessors were not able to identify instances where a supervisory situation had drifted. There was evidence of instances where OSFI considered an issue had become too protracted and had therefore applied sharp escalation leading to subsequent progress with the bank. It is recommended that OSFI institute post facto reviews of staging cases in addition to interim reviews in order to identify, for the future, how best to ensure appropriate momentum through the staging phase. Nevertheless, notwithstanding OSFI’s internal review mechanisms, the staging process may be vulnerable to the potential or have the capacity to extend unduly. In other words, a firm might transition up and down between stages without fully exiting the staging process. The lack of a “clean exit” may be due to the fact that OSFI has no power or mandate to insist on the exit from the market of a bank whose business strategy is non-viable, so long as that bank is maintaining its prudential thresholds and depositors are not at immediate risk. The authorities should consider whether further legal authority or powers are required to enable it to move more promptly to address situations where a bank’s business model is deemed or proved to be non-viable over a period of time. |
| Principle 12 | Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide. |
| Essential criteria | |
| EC1 | The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system. |
| Description and findings re EC1 | OSFI has broad powers under the Bank Act (to supervise all significant Canadian banking groups on a consolidated basis, when a regulated bank or regulated bank holding company is the ultimate parent. The consolidated assessment includes all of a bank’s material domestic and foreign entities and activities. Supervisory work and risk assessment is focused on identifying material risks to a bank. As such, OSFI identifies a bank’s “significant activities”—a line of business, unit or process, which may be domestic or cross-border – that are fundamental to the bank’s business model and its ability to meet its overall business objectives. Supervisory work is planned at the significant activity level. For each significant activity, the level of net risk is assessed by ensuring a thorough understanding of the nature of the activity and the environment in which it operates, identifying and assessing the activity’s key inherent risks, and determining the quality of risk management. However, significant activity and structure of group entities will not necessarily be the same. OSFI maintains its records of group structure on an up to date basis (as an annex to the risk assessment document) and the supervisory activities will pay particular attention to significant subsidiaries. Recent work on recovery and resolution planning has been the catalyst for more investigation and supervisory follow up. OSFI has had some experience of acting to work with banks when risks emerged in non-domestic jurisdictions. OSFI has also carried out cross sectoral examinations into banks’ handling of reputation and contagion risk. OSFI seeks to confirm that banks are actively assessing and managing such risks with competence. |
| EC2 | The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure. |
| Description and findings re EC2 | OSFI imposes its prudential standards on a consolidated basis and receives and analyzes a bank’s consolidated, audited financial statements to assess overall financial performance. Supervisory analysis also considers financial performance by significant activity, whether domestic or cross-border. Within the context of the consolidated group the Superintendent has power to obtain information and review the overall activities of a banking group, both domestic and cross-border:
|
| EC3 | The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations |
| Description and findings re EC3 | Supervisory work (on and off site) is conducted using the Superintendent’s powers outlined in Part XIII of the Bank Act. In particular, examination powers are defined in sections 643 and 644. In accordance with OSFI’s Supervisory Framework, supervision of Canadian banks is conducted on a consolidated basis, which involves an assessment of all of a bank’s material domestic and foreign entities and activities. As part of the process of identifying significant activities within a banking group, OSFI identifies the material host jurisdictions (see also EC1). In accordance with the Supervisory Framework, OSFI assesses the quality of both operational management (responsible for day-to-day controls) and the independent oversight of all significant activities, including when a significant activity is a cross-border or foreign operation. The assessment of operational management of a cross-border or foreign operation includes determining that it has the necessary expertise and capabilities to manage the operation in a safe and sound manner and in compliance with Canadian regulatory and supervisory requirements. Bank management must follow OSFI’s governance expectations as set out in OSFI’s Corporate Governance Guideline. OSFI regularly liaises with domestic and foreign counterparts as part of its on-going monitoring process, and does on-site work in other countries as deemed necessary. OSFI has established formal arrangements (Memoranda of Understanding) with a large number of foreign supervisors to provide a framework for effective cooperation and information sharing. As a home regulator, these agreements facilitate OSFI receiving information on the financial condition and adequacy of risk management of Canadian banks’ operations outside Canada. Likewise, as the host regulator, OSFI shares confidential information impacting the safety and soundness of cross-border establishments of foreign banks operating in Canada. Although OSFI does not have explicit criteria or processes for assessing the quality of supervision in a host country, such assessments are undertaken when a bank’s activities extend to an unfamiliar jurisdiction. In countries in which banks have material operations, OSFI will periodically meet with the host regulator in their offices to determine their standards of practice and to review their documentation and findings related to the bank’s local operations. The assessors noted that OSFI has issued recommendations to banks specifically focused on improving group compliance including particular attention to enterprise wide standards and cross border operations. |
| EC4 | The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate |
| Description and findings re EC4 | The frequency and scope of on-site reviews of foreign locations is based upon the risk profile of the bank and reviewed at a minimum during the annual planning of supervisory strategy. Supervisory work (on and off site) is conducted using the Superintendent’s powers outlined in Part XIII of the Bank Act. In particular, examination powers are defined in sections 643 and 644. Each year, OSFI develops an annual supervisory strategy and plan for the banking group, including its foreign operations, and adjusts its strategy and plan throughout the year as needed. Planned supervisory work for each significant activity, including when the activity is a foreign operation, considers: the net risk assessment of the activity; the need to update OSFI’s information on the activity; and the importance of the activity to the bank’s overall risk profile. Supervisory work may range from basic monitoring, to limited off-site reviews, or to extensive on-site reviews. As a result of this planning, on-site reviews of material foreign operations take place periodically. OSFI would normally plan to meet the host country supervisor during these reviews to discuss the bank’s foreign operation and review the host country supervisor’s documentation. Contact with the host country supervisor is maintained between visits, as necessary, a point that the assessors were able to corroborate in contact with some relevant host country assessors. On an annual basis, OSFI typically performs one to three major cross border onsite inspections in respect of its conglomerate deposit taking institutions. The number of reviews is determined in accordance with OSFI’s risk-based approach. In addition, relationship management teams hold quarterly teleconference calls with key host supervisors to share views, opinions and concerns. The assessors were able to confirm this finding with some host supervisors (on a sample basis) who attested to an open and constructive dialogue with OSFI. |
| EC5 | The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action |
| Description and findings re EC5 | OSFI has powers to obtain information and therefore review the parent entity and related affiliates of some but not all banks. OSFI’s powers cover the systemically important banks but for those smaller banks for which private ownership is permitted (ie there is no regulated bank holding company in place), OSFI does not have the power to review the activities of a bank’s parent company and of companies affiliated with the parent company on an on-going basis. However, by virtue of section 635 of the Bank Act, OSFI has the power to direct a controller or affiliate of the bank to provide information that OSFI might need. Additionally, at the licensing phase, OSFI assesses its future information needs and if necessary puts in place information undertakings to ensure the supervisability of the entity within its corporate structure. OSFI’s regulatory and supervisory frameworks only apply to the federally regulated financial institution (i.e., the bank) and, through consolidated supervision, its subsidiaries. Consequently, OSFI’s ability to review the activities of these unregulated entities, and assess the possible impact of these activities on the safety and soundness of the bank, is limited to information that: (a) is publicly available; (b) can be leveraged through the consideration of transactions (e.g., at the time of incorporation or acquisitions of significant interest); or (c) might be gathered pursuant to an Letter of Undertaking with a controlling parent where arranged with OSFI. As noted in EC1, summarized parent company information and assessment is included in the Risk Assessment Document for the bank. The assessors noted supervisory work scoping the onsite review of an institution where OSFI had identified significant concerns with respect to the risk to the bank stemming from some of the parent’s activities. |
| EC6 | The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that:
|
| Description and findings re EC6 | OSFI has the powers to limit the range of activities and locations of the activities of the consolidated group. The Bank Act provides the Superintendent with extensive remedial powers to impose regulatory limits on the activities of a bank or banking group. These powers are discussed in CP11, but domestic and subsidiary banks, see sections 644.1 to 656 and for authorized foreign banks, see sections 614.1 to 627. Of particular relevance are the Superintendent’s powers to issue a Direction of Compliance, issue a divestment order, or to restrict the bank’s activities, each of which can target the bank’s foreign operations. Information gathering powers rest particularly in sections 628 and 643 of the Bank Act. Further, section 470 requires a bank to enter into Undertakings as required by the Superintendent to provide access to records of controlled domestic and foreign subsidiaries and authorizes the Superintendent to enter into agreements with foreign regulators in that regard. OSFI noted that when it is not comfortable with the supervisory regime in the foreign jurisdiction, it will require an even higher standard of controls and oversight by the bank. There are a number of examples when OSFI has conducted reviews on the foreign group entities. In addition to working in partnership with the local supervisor, OSFI has focused on what the bank is doing to manage its systems and to prompt higher standards of the bank’s own management oversight. Part of this conversation would necessarily be with head office to question group governance and oversight. |
| EC7 | In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a stand-alone basis and understands its relationship with other members of the group |
| Description and findings re EC7 | In the context of consolidated supervision, OSFI supervises individual banks within the group either alone or in conjunction with host supervisors in other jurisdictions. This supervision includes understanding the interrelationships between other members in the group. For the major banks, where the corporate structure is headed by the bank itself, OSFI obtains solo data in addition to consolidated data. Major banking subsidiaries within the wider group are identified and OSFI follows the Basel framework by applying at lower levels to all internationally active banks on a consolidated basis. OSFI does not routinely obtain solo information in respect of each individual bank within the group. OSFI supervises primarily on a consolidated basis. Some of OSFI’s primary supervisory processes provide information on intra group transactions. Reporting examples include liquidity reporting by currency and major entity, capital reporting and solo capital reporting and analysis. Crisis Management submissions are also helpful in this regard and discussion of material individual transactions. In addition, host supervisors often look at flows between local branches and subs within their jurisdiction and often discuss these with the Canada as the home-country supervisor. |
| Additional criteria | |
| AC1 | For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies |
| Description and findings re AC1 | Any person wishing to have a significant interest in, and/or control of, a bank must receive approval from the Minister to acquire this significant interest/control (see BCP 5 EC5 and BCP 6). Pursuant to the Bank Act, the Minister considers the business record and experience of the person and the character and integrity of the person, among other considerations (sections 27 and 396). OSFI’s recommendation in respect of the acquisition of significant interest/control takes into account these legislative considerations. The Instruction Guide for Incorporating Banks and Transaction Instruction A No. 23 set out information requirements that assist in this determination. OSFI requires that persons that would have a significant interest in/control of a bank provide details of whether they have been the subject of any criminal proceedings or administrative sanctions. Where the person is a corporate entity, OSFI engages the Canadian Security Intelligence Service (CSIS) to conduct a security assessment. Where the person is an individual, OSFI obtains personal information, including curriculum vitae and a completed OSFI Security Information Form so that law enforcement (Royal Canadian Mounted Police (RCMP)) and intelligence (CSIS) agencies can conduct security assessments. |
| Assessment of Principle 12 | Compliant |
| Comments | OSFI has a strong legal and regulatory framework for consolidated supervision which it applies consistently. OSFI is mindful of the distribution of risks throughout the group and the need for strong risk management, internal controls and flow of information within the consolidated groups. OSFI has gone beyond the Basel framework by requiring solo entity information on the parent banks for the systemic banking groups in Canada. Nevertheless, with this exception, OSFI has generally placed less emphasis on the individual banks within groups, structuring its work around the concept of “significant activity”. Recent work on recovery and resolution planning though has required group structures to be scrutinized on a legal entity basis and, by OSFI’s own admission, has “shone a light” on issues that may need to be assessed on a prudential basis. OSFI are encouraged to continue strongly with the analysis of supervisory implications of legal entity structures. It is recommended that OSFI receive solo data for all regulated banks within the banking groups, irrespective of whether the parent entity is a bank. OSFI is also recommended to look more closely and systematically at intra-group exposures, so that it can monitor and probe as necessary exposures between the bank and other entities within a group, perhaps through introducing new prudential returns (as a part of the review suggested in CP10). Not least in the light of the recent D-SIB designation of the six systemic banks, OSFI is recommended to consider the non-domestic entities and consider whether its cycle of visits is sufficient. While OSFI’s annual planning process always takes a risk based approach in considering such reviews, and while it is clear that OSFI staff have a sound understanding of the more vulnerable international regions in which banks are exposed, the acknowledged systemic nature of the D-SIBs might warrant closer frequency of attention to the more remote parts of the group. OSFI does not, though, have powers to review the activities of parent companies of smaller banks that are owned by commercial companies. While OSFI has strong information gathering powers, as noted above, and has to date imposed information undertakings on parent entities at time of licensing, it is recommended as a further iteration of good practice that OSFI always make parental data access and notification of material parental business and governance changes a condition of licensing. Additionally, this requirement can be emphasized publicly as part of the Guidelines for Incorporation. |
| Principle 13 | Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks. |
| Essential criteria | |
| EC1 | The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors. |
| Description and findings re EC1 | OSFI has established bank-specific colleges for all of its internationally active banks. OSFI has invited all material host supervisors to take part in those colleges and to share information in regards to the banks’ activities with the view of ensuring effective consolidated supervision. The assessors saw papers prepared for colleges and also summarizing findings from colleges which in some instances also included details of follow up actions planned by the host authorities. OSFI has hosted several types of college meetings that are structured to reflect the nature of the banking group and the needs of its supervisory counterparts. Colleges include: Crisis Management Panels, Core Colleges and Universal Colleges (whereby over 50 counterparts were invited to take part), Regional Colleges and Anti-Money Laundering Colleges. OSFI noted that they had observed the exchanges in the colleges becoming richer as relationships became more established. As OSFI proceeds with colleges focused on specific themes (eg operational risk) it is thought that the exchanges will deepen further. OSFI was conscious of and sensitive to the needs of host supervisors where Canadian banks were systemic for the local economy. Colleges were supplemented with bilateral contact though it was noted that contact was typically initiated by the host jurisdiction. |
| EC2 | Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group and on the supervisors’ assessments on the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding or MoUs) are in place to enable the exchange of confidential information. |
| Description and findings re EC2 | OSFI has entered into formal information sharing and cooperation arrangements (MoUs) with over 30 foreign supervisory authorities. These MoUs are comprehensive, and cover a wide range of information, including material risks and risk management practices of the bank, as well as the supervisors’ assessment of the safety and soundness of the bank. OSFI routinely exchanges information with foreign home and host regulators. OSFI conducts regular (usually quarterly) telephone conferences with either all foreign regulators or regulators of the key jurisdictions, depending on the institution that is being assessed. In between these formal meetings, the Relationship Managers (i.e., the OSFI employees who are primarily responsible for the bank) have discussions with key host regulators, as needed. These discussions are initiated by either side as necessary to address issues that arise which are too time-sensitive to wait for the next quarterly call. OSFI also hosts and participates in College of Supervisors meetings for banking conglomerates, where appropriate. The most recent round of colleges included a general supervisory college for the five largest banking groups in Canada, followed by a Crisis Management Panel for the largest banks (all of whom have prepared recovery plans). Banks typically commented favourably on the extent to which they had been involved in preparing for and receiving feedback after such colleagues. Many host regulators also conduct a yearly visit to Canada. These visits include meetings with each of the relevant OSFI Relationship Managers and Regulation Sector staff (e.g., officials from the Policy and Research divisions). The assessors were able to review papers that reflected college exchanges and which confirmed the nature of the information exchanges that took place, as well as documenting follow up actions that the host supervisory authorities were likely to undertake as a result of the discussions. It was clear that in some instances host supervisors had materially altered their perceptions of risks within the group as a result of such colleges. |
| EC3 | Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups. |
| Description and findings re EC3 | As noted in EC2, OSFI has extensive collaborative relationships with other regulators. Both home and host jurisdictions share their supervisory concerns and work plans with one another, and work towards coordinating the supervision of cross-border banking groups. OSFI has ongoing discussions with material host supervisors for the purpose of identifying areas that OSFI should focus on during onsite reviews of banks. OSFI will contact the foreign host regulator in cases where it plans to undertake an onsite review in the host jurisdiction and will discuss the broad scope of the planned supervisory activities. OSFI will outline its broad plans with respect to the onsite review, and ask the host regulator if they wish to participate in the review. At a minimum, OSFI will have a post-review meeting with the host regulator to share its views and discuss its findings. In addition, joint on-site reviews have been performed in a number of cases with a shared objective of increasing effectiveness and efficiency. The assessors were able to review information that demonstrated a number of joint supervisory reviews with other supervisors in different jurisdictions. |
| EC4 | The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks where appropriate to ensure consistency of messages on group-wide issues. |
| Description and findings re EC4 | As a home supervisor, OSFI develops a communication strategy with the relevant host supervisor prior to, and after, a review. The scope and nature of the communication strategy is tailored to the risk profile and the bank’s cross-border operations. Following a joint review, OSFI will, as appropriate, work with the host supervisor to establish common views/messages that are communicated to the bank, as well as agreed-upon supervisory activities. As indicated above, OSFI has developed communication protocols with the most significant host (and home) jurisdictions. In discussions with banks, firms were of the view that their home and host supervisors adopted consistent and well articulated supervisory positions. |
| EC5 | Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality. |
| Description and findings re EC5 | The OSFI Act enables OSFI to collaborate and share information with its foreign supervisory and resolution counterparts. Acting both as the home and host supervisory authority OSFI has participated in developing cross-border crisis cooperation frameworks. As a home authority, in collaboration with CDIC, OSFI has established bank-specific Crisis Management Panels (with relevant domestic and foreign regulators), which facilitate the sharing of information relevant to recovery and resolution planning efforts. As host authority, OSFI has been involved in discussions with crisis management groups for G-SIBs with Canadian presence. In one instance OSFI has contributed to the formalization of a specific cross border collaboration agreement (consistent with FSB expectations for G-SIBs) and has participated in firm specific Crisis Management Panels. Domestically, there are a number of cooperation and coordination mechanisms—for both the recovery and resolution stages and which operate at the federal level. The Financial Institutions Supervisory Committee (FISC), which is chaired by the Superintendent of Financial Institutions (see CP3) is the focal point for coordination at a domestic level. In addition to FISC, crisis management communication and coordination issues between OSFI (the authority requiring banks to develop recovery plans) and CDIC (the resolution planning authority) are addressed in an OSFI/CDIC Strategic Alliance Agreement, as well as the Guide to Intervention for Federally Regulated Deposit-Taking Institutions. As the primary regulator of banks, OSFI has required the large banks to develop recovery plans, and CDIC is developing resolution plans for these institutions. |
| EC6 | Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures. |
| Description and findings re EC6 | CDIC is the authority responsible for developing resolution plans, while OSFI has responsibility for recovery plans. CDIC, in collaboration with OSFI and the other FISC partners, developed first generation resolution plans for the big six banks in December 2012. The big six banks’ third (in some instances fourth) iteration of the recovery plans were received in the first quarter of 2013. (prepared in accordance with directions from OSFI) is due in March 2013. Domestically, through the legislated FISC mechanism and the OSFI-CDIC Strategic Alliance Agreement (noted in EC5), OSFI and CDIC collaborate closely on recovery and resolution issues, including (anticipated) actions with respect to specific banks. Also, the OSFI-CDIC Guide to Intervention for Federally Regulated Deposit-Taking Institutions (noted in CPs 8, 9 and 11) outlines the types of intervention and involvement that a bank can normally expect from OSFI and CDIC at various stages of recovery, and describes the coordination mechanisms in place between OSFI and CDIC. Internationally, where a bank with cross-border operations takes recovery actions (or contemplates recovery actions), OSFI will liaise, share information, and discuss supervisory actions/interventions with the relevant foreign supervisors pursuant to the MoUs (discussed in EC1). Also, CDIC has recently obtained the legislative authority under the CDIC Act to share member institution-specific information with relevant foreign authorities subject to a condition that the Superintendent (in relation to information provided by OSFI to the CDIC) and the CDIC board agree with the release of the information. In this regard, CDIC is working with the Federal Deposit Insurance Corporation (U.S.) to develop a resolution-focused MOU. OSFI is also working on an addendum to its MoU with the FDIC that addresses recovery planning. The crisis management-focused agreement with the FDIC is not a stand-alone MoU. but rather is an addendum to the OSFI/FDIC/OCC/FED MoU. As noted above, paragraph 22(2)(a) of the OSFI Act permits OSFI to share information with the FDIC even if they were only acting as a resolution authority. The addendum sets out info sharing protocol and expectations more generally re ‘crisis management planning,’ which encompasses recovery and resolution planning. The addendum, much like an MOU that CDIC signed with the FDIC, clearly delineates responsibility of OSFI (prudential supervision and responsible for guiding recovery planning) and CDIC (deposit insurer and resolution authority). |
| EC7 | The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks. |
| Description and findings re EC7 | The Bank Act covers both domestic and foreign banks operating in Canada. Foreign bank subsidiaries and branches are subject to laws and regulations that, with exceptions, are those that are applicable to domestic banks. Under the Act, all foreign bank operations in Canada are subject to prudential oversight, regular on-site inspections and regulatory reporting requirements although differences pertain due to the different range of legal powers possible over a branch entity. For example, a branch is not a separate legal entity. It is not therefore required to maintain a Canadian board. As such, the corporate governance requirements that apply to domestic entities do not apply to branches. That being said, OSFI requires that the branch name a principal officer (s.536 BA). The principal officer is expected to oversee the management of the branch and is accountable for the branch’s operations. OSFI has the power to remove a principal officer (s.617.2 BA). Earnings, capital and liquidity are not assessed for branches as they cannot be assessed the same way as for other banks. A branch’s earnings and liquidity are subject to management by the foreign bank, and instead of risk-based capital the branch is required to maintain a Capital Equivalency Deposit in Canada. Further, a formal assessment of the adequacy of “Out of Canada Support” is required. This is a structured assessment which takes into account the following items:
In the light of limitations OSFI has in terms of intervening with the parent entity of the branch and in order to limit the risk to Canadians, branches are not permitted to take retail deposits (i.e., deposits under $150,000) (s. 545 BA). |
| EC8 | The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups. |
| Description and findings re EC8 | Under section 643 of the Bank Act, OSFI has the authority to examine banks on-site (offices and subsidiaries) and to access the records of banks in order to assess their safety and soundness and compliance with due diligence requirements. Also, pursuant to the MoUs with foreign authorities (as discussed in previous ECs), OSFI notifies a foreign host regulator when it intends to conduct an on-site examination in the host regulator’s jurisdiction. |
| EC9 | The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks. |
| Description and findings re EC9 | EC9 is not applicable, as there are no booking offices operating in Canada. OSFI does not permit shell banks to operate in Canada. |
| EC10 | A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action. |
| Description and findings re EC10 | As a matter of practice, OSFI will not act on information received from another supervisor unless it consults with that supervisor. The assessors confirmed instances where OSFI had consulted with other supervisory authorities. |
| Assessment of Principle 13 | Compliant |
| Comments | OSFI has a more significant role as a home supervisor than a host supervisor and in some regions outside Canada, the major Canadian banks are systemic for the local economy. OSFI monitors the evolution and development of its banks in foreign territories and allocates supervisory resources accordingly. Home and host relationships appear to be strong in relation to significant overseas relationships and to function smoothly where Canadian banking presence may be strong locally, but is relatively minor in respect of the group’s activities. OSFI has witnessed the growing confidence and effectiveness of its collegiate relationships and is moving to target more specific themes. Work on crisis management, resolution and recovery is progressing, in coordination with the CDIC. In terms of continued evolution of effective home host relationships it is recommended that OSFI ensures that it considers the potential needs in a crisis of supervisors in jurisdictions where the Canadian company is material and anticipates these as far as possible. |
| Principle 1 | Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups. A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorise banks, conduct on-going supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns. |
| Essential criteria | |
| EC1 | The responsibilities and objectives of each of the authorities involved in banking supervision are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps. |
| Description and findings re EC1 | Canada’s Constitution confers to Parliament exclusive jurisdiction over banking and the incorporation of banks. Parliament has delegated responsibility for prudential banking regulation and supervision to the Office of the Superintendent of Financial Institutions (OSFI). OSFI is accountable to Parliament through the federal Minister of Finance. OSFI’s mandate, responsibilities and objectives are publicly defined in its governing legislation, the Office of the Superintendent of Financial Institutions Act (OSFI Act), as follows:
The Bank Act and the governing statutes of each of the identified organizations in the federal financial sector are publicly available (from the |
| EC2 | The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it. |
| Description and findings re EC2 | OSFI functions solely as a prudential supervisor and its primary object (subsection 4(2) of the OSFI Act) is the safety and soundness of financial institutions. OSFI does not have other objectives, such as consumer protection.8 OSFI’s other statutory objectives help to facilitate safety and soundness considerations by requiring that OSFI: intervene early, promote the adoption by institutions of policies and procedures to control risks, and consider and evaluate system-wide risks. |
| EC3 | Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance. |
| Description and findings re EC3 | The Bank Act and its supporting regulations provide the framework for the setting and enforcing of minimum prudential standards for banks. For example, the Bank Act sets, and empowers the Superintendent to set, minimum prudential standards upon incorporation and on an on-going basis with respect to, among other things, ownership, governance, capital, liquidity, self-dealing, investments, specialized financing, and borrowing. As a complement to this legislative framework, OSFI is administratively empowered to publish several forms of guidance, as described below, which serve to clarify the legislative, regulatory and supervisory frameworks, and to articulate OSFI’s regulatory and supervisory expectations and best practices on matters within its discretion. As these forms of guidance are not legislative in nature, and are issued by OSFI at its discretion, they are not subject to direct influence from governmental or other bodies. OSFI has an internal protocol for issuing guidance: Guidelines Guidelines are used to establish policy on minimum best or prudent practices, and set out OSFI expectations and requirements for banks in order to govern industry activities and behaviour. Guidelines, which set standards for industry activities and behaviour, are generally static for a period of time ranging from one to several years, depending upon the need to incorporate revisions to reflect changes in the environment. Guidelines generally fit into one of four categories: capital, accounting, prudential limits and restrictions, and sound business and financial practices. Advisories In general, advisories are more technical and narrower in scope than guidelines. Advisories are used to inform stakeholders such as banks of OSFI’s view or concerns regarding the supervisory or regulatory regime, best practices or risk prevention measures. Advisories can also be used to inform banks about OSFI’s interpretation of legislation, regulations or guidelines. Advisories thus clarify the position of OSFI regarding certain policy issues or describe how OSFI generally administers and interprets provisions of the Bank Act, regulations or guidelines. Banks are expected to consider the relevance of these advisories, which are not case-specific, to their own particular circumstances and to take action, if needed. It should be noted that OSFI’s expectations for banks’ compliance with guidelines or advisories are the same. In the area of capital adequacy, advisories are often used when an issue of interpretation of the Capital Adequacy Requirements (CAR) guideline arises. Advisories can generally be produced in a shorter time period due to their more focused nature. This allows for a pressing issue to be addressed more quickly than would be the case if a guideline were to be amended. OSFI points to this flexibility as the reason why it is rapidly able to adopt international Guidance as in the case for the D-SIB and Pillar III requirements. The Pillar 3 Disclosure requirements were issued in the form of an Advisory because of its technical nature and very limited scope of coverage, i.e., it focussed on form and substance of disclosure. Letters Letters are used to provide detailed guidance that would not be found in a guideline or advisory. They may be used to inform FRFIs of international guidance or to provide more general information such as implementation timelines, e.g., implementation of IFRS or of Basel III. In some cases, a letter may be used to clarify a very specific item. Advisories and letters are often transitory in nature and are incorporated in guidelines when they are updated. For example, about 20 advisories and letters were incorporated into the 2013 version of the CAR guideline. OSFI can use any of its intervention tools to address breaches of guidance, and the form of that tool (prudential agreement, direction of compliance, capital order) would be chosen to fit the circumstance. Staging would normally be the first approach if other informal tools don’t work. The use of guidance does not require Ministerial or Parliamentary involvement. There are two additional tools of communication to convey OSFI’s expectation:
In the event that prudential standards are not met the Bank Act provides the Superintendent with a wide range of discretionary enforcement powers. Examples of such powers include: special examinations, prudential agreements, directions of compliance, application to a court for an order of compliance and ultimately the taking control of the bank. See CP 11 for a summary of the full suite of corrective, enforcement and sanctioning powers of the Superintendent. In general, non-compliance with the provisions of the Bank Act is also an offence that may be subject to certain sanctions, including criminal sanctions and civil monetary penalties that the Superintendent may impose under the Administrative Monetary Penalties (OSFI) Regulations. Enforcement of restrictions and directions of compliance can be pursued through the courts, if necessary. OSFI’s legislative framework supports a risk-based approach to supervision. As such, the Bank Act permits the Superintendent to apply quantitative and qualitative judgement when deciding which enforcement and/or corrective measures to use and to what degree. For example, although OSFI’s minimum capital requirements are uniform, the actual capital requirements vary by institution. Each institution is required to hold a unique level of capital, as is determined by the institution’s activities, risk profile, and systemic importance. The Bank Act (section 485(3)) provides the underpinning legal power for OSFI to require higher capital than is set out in guidelines or regulations that are made pursuant to the Bank Act (i.e., guidelines or regulations made under section 485(2)). |
| EC4 | Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate. |
| Description and findings re EC4 | There are a range of options available to the authorities to ensure that the banking law - the Bank Act – is updated in a timely and flexible manner. In the first instance, the Bank Act contains a “sunset” clause (Section 21) that results in a review of the statute every five years to enable the laws to remain current and effective. The amendment can be minimal to satisfy the demands of the Act but it is required in order to ensure that the banks are permitted to continue business, otherwise the legal authorization for all banks to continue business lapses. Since the enactment of the sunset clause in 1992, the Bank Act has undergone substantial reviews in 1996, 1997, 1999, 2001, 20079 and, most recently, in 2012. The five-year legislative review process provides a statutorily mandated window during which OSFI can seek to align the legislative framework with changing industry and regulatory practices. The federal Department of Finance leads a broad public consultation process during legislative reviews, seeking submissions and proposals for legislative amendment. OSFI often consults directly with stakeholders during this process. The legislative review process concludes with a public review and debate on the proposed amendments by Parliament. Notwithstanding the legislative review process, in practice, amendments to the Bank Act can be made on a more regular basis through other vehicles, such as the federal government’s annual budget implementation legislation, which implements various fiscal, tax and other policy measures. This annual legislative window can be used to adapt the regulatory and supervisory framework to address emerging issues, evolving markets, and regulatory and supervisory developments, thus allowing OSFI to continue to meet its regulatory and supervisory objectives. Key stakeholders are consulted, as is the case for other legislative processes. Further, regulations made under the Bank Act may be amended at any time through a “Governor-in-Council” process (i.e., through the executive branch of government), a streamlined regulatory process that does not require the approval of Parliament. The regulation-making process requires public consultations to be conducted, including the publication of draft amendments for public review and comments. To ensure that OSFI’s guidance remains current and effective, OSFI has created a Guideline Review Committee and given it a mandate, among others, to monitor the status of OSFI’s guidelines, discuss potential changes, and oversee effectiveness reviews of older and recently issued guidelines. Such reviews allow OSFI to monitor and assess whether the desired impact of a particular guideline is being achieved. When updating or developing its guidance, OSFI carries out formal public consultations. Consultation papers and/or draft versions of new or revised guidance are posted for comment on OSFI’s website. To facilitate transparency, a summary of industry’s comments and OSFI’s responses to such comments are published on OSFI’s website concurrent with the final guidance. Recent examples of public consultations include the guidelines issued on Capital Adequacy Requirements, Mortgage Underwriting and Corporate Governance. |
| EC5 | The supervisor has the power to: |
| (a) | have full access to banks’ and banking groups’ boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations; |
| Description and findings re EC5(a) | OSFI has a range of powers of information access granted to it under the Bank Act:
|
| (b) | review the overall activities of a banking group, both domestic and cross-border; and |
| Description and findings re EC5(b) | The supervision of Canadian financial institutions is conducted on a consolidated basis, which involves an assessment of all of an institution’s material entities (including all subsidiaries, branches and joint ventures), both in Canada and internationally. In addition to the legislative authorities listed in EC5(a), section 635 of the Bank Act allows the Superintendent to direct a person who controls a bank or any entity that is affiliated with a bank to provide the necessary information to satisfy the Superintendent that the bank is in sound financial condition and in compliance with the provisions of the Bank Act. Also, section 470 of the Bank Act may be used to require a bank to provide undertakings to provide access to records of controlled domestic and foreign subsidiaries. In practice, OSFI’s Supervisory Framework focuses on identifying material risks to a bank or banking group. As such, OSFI identifies a bank’s “significant activities”—a line of business, unit, or process, which may be domestic or cross-border—that are fundamental to the bank’s business model and its ability to meet its overall business objectives. Supervisory work is planned at the significant activity level, and ranges from ongoing monitoring of the significant activity to extensive reviews of the bank’s operations at its domestic or foreign premises. |
| (c) | supervise the foreign activities of banks incorporated in its jurisdiction. |
| Description and findings re EC5(c) | OSFI supervises banks on a fully consolidated basis, irrespective of location of the legal entities of the group or their activities. Information sharing, which is permitted under Subsection 22(2) of the OSFI Act and which authorizes the Superintendent to enter into agreements with foreign regulators to share information about banks, facilitates the supervision of banks’ activities outside Canada. The powers iterated in EC5(a) and (b) above enable and support the ability of OSFI to supervise such activities. OSFI will usually enter into Memoranda of Understanding with foreign regulators to facilitate the confidential sharing of information, as appropriate, to increase awareness and understanding of group-wide issues and contribute to supervisory efficiency and effectiveness (please see CP3 and CP13). The assessors discussed with OSFI practices of non-domestic on-site inspections, file reviews, visits and coordination with host supervisors, including colleges of supervisors. |
| EC6 | When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardise the bank or the banking system, the supervisor has the power to: |
| (a) | take (and/or require a bank to take) timely corrective action; |
| Description and findings re EC6(a) | As discussed in EC1, OSFI’s statutory mandate requires that it promptly advise the management and board of a financial institution in the event the institution is not in sound financial condition or is not complying with its governing statute law or supervisory requirements under that law and, in such a case, to take, or require the management or board to take, the necessary corrective measures or series of measures to deal with the situation in an expeditious manner. To fulfill its mandate, OSFI supervises banks in accordance with its Supervisory Framework. The Framework describes the principles, concepts, and core process that OSFI uses to assess the safety and soundness of financial institutions, and to identify issues or areas of concern early in order that timely corrective actions may be taken. When OSFI identifies urgent issues or requires a bank to take significant remedial actions, supervisory processes would be expedited, and the frequency and intensity of monitoring and reporting would be enhanced. OSFI’s Supervisory Framework is supported by a Guide to Intervention, which supports early intervention to minimize losses. The Guide to Intervention outlines the types of involvement that banks can normally expect from OSFI (as well as from CDIC) and summarizes the circumstances under which certain intervention measures may be expected and escalated. The Bank Act provides a wide range of discretionary, early intervention powers that allow OSFI to intervene to address concerns that may arise with a bank. Examples of such powers include: special examinations, prudential agreements, directions of compliance, application to a court for an order of compliance and, ultimately, taking control of the bank. The aforementioned Supervisory Framework, Guide to Intervention, and details of the applicable legislative provisions are discussed in detail in BCP 11 on corrective and sanctioning powers, and below in EC6(b). |
| (b) | impose a range of sanctions; |
| Description and findings re EC6(b) | OSFI has the power to impose a range of sanctions under the Bank Act:
OSFI’s Guide to Intervention outlines how a bank may expect a range of supervisory tools, including sanctions, to be applied at each stage of intervention as the severity of the situation escalates. |
| (c) | revoke the bank’s licence; and |
| Description and findings re EC6(c) | The Bank Act (Section 973.03) provides the Minister and Superintendent with authority to revoke, suspend or amend any approval. This includes the revocation of the Letters Patent by the Minister and the revocation of the Order to Commence and Carry-on Business (OCCB) (i.e., a bank’s license), respectively. In other words, the authority to revoke approval is tied to the authority to grant approval so that the Minister cannot revoke an approval that was granted by the Superintendent, but instead can revoke any approval that was granted by the Minister. Neither the Minister nor the Superintendent have ever used the powers to revoke an approval granted by section 973.03 of the Bank Act. Were these powers to be used, in practice the Superintendent would recommend to the Minister that Letters Patent be revoked even though the legislation does not expressly require the Superintendent to make such recommendation. However, once the Superintendent revokes the order to commence business then the bank cannot continue to operate as a bank. The firm would still remain a legal entity and also a bank, so it can continue to have a corporate presence/operations (retain office space, have staff, hold board meetings, etc.), but it cannot engage in the business of banking (including taking deposits and making loans). In the hypothetical event that the Minister were not minded to revoke the Letters Patent, the Superintendent therefore retains the ability to prevent the bank from operating as a bank. In practice OSFI would be more likely to exercise its powers under Section 54 of the Bank Act, whereby it can make the OCCB subject to conditions or limitations, or amending or revoking any authorization contained in the OCCB or any condition or limitation to which the OCCB is subject. Subsection 973.03(2) is broad in scope as it applies to any approval and is largely duplicative of section 54. The subsection was added to legislation in 2007. OSFI might also seek to take control of the bank. This is a defined term that is part of the process leading to liquidation of a bank (as opposed to assuming governance of an institution on an on-going basis) but OSFI must consult with the Minister before seeking to exercise this power. |
| (d) | Cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate. |
| Description and findings re EC6(d) | The Bank Act provides a wide range of discretionary, early intervention powers that allow OSFI to intervene to address concerns that may arise with a bank, and, in so doing, to cooperate and collaborate with all relevant authorities (domestic and foreign). OSFI and CDIC jointly developed, documented, and publicly disclosed the Guide to Intervention, which also outlines their coordinated approach at each increasing stage of intervention. In addition, the Bank Act (sections 648 to 656) clearly defines a role for the Superintendent in deciding when and how to trigger the orderly resolution of a problem bank. When the Superintendent determines that an institution is at the stage of “non-viability/insolvency imminent”, the Superintendent’s activities and responsibilities may involve:
|
| EC7 | The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group. |
| Description and findings re EC7 | The Superintendent has powers to access information in respect of a person who controls a bank or an entity that is affiliated with a bank (subsection 635(1) of the Bank Act). The definition of an affiliate, under the Bank Act (section 6) includes an entity that exerts control over another. The Bank Act empowers the Superintendent to issue an order to direct a person who controls a bank or any entity that is affiliated with a bank to provide information or documents where the Superintendent believes that the production of such information or documents is necessary in order to be satisfied that the provisions of the Bank Act are being duly observed and that the bank is in sound financial condition. It may be noted that ownership rules for banks require certain domestic banks to be “widely held”. This restriction applies to banks with equity of more than 12 billion Canadian dollars and covers the five largest domestic banks in Canada. In addition, the Bank Act (section 378) “deems” certain banks “to be a bank with equity of twelve billion dollars or more”. In practice the Act seeks to widen the “widely held” restriction. Three banks (National Bank, Laurentian Bank and Canadian Western Bank) are deemed to have equity of 12 billion or more under section 378. The shares of these banks trade directly on the stock exchange as there are no holding companies at the top of the corporate structure (i.e., all of these banking groups have a bank at the top of the group). In practice, therefore, there is no parent entity for the major banks in Canada. A major shareholder is permitted for banks under the threshold of 12 billion dollars. Furthermore, a smaller bank, below 2 billion dollars in equity can be “closely” held and the parent can be a commercial entity. For these institutions the information powers under subsection 635(1) of the Bank Act noted above are pertinent. Although OSFI’s consolidated approach to supervision focuses primarily on the assessment of the federally regulated financial institution (i.e., the bank) and its subsidiaries, OSFI’s risk assessment also considers the activities of parent companies and affiliates (where they exist) and their impact on the regulated bank. During the review of an application for incorporation, ownership and related considerations are evaluated. Pursuant to section 27 of the Bank Act, OSFI reviews the financial resources of the applicant and the extent to which the proposed corporate structure of the applicant and their affiliates may affect the supervision and regulation of the bank, having regard to:
See also CP12. |
| Assessment of Principle 1 | Compliant |
| Comments | OSFI has the sole legal mandate for the supervision of banks in Canada. As an institution OSFI demonstrates a strong consciousness of its mandate and of working within the scope of its mandate at all times. The Bank Act, the main statue under which OSFI operates, provides OSFI with a wide range of powers that are essential to the performance of effective supervision. The mandatory five-year revision to the Bank Act provides a legal framework with a ready capacity to be periodically updated to reflect the demands of the financial system and expectations placed on supervisory practice. The first Core Principle of the BCP standards requires that laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards and further requires that the supervisor must have powers to increase the prudential requirements for individual banks and banking groups to reflect their risk profile and systemic importance. OSFI meets the standard of the CP as the Bank Act provides these powers. The Bank Act requires banks and banking groups to adhere to minimum prudential standards and empowers OSFI to set higher individual standards and provides OSFI with a range of powers and sanctions to enforce compliance if the bank or banking group fails to meet the requisite standards. It is worth noting the role of guidelines issued by OSFI. The guidelines are a means whereby OSFI is able to swiftly, explicitly, and outside the political process, articulate its supervisory expectations and how the requirements, including adequate prudential standards, of the Bank Act should be met. While the guidelines are not directly enforceable in law, failure to meet a guideline is indicative of failure to meet the underlying legal standard. If OSFI determines that a bank has not met the standard by other means, OSFI has sufficient tools to compel compliance. The guidelines are therefore indirectly enforceable under the law. In practice the guidelines are viewed as equivalent to regulations by the industry. In order for this approach of indirect enforcement to be effective and lead to desired supervisory outcomes, it is essential for the supervisory authority to closely monitor the industry’s compliance with the guidelines and to be prepared to increase supervisory pressure as soon as it identifies institutions out of compliance. OSFI has an explicit and legal mandate for early intervention and its supervisory approach flows from its mandate. OSFI must maintain its supervisory approach of close touch and focused pressure on banks if supervision is to continue to be effective. Over time, it is recommended that ways be explored to strengthen the enforceability of guidelines through statutory changes to the powers of OSFI under the Bank Act. It is further recommended that consideration is given to whether there are any key prudential standards that would benefit from a migration to the format of a regulation. |
| Principle 2 | Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor. |
| Essential criteria | |
| EC1 | The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision. |
| Description and findings re EC1 | OSFI is a government agency, established by Parliament as a separate Office under the Office of the Superintendent of Financial Institutions Act (OSFI Act, subsection 4(1)) with the stated purpose of contributing to public confidence in the Canadian financial system (section 3.1). The Minister of Finance presides over and is responsible for OSFI and the Superintendent is the Deputy Head of OSFI. In contrast to powers held with respect to other government agencies, the Minister of Finance has no statutory powers of direction under the OSFI Act and therefore has no authority to issue Ministerial Directions to the Superintendent. OSFI is fiscally independent of government and its budget is not dependent on government appropriations.10 OSFI is instead financed through fees levied on federally regulated financial institutions (subsection 17(2) and section 23 of the OSFI Act). OSFI has the power to act independently in order to meet staffing and other resource requirements in pursuing the agency’s statutory objects by virtue of its categorization as a separate agency (Schedule V of the Financial Administration Act (FAA)), and the delegation of powers to the Superintendent. Furthermore, the Superintendent is authorized to exercise powers that relate to the determination of terms and conditions of employment and the responsibility for employer and employee relations. See also EC6 below in relation to staffing matters. OSFI’s employees must, however, be appointed in accordance with the Public Service Employment Act (PSEA), which is administered by the Public Service Commission (PSC). The PSEA prescribes the staffing framework – appointments, complaints and dispute resolution, and the revocation of appointments – applicable to most government employers. Although the PSC has delegated its staffing authorities to the Superintendent, subject to terms and conditions, OSFI does not have discretion to establish its own framework, a status that has been granted to other government employers meaning that they have full discretion to establish their own staffing frameworks. OSFI’s current agreement with the PSC imposes on OSFI certain operational requirements and reporting requirements for OSFI to demonstrate that it has complied with the PSC’s framework and policies. For example, prior to recruiting externally, OSFI is required to consider public service employees that are on a priority hiring list, even though the skills sets that OSFI seeks for supervisory and/or regulation staff are not typically available in the broader public service. OSFI staff explained that the practical impact of this process is extremely limited as confirmation of whether there are public service employees who must be considered is typically obtained within two to three working days. Moreover, as it is necessary for a successful candidate to meet the relevant and specific criteria for the roles within OSFI, the supervisory authority is not at risk of being obliged to accept staff unsuited to its posts. Finally, the Superintendent is responsible for the administration of the Bank Act (section 6 of the OSFI Act), and is provided with operational independence in carrying out OSFI’s core mandate. OSFI has authority over supervisory and prudential matters and is empowered to exercise discretion when taking supervisory actions or decisions respecting banks. Where there are ministerial approval requirements in the Bank Act, OSFI’s focus is prudential in nature and the Minister’s focus is on policy considerations. The Bank Act provides different approval processes depending on the determination in question (e.g., whether licensing or change of control or investment in a federally regulated entity). In practice, all ministerial approvals are processed by OSFI, and the Superintendent provides a recommendation to the Minister based on statutory and prudential considerations. The assessors clarified that applications for approval must be submitted to OSFI (the Superintendent) and not the Minister and that OSFI does not, in practice, provide “negative recommendations” to the Minister. In cases where the application relates to a matter that requires only the Minister’s approval, OSFI reviews the application to ensure it is complete. OSFI then reviews the application to determine whether it raises prudential concerns, and makes its recommendation to the Minister. The Minister may take into account any relevant considerations, including the Superintendent’s recommendations on prudential matters. In cases where OSFI provides a positive recommendation for the Minister to approve, OSFI only presents the arguments for approval. OSFI does not provide the underlying information that would enable the Minister to second guess the prudential determination or overturn a prudential veto. In other words, when OSFI has rejected an application for approval on prudential grounds, OSFI does not, as a matter of course, provide a negative recommendation to the Minister or provide an opportunity for the Minister to intervene in the process. As an agency of the government, OSFI has clear and statutorily prescribed lines of accountability. Pursuant to section 4 of the OSFI Act, OSFI is accountable to Parliament through the Minister of Finance. The Minister presides over and is responsible for OSFI, and the Superintendent is the Office’s Deputy Head. OSFI must produce an Annual Report detailing its operations for the year, which the Minister must table before Parliament under section 40 of the OSFI Act. Section 6 of the OSFI Act requires the Superintendent to report to the Minister from time to time on all matters connected with the administration of the Bank Act. It is important to note that, despite these accountability structures and reporting requirements, which are critical in a parliamentary system such as Canada’s, there is no government interference that would compromise OSFI’s operational independence in carrying out its mandate. As discussed in EC4 and EC5, the OSFI Act and OSFI’s internal policies establish a number of conflict of interest measures and codes of conduct designed to prevent undue influence from industry, such as a prohibition on owning shares of federally regulated financial institutions, disclosure with respect to borrowings from federally regulated financial institutions, the prohibition on the acceptance of any grant or gratuity, and the consequences of contravening those requirements. OSFI is subject to the imposition of government-wide fiscal restraints such as wage freezes (when in force), as well as the administrative guidance of the |
| EC2 | The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed. |
| Description and findings re EC2 | The Superintendent is the “Deputy Head” of OSFI, supported by an Executive Management Team. OSFI does not have a separate “governing body”, such as a board of directors. The Superintendent has sole power to appoint the executive management team. Section 5 of the OSFI Act provides that OSFI will be headed by a Superintendent who is appointed by the Governor in Council for a fixed term of seven years, a term that is not linked to the usual four-year mandate of the government in power. Further, the appointment is made “during good behaviour” (as opposed to “during pleasure”, where the incumbent can be easily replaced during a term),11 meaning that the Superintendent can only be removed for cause (e.g., misconduct) by the Governor in Council. However, the specific reasons for which the Superintendent can be removed are not specified in the OSFI Act and common law precedence would apply in determining reasonable cause. The OSFI Act requires that where the Superintendent is removed from office, the Order in Council providing for the removal must be laid before Parliament and is thus public. The details of the reason for removal from office would be set out. The appointment of a Superintendent follows a competitive hiring process, including a public call for applicants. The selection process is coordinated by the Privy Council Office (Senior Personnel Secretariat) on behalf of the Prime Minister’s Office. The Superintendent is appointed by the Governor in Council (i.e., the Governor of the Privy Council). The Superintendent, on the expiration of any term of office, may be re-appointed for a further term of office. In the event of absence or incapacity of the Superintendent, or if the office of Superintendent is vacant, the Governor in Council may appoint a qualified person to hold office instead of the Superintendent for a term not exceeding six months, with all of the powers, duties and functions of the Superintendent. This interim appointment may be renewed for subsequent six month terms. |
| EC3 | The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives. |
| Description and findings re EC3 | OSFI’s objectives and its performance against objectives are made public on an annual basis in several publications, including:
OSFI discloses a significant amount of information about its business and the institutions it regulates, including financial data, speeches, media interviews, external consultations and reports. OSFI has an internal audit group and a formal Audit Committee (which is discussed in detail in EC4), its financial statements are audited by a private audit firm, and it is subject to periodic “value for money” audits by the OSFI is also subject to the Access to Information Act, a statutory process by which the public can request specific information on topics or issues (subject to certain statutory exclusions related to supervisory activities, institution-specific confidential information, privacy, national security, etc.). |
| EC4 | The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest. |
| Description and findings re EC4 | OSFI has developed a Framework for Exercising the Superintendent’s Powers (FESP), (section 10 of the OSFI Act), which outlines the regulatory and supervisory powers that are retained directly by the Superintendent and those that are assigned to specific positions within the organization. This delegation of authorities is based on the principle that only persons in positions of sufficient authority can exercise the Superintendent’s powers. The framework establishes lines of communication and accountability and makes it clear that in cases of doubt the appropriate response is to refer to the senior level of authority. It also seeks to ensure that timely supervisory decisions can be taken at the level appropriate to the significance of the issue. These responsibilities and accountabilities are reflected in job descriptions that are created for every position at OSFI. This framework has been reviewed and refreshed five times since it was first prepared in 2002, the most recent occasion being 2007. OSFI has written procedures for each of its sectors (Regulation, Supervision, and Corporate) to address key regulatory and supervisory functions (e.g., risk assessment and examination, approvals, rule making, etc.). These procedures complement the FESP and individual job descriptions by providing additional operational detail on authorities, responsibilities and expectations, and communications. OSFI’s governance framework is enhanced through an Enterprise-wide Risk Management (ERM) framework, which facilitates discussion on the risks faced by the organization. The ERM framework is an explicit and structured office-wide method for OSFI to identify, evaluate, prioritize and develop initiatives to mitigate risks to OSFI where exposure is greatest. OSFI also has an Audit Committee that advises the Superintendent on non-prudential (i.e., corporate) matters. The role of the committee is to provide objective advice and recommendations to the Superintendent regarding the sufficiency, quality, and results of assurance on the adequacy and functioning of OSFI’s risk management, control and governance frameworks and processes, including accountability and auditing systems. In order to give this support to the Superintendent, the committee focuses on core areas of OSFI’s management, control, and accountability, including reporting, in an integrated, risk-focused, and systematic way. As noted in EC3, OSFI also maintains an internal audit function, its financial statements are audited by a private audit firm, and it is subject to “value for money” audits by the OAG. Reports from OSFI’s internal audit group and the OAG are publicly available on OSFI’s website. To facilitate timely discussion and decisions on supervisory matters, OSFI conducts regular meetings between senior operational management both within sectors and between sectors. There are also regular executive management meetings with the heads of all sectors (i.e., the Superintendent; Deputy Superintendent, Supervision Sector; Assistant Superintendent, Regulation Sector; and Assistant Superintendent, Corporate Services). In the event of an emergency afflicting the Superintendent, section 5 of the OSFI Act provides for the appointment of a qualified person, either in the absence or incapacity of the Superintendent, who can exercise all the powers, duties and functions of the Superintendent for a period of up to six months. The FESP also contains provisions for the emergency exercise of certain powers, powers that are normally exercised only by the Superintendent. Finally, OSFI has developed a Business Recovery Plan that covers all aspects of business interruption, including decision making in emergencies, whether external or internal to OSFI. Each OSFI employee, including OSFI’s governing executive, must abide by OSFI’s Statement of Values and Code of Conduct, which sets out the organization’s core values of professionalism, integrity and respect for people. This is complemented by a Conflict of Interest Policy that requires employees to uphold, and be seen to uphold, the highest ethical standards, so as to enhance public confidence in OSFI’s integrity, objectivity and impartiality. Further, section 19 of the OSFI Act establishes a number of conflict of interest measures for the Superintendent,12 Deputy Superintendent and members of the Financial Institutions Supervisory Committee (FISC)13 designed to prevent undue influence from industry, such as a prohibition on owning shares of federally regulated financial institutions, disclosure on borrowings from federally regulated financial institutions, the prohibition on the acceptance of any grant or gratuity, and the consequences of contravening those provisions. These same statutory requirements are reflected in OSFI’s Conflict of Interest Policy, which applies to all OSFI employees. |
| EC5 | The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed. |
| Description and findings re EC5 | OSFI sets out its core values of professionalism, integrity and respect for people in its Statement of Values and Code of Conduct. Since 1998, OSFI has commissioned regular consultations with its key stakeholders to assess its effectiveness and to fulfill its commitment to continuous improvement. These consultations are carried out by independent third-party consultants who interview industry executives and advisors to collect their anonymous impressions and assessment of OSFI’s operations and staff. The consultation includes an assessment of OSFI and its employees against matters addressed in the Statement of Values and Code of Conduct. The recent 2012-2013 consultations for the deposit-taking institutions sector Consultation confirm OSFI’s professionalism citing that OSFI were regarded as professional, reasonable, fair, focused on relevant risks and successfully contributed to public confidence in the financial services industry. Relationship Managers (RMs) were described as capable, responsive and hardworking. To increase transparency and accountability, survey results are always published on OSFI’s website. Sections 19 through 21 of the OSFI Act establish rules for the Superintendent, Deputy Superintendent, and members of FISC on how to avoid real and perceived conflicts of interest. More specifically, for these individuals, the OSFI Act:
This statutory framework requires that the Superintendent must be satisfied that when information is shared, it will be treated as confidential and exclusively for lawful supervisory purposes. These statutory requirements are reflected and expanded upon in OSFI’s internal Conflict of Interest Policy and its Statement of Values and Code of Conduct. Employees are expected to review these policies annually and are required to sign documents confirming compliance with certain requirements, such as the prohibition on owning shares of federally regulated financial institutions. OSFI has discretion to apply sanctions, including dismissal, if the laws or workplace policies are breached by employees. Furthermore, section 980 of the Bank Act provides that every person, who without reasonable cause, contravenes any provision of the Bank Act (including section 636 mentioned above) or its associated regulations may be punished by way of monetary fines and/or imprisonment. |
| EC6 | The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. |
| This includes: | |
| (a) | a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; |
| Description and findings re EC6(a) | As noted in EC1, section 11 of the OSFI Act provides the authority to staff the office, in accordance with the Public Service Employment Act, with the necessary number of employees to enable OSFI to meet its mandate and objectives. As discussed in EC1, OSFI’s supervisory budget is not dependent on government appropriations, but is authorized by subsection 17(2) and section 23 of the OSFI Act to be financed through assessments to federally regulated financial institutions and, to a lesser extent, a user-pay program for certain legislative approvals and other selected services. OSFI’s funding model and budget were designed to provide the needed autonomy and independence for OSFI to conduct effective supervision and oversight. OSFI has been able to increase its budget sufficiently in recent years to obtain the necessary resources to take on the increased regulatory and supervisory responsibilities resulting from the fiscal crisis. As an example, between fiscal year-end 2008-2009 and 2011-2012, OSFI’s staff complement has increased by approximately 120 persons or 24 percent. As noted in EC1, the federal government can impose government-wide fiscal restraints such as wage freezes, normally in extraordinary circumstances, which would also be applicable to OSFI. There are no such restraints at this time. OSFI cannot be required to shed staff by the federal government. |
| (b) | salary scales that allow it to attract and retain qualified staff; |
| Description and findings re EC6(b) | Pursuant to sections 13 and 15 of the OSFI Act, OSFI determines its own compensation regime. It maintains a philosophy of targeting the 75th percentile of base salary of the competitive financial services market. OSFI recently reviewed its executive compensation structure with a view to ensuring this target is met. This has allowed OSFI to offer pay scales for executive staff that differ from those in the larger federal government in order to be able to attract staff with specialized skills from the private sector as needed. While OSFI has the ability to establish and adjust its own compensation structure for executive staff, it must seek a mandate from the |
| (c) | the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; |
| Description and findings re EC6(c) | OSFI has the legal authority and the necessary budget to commission outside experts to conduct supervisory tasks or to deal with special situations, and regularly draws on such experts (e.g., specialized credit consultants). OSFI’s contracting and human resource policies and procedures ensure that all external experts have the necessary skills and independence. All external experts are subject to the same confidentiality rules that apply to regular OSFI staff. |
| (d) | a budget and programme for the regular training of staff; |
| Description and findings re EC6(d) | OSFI demonstrates its commitment to professional development and training by providing an estimated two percent of its human resources budget towards training ($1.5 million expensed in fiscal 2011-2012), and by targeting an average of five days of training per year per employee. In recognition of the new expectations of supervisors arising from the recent financial crisis, additional resources for OSFI’s Professional Development and Training Division were approved in fiscal year 2011-2012 to assist with the implementation of new training programs. OSFI reviews its training needs based on its human resource planning processes and continuing discussions with senior management. OSFI’s Executive provides direction on training priorities via quarterly training updates. Individual sectors and divisions have their own training budgets to target specialized needs. In addition, learning plans are a required element of employees’ annual goal commitment documents. These learning plans seek to ensure that adequate and practical training is identified on an on-going basis. OSFI offers both internal and external training. For example, the Supervision Sector offers detailed training for senior examiners with specialized training guides as well as courses in the Supervisory Framework. OSFI has also created formal developmental programs for regulatory officers and supervisors, which consist of formal training and on-the-job development. OSFI maintains a large inventory of external training providers and supports training towards professional designations. |
| (e) | a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and |
| Description and findings re EC6(e) | OSFI has a designated Chief Information Officer (CIO) and a separate budget for the Information Management/Information Technology (IM/IT) Division that is managed according to IM/IT best practice portfolio management guidelines. Technologies, applications, and information are strategically managed and operationally maintained based on a defined IM/IT strategy, a long-term IT renewal program, and implemented according to life-cycle management policies to ensure currency and effectiveness. IM/IT is regarded as integral to OSFI’s ability to carry out its mandate and consequently, $12.8million, representing approximately 10 percent of OSFI’s overall budget, was allocated to this function in 2011-2012. OSFI’s IT/IM investment includes such applications and tools as OSFI’s Business Intelligence Tool (BI Tool), which consolidates a number of quantitative and qualitative inputs about individual financial institutions and allows the supervisor to quickly assess the institution, its peers, and observe trends. Another example relates to OSFI’s document storage and retrieval capabilities, which are being upgraded to leading-edge software that will increase efficiencies. |
| (f) | a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges). |
| Description and findings re EC6(f) | OSFI’s travel budget for the 2010-2011 to 2013–2014 fiscal years ranges between 2.8 and 3.1 percent of its total budget. A travel budget of this nature has been sufficient to meet the needs for domestic and international on-site visits, cross-border cooperation, and international regulatory commitments. OSFI has a range of international commitments stemming from its membership of the G20 nations, including but not limited to membership and support for the Basel Committee on Banking Supervision and the Financial Stability Board and their subsidiary committees, working groups and task forces. OSFI develops annual supervisory strategies and plans for each banking group, including a group’s foreign operations. Periodically, planned supervisory work may target a significant activity that is carried out in a foreign jurisdiction. In such cases, OSFI would not only conduct an on-site review of the bank’s foreign operations, but it would also meet with the host country supervisor. In line with Financial Stability Board (FSB) recommendations, OSFI participates in or hosts various cross-border commitments, such as supervisory colleges. OSFI’s travel budget is also sufficient to support its continued participation on international rule making bodies, such as the Financial Stability Board, Basel Committee on Banking Supervision, International Association of Insurance Supervisors, and Joint Forum. |
| EC7 | As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified. |
| Description and findings re EC7 | OSFI operates on a three-year planning cycle, but reviews its plans at least annually. OSFI reviews its training needs based on its human resource planning processes and continuing discussions with senior management about upcoming plans and priorities. OSFI’s Executive provides direction on training priorities via quarterly training updates. Individual sectors and divisions have access to individual operational and training budgets to bridge identified gaps. For example, to deal effectively with the global financial crisis, the many lessons learned, the magnitude of new and on-going work related to international commitments, and the evolving risks within the Canadian financial services industry and its institutions, OSFI observed a short-and medium-term need to increase its risk assessment and supervisory resources. Between fiscal year-end 2008-2009 and 2011-2012, OSFI’s staff complement increased by approximately 120 persons or 24 percent. To ensure that OSFI could continue to meet its mandate, it added staff with specialized knowledge in the areas of corporate governance, credit, market and operational risks and to support the development of new and more sophisticated risk-sensitive liquidity and capital rules. OSFI admitted that some specialist areas have been more difficult to staff due to a scarce skillset, such as the technical specialists for model reviews. However, OSFI noted that it has to date always been able to fill vacancies with appropriately skilled staff. OSFI further noted that the organization underwent a conscious program of refreshing the skills including bringing in more staff from the industry and remained conscious of the need for continued refreshing of such skills. Discussions with the industry confirmed a consistent view that OSFI staff had the skills necessary to understand and to challenge the banks and several banks noted that OSFI had some outstanding individuals in its staff. Banks recognized that the large intake of new hires over a relatively short period was an institutional challenge for OSFI to manage in terms of embedding new staff into OSFI culture and standards but overall the process appeared to be smooth and successful. Some firms expressed concerns that OSFI might not be able to retain the highest caliber staff given competition from the industry itself. |
| EC8 | In determining supervisory programmes and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available. |
| Description and findings re EC8 | OSFI employs a risk-based approach to supervision. This approach is embedded in OSFI’s Supervisory Framework, which describes the principles, concepts, and core process that OSFI uses to assess the safety and soundness of financial institutions, and to identify issues or areas of concern early in order that timely corrective actions may be taken. Under the framework, OSFI annually prepares a supervisory strategy, which outlines the supervisory work planned for the next three years to keep the bank’s risk profile current. This general strategy forms the basis for a more detailed plan that guides resource allocation decisions for the upcoming year. The intensity of planned supervisory work depends on the nature, size, complexity and risk profile of the bank and the banking group. Supervisory work is planned and prioritized around a bank’s significant activities after considering the “net risk” of these activities (i.e., inherent risks of the activities after consideration of the quality of risk management), the need to update OSFI’s information on the activities, and the importance of the activities to the bank’s overall risk profile. When there are shifts in the risk assessment of the bank throughout the year, OSFI adjusts work priorities set out in the supervisory strategy and annual plan, as necessary. The relative systemic importance of each institution is not only reflected in OSFI’s supervisory plans, but also in OSFI’s corporate structure and design of its supervisory programs. OSFI has established dedicated supervisory teams for conglomerate banks and banking groups the resources for which can be and are adjusted according to changes in the nature, size, and complexity of the groups that are supervised. |
| EC9 | Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith. |
| Description and findings re EC9 | Section 39 of the OSFI Act provides legal protection to OSFI and its staff against lawsuits for actions taken while discharging their duties in good faith. The Government of Canada, through |
| Assessment of Principle 2 | Largely Compliant |
| Comments | OSFI is a government agency whose formal head is the Minister of Finance and is hence subject to some governmental disciplines. Despite this structure, operational independence is in evidence in OSFI’s practices and decision making and is confirmed by all stakeholders including the industry. Nevertheless the Bank Act could better distinguish OSFI’s and the Superintendent’s prudential responsibilities from those of the Minister, who must naturally take a separate range of considerations into account. The concern is to ensure that a prudential veto is securely in place regarding decisions that the Superintendent must make, such as those relating to change of control of a federally regulated bank or major acquisitions or investments made by such entities. There are numerous instances within the Bank Act where approvals are required not from the Superintendent alone but from the Minister, either alone or in addition to the Superintendent of OSFI. Under the current Bank Act, just under 40 approvals belong to the Superintendent and just under 60 belong to the Minister. Broadly, Ministerial approvals are required at significant institutional moments, meaning the creation, change of control, merger or failure of a bank. It should be noted, however, that in 2012, only 18 of 116 Bank Act approvals granted were Ministerial approvals. In 2011, 28 of 132 approvals granted were Ministerial approvals. In addition to the change of control and acquisition approvals that are discussed in more detail in CPs 6 and 7, the power for the Superintendent to act quickly with respect to the taking control of a bank is indicative of OSFI’s operational independence and ability to address prudential issues (see CP11 for further detail). Records indicate that OSFI’s opinion has never been disregarded. Processes and procedures put in place (but which are not expressly required under the Bank Act) lead to the outcome that OSFI is making the sole prudential determination in matters requiring supervisory decisions. (See also CPs 6 and 7 for greater detail). De jure, however, the position is less clear and at various points in the Act (for example, section 396) matters that are listed for the consideration of the Minister are prudential in character, thus implying that the Minister is actively making, or has the capacity to “reassess” the prudential decision. It is recommended therefore that the Bank Act be amended to ensure there are clearly separate legal processes for the prudential decisions to be made solely by OSFI (the Superintendent). It is not suggested that OSFI’s prudential decision should be binding on the Minister in the sense that the Minister must approve a decision recommended (on purely prudential grounds) by OSFI, only that the law should clearly ensure that the Minister cannot issue an approval that was not recommended by OSFI. The Minister must of course be free to make a determination on grounds other than prudential. This is what happens in practice, so the recommendation is to codify the prudential veto clearly in the Bank Act. From the same perspective of legal clarity it is recommended that the Bank Act be revisited with respect to the powers to take control of the assets of a bank. The Act currently permits the Superintendent to take control of a bank, but if this control extends beyond 16 days the Minister may intervene (i.e., Section 648(1)(b): control may extend beyond 16 days “unless the Minister advises the Superintendent that the Minister is of the opinion that it is not in the public interest to do so”). While this provision may have been designed as a failsafe measure for the Superintendent to act quickly, and also to permit the Minister to intervene on public interest grounds, it is implied but not required that an alternative resolution method must at once be put in place in order to ensure that a potentially vulnerable institution in a crisis or emergency situation is dealt with expeditiously and effectively. It is also recommended that the authorities consider exempting the supervisors from the government’s fiscal controls and administrative guidance, as in the case of some other financial agencies, in order to enhance OSFI’s financial autonomy. |
| Principle 3 | Cooperation and collaboration Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information. |
| Essential criteria | |
| EC1 | Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary. |
| Description and findings re EC1 | In addition to OSFI, the prudential supervisor for federally regulated financial institutions, the There are several formal mechanisms to facilitate collaboration between the regulatory bodies at the federal level and along with the main provincial securities commissions, including the following committees:
In addition to these formal mechanisms for the exchange of information, OSFI maintains close contact with representatives of the The assessors were able to confirm in the context of successive meetings that there were well established relationships between officials at the federal authorities and that close and open contact between them is normal practice. Provincial regulators of deposit taking institutions, or other provincially incorporated and regulated financial institutions are not represented on the FISC or the SAC, although provincial securities regulators participate in the Heads of Agencies discussions on capital markets issues. OSFI confirmed that provincial regulators did contact OSFI on an ad hoc basis and that there are meetings at the provincial level where OSFI provides updates on its activities. |
| EC2 | Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary. |
| Description and findings re EC2 | OSFI has entered into formal information-sharing and cooperation arrangements (Memoranda of Understanding – MoUs) with over 30 foreign supervisory authorities. OSFI routinely exchanges information with foreign home and host regulators pursuant to the terms of these MoUs. OSFI regularly receives requests for information from other regulators and will share information where OSFI is assured in writing that the other regulator will maintain confidentiality. Often these requests seek due diligence about an institution or are in relation to an application that a Canadian bank has made to carry on business in another jurisdiction. OSFI participates in collaborative onsite reviews that take place in host jurisdictions. For example, OSFI has led a joint on-site review performed in collaboration with a host authority and which included:
|
| EC3 | The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party. |
| Description and findings re EC3 | Subsection 22(1) of the OSFI Act establishes a strict confidentiality regime for information in OSFI’s possession as well as for any information prepared from it. This extends, as explained below and to the extent possible, to parties with whom information is shared. OSFI has the legal authority to share confidential information with domestic and foreign supervisory authorities pursuant to subsection 22(2) of the OSFI Act and subsection 636(2) of the Bank Act. While broad legal gateways, noted above, exist for information sharing, it is OSFI policy not to exchange written documentation with other authorities until the MoU process has been completed and the due diligence with respect to confidentiality has been complated. With regard to information sharing with foreign regulators, all MoUs entered into by OSFI provide that the information OSFI shares will be treated as confidential. Parties to such MoUs agree to take all possible steps to preserve the confidentiality of the information received. In addition, the MoUs state that employees of both parties to the MoU are bound to hold confidential all information obtained in the course of their duties. The MoUs expressly state that all confidential information received from the other Authority will be used exclusively for lawful supervisory practices. Where a party to an MoU is compelled (e.g., by a court) to disclose to third parties any information obtained from OSFI, the MoU requires that the other regulator will advise OSFI of the information that the regulator is compelled to release and the circumstances surrounding the release. |
| EC4 | The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information. |
| Description and findings re EC4 | Confidential information that OSFI receives from other supervisors is used only pursuant to the terms of OSFI’s MoUs with those supervisors. As set out in all of its bilateral MoUs, OSFI will not pass on any confidential information obtained from another regulator without obtaining explicit prior consent to do so. If OSFI is legally compelled to release confidential information it has received from another regulator, its procedure would be to notify the regulator in question promptly and if said regulator does not provide consent, OSFI would seek to use every available means to resist or protect the confidential information. At this point in time, there have been no cases where OSFI has been legally compelled to disclose information obtained from a third party. |
| EC5 | Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions. |
| Description and findings re EC5 | The CDIC is the Canadian resolution authority and there are a number of coordinating mechanisms between the relevant authorities as discussed in CP 1, EC1 and CP3, EC1. OSFI and CDIC maintain a close working relationship and regularly participate in recovery and resolution planning meetings. OSFI also participates in the Resolution Planning Working Group, which is chaired by CDIC and includes membership from all FISC agencies (individual institutions are discussed at FISC). The purpose of the working group is to discuss issues relevant to the development of the resolution plans of institutions and to keep all agencies informed of the banks’ progress in developing resolution plans. OSFI also participates in any meetings that take place directly between CDIC and the banks on the topic of resolution planning. OSFI and CDIC jointly organize and host annual Crisis Management panels that are used to discuss recovery planning and resolution planning with relevant domestic and international stakeholders. The most recent Panel took place in May 2013. A panel with more of a resolution focus will take place later in 2013. Publicly available guidelines are in place (the Guide to Intervention for Federally Regulated Deposit-Taking Institutions) that describe the coordination and cooperation between OSFI and the CDIC in the event that a bank’s condition starts to deteriorate, experiences distress and needs to be moved to resolution. The processes include classifying institutions at each “stage” including, e.g., “early warning,” “risk to financial viability,” or “Non-viability” and clarifying the expected actions of the relevant agencies as well as the coordination between them. (See also CPs 8, 9 and 11). Recovery plans are prepared by financial institutions based on direction and administrative guidance provided by OSFI (with input from the FISC partners). CDIC as Canada’s resolution authority has assumed the responsibility to draft resolution plans. OSFI provides the institutions’ recovery plans to CDIC for the purpose of assisting CDIC with preparing the resolution plans. CDIC obtains any further information that it requires to advance resolution planning from the banks. |
| Assessment of Principle 3 | Compliant |
| Comments | Cohesive cooperation and collaboration are the keynotes of OSFI’s relationships with relevant authorities. Federal level cooperation is supported by a common desire among the agencies and authorities to assure the safety and soundness of the Canadian financial system and its institutions. Cooperative arrangements are well established over decades and proved to be responsive and effective during the financial crisis. Foreign authorities comment very favourably on the quality of their interactions with OSFI. Moreover a number of regulatory authorities, both domestic and foreign, have turned to OSFI for technical assistance to develop their skills, confirming the degree of confidence invested in OSFI’s practices and standards. Nevertheless there are weaknesses in the Canadian arrangements when considering the relationship between the federal and provincial authorities. Touch points with the provincial regulators, while orderly and regular, are potentially less well developed than they could be and may represent a potential frailty in an otherwise well functioning system. In the specific context of the BCP assessment, which is an assessment of the federal level of supervision, it is important that there is full and free flow of information to ensure that OSFI has access to all the information it needs to carry out its mandate. There are two aspects that are relevant in the relationship between the federal and provincial spheres. One is the fact that some financial groups span the federal-provincial spectrum. In some cases the parent entity and consolidation for the group is federal and in others it is provincial, so functional relationships between the agencies are necessary to support effective and meaningful group wide supervision. The other aspect is that financial institutions within Canada, whether provincially or federally regulated and whether active in one or more province (which will depend on the terms of the regulation in the specific province) constitute the financial system in Canada when all taken together. It is important for all agencies to play their role, according to their respective mandates, to ensure that risk in the system, to the system and from the system can be effectively monitored and mitigated. It is noted that there is communication between federal and provincial authorities, for example, in the context of annual updates of risk assessments, and also that OSFI responds to queries as needed and attends functions such as the annual meeting of CUPSA (Credit Union Prudential Supervisors Association) at which each of the provincial jurisdictions provides an update on their credit union system. It is, though, recommended that more frequent and structured arrangements, modeled perhaps on current formats, are put in place to ensure that relevant information is shared actively and proactively as necessary, rather than only on request, in order to enhance firm and group specific supervision and as appropriate wider systemic understanding. |
| Principle 4 | Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled. |
| Essential criteria | |
| EC1 | The term “bank” is clearly defined in laws or regulations. |
| Description and findings re EC1 | The Bank Act (section 2)16 defines a bank as: “a bank listed in Schedule I or II”. As such the legal definition does not provide a description of what a bank is but identifies institutions in a list, by name, that are recognized as banks under the Bank Act. Only those entities licensed by the Minister of Finance under Schedule I or II to the Bank Act are banks. Schedule Schedule III of the Bank Act lists authorized foreign banks (i.e., foreign bank branches), which are also defined in section 2 as “a foreign bank that is the subject of an order under subsection 524(1)”. Section 2 also defines a foreign bank as “…an entity incorporated or formed by or under the laws of a country other than Canada……” |
| EC2 | The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations. |
| Description and findings re EC2 | The Bank Act, Part VIII (Business and Powers) defines the permissible activities of banks. Banks may only engage in the business of banking, which includes the activities set out in section 409, namely:
Foreign bank branches have the same powers (sections 538-556), and are subject to the same restrictions as Schedule I and II banks, except for the fact that a foreign bank branch does not have the ability to take a material amount of retail deposits (i.e., deposits of less than $150,000). A “full-service” foreign bank branch is permitted to accept deposits in Canada of $150,000 or greater (section 545) and a “lending” foreign bank branch is generally prohibited from accepting deposits (section 540). Part IX (Investments) of the Bank Act clearly sets out the permissible investment powers of banks. The investment regime is, in essence, an extension of the business and powers regime. All investments by a bank in an entity are subject to the “reasonable and prudent person” standard (section 465) with a view to ensuring that banks do not expose themselves to undue financial or other risks via their investments. All acquisitions of substantial investments in, and/or control of, a single entity by a bank are subject to specific rules. Part XII (Foreign Banks) of the Bank Act sets out permitted investments in Canada for a foreign bank. While the foreign bank itself may not be licensed or subject to supervision by OSFI, its permitted investments in Canada generally mirror those investments permitted to a Schedule I or II bank. Part XI (Self-Dealing) of the Bank Act sets out limited permissible transactions for banks with related parties. OSFI Advisory: Business and Powers—Ownership Interests in Commodities provides clarity on circumstances in which taking an ownership interest in commodities (which would other violate the section 410(2) prohibition on dealing in goods) would be a permissible activity and prudential standards to be followed in respect thereof. Certain guidelines impose parameters/limitations on permissible activities. |
| EC3 | The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled. |
| Description and findings re EC3 | The use of the word “bank” and its derivations is not wholly limited to banks as defined under the Bank Act. The Bank Act generally restricts the use of the word “bank, “banker” or “banking” in a name, or to describe a business in Canada, to banks and authorized foreign banks (i.e., foreign banks that have received approval to establish foreign bank branches in Canada) (section 983). The general restriction includes any of the abovementioned words in any language and any equivalent words (subsection 983(13)). A subsidiary of a bank may use the name of its parent bank in its name (subsection 983(5)). There is an exception to the general rule, which states that a person may use the word “bank”, “banker” or “banking” in its name, or to describe a business in Canada, if the use of the word is in relation to a business that is not engaged in financial activities, a circumstance in which it is unlikely that the general public would be misled (subsection 983(5.1)). Provincial legislation mirrors this general restriction. For example, the General Regulation to Ontario’s Business Corporations Act (paragraph 16(1)(c)) states that no word or expression that suggests an Ontario business corporation carries on the business of a bank shall be used in a corporate name without the appropriate consent (that consent would have to come from OSFI). There is a protocol with “Industry Canada” whereby new business entities are referred to OSFI if there is any possibility that there may be a misleading use of the word “bank” in the name of the business. OSFI confirmed that not only has Industry Canada taken a very cautious approach (eg referring blood banks to OSFI) there have been a handful of cases of enforcement on the use of the word “bank”. |
| EC4 | The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks. |
| Description and findings re EC4 | The majority of deposit-taking from the public is undertaken by federally regulated financial institutions (e.g., banks and trust and loan companies). At the federal level, institutions incorporated pursuant to the Bank Act, Trust and Loan Companies Act and Cooperative Credit Associations Act are all subject to the same licensing requirements and ongoing supervision/regulation as banks, including the requirement to obtain OSFI’s approval to take deposits. The Canada Business Corporations Act (paragraph 3(4)(a)) and the Canada Not-for-profit Corporations Act (subsection 3(3)), which are the general incorporating statutes at the federal level, state that no (federal) corporation may carry on the business of a bank or other entity to which the FRFI legislation applies. The Canada Cooperatives Act (subsection 3(5)) likewise states that no federal cooperative may carry on the business of a bank or other entity to which the FRFI legislation applies. Indirectly, this prohibits the taking of deposits by other non-FRFI federal entities. Entities can, however, also be incorporated provincially. Approximately 10 percent of all deposits taken in Canada were held outside federally regulated banks as at March 2013. Deposits may also be taken by provincially regulated institutions such as credit unions or, in the case of Alberta, a crown incorporation owned by the provincial government. In either case, the institutions in question are regulated by the relevant provincial authority. Thus a credit union will be regulated by its provincial regulator and Alberta Treasury Branch is regulated by the Alberta government. Whether or not a provincially incorporated entity can carry out business outside its province will depend on the terms of its provincial license and regulatory regime of the other jurisdiction. Provincial credit unions, which are supervised and regulated by provincial authorities, are permitted to take deposits in their jurisdictions of incorporation. In respect of deposits, as at March 31, 2012, credit unions reported $126.3 billion in deposits and deposits held with all Canadian banks, as at June 30, 2012, amounted to $2.3 trillion (the latter figure does not include deposits with other federally regulated financial institutions and hence is not the figure representing all deposits taken by federally regulated financial institutions in Canada). It is also the case that in Canada the prudential framework for Investment Dealers permits them to use free cash held on behalf of clients. The Investment Dealer must be able to give back these uninvested moneys to the clients on demand. Such funds can be seen to have the character and quality of a deposit. |
| EC5 | The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public. |
| Description and findings re EC5 | The OSFI website makes available a current list of all banks, foreign bank branches and foreign bank representative offices operating in Canada. In addition, pursuant to the Bank Act, Schedules I, II and III to the Bank Act list all banks and foreign bank branches (sections 14 and 14.1). The Bank Act is accessible in printed form as well as on the federal government’s Department of Justice website. |
| Assessment of Principle 4 | Compliant |
| Comments | Under Canadian federal law a bank is an entity that is incorporated and regulated at the federal level. A bank, by definition, cannot exist at the provincial level. Canadian federal law does not, however, apply to all financial institutions which may take deposits from the public. Deposit taking institutions can be incorporated and regulated at the provincial level. In practice the considerable majority of public deposits – approximately 90 percent – are taken by the federal banking system. The provision of credit is also largely at the federal level – ie 75 percent (figures from the Bank of Canada, 2012). However, there are some institutions which are systemically significant for their provinces, notably DesJardins, the credit union group based in Québec, and Alberta Treasury Branches, which is a Crown incorporation owned and regulated by the province of Alberta and which is the 10th largest lender in Canada. Also, funds with deposit-like characteristics are being taken from clients in investment dealers. As noted above, this BCP assessment focuses on the federal level in Canada and does not offer any assessment of the adequacy and appropriate laws, regulation and supervision applying to provincial deposit taking entities. However, it is clear that the scope of the federal system does not, and legally cannot, include all deposit taking entities of significance. The Canadian authorities are recommended to assess and as necessary make remedy to laws and arrangements to ensure the soundness and stability of the financial system within Canada, not merely the federal aspect of that system. |
| Principle 5 | Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management) of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organisation is a foreign bank, the prior consent of its home supervisor is obtained. |
| Essential criteria | |
| EC1 | The law identifies the authority responsible for granting and withdrawing a banking licence. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate. |
| Description and findings re EC1 | There is a two step licensing process in Canada. The Minister of Finance holds the licensing power in Canada and acts on the advice of the Superintendent of OSFI as set out in the Bank Act. Granting a bank license There are two steps to the application process for incorporating a bank in Canada. The first step is the requirement to obtain letters patent of incorporation, which are issued by the Minister of Finance (section 2217 of the Bank Act) upon recommendation of the Superintendent. The Bank Act states that an application for letters patent must be filed with the Superintendent, together with such information, material and evidence as the Superintendent may require (subsection 25(1)). All applications for a banking license are accompanied by an analysis and recommendation by the Superintendent. In practice, the application is not presented to the Minister unless OSFI has already made a favorable prudential determination. The original submission materials, including prudential data and analysis, are not presented to the Minister. The assessors were able to review papers relating to an application for a license. The information provided to the Minister presents the Superintendent’s determination of whether an approval is appropriate but does not supply information that would enable the Minister to second guess a supervisory determination or overturn a “prudential veto”. The second step is to obtain an order to commence and carry on business, issued by the Superintendent (section 49). A newly licensed bank may not commence operations (subsection 48(1)) until it completes the second step, which is used to ensure the bank in question has the requisite policies and procedures, governance and other controls in place to begin operations. Hence, a bank may not commence operation until the Superintendent is satisfied that all regulatory requirements have been met. Furthermore, the entity must meet the Superintendent’s requirements within a year and thus obtain the order of commencement from the Superintendent or the letters patent will lapse—as noted above. A similar process is followed when a company incorporated under another federal statute (e.g., the Trust and Loan Companies Act or the Canada Business Corporations Act) seeks to continue (i.e., obtain a licence) as a bank. However, in this instance the letters patent of continuance and the order to commence and carry on business are generally issued at the same time. OSFI noted that it is very rare for there to be an instance where letters patent have been obtained but due to failure to meet OSFI’s final requirements, an order to commence business was not issued. It was explained that some supervisory and prudential requirements are not insisted upon until the entity has obtained the letters patent. In essence, once the letters patent have been issued, OSFI moves to confirm that policies, procedures and personnel are in place and are functional. A key step in this process is the on-site review (the “pre-commencement review”) conducted by OSFI which is mandatory before OSFI staff can recommend that the Superintendent issue the order to commence business. The assessors were able to review files detailing the analysis and procedures, including conditions and undertakings that OSFI required of the newly licenced entity. Such undertakings and requirements might include, for example, capital adequacy levels, leverage restrictions and identification of related parties (transactions with related parties are tightly restricted—see CP20). Withdrawing a bank license License revocation initiated by the Minister or Superintendent The Minister or Superintendent can revoke any approval, including letters patent and orders to commence and carry on business, if he or she considers it appropriate to do so. In the Minister’s case, he or she may take into account all matters he or she considers relevant in the circumstances and in the Superintendent’s case, he or she may consider any prudential considerations he or she considers relevant in the circumstances (section 973.03). As noted in CP1 EC6, the power to revoke is directly linked to the power to approve (ie OSFI or the Minister can respectively revoke the approval that was given in the first place, but cannot revoke an approval given by the other body). License revocation initiated by a bank The process for withdrawal or revocation of a bank license can also be voluntary initiated by the bank. Should the bank wish to continue operations under other federal legislation (section 39.1) Ministerial approval is required. Upon such continuance, the entity would no longer be a bank and – depending upon the legislation under which it is continued—could be a cooperative association, insurance company, trust or loan company or other entity as specified in the legislation (Transaction Instruction A No. 14 sets out information requirements in respect of such an application for approval). The bank’s license is effectively revoked at the time of continuance (section 39.2). The Bank Act sets out the requirement for Ministerial approval in respect of voluntary liquidation & dissolution (sections 342-346) and Transaction Instruction A No. 11 sets out information requirements. The Superintendent (or other interested persons) may apply to a court, at any time during the liquidation process, for the continuance of the voluntary liquidation under court supervision (section 347). Granting a branch license to a foreign bank As with establishing a bank in Canada, there are two steps to the application process for establishing a foreign bank branch in Canada. The first step is the requirement to obtain an order permitting the foreign bank to establish a branch in Canada, issued by the Minister (subsection 524(1)), upon the Superintendent’s recommendation. The Minister may only make such an order if, after consultation with the Superintendent, the Minister is of the opinion that the applicant is a bank in its home jurisdiction and is regulated in a manner acceptable to the Superintendent and the applicant’s principal activity is financial services or services permitted by the Bank Act if they were provided by a bank in Canada (subsection 524(4)). Upon receiving an order, a new branch may not commence operations (subsection 534(2)) until it completes the second step, which is to obtain an order approving the commencement and carrying on of business in Canada by the branch, issued by the Superintendent (subsection 534(1)). Withdrawing a branch license of a foreign bank The Minister or Superintendent can revoke any approval (section 973.03). In problem situations, the Superintendent may request the Attorney General of Canada to apply for a winding up order of a foreign bank branch where the assets of the branch are under the Superintendent’s control (section 621). Withdrawal or revocation of a foreign branch license can also be voluntary. Where a foreign bank branch wishes to discontinue operations in Canada, it must seek the approval of the Superintendent for the release of its assets maintained on deposit in Canada (subsection 599(1)). Upon receipt of approval for this release, the subsection 524(1) order is deemed to be revoked. Consideration of OSFI’s views The Minister is responsible for issuing letters patent of incorporation establishing a bank. The decision to issue the letters patent is made on the basis of a recommendation received from OSFI. No direct application can be made to the Minister. Hence, if OSFI does not recommend the issuance of letters patent the Minister’s decision making process is not initiated and therefore OSFI holds a prudential veto on the establishment of a new bank. The Minister, however, is not obliged to accept OSFI’s recommendation and may have other factors to take into consideration beyond OSFI’s prudential remit, such as competition and structure of the financial system. Nevertheless, there is no history of the Minister having denied OSIF’s recommendation and the Bank Act states that the Minister must take into account the Superintendent’s opinion regarding the extent to which the proposed corporate structure of the applicant or applicants and their affiliates may affect the supervision and regulation of the bank, having regard to the nature and extent of the proposed financial services activities and the nature and degree of supervision and regulation applying to the proposed financial services activities (paragraph 27(g)). The Minister shall also take into account all other matters that he or she finds relevant such as (but not limited to) the consideration of adequacy of financial resources, business plans and fit and proper assessments. A final protection for OSFI’s prudential remit is that even once letters patent have been issued a newly licensed bank may not commence operations until the Superintendent approves the issuance of an order to commence and carry on business. The order will not be issued until any outstanding concerns have been addressed, and as noted above, the letters patent will lapse if an order to commence and carry on business is not made within a year of the issuance of the letters patent. The same approach applies to foreign bank branches and there is also a requirement for the Minister to consult with the Superintendent to determine that the applicant is a bank in the jurisdiction under whose laws it was incorporated and is regulated in a manner acceptable to the Superintendent; and that the applicant’s principal activity is the provision of financial services, or services that would be permitted by this Act if they were provided by a bank in Canada before making an order to establish a branch (subsection 524(4)). Note that a bank or foreign bank branch will generally only be able to accept deposits when authorized by the Superintendent, which is reflected in the order to commence and carry on business (section 53 and subsection 534(5)). Provision of information In respect of the licensing authority providing the supervisor with material information, the Bank Act states that a bank/branch application shall be filed with the Superintendent (subsections 25(1) and 525(1)). Because of the nature of the relationship between OSFI and the federal Department of Finance (i.e., the Superintendent makes recommendations to the Minister in respect of letters patent of incorporation and an order to establish a branch and is directly responsible for the issuance of orders to commence and carry on business) the supervisor has in its possession all application materials and is the point of contact with the applicant throughout the licensing process. As such, OSFI has all information material to the supervision of the newly licensed bank and uses this information to make its recommendation to the Minister. The Minister does not receive the application material independently and is reliant on OSFI to supply relevant information to the Minister to permit the Minister to make the decision. Prudential conditions or limitations Pursuant to the Bank Act, the Minister has the ability to impose such terms and conditions in respect of the issuance of letters patent (subsection 28(3)), and the order to establish a branch (subsection 527(3)), as the Minister considers appropriate. This power would typically be exercised on recommendation of the Superintendent. Pursuant to the Bank Act, an order approving the commencement and carrying on of business by a bank or foreign bank branch may contain such conditions or limitations that are consistent with the Bank Act and relate to the business of the bank or branch as the Superintendent deems expedient and necessary (section 53 and subsection 534(5)). Furthermore, in relation to any approval, including that of issuing letters patent, the Minister or Superintendent may impose any terms, conditions, or undertakings that they consider appropriate (note that this power rests with the person responsible for approval) (section 973.02). In practice, OSFI obtains various forms of commitments and undertakings in the context of new entry applications. OSFI requires that a support principle letter be signed by the controlling shareholder(s) of a new bank upon entry (referenced in Instruction Guide for Incorporating Banks) in which they acknowledge that OSFI expects them to act as an ongoing source of financial, managerial and operational support. The letter’s effect is to provide a basis upon which OSFI can exert influence over the controlling shareholder. Where appropriate, OSFI may require that the controlling shareholder of a bank undertake to maintain a sufficient amount of common equity at the bank in order to maintain a certain capital level, risk based ratio or capital multiple. In addition, the Superintendent can apply to a court for an order directing compliance with the terms of such an undertaking (paragraph 973.04(2)(b)). In a recent application to establish a foreign bank branch, OSFI obtained an undertaking from the foreign bank to maintain a certain amount and type of assets in Canada to support Canadian liabilities in the event of wind-up. The assessors were able to look at commitments and undertakings that were required in relation to a number of applications for approval. All new banks are required to acknowledge and commit to their initial business plans. This is accomplished by way of the bank’s CEO acknowledging and committing (in writing) to the following: “If the bank intends to deviate materially from the Business Plan or any subsequent business plans the bank has submitted to OSFI, the bank will advise its OSFI Relationship Manager by written notice of that intent early enough in the conceptual and/or development stage to allow OSFI sufficient time to assess the impact on the supervisory and regulatory risk profile of the bank.” This commitment letter has also been expanded in recent cases to permit enhanced monitoring by OSFI. Where OSFI has supervisability concerns, it can designate persons or entities as related parties (see CP20) or require that a bank holding company be created under the Bank Act to hold the banks in the group. The assessors saw evidence that OSFI has in fact exercised this power in order to facilitate its overall supervisory oversight of the wider group. Another mechanism that has been used consistently to deal with supervisability concerns is an information undertaking and the assessors saw examples of such undertakings. Such undertakings help in assessing group-wide risk as well as in identifying possible contagion risk. These undertakings are provided by the ultimate controlling shareholder of the bank and provide access to information on group entities that are financial in nature and are not controlled by the bank, as well as notifications where a financial services entity is to be acquired by a group entity not controlled by the bank. In addition to an information undertaking, where the ultimate controlling shareholder is an unregulated entity and the group is primarily engaged in financial activities, OSFI may require an undertaking that imposes the calculation of certain capital ratios by the ultimate controlling shareholder and notification where the ratios do not accord with OSFI’s expectations. |
| EC2 | Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or supervisor determines that the licence was based on false information, the licence can be revoked. |
| Description and findings re EC2 | The Bank Act sets out licensing criteria and the ability to reject or revoke an application. The issuance of letters patent by the Minister and the order to commence and carry on business by the Superintendent are discretionary powers. Licensing criteria—banks The Bank Act sets out criteria the Minister will take into account before issuing letters patent to incorporate a bank, including “all matters that the Minister considers relevant to the application” (section 27). These criteria include (not limited to):
Where a proposed bank would be a subsidiary of a non-WTO member foreign bank, the Bank Act specifies that the Minister may only issue letters patent if reciprocal treatment is accorded to banks to which the Bank Act applies in the foreign bank’s home jurisdiction (section 24). The Bank Act sets out that, in respect of an application for letters patent, the Superintendent has the authority to request such information, material and evidence the Superintendent requires. An applicant must also publish notice of its intention to apply to incorporate a bank (section 25). The Bank Act sets out that the Superintendent must not issue an order to commence and carry on business to the newly incorporated bank until he or she is satisfied that, among other listed requirements, “all other relevant requirements of this Act have been complied with” (section 52). Note that the Bank Act states that, in addition to any matters or conditions provided for in the Bank Act that are relevant to the granting of an approval and to any prudential considerations the Superintendent considers relevant in the circumstances, the Superintendent may, in considering whether to grant the approval, take into account all matters that he or she considers relevant in the circumstances, including national security and Canada’s international relations and international legal obligations (subsection 973.01(2)). The Bank Act prevents governments, or agencies thereof, from applying to incorporate a bank (section 23). Other ownership restrictions are set out in Part VII of the Bank Act. OSFI’s Instruction Guide for Incorporating Banks sets out prudential requirements designed to help ensure safety and soundness, and legislative requirements. The Guide identifies the legislative criteria an applicant must meet to incorporate and commence operating a bank, the information that must be submitted in support of an application and the procedures to be followed in making an application. Note that the information requirements are not necessarily all-encompassing, as OSFI has the power to request additional information as circumstances require (section 25). In practice, specific information is requested that is relevant to the business model proposed by the applicant. Licensing criteria—foreign bank branches The Bank Act sets out criteria the Minister will take into account before making an order to establish a foreign bank branch, including “all matters that the Minister considers relevant to the application” (section 526). In developing a recommendation to the Minister in respect of the issuance of an order, OSFI takes into account the legislative criteria as well as any other matters it deems relevant. As set out above, subsection 973.01(1) is also applicable here. OSFI’s risk tolerance for foreign bank branch entry is higher than for new incorporations given the legal status of a branch (i.e., not a separate legal entity) and the sophisticated nature of depositors (a branch is only permitted to accept deposits greater than or equal to $150,000). The Bank Act specifies that the Minister may only make an order if, where the application is made by a non-WTO member foreign bank, reciprocal treatment is accorded to banks to which the Bank Act applies in its home jurisdiction (subsection 524(3)). The Bank Act also specifies that the Minister may only make an order if, after consultation with the Superintendent, the Minister is of the opinion that the applicant is a bank in its home jurisdiction and is regulated in a manner acceptable to the Superintendent and its principal activity is the provision of financial services or services that would be permitted by the Bank Act if they were provided by a bank in Canada (subsection 524(4)). The Bank Act prohibits a foreign bank from establishing a branch in Canada if the foreign bank or any of its affiliates/substantial investments engage in personal property leasing activities in Canada in which a bank or its investments would not be permitted to engage (section 524.1). The Bank Act sets out that, in respect of an application for an order to establish a branch, the Superintendent has the authority to request such information, material and evidence the Superintendent requires. An applicant must also publish notice of its intention to apply for an order to establish a branch (section 525). The Bank Act states that the Superintendent may make an order to commence and carry on business only if satisfied that the branch has deposited specified assets in Canada, submitted a power of attorney for the branch’s principal officer and complied with all other relevant requirements of the Bank Act (subsection 534(3)). As set out above, subsection 973.01(2) is also applicable here. OSFI’s Guide to Foreign Bank Branching sets out the legislative criteria that must be met by a foreign bank to establish and operate a foreign bank branch in Canada, as well as the specific information that must be submitted to OSFI in support of an application as well as the procedures to be followed in making such an application. Note that the information requirements are not necessarily all-encompassing as OSFI has the power to request additional information as circumstances require (section 525). Power to reject an application The Minister and the Superintendent are not obliged by the Bank Act to issue letters patent and the order to commence and carry on business, respectively, and thus have the power to reject an application (sections 22 and 49). Pursuant to the Bank Act, the Superintendent must not make an order approving the commencement and carrying on of business by a bank more than one year after the day on which the bank comes into existence (subsection 52(2)). Therefore, where the requirements to satisfy the issuance of an order to commence business have not been met and the year timeframe expires, the letters patent will lapse and the bank will cease to exist (section 57). As in the establishment of a bank, the Bank Act grants the Minister and Superintendent discretionary power to establish a branch and issue the order to commence and carry on business (subsection 524(1) and 534(1)). Pursuant to the Bank Act, the Superintendent must not make an order approving the commencement and carrying on of business by a branch more than one year after the day on which the branch is established by Ministerial order (subsection 534(9)). Therefore, where the requirements to satisfy the issuance of an order to commence business have not been met and the year timeframe expires, the order establishing the branch is revoked (subsection 534(10)). In respect of revocation in the case of false information, see details under EC1. In particular, the Bank Act provides authority to the Minister and Superintendent to revoke any approval (section 973.03). In addition, it is an offence under the Bank Act to knowingly provide false information in relation to any matter under the Act or Regulations and punishment is set out (fines, prison) in respect of offences (sections 980.1 and 985). OSFI confirmed that should a license (or indeed other approval) have been obtained on the basis of false information then OSFI can move immediately to revocation. It should be noted, though, that the close contact and on-site pre-commencement reviews in the period between the issuance of the letters patent and the order to commence business would have the likely effect of making the possibility of obtaining a licence on false information quite limited. |
| EC3 | The criteria for issuing licences are consistent with those applied in ongoing supervision. |
| Description and findings re EC3 | The criteria noted in EC2 above apply, as relevant, on an ongoing basis for banks and foreign bank branches. Pursuant to the Supervisory Framework (referenced in Instruction Guide for Incorporating Banks), OSFI applies a risk-based approach to assessing bank/branch safety and soundness on a consolidated basis, focusing on higher areas of risk. For each activity that OSFI identifies as significant, OSFI assesses the level of risk, and considers the impact of risk mitigation by evaluating the quality of risk management. This approach, as used with existing banks/branches, is mirrored in the assessment of new bank/branch applicants. As an example, one of the Ministerial considerations under the Bank Act in respect of the issuance of letters patent to a bank is the nature and sufficiency of the financial resources of the applicant as a source of continuing financial support for the bank (paragraph 27(a)). To determine required capital for the bank, OSFI requires that applicants prepare a draft Internal Capital Adequacy Assessment Process report (ICAAP) (using OSFI’s ICAAP Guideline) in the same format as existing banks. The ICAAP determines the new bank’s required capital in the same manner as it does for an existing bank. |
| EC4 | The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis. The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future. |
| Description and findings re EC4 | In the course of its review, OSFI determines that the structure of the bank and its group will not hinder effective supervision and, where appropriate, the effective implementation of corrective measures in the future. This concept is underpinned in particular by section 27(g) of the Bank Act which requires the Minister to have regard to the opinion of the Superintendent with respect to whether the corporate structure of the entity may hinder supervision and regulation. Banks The Bank Act states that, before issuing letters patent to incorporate a bank, the Minister must take into account all matters that the Minister considers relevant to the application, including the opinion of the Superintendent regarding the extent to which the proposed corporate structure of the applicant or applicants and their affiliates may affect the supervision and regulation of the bank, having regard to the nature and extent of the proposed financial services activities to be carried out by the bank and its affiliates, and the nature and degree of supervision and regulation applying to the proposed financial services activities to be carried out by the affiliates of the bank (paragraph 27(g)). In assessing the extent to which the proposed corporate structure of an applicant may affect the supervision and regulation of a bank, OSFI considers, among others, the following factors: the proposed activities of the bank, the predominant nature of the group’s financial activities, the independence of the bank, and the regulatory oversight (if any) to which the group is subjected (Instruction Guide for Incorporating Banks). OSFI also considers whether the proposed corporate structure results in parallel-banking (i.e., a situation where two banks, under common control, are not subject to consolidated supervision). The risks identified by the Bank for International Settlements (BIS) with respect to parallel banking (i.e., self-dealing, group-wide risk, and contagion) also apply to circumstances where an OSFI regulated bank has, as sister companies, other financial institutions, and the bank and the sister company(ies) are not subject to consolidated supervision. Historically, OSFI has made use of various mechanisms to address supervisability concerns, including: the designation of related parties, business plan commitments, and, in one instance, the requirement that a bank holding company be created to hold the banks in the group. Another mechanism that has been used consistently is an information undertaking, as discussed in EC1. The ultimate goal of supervisability undertakings is to obtain a view of the consolidated risk in the group, with a view towards being able to promptly ring-fence the bank if necessary. Pursuant to the Instruction Guide for Incorporating Banks, OSFI receives information relating to the ownership and financial strength of the applicant, including an organization chart (and details of these other entities) for all entities in the corporate group. Using this information, OSFI assesses the ownership structure, determining its transparency/complexity. Managerial/Operational – OSFI’s Corporate Governance Guideline sets out expectations regarding the relationships between a bank’s board, senior management and other stakeholders, and the system through which the strategy and performance of the bank are monitored. New banks are expected to comply with this Guideline at inception, and OSFI’s analysis of board and senior management composition (Instruction Guide for Incorporating Banks) and their respective roles as set out in draft mandates, policies and procedures assist in determining OSFI’s ability to supervise the new bank effectively. Effective oversight of the business and affairs of a bank by its board and senior management is essential to the maintenance of an efficient and cost-effective supervisory system (Corporate Governance Guideline). OSFI’s Guideline B-10 Outsourcing of Business Activities, Functions and Powers sets out expectations for a bank applicant that contemplates outsourcing one or more of its business activities to a service provider and further states that OSFI’s supervisory powers should not be constrained, irrespective of whether an activity is conducted in-house, outsourced or otherwise obtained from a third party. Pursuant to the above, and as set out in the Instruction Guide for Incorporating Banks, OSFI determines, where appropriate, that these structures will not hinder future corrective measures. Foreign bank branches OSFI places significant reliance on a foreign bank’s home regulators (see also EC10). As such, the Minister may make an order permitting the foreign bank to establish a branch only if the Minister is of the opinion, after consultation with the Superintendent, that the applicant is a bank in the jurisdiction under whose laws it was incorporated and is regulated in a manner acceptable to the Superintendent (subsection 524(4)). OSFI assesses the home jurisdiction’s framework of supervision and regulation to determine if OSFI will be able to effectively supervise the branch. OSFI considers the following factors, among others: Memoranda of Understanding between OSFI and the home regulator to facilitate the exchange of information; BIS and BCBS memberships; and recent FSAP reports. Pursuant to the Guide to Foreign Bank Branching, OSFI receives information relating to the ownership structure and financial strength of the applicant, including an organization chart (and details of these other entities) for all entities in the corporate group. Using this information, OSFI assesses the ownership structure, determining its transparency/complexity. Managerial/Operational—OSFI’s Corporate Governance Guideline recognizes that branches do not have boards and accordingly, it is inappropriate to apply the specific provisions of this guideline directly to branch operations. OSFI looks to the Principal Officer to oversee the management of a branch, including matters of corporate governance. Guideline E-4B (Role of the Principal Officer) describes OSFI’s expectations with respect to the role of the Principal Officer. OSFI’s analysis of the Principal Officer and other local/foreign bank management involved in the operation of the branch (see Guide to Foreign Bank Branching for information requirements) and their respective roles as set out in draft mandates, policies and procedures assist in determining OSFI’s ability to supervise the new branch effectively. OSFI expects the Principal Officer to retain overall accountability for the branch operations and where the Principal Officer does not have direct responsibility for a significant function this should be documented in written mandates/policies or service level agreements. Such arrangements would be considered outsourcing under Guideline B-10 Outsourcing of Business Activities, Functions and Powers. Shell banks Pursuant to the above comments and the following requirements in the Bank Act, OSFI does not license shell banks. Canadian law prescribes a number of conditions that a bank or a foreign bank branch must meet in order to commence operations (see below) which would have the effect of supporting the supervisor’s ability to supervise the institution effectively and impose corrective measures if necessary. Banks – The head office of a bank is to be situated in Canada section 237) and shareholders’ meetings must be held in Canada (section 136). At least one half of the directors of a bank that is a subsidiary of a foreign bank and a majority of the directors of any other bank must be resident Canadians (subsection 159(2)) and the directors must not transact business at a meeting of directors unless, in the case of a bank that is a subsidiary of a foreign bank, at least one half of the directors present are resident Canadians or, in any other case, the majority of the directors present are resident Canadians (section 183); although there is some flexibility for recognizing presence via telephone (subsection 2). Recent federal legislation implementing Budget 2013 removed residency requirements for committees. The CEO must also be ordinarily resident in Canada (section 196). With respect to record keeping requirements, bank records are to be kept in Canada and the Superintendent has the power to require a bank to process information in Canada (sections 239 and 245). Lastly, the bank’s central securities register must be maintained in Canada (section 251). Foreign bank branches – The Minister may only make an order to establish a branch if the applicant is a bank in the jurisdiction under whose laws it was incorporated and regulated in a manner acceptable to the Superintendent (subsection 524(4)). The principal office of the branch must be located in Canada (section 535). The branch must maintain a capital equivalency deposit (as described in EC6) in Canada with a Canadian financial institution approved by the Superintendent (subsection 534(4) and section 582). In addition, in specific circumstances where OSFI has prudential concerns, OSFI has required that the branch maintain additional assets in Canada. The branch’s Principal Officer must be ordinarily resident in Canada and branch records must be kept in Canada (section 536 and subsection 597(2)). |
| EC5 | The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed. |
| Description and findings re EC5 | In the course of its review, OSFI determines the suitability of major shareholders, the transparency of the ownership structure and initial/future capital sources. OSFI pursues checks to identify the ultimate beneficial owner (frequently a natural person) and are wary of the possibilities of disguised ownership. OSFI noted that in the course of due diligence they also involve the Royal Canadian Mounted Police whose forensic accounting capabilities can potentially be of assistance in this regard. Banks Any person that would have a significant interest in, and/or control of, a bank must receive approval from the Minister to acquire this significant interest/control (see BCP 6 for additional details in this regard). The considerations for this approval mirror the considerations which relate to licensing via letters patent. Pursuant to the Bank Act, the Minister considers the nature and sufficiency of the financial resources of the applicant as a source of continuing financial support for the bank, the business record and experience of the applicant and the character and integrity of the applicant, among other considerations (sections 27 and 396). OSFI’s recommendation in respect of the incorporation of a new bank and the acquisition of significant interest/control takes into account these legislative considerations. The Instruction Guide for Incorporating Banks sets out information requirements that assist in this determination. Suitability – OSFI requires (in the Instruction Guide for Incorporating Banks) that applicants provide details of whether the applicant has been the subject of any criminal proceedings or administrative sanctions. Where the applicant is a foreign financial institution, OSFI engages in discussion with the foreign regulator regarding suitability. Where the applicant is a corporate entity, OSFI engages the Canadian Security Intelligence Service (CSIS) to conduct a security assessment. Where individuals would have a significant interest/control in the new bank, OSFI obtains personal information, including curriculum vitae and a completed OSFI Security Information Form so that law enforcement (Royal Canadian Mounted Police (RCMP)) and intelligence (CSIS) agencies can conduct security assessments. OSFI also discusses with the applicant its commitment to the new bank, including expected rate of return. When a new shareholder is applying for approval to acquire a significant interest in a bank, similar criteria for suitability are applied. Where a financial services group wishes to establish a bank, OSFI expects the group to select as the applicant the entity through which most of the group’s banking business or financial activities is conducted. There may, however, be valid reasons for choosing another applicant in the group depending on the particular circumstances of the group. Please note that the Bank Act prevents governments, or agencies thereof, from applying to incorporate a bank (section 23). Transparency of the ownership structure—Pursuant to the Instruction Guide for Incorporating Banks, OSFI requires that an applicant identify all entities in the corporate group, entities in which the applicant beneficially owns 10 percent or more of the voting rights, details of any voting agreements that involve control of the applicant, and the names and personal details of all persons owning more than 10 percent of any class of shares or ownership interests in the applicant. Sources of initial capital/ability to provide additional support—OSFI requires applicants to provide evidence that the nature and sufficiency of the applicant’s financial resources are such that it would be capable of providing continuing financial support to the bank or that it would have access to financial resources to enable it to do so. An applicant is required to submit a capital plan and funding policies (Instruction Guide for Incorporating Banks) and corporate applicants are required to submit three years of audited consolidated financial statements for themselves and their ultimate parent. In the case of individuals that would control the new bank, OSFI may request net worth statements. Note that OSFI requires a Support Principle acknowledgement letter, usually from the controlling shareholder, with respect to supporting the operations and capital needs of the bank. In addition, paid-in capital must be deposited prior to the issuance of an order to commence and carry on business (section 52). Foreign bank branches Pursuant to the Bank Act, before making an order to establish a branch, the Minister must take into account the nature and sufficiency of the financial resources of the foreign bank as a source of continuing financial support for the carrying on of business in Canada, the business record and past performance of the foreign bank and the reputation of the foreign bank for being operated in a manner that is consistent with the standards of good character and integrity (section 526). In order to make a recommendation to the Minister in this regard, and pursuant to the Guide to Foreign Bank Branching, OSFI obtains details on the foreign bank’s ownership structure, financial information for the past five years, the most recent credit-rating agency reports on the foreign bank and any controlling company, and, for the past five years, details of any material regulatory actions, criminal convictions or breaches of statutory or other administrative or regulatory enactments. OSFI also obtains details of any refusal by regulatory authorities in any jurisdiction to permit the foreign bank from establishing or acquiring an entity, subsidiary or branch to carry on financial activities. Note that OSFI also engages in dialogue with the home country regulator/supervisor in respect of the aforementioned. |
| EC6 | A minimum initial capital amount is stipulated for all banks. |
| Description and findings re EC6 | The Bank Act stipulates a minimum initial capital amount for all banks. Banks—The initial paid-in capital of a bank must be at least $5 million or any greater amount specified by the Minister (paragraph 52(1)(b)). In practice, OSFI requires that initial capital be the greater of: $5 million; the total amount of capital required to remain above the applicant’s target risk-based capital ratio (as determined by the bank’s internal capital adequacy assessment process or ICAAP) for the longer of the first three years of the bank’s operations or until the bank is profitable under the base case scenario; or the total amount of capital required for the bank to remain below its authorized assets to capital multiple (with an appropriate buffer) for the longer of the first three years of its operations or until it is profitable under the base case scenario. Initial capital should be sufficient to cover expected losses during the first years of operation. Note that the deposit of paid-in capital is a condition that must be met in order for the Superintendent to make an order approving the commencement of business. The above practice also applies in the context of a continuance. Foreign bank branches—A foreign bank applying to establish a branch must demonstrate that its risk-based capital ratio meets the minimum international standards established by BIS and set out in OSFI’s Capital Adequacy Requirements Guideline. In addition, a full-service branch is required to maintain, on deposit in Canada, assets equal to at least 5 percent of the branch’s Canadian liabilities or $5 million, whichever is greater, and a lending branch is required to maintain assets on deposit equal to $100,000 (section 582). Pursuant to the Bank Act, the Superintendent may only make an order approving the commencement of business once the deposit has been made (subsection 534(3)). Guideline A-10 (Capital Equivalency Deposit) addresses capital equivalency deposits for foreign bank branches in respect of their business in Canada. The purpose of the capital equivalency deposit is to cover the costs of the liquidator in the event of a wind-up of the branch’s business in Canada. |
| EC7 | The licensing authority, at authorisation, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank. The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks. |
| Description and findings re EC7 | In the course of its review, OSFI evaluates proposed Board members and senior management as to expertise and integrity. Banks Pursuant to the Bank Act, the Minister takes into account whether the bank will be operated responsibly by persons with the competence and experience suitable for involvement in the operation of a financial institution (paragraph 27(e)). For directors, the Bank Act sets out residency requirements, disqualified persons, limitations regarding affiliated directors and limitations on directors who are employees of the bank or a subsidiary of the bank (sections 159, 160, 163, 164). OSFI conducts the fit and proper assessment at the point of licensing but not thereafter. Subsequent to receiving the letters patent and order to commence business the bank is deemed responsible for conducting fit and proper checks. OSFI sets out its expectations in the Guideline on Background Checks on Directors and Senior Management of FREs. It is a Bank Act requirement to keep OSFI updated on the composition of and changes to the Board (section 632). OSFI noted that it expects to be notified of any and all new board members. Also OSFI has the power to remove or suspend a director or senior officer of the bank (Section 647.1(1)) on fit and proper grounds. Finally, failure to meet OSFI’s expectations as set out in the Guideline would denote failure to meet prudential standards and would also trigger OSFI’s sanctioning powers. In order to make a recommendation to the Minister in respect of paragraph 27(e), and pursuant to the Instruction Guide for Incorporating Banks, OSFI obtains personal details, including curriculum vitae and details of any material regulatory actions or criminal convictions, for all directors and senior officers of the bank who will be responsible for oversight of the operations. An applicant must also provide a description of the composition of the board and its committees; its role, responsibilities, policies and practices; the mandate of the committees, and the self-assessment programs the board intends to put in place. OSFI’s Corporate Governance Guideline notes that there should be a reasonable representation of relevant financial industry and risk management expertise on a bank’s board and board committees. Additional details in this regard are set out in OSFI’s Supervisory Framework (esp. in the assessment criteria for the board of directors and senior management). OSFI also evaluates potential conflicts of interests on the board by looking at the individual directors’ employment and other directorships. OSFI obtains a completed OSFI Security Information Form from all senior officers and directors so that law enforcement (RCMP) and intelligence (CSIS) agencies can conduct security assessments. Where the fit and proper criteria are not met in respect of proposed board members and/or senior management, OSFI will inform the applicant, stating that these persons need to be replaced in order to move forward on an application. All new banks are expected to comply with relevant guidelines including the Corporate Governance Guideline at inception. OSFI assesses the strength of the board at the time of incorporation and the board’s effectiveness going forward. Post-authorisation, OSFI relies on the bank’s or foreign bank branch’s internal processes for assessing the ongoing suitability and integrity of these individuals. OSFI’s Guideline on Background Checks on Directors and Senior Management of FREs provides guidance to banks and foreign bank branches in this regard. Foreign bank branches Pursuant to the Bank Act, the Minister takes into account whether the proposed branch will be operated responsibly by persons with the competence and experience suitable for involvement in the operation of a financial institution (paragraph 526(e)). In order to make a recommendation to the Minister in respect of paragraph 526(e), and pursuant to the Guide to Foreign Bank Branching, OSFI obtains personal details, including curriculum vitae and details of any material regulatory actions or criminal convictions, for all senior executive officers and directors of the foreign bank directly responsible for oversight of the branch and for the Principal Officer and each officer who will work in the branch. OSFI also obtains completed OSFI Security Information Form from the Principal Officer and senior officers who will work in the branch so that law enforcement (RCMP) and intelligence (CSIS) agencies can conduct security assessments. Where the fit and proper criteria are not met in respect of specific persons, OSFI will inform the applicant, stating that these persons need to be replaced in order to move forward on an application. |
| EC8 | The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank. |
| Description and findings re EC8 | In the course of its review, OSFI analyses the strategic and operating plans of the proposed bank. As noted below the Instruction Guide for Incorporating Banks provides detail to firms on the information that they must submit for assessment which is carried out by OSFI in accordance with its Supervisory framework. Banks Pursuant to the Bank Act, the Minister considers the soundness and feasibility of the plans of the applicant for the future conduct and development of the bank (paragraph 27(b)). Pursuant to the Instruction Guide for Incorporating Banks, the business plan included in an application must contain an analysis of target markets, opportunities and competitors as well as the bank’s overall strategy for achieving success. The business plan includes an overview of each line of business and the products and services to be offered. An applicant must also describe any anticipated material outsourcing arrangements and ensure that they comply with OSFI Guideline B-10 Outsourcing. As part of the incorporation process, applicants provide a description of the major risk management and control processes and policies for the new bank as well as a description of board policies and practices, a conflict of interest policy and a description of the system of internal controls and policies the bank will follow to ensure legislative compliance, including compliance with legislation in respect of terrorist financing and money laundering. OSFI’s review of the aforementioned enables it to assess (pursuant to the Supervisory Framework) the proposed bank’s ability to manage and mitigate the risks inherent in its business activities and comply with the Bank Act, regulations and OSFI Guidelines. During the license review process, the scope of OSFI’s work includes a review of all policy statements that will govern the operations of the bank. This includes the outsourcing policy and a review of material outsourcing agreements to related or third parties as well as policies relative to money laundering and terrorist financing. The review also includes a full vetting of the characteristics of each of the risk management control functions, covering all aspects of corporate governance, risk management and the overall control environment. This review is conducted concurrently with the review of the business plan, to ensure that policy statement content is sufficiently comprehensive relative to the level of risk anticipated in the business plan. OSFI advises applicants seeking a bank license that any weaknesses in policies and procedures must be remedied before OSFI will grant an order to commence and carry on business. Foreign bank branches Pursuant to the Bank Act, the Minister must consider the soundness and feasibility of the plans of the foreign bank for the future conduct and development of its business in Canada (paragraph 526(b)). Pursuant to the Guide to Foreign Bank Branching an application must include an analysis of target markets and opportunities and an overview of each line of business and the products and services to be offered. The applicant must also identify the risks to which the branch will be exposed in executing its business plan and a detailed description of the risk management and control systems that will be utilized by the branch to control its risk exposure, and how these systems are integrated with those of the foreign bank on a global basis. The included description of branch management should indicate reporting lines back to the foreign bank and the level of involvement that senior foreign bank management will have in branch operations. OSFI’s review of the provided materials is similar to that undertaken for a proposed bank, including a review of policies relative to money laundering and terrorist financing. |
| EC9 | The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank. |
| Description and findings re EC9 | In the course of its review, OSFI analyses the proposed bank’s pro forma financial statements and projections. Banks Pursuant to the Instruction Guide for Incorporating Banks, as part of the business plan applicants are required to submit pro forma financial statements for the first three years of operations, contingency plans resulting from variations associated with key assumptions and a breakdown of all elements used to calculate capital ratios. An applicant must also provide details regarding the sources of initial capital and future capital in the form of a capital plan and funding policies. The assessment of the adequacy of financial strength is addressed in part through ICAAP (OSFI requires submission thereof in the application process) and, on the basis of required capital as determined by the ICAAP, OSFI requires that initial capital be sufficient to remain onside capital requirements until profitable (see EC6). Where a principal shareholder is a corporate entity, OSFI will review audited financial statements to determine financial strength and where a principal shareholder is an individual, OSFI will review net worth statements. Pursuant to the Instruction Guide for Incorporating Banks, OSFI may also seek a Support Principle acknowledgement, usually from the controlling shareholder, with respect to supporting the operations and capital needs of the bank. Foreign bank branches Pursuant to the Guide to Foreign Bank Branching, an applicant must provide pro forma financial statements for the first three years of the operations of the branch and a breakdown of funding requirements for the same period. A foreign bank applicant must also provide annual reports and copies of financial statements in the form submitted to the home supervisor for the last five years, detailed capital calculations according to the applicant’s home jurisdiction methodology and based on OSFI’s capital rules and recent credit-rating agency reports. (See EC5 and EC6.) OSFI also requires a foreign bank applicant to provide its current ICAAP (or equivalent document) as submitted to its home regulator. The adequacy of financial strength of the foreign bank applicant is also assessed through dialogue with the home country regulator/supervisor and independent research conducted by OSFI in respect of the applicant’s financial strength as well as the financial strength of the home jurisdiction. |
| EC10 | In the case of foreign banks establishing a branch or subsidiary, before issuing a licence, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision. |
| Description and findings re EC10 | Pursuant to the Bank Act, guidance and established practice, in the case of foreign banks establishing a branch or subsidiary, OSFI establishes that the home supervisor does not object and whether it practices global consolidated supervision. Foreign bank subsidiary (Schedule II bank)—The Instruction Guide for Incorporating Banks requires that, if the applicant is a foreign-owned financial institution, as part of its application it must provide information on the type and scope of supervision that applies in its home jurisdiction and whether it is subject to comprehensive consolidated supervision and regulation. The applicant is also required to confirm that its home regulatory authority is aware of its intention to establish a Canadian bank, and whether the applicant needs regulatory approval from the home regulator to do so. The name of the home regulatory contact must also be provided to OSFI. OSFI requires confirmation from the home regulator that it reports favourably on the applicant. In the course of OSFI’s review of the application, OSFI will contact the home regulator to confirm the applicant’s submissions in relation to the above, discussing consolidated supervision and the home regulator’s opinion regarding the applicant’s intention to establish a Canadian bank. OSFI may also engage in open-source research (recent FSAPs, other third-party reviews) and discussions with other host regulators in relation to the home supervisor’s practices regarding global consolidated supervision. Where OSFI is unfamiliar with a home country’s system of supervision and regulation we may prepare an internal home country report that covers, amongst other topics, regulation and supervision in the home country. While more common in relation to branch applications, OSFI may also ask the home country to complete a questionnaire that covers the home regulatory regime. Also note that the Bank Act specifies that the Minister must take into account the opinion of the Superintendent regarding the extent to which the proposed corporate structure of the applicant and their affiliates may affect the supervision and regulation of the bank, having regard to the nature and degree of supervision and regulation applying to the proposed financial services activities to be carried out by the affiliates of the bank (paragraph 27(g)). The assessors were able to review the questionnaire. Foreign bank branch—The Guide to Foreign Bank Branching requires that an applicant provide OSFI with contact information for its home regulator/supervisor and a statement from the home country supervisor consenting to the establishment of a branch. Similar to OSFI’s analysis of a foreign bank subsidiary, we contact the home regulator to confirm the applicant’s submission in relation to the above, discussing consolidated supervision and the home regulator’s opinion on the applicant establishing a branch. OSFI may also engage in open-source research (recent FSAPs, other third-party reviews) and discussions with other host regulators in relation to the home supervisor’s practices regarding global consolidated supervision. Where OSFI is unfamiliar with a home country’s system of supervision and regulation OSFI may prepare an internal home country report that covers, amongst other topics, regulation and supervision in the home country. OSFI may also ask the home country to complete a questionnaire that covers the home regulatory regime. Also note that the Bank Act specifies that the Minister may make an order only if he or she is of the opinion, after consultation with the Superintendent, that the applicant is a bank and is regulated in a manner acceptable to the Superintendent (paragraph 524(4)(a)). |
| EC11 | The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the licence approval are being met. |
| Description and findings re EC11 | The supervisory process leading up to the issue of the order to commence business requires close contact between OSFI and the institution. A pre-commencement on-site review is part of this process and can be extended as necessary to respond to issues that are identified – as the assessors noted from file review. The pre-commencement review will identify issues that need to be resolved prior to the issue of the order of commencement and also issues that will require monitoring and follow up immediately thereafter. Hence, when the new bank commences business there is a tailored supervisor program already in place. Business performance is measured against the business and strategic plans as presented during the license application process. Additionally, there are the standard sector wide regular quarterly monitoring procedures are designed to identify and evaluate the quantity and quality of business conducted by the new entrant during each quarter. Specific review procedures to assess compliance with commitments and/or undertakings entered into with OSFI at commencement of operations include: analytical review of performance against established metrics within the business plan; discussion with senior management and the board regarding performance against the business plan and; discussion with the new entrant’s Internal Audit and Compliance Division management regarding their respective reviews of the new entrant’s compliance with operating policies and all commitments and/or undertakings entered into with OSFI and/or the Minister at the commencement of operations. In addition, when a bank applies for an order to commence and carry-on business it must commit to providing adequate advance notification of any material proposed changes to the business plan that was submitted in support of the application for letters patent. |
| Assessment of Principle 5 | Largely Compliant |
| Comments | Entry into the Canadian banking system is a carefully vetted process either for domestically or foreign owned entities. OSFI’s risk tolerance around new entrants is low and focused on prudential and national security considerations as required by law. There have been only fifteen new entrants in the last five years. The criteria for licensing are established in law and articulated in OSFI guidelines. Licensing is a two step process, sometimes called a “two key” process in Canada. OSFI maintains prudential control over candidates for licensing as a bank. This means that although an applicant needs to obtain approval from both OSFI and the Minister in order to carry out business as a bank, in practice, the Minister’s approval is not and cannot be sought unless OSFI has already made a favourable prudential determination. Furthermore, the institution cannot commence business unless and until OSFI is satisfied that all prudential standards are met and the Superintendent issues the order to commence business. OSFI has established rigorous and well executed policies and processes surrounding the licensing process. Standards established for licensing also apply for ongoing supervision except in one regard. OSFI does not, after licensing, carry out a fit and proper assessment of new directors and senior management on an ongoing basis. In mitigation OSFI has issued guidelines outlining its expectations for the assessment of fitness, probity, integrity and skills for board members and senior executives. Banks are required to notify OSFI of new board members and senior executives and OSFI monitors the application of its guideline in the context of its normal supervision and has powers to remove directors or senior executives if deficiencies are identified. Nonetheless, the continuing “gatekeeping” role for the prudential authority is not being fully exercised by OSFI at present and it is recommended that the change to policy and practice is made in order to assess such individuals as and when they join the regulated firm. |
| Principle 6 | Transfer of significant ownership. The supervisor has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties. |
| Essential criteria | |
| EC1 | Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”. |
| Description and findings re EC1 | The Bank Act contains clear definitions of significant interest and control. Significant ownership The Bank Act states that a person has a significant interest in a class of shares of a bank if the aggregate of any shares of that class beneficially owned by that person and any shares of that class beneficially owned by entities controlled by that person exceed 10 percent of all the outstanding shares of that class of shares (section 8). The threshold to be considered a major shareholder under the act is 20 percent of voting shares or 30 percent of non voting shares (section 2.2). Control The Bank Act sets out the circumstances in which a person would be considered to control a body corporate (greater than 50 percent of the beneficial ownership of voting shares to elect a majority of the board), an unincorporated entity other than a limited partnership (greater than 50 percent of the beneficial ownership of the ownership interests and the person is able to direct the business and affairs of the entity) and a limited partnership (the general partner controls) (subsection 3(1)). A person controls any entity if the person has any direct or indirect influence that, if exercised, would result in control in fact of the entity. The Bank Act also specifies that a person who controls an entity is deemed to control any entity that is controlled, or deemed to be controlled, by the entity (subsection 3(2)). In relation to voting shares and ownership interests, securities beneficially owned by entities controlled by the person (subsection 3(3)) are taken into consideration. OSFI’s Advisory on “control in fact” provides guidance on factors that OSFI considers in determining whether control in fact exists in a particular situation and Rulings (2007-02, 2008-03) detail determinations of control in fact by OSFI in specific cases. Also note that Guidelines Respecting Control in Fact for the Purpose of Subsection 377(1) of the Bank Act describes the policy objectives and factors the Minister will consider in determining a specific application (under section 396(2)) regarding whether or not the acquisition of a significant interest more than 10 percent but less than 20 percent in a widely-held bank (a bank with equity of greater than twelve billion dollars) constitutes control in fact. Acting in Concert For the purposes of ownership of banks, the Bank Act deems persons “acting jointly or in concert” in respect of a bank’s shares, or in respect of the ownership interests of an entity that holds a bank’s shares, that these persons beneficially own, to be a single person who is acquiring beneficial ownership of the aggregate number of those share or ownership interests (section 9). Ownership Restrictions No person may be a major shareholder of a bank with equity of $12 billion or more (section 374) although there are some permitted exceptions, such as a regulated bank holding company that is itself widely held. A major shareholder of a bank is defined under section 2.2 as the beneficial ownership and control of entities with ownership greater than 20 percent of voting shares or 30 percent of non-voting shares. Moreover, no person can “control in fact” a bank with equity of $12 billion or more (section 377). A public holding requirement applies to any bank with equity of $2 billion or more but less than $12 billion. The bank must have at least 35 percent of its voting shares listed and posted for trading on a recognized stock exchange in Canada and not owned by a major shareholder (section 385). A Ministerial exemption with respect to this requirement is provided for in the Bank Act (section 388). In fact section 377.1(1) permits control of a bank with equity of less than twelve billion dollars subject to the approval of the Minister. |
| EC2 | There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest. |
| Description and findings re EC2 | Pursuant to the Bank Act, the approval of the Minister is required to acquire, or increase by at least 5 percent (in most cases), a significant interest in (directly or indirectly), and to acquire control of, a bank. The Ministerial considerations for this approval mirror the statutory Ministerial considerations for letters patent of incorporation (sections 373, 377.1, 382 and 396). Transaction Instruction A No. 23 (Acquisition of a Significant Interest and/or Acquisition of Legal Control of a Federally Regulated Entity) sets out information requirements and administrative guidance in respect of applications for significant interest and/or control. Absent Ministerial approval, the Bank Act prohibits the registration by a bank in its securities register of a transfer or issue of any share of a bank to any person where a significant interest would be triggered (section 379). Also note that, pursuant to the Bank Act, if a person does not seek the required significant interest or control approval, the Minister may, if the Minister deems it in the public interest to do so, direct the person to dispose of its shares (section 402). The Minister would take such action upon OSFI’s recommendation. The Bank Act states that the Minister may impose any terms and conditions in respect of an ownership approval that the Minister considers necessary to ensure compliance with the Bank Act (section 397). The Bank Act also contains the ability to impose any terms, conditions, or undertakings that the Minister considers appropriate (section 973.02). Please see BCP 5, EC 1 for OSFI practice in this regard. It should be noted that while the approvals discussed under EC2 are made by the Minister, it is OSFI to whom the application for approval must first be made pursuant to section 395. If OSFI does not recommend the approval to the Minister, then the application cannot be successful. |
| EC3 | The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership. |
| Description and findings re EC3 | The Bank Act provides the scope to reject applications for acquisitions of a significant interest to ensure that criteria comparable to those used in licensing banks are met as well as the ability to revoke, suspend or amend an approval where based on false information. As noted in EC2, the power of approval rests with the Minister. However, pursuant to the Bank Act, applications for approval of the Minister must be filed with the Superintendent and contain the information, material and evidence the Superintendent may require (section 395). As also noted above, and consistent with the approach to licensing, OSFI does not forward “negative recommendations” to the Minister. Hence a recommendation is only made for the Minister’s consideration if OSFI has made a favourable prudential determination. In respect of the power to reject such applications, section 396 states that, “the Minister, in deciding whether or not to approve the transaction, shall take into account all matters that the Minister considers relevant to the application,…” and goes on to set out specific considerations. OSFI takes these considerations into account in making its recommendation to the Minister. This Ministerial power may be exercised with discretion where these considerations, including any unlisted consideration the Minister considers relevant, are not met. As in licensing, in practice the Minister relies on OSFI’s analysis and recommendation in respect of whether to grant such an approval. The considerations listed under section 396 are the same Ministerial considerations as under section 27 (licensing). Please see CP 5, EC2. Where a change in significant ownership was based on false information, section 973.03 would apply. This section provides that the Minister may revoke, suspend or amend any approval granted by the Minister if he or she considers it appropriate to do so. In addition, it is an offence under the Bank Act to knowingly provide false information in relation to any matter under the Bank Act or Regulations and punishment is set out (fines, imprisonment) in respect of offences (sections 980.1 and 985). OSFI noted that, as with a licence obtained on the basis of false information OSFI would be able to act to remove or suspend the bank’s authorization or cease its business very quickly and would have a range of remedies at its disposal (see CP1 EC6 and CP11 for a wider discussion of potential remedies). |
| EC4 | The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. |
| Description and findings re EC4 | All domestic banks must submit an annual report of shareholders to OSFI, within 60 days of the annual general meeting of shareholders. The format of the report is not prescribed by OSFI and the supervisor does not look through to seek to identify possible ultimate beneficiary holdings. It may be noted that for major banks significant holdings are prohibited under law as banks with equity of $12 billion or more must be widely held and no person shall control in fact such a bank (subject to certain exemptions such as being held by a bank holding company that is itself widely held as discussed under EC1). As such this EC can be seen as is primarily applicable to the smaller banks. Ownership thresholds under the Bank Act are tightly drawn and prior approval is necessary for any acquisition of significant interest/control, meaning that OSFI ought to be in a position to maintain accurate information detailing significant shareholders or those that exert controlling influence. Note that the legislative definition of significant interest refers to beneficial ownership of shares by that person as well as by entities controlled by that person and that control includes control in fact (see EC1 and EC2). OSFI noted that reliance is placed on the bank to identify and seek approval where a proposed ownership change requires approval. In specific circumstances (e.g., supervisory concerns with a bank’s legislative compliance management system), OSFI obtains information regarding significant ownership/control from the bank or other sources. OSFI indicated that it might, for example, consult with the RCMP. In addition, regular on-going monitoring work by OSFI includes reviewing board minutes of banks and monitoring press /news articles relating to banks and their groups. It is also OSFI practice to prioritize and seek additional verifications regarding the status of significant shareholders whenever elements of dependency (for capital, managerial or other support) are observed. |
| EC5 | The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor. |
| Description and findings re EC5 | The Bank Act provides the power to address a change in control that has taken place without the necessary approval. Pursuant to the Bank Act, if a person does not seek the required significant interest or control approval, the Minister may, if the Minister deems it in the public interest to do so, direct the person to dispose of its shares (section 402). The Minister would take such action upon OSFI’s recommendation. Also note that the Bank Act prohibits the exercise of voting rights attached to the shares in question where a person has not sought the requisite significant interest or control approval (section 392). It would also be possible to process an approval after the fact per EC2. In addition, the acquisition of a significant interest/control without approval would be an offence under the Bank Act (section 980). The Bank Act sets out sanctions for offences, speaks to the ability of a court to order compliance and sets out the ability of the Superintendent to apply to a court for an order to comply or a restraining order (section 646, subsection 985(2) and section 989). |
| EC6 | Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest. |
| Description and findings re EC6 | Due to the widely held regime governing banks with equity of over twelve billion dollars, this notification would not be relevant for the majority of the banking system. However, it would be pertinent for banks with equity under the threshold. There is no specific requirement for banks to notify the supervisor of a material adverse change in major shareholder or controller. Instead, OSFI approaches the risk through its relationship management approach, in the context of which firms understand that OSFI is to be informed of any material issue that might impact the bank. The assessors discussions with banks supported the view that the major banks have a strong understanding of the need to inform OSFI in such an event. There is scope for a weaker understanding of OSFI’s expectation in the smaller banks. |
| Assessment of Principle 6 | Largely Compliant |
| Comments | The grading of this CP reflects two issues, namely the absence of periodic checking of ultimate beneficial ownership and lack of notification regarding any material adverse changes that would affect the suitability of a major shareholder. The issue concerning a prudential veto is not reflected in the grading and noted here for completeness. The comments on this issue should be read in conjunction with the comments found in CPs 2 and 7 and the recommendation as set out in CP2 applies here. OSFI maintains a close relationship with its regulated entities, and there are requirements for approval set out in the Bank Act, which would trigger notification to OSFI. All domestic banks are required to file an annual “Return of Shareholders” that shows the registered shareholders although this does not always identify beneficial shareholders. While this risk is significantly mitigated with respect of the major banks due to the widely held regime which prohibits such holdings/control, and because approvals are needed for changes resulting in increased control, it is a more meaningful issue for the smaller institutions and even small changes in shareholdings can act as a trigger to check on possible indirect or disguised holdings. It may be of particular assistance when a significant shareholder or controller reduces part of the shareholding, potentially bringing the holding below the threshold of significance or control. In the case of diminishing control, although the supervisory relationship is likely to lead to a notification, it is not an automatic guarantee the notification will take place or that the institution would understand that a notification is expected. It is recommended that OSFI consider whether to introduce a standard format for the annual shareholder reporting requirement. OSFI is recommended to look through the shareholding structure to identify ultimate beneficial ownership and thus be assured that larger scale disguised holdings are not being accrued. This practice should provide comfort that OSFI will be notified should indirect holdings or changes in ownership and control – whether increasing or decreasing – take place. There is no specific requirement for banks to notify OSFI of material adverse changes affecting the suitability of a major shareholder or controller. This risk is managed in the context of the supervisory relationship with the institution, and is, again, negligible in the context of the widely held banks but not necessarily so for smaller institutions. It is recommended that at a minimum OSFI reinforce the discipline through an explicit reporting requirement or supervisory guideline. An alternative would be to include the requirement to report to the Superintendent in the next revision of the Bank Act. Broadly, it should be noted that the ownership regime, which is triggered in the case of change of control, merger, amalgamation and acquisition, is drawn relatively tightly and thus changes discussed in this principle ought to trigger notifications and applications for approval which must be filed with OSFI pursuant to the Bank Act. It is not possible for a change of control to take place without triggering the provisions of the Bank Act. Importantly, however, the approval for change of ownership rests with the Minister and not the Superintendent. The Basel Core Principles do not require the supervisor to have final approval but do require that the supervisor should be able to prevent a change of control of a bank for prudential reasons. Clearly there are other considerations in play when the control and ownership of a bank is under discussion and not all relevant considerations belong to the supervisor. Canadian law ensures that the Minister is able to take additional appropriate factors into consideration before applying the final decision. Where the law is not clear is in respect of whether a “prudential veto” is in place. In terms of actual practice it is undoubtedly the case that the supervisory authority has a de facto veto. In practice, an application is not presented to the Minister unless the Superintendent is prepared to recommend the application on prudential grounds. In practice, OSFI does not make a “negative recommendation.” In fact, the Minister is generally not even informed by OSFI that an application has been submitted unless and until the supervisor is content that there is a reasonable prospect of success. Hence there is no practical opportunity for the Minister to overturn the supervisory judgment. Additionally, all evidence points to a close and collegiate approach between the relevant authorities. There is no evidence that the supervisory voice has ever been disregarded or overturned. However, the law (specifically section 396 (1) of the Bank Act) sets out matters for the consideration of the Minister. The law states that the opinion of the Superintendent must be taken into consideration in one specific respect (related to the supervisability of the proposed new structure) but the remainder of the considerations, such as the financial soundness, the fit and proper requirements and feasibility of the business plan, are prudential considerations where the Minister is invited to make his or her own determination separate from that of the Superintendent. While the assessors have full confidence in the de facto outcome that the Minister would not overturn the Superintendent’s view on prudential grounds, the law could more clearly separate the decisions that need to be made so that any prudential determination is made by OSFI and the final determination, which will incorporate additional relevant factors, rests with the Minister. For example, the current practice of OSFI passing an application to the Minister only when satisfied on prudential grounds could be codified in the law, and the considerations that the Minister takes are limited to purely non-prudential matters. |
| Principle 7 | Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision. |
| Essential criteria | |
| EC1 | Laws or regulations clearly define: |
| (a) | what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and |
| Description and findings re EC1(a) | To preface the discussion, it is worth noting that Canadian law has a general principle which seeks to avoid the necessity of dual approvals for the same transaction. Thus, the Bank Act permits exemptions to the need to acquire the Superintendent’s approval under this section if the transaction requires the Minister’s or Superintendent’s approval under a different section of the Act. For example, if the transaction were to trigger the provisions relating to ownership of a bank, then all the assessment and approvals would be carried out under the relevant provisions of the Act. |
| As an overview summary: Under the Bank Act, in contrast to the incorporation regime, the investment regime is not a “dual key” Minister/Superintendent approval system. Acquisitions of substantial investments in, or control of, entities are subject either to (i) the Minister’s approval only, (ii) the Superintendent’s approval only, or (iii) no approval. Under the investment regime, the Minister’s approval is required only in cases of acquisitions of substantial investments in, or control of, the following:
The acquisition of a “specialized financing entity”, which is an entity that makes merchant banking / venture capital investments, is subject to the Superintendent’s approval rather than the Minister’s approval. In more specificity, there are two main areas of regulation applying to and governing acquisition and investment by banks: material asset transactions and substantial investments. Material Asset Transactions The Material Asset Transaction regime under the Bank Act imposes a requirement for the approval from the Superintendent whenever the acquisition would exceed 10 percent of the total value of the assets of the bank. Substantial Investments Except as permitted under the Bank Act, a bank may not acquire control of, or a substantial investment in, another entity. Permitted investments are set out in the Bank Act (section 468) and may require prior approval from the Minister or the Superintendent ((subsection 468(5) and subsection 468(6)). One purpose of section 468 is to ensure that a bank cannot acquire an unregulated deposit taker. The list of permitted investments is wide and includes banks and other federally regulated financial entities. However, such investments fall under the approvals regime required by ownership (as discussed under CP6). In other words, if a bank were to seek ownership of all or part of another Canadian bank, it would require approval under the ownership regime as opposed to the investments regime. The intent and design of the act is that if a bank were to seek an investment in a financial entity it should generally obtain full control of that entity, and providing that where such an investment is in a Canadian bank, it must be compatible with the requirements governing the ownership of banks (ie the widely held regime). The definition of substantial investment, pursuant to the Bank Act, is if the bank, directly or via a subsidiary, acquires over 10 percent of the voting shares of an incorporated entity or over 25 percent of the ownership interests of an incorporated or a non-incorporated entity (section 10). The law is designed so that approval is required from the Minister or the Superintendent but not both. The authorities note that approvals required from the Minister are those that generally involve public policy considerations, while those required from the Superintendent as those that generally involve material market or credit risk (prudential) considerations. Where Ministerial approval is required, (as with the situation described in CP6) OSFI reviews the application for approval and provides its recommendation to the Minister. In practice, the Minister relies on OSFI’s recommendation. Certain permitted investments that would not generally raise prudential or policy concerns do not require supervisory approval. See EC1(b) and AC1. The Advisory on substantial investments provides an overview of how OSFI administers and interprets the substantial investment regime. Prudential Conditions As part of the approval process, the Bank Act allows the Minister or Superintendent to impose any terms, conditions, or undertakings in relation to an approval that the Minister or Superintendent considers appropriate (note that this power rests with the person responsible for approval) section 973.02). In addition, all investments by a bank in an entity are subject to the “reasonable and prudent person” standard (section 465), with a view to ensuring that banks do not expose themselves to undue financial or other risks via their investments. |
|
| (b) | cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital. |
| Description and findings re EC1(b) | Substantial Investments – No Approval The Bank Act defines cases for which prior supervisory approval is required and those for which no approval is required. Where no approval is required, laws or regulations do not reference notification after the acquisition or investment as the prudential issues arising from such acquisitions are limited nor are any public policy issues at play. Substantial investments that do not require prior supervisory approval, ie have been given an exemption, fit into the following four categories:
While neither law nor regulations specify notification requirements in respect of the above, the Advisory on substantial investments addresses notification in categories #1 and #2 above by noting that OSFI may review a bank’s investment in the course of its ongoing supervisory process, and may require a bank to provide detailed information regarding the investment. If prudential issues are identified, OSFI would require the bank to take appropriate corrective measures. While the Advisory on substantial investments speaks only to categories #1 and #2, as per the general understanding between OSFI and the large banks, there is open communication (hence advance notice) of all material acquisitions as any material transaction requires OSFI to assess its potential impacts on the bank’s risk profile and our supervisory actions / intervention. As such, OSFI receives advance notice on material acquisitions, regardless of any requirement for approval. Material Asset Transactions It is also important to note that where no approval is required under the investments regime, approval is required pursuant to the Bank Act where the bank acquires assets (including securities of an entity) valued in excess of 10 percent of the total value of the assets of the bank (section 482). This section acts as a backstop to ensure that even where an investment may fall into one of the four categories described above, it will be subject to prior supervisory approval if it is material. |
| EC2 | Laws or regulations provide criteria by which to judge individual proposals. |
| Description and findings re EC2 | Advisory The law is broadly drawn and indicates that the Minister may take into consideration matters relevant to the granting of an approval. Where the Minister’s approval is required for the acquisition of a large foreign financial institution, the law also indicates the Minister may take into consideration matters including the stability of the financial system in Canada and the best interests of the financial system in Canada. The law itself does not provide criteria in relation to acquisitions requiring the Superintendent’s approval. However, the Regulatory and legislative Advisory on substantial investments_sets out primary criteria to ensure that the proposed investment would not expose the bank to undue risk or hinder OSFI’s ability to supervise the bank, as set out in the. The advisory provides substantial information on the types of investments permitted, the criteria that are considered by the authorities and also strongly highlights the fact that the institution should notify OSFI in the event it is considering an investment that would trigger the provisions of the Act. |
| EC3 | Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future. The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis. |
| Description and findings re EC3 | Advisory As mentioned in EC2, the Advisory on substantial investments provides that the approval process permits OSFI to ensure that the proposed investment would not expose the bank to undue risk or hinder OSFI’s ability to supervise the bank. The assessors reviewed files that illustrated the steps OSFI took to ascertain and ensure adequate control of risk. Transaction Instructions The transaction instructions for requests for Superintendent or Ministerial approval in relation to substantial investments (DA No. 13, A No. 8) and asset transactions greater than 10 percent of the bank’s assets (DA no. 18) specify that OSFI may request information to satisfy itself that the effective implementation of corrective measures in the future will not be hindered. This could include information in respect of recovery and/or resolution. Consolidated Supervision The Superintendent and Minister have the discretion to refuse approval where the criteria for approval are not met. This discretion includes circumstances where OSFI is not satisfied that it would be able to exercise adequate consolidated supervision. A bank is required to obtain approval to directly acquire control of, or acquire or increase a substantial investment in, a PFFI. The Advisory on substantial investments notes that OSFI’s approval process includes assessing the regulatory framework that applies to the PFFI being acquired (i.e., the “host country” regulator post-acquisition). If prudential issues are identified, OSFI may enter into an agreement with that regulator concerning the activities of the PFFI being acquired, or any other matter OSFI considers appropriate (subsection 470(3)). In addition, OSFI can require the bank to provide undertakings concerning the PFFI, addressing access to information and the investment activities of the PFFI, for example (section 470). Note that, under the Bank Act, a bank must not control a PFFI unless it obtains an undertaking from the PFFI to permit access to records (subsection 470(4)). OSFI (pursuant to the transaction instructions noted in EC2) receives foreign regulatory contact information and, as necessary, assesses country-specific factors in the review of acquisitions (including the existence of a memorandum of understanding with a foreign regulator). |
| EC4 | The supervisor determines that the bank has, from the outset, adequate financial, managerial and organisational resources to handle the acquisition/investment. |
| Description and findings re EC4 | The information requirements for substantial investments include a detailed description of the business of the entity to be acquired, a business case (including rationale for investment, amount and type of consideration, anticipated impact of investment on capital adequacy), a business plan with three years financial projections, the most recent financial statements of the entity and, if applicable, the identity of the primary regulator other than OSFI for the entity, the regulatory contact person and details of any required regulatory approvals. Financial Resources: OSFI considers the amount and type of consideration paid, the impact on the bank’s capital adequacy (present and future impact) and the business plan for the acquisition (including three years of financial projections) in arriving at a determination. In addition, OSFI will consider any capital support expectations in respect of the acquisition, including any formalized capital support arrangements. Where a bank would be close to its supervisory or internal minimum capital targets as a result of the proposed acquisition, OSFI may consider the bank’s contingency plans that ensure it does not breach these targets. Managerial and Organisational Resources: OSFI considers the business activities of the proposed acquisition as well as the bank’s rationale for the transaction. OSFI will consider this information in relation to the bank’s business strategy and its familiarity with the bank’s managerial and operational strengths and weaknesses. OSFI has sought to apply a pre-emptive approach in this regard and the assessors saw files confirming that OSFI takes pains to confirm the ability of a bank to control a new investment. Transaction Instructions: OSFI’s website contains transaction instructions for requests for Superintendent or Ministerial approval in relation to substantial investments (DA No. 13, A No. 8), the extension of holding periods or divestiture periods for temporary investments (DA No. 15, 16, 17 and A No. 16, 17, 18) and asset transactions greater than 10% of the bank’s assets (DA no. 18). The transaction instructions set out information requirements and provide administrative guidance to applicants. The purpose of the information requirements is to obtain the information necessary for the Superintendent or the Minister to determine whether the proposed investment would expose the bank to undue risk or hinder OSFI’s ability to supervise the bank or where public policy considerations are raised, respectively. |
| EC5 | The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities. |
| Description and findings re EC5 | Legislative/Regulatory Perspectives The Bank Act provides that a bank must not engage in, or carry on any business, other than the business of banking and such business generally as appertains thereto (section 409). The investment regime for banks is, in essence, an extension of the business and powers regime and, subject to certain exceptions, restricts a bank’s investments to financial service entities. These exceptions permit a bank to invest in non-banking activities on a limited basis and include investments noted in the EC1(b) response (investments made by PFFIs, temporary investments, specialized financing investments) as well as investments in entities that engage in information technology services or services to members of the bank’s group. As noted in EC1(b), the Bank Act allows banks to make limited investments in non-permitted entities to enhance banks’ abilities to carry on merchant banking and venture capital activities (subsection 466(4)). OSFI recently surveyed Canada’s largest banks to gain awareness of the types of investments that are being made under the “Specialized Financing Regime”. This survey concluded that these investments do not pose material non-banking risks, as they are relatively small and are often financial in nature. Banks may invest in non-permitted activities also indirectly through a regulated provincial or foreign subsidiary, not just through a SFV (see section 466 (2)). They may also hold non-permitted investments on a temporary basis subject to subsection (3). While establishment of a Specialized Financing Entity does require Superintendent approval, approval is not required for non-financial investments made either directly by the bank or by a Specialized Financing Entity. Corporate Structure Perspectives The corporate structures for Canada’s largest banks (as at November 30, 2012, the five largest Canadian banks held 88 percent of market assets) all have the bank as the ultimate parent (i.e., there is no holding/parent company). In terms of considering the bank’s ability to manage risks prior to permitting investment; where there is an approval requirement OSFI would consider these risks in the context of its review of the request for approval. See EC1 for OSFI’s consideration of the risks where there is no approval requirement. With respect to investments where no approval is required there would be, by definition, no specific legislative permission, but OSFI can use prudential agreements (section 644.1), directions of compliance (section 645), staging, or moral suasion to remedy/mitigate any prudential risks arising from such investments. Some of the smaller Canadian banks are commercially owned (i.e., unregulated parent companies). The parent company and its investments (i.e., sister companies of the bank) are not subject to OSFI supervision and consequently OSFI has no direct legislative powers in relation to the activities/investments of these entities. However, at the time of licensing, OSFI considers the group’s activities in the context of supervisability (please see CP5 EC1 and EC4). Pursuant to the Bank Act, OSFI assesses the extent to which the group’s corporate structure may affect the supervision and regulation of the bank (paragraph 27(g)). In some situations, OSFI has obtained an undertaking at the licensing stage to address these concerns. The assessors saw numerous examples of undertakings. |
| Additional criterion | |
| AC1 | The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future. Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments. |
| Description and findings re AC1 | Legislative/Regulatory Perspectives Pursuant to the Bank Act definition of substantial investment, a substantial investment by a controlled subsidiary of the bank would be considered a substantial investment for the bank and is generally subject to approval, depending on the investment (section 10). See EC1, EC2 and EC3. The exception to this control is when the investment is made by a provincially/foreign regulated financial subsidiary. Nonetheless OSFI expects to be advised by the bank of material acquisitions/investments made by the provincially/foreign regulated entity and reviews as necessary. This expectation is stated strongly in the OSFI Regulatory and Legislative Advisory on substantial investments. OSFI’s approval process for the acquisition of a PRFI includes assessing the regulatory framework that applies to the PRFI being acquired. Where an acquisition or investment is not subject to approval under the substantial investments regime, it remains subject to approval if the investment involves acquiring assets that represent more than 10 percent of the bank’s consolidated (pre-acquisition) assets. In order for investments made by a bank subsidiary to expose the banking group to undue risk or hinder effective supervision, OSFI generally expects that the investment/acquisition is large enough to trigger this approval. Where no approval is required, the Superintendent could – ex ante – use prudential agreements (section 644.1), the issuance of divestment orders where prudent person standards are not met (section 480), “staging” (see CPs 8, 9 and 11) or moral suasion to address risks to the bank arising from downstream acquisitions/investments. For acquisitions or investments subject to approval, the approach discussed in EC3 applies to OSFI’s determination in relation to future corrective measures. Corporate Structure Perspectives As noted in EC5, the corporate structures for Canada’s largest banks all have the bank, which must be widely held, as the ultimate parent. However, some of the smaller Canadian banks are commercially owned. For these smaller banks, OSFI has no direct legislative powers in relation to the activities/investments of the parent company and its investments (i.e., sister companies to the bank). However, at the time of licensing, OSFI considers the group’s activities in the context of supervisability (see BCP5 EC1 and EC4). Depending on the group’s structure and activities, OSFI may request information undertakings from group members, or may also impose other prudential limits. The assessors saw examples of such undertakings. These undertakings are typically provided by the ultimate controlling shareholder of the bank and provide access to information on group entities that are financial in nature and are not controlled by the bank, as well as notifications where a financial services entity is to be acquired by a group entity not controlled by the bank. Information undertakings allow the opportunity for OSFI review where no approval is required and help in assessing group-wide risk as well as in identifying possible contagion risk. |
| Assessment of Principle 7 | Compliant |
| Comments | The Bank Act sets clear limits upon and requirements for Ministerial approval of major acquisitions carried out by banks. Where an acquisition is subject to Ministerial approval, the regime of acquisition and investment is implemented through OSFI and the Minister acting in conjunction as the preparation work for approval on prudential grounds is performed by OSFI and a recommendation to the Minister for approval is only put forward if OSFI is satisfied it is suitable to do so. In carrying out its assessment OSFI considers all the requirements of prudential soundness, including the future supervisability of the group following the acquisition. There is no approval required for acquisitions made through a foreign or provincially regulated subsidiary. Such approval is not required for compliance with the principal. However, lack of an approval process exposes OSFI and the bank itself to the risk that acquisitions are approved by foreign regulator with differing standards or powers. While in practice banks are likely to seek informal OSFI endorsement, and OSFI would, at the consolidated level, have powers to put pressure on the bank (see CP11) to require tighter management standards around the indirect subsidiary, or in extremis, to divest, it would be preferable to remove this exemption from the Bank Act and ensure that OSFI holds a clearly defined “gatekeeper” role to review the entire group structure for the federally regulated entities. In common with the ownership regime discussed in CP6, where approvals are required from the Minister, it is unclear that there is a “prudential veto” securely in place. Again, this issue is mentioned here for completeness of the picture and should be read in conjunction with CPs 2 and 6. The recommendation set out in CP2 applies here. It is also noted that the regulatory and legislative advisory issued in respect of substantial investments is dated 2003 and while the contents remains current, the authorities may wish to review and refresh the document to ensure that the prudential criteria are as clear as possible. |
| Principle 8 | Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable. |
| Essential criteria | |
| EC1 | The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks:
|
| Description and findings re EC1 | OSFI’s Supervisory Framework, revision date December 2010, provides the overall supervisory approach that OSFI uses to supervise banks and banking groups in Canada. The Framework is designed to assist OSFI in meeting its statutory obligations as specifically set out in section 4 of the Office of the Superintendent of Financial Institutions Act (OSFI Act). OSFI’s supervisory approach is founded on seven principles which are set out in the Supervisory Framework. The principles are: focus on material risk; forward-looking, early intervention; sound predictive judgment (judgments must have a clear supported rationale); understanding the drivers of risk; differentiate inherent risks and risk management; dynamic adjustment; and assessment of the whole institution. The principles are articulated through the application of the Supervisory Framework in order to provide a consolidated assessment of risk to a bank. This assessment combines an assessment of earnings and capital in relation to the overall net risk from the banks’ significant activities, as well as an assessment of the bank’s liquidity. The composite risk assessment of a firm is built through analyzing the Significant Activities (which include significant enterprise-wide processes) of the group. Both qualitative and quantitative factors are used to assess the materiality or significance of an activity to the firm. OSFI uses various sources of information in this identification including the bank’s organization charts, strategic business plan, capital allocations, and internal and external reporting. Judgment is used in selecting significant activities, which may be chosen for quantitative reasons (such as the activity’s percentage of total bank assets, revenue, premiums written, net income, allocated capital, or its potential for material losses), and/or qualitative reasons (such as its strategic importance, planned growth, risk, effect on brand value or reputation, or the criticality of an enterprise-wide process). For each Significant Activity, the key risks inherent in the activity are identified and assessed. OSFI uses six categories of inherent risk: credit risk; market risk; insurance risk; operational risk; regulatory compliance risk; and strategic risk. OSFI does not view reputational risk as a separate category of inherent risk, but rather a factor to be considered in the assessment of each inherent risk category. The Quality of Risk Management is then evaluated based on how effectively the key risks are being managed within the Significant Activities to arrive at the Net Risk (low, medium, above average and high), and Direction of Risk (decreasing, stable, or increasing) for each activity. In assessing the Quality of Risk Management, both Operational Management and the independent Oversight Functions (ie Financial; Compliance; Actuarial; Risk Management; Internal Audit; Senior Management; and the Board) of an institution are reviewed. Once the Net Risks of Significant Activities have been assessed, the importance of each activity is taken into account to arrive at the level and direction of Overall Net Risk. The Overall Net Risk is a weighted aggregation of the Net Risks in the institution’s Significant Activities. Additionally, earnings, capital and liquidity are assessed as they are core to the viability and soundness of the institution and are rated as strong, acceptable, needs improvement, or weak, and their direction is assessed as improving, stable, or deteriorating. The Overall Net Risk, Earnings, Capital and Liquidity ratings are combined to determine the “composite risk rating” for the institution as a whole. The composite risk rating relates to the “intervention rating” (0–4) which is a key determinate in the intensity of the supervisory process. Supervisory intensity, restrictions and more onerous requirements apply when an institution is “staged” at level 1 or above. Hence, the methodology is designed to ensure that the intensity of supervisory work reflects the nature, size, complexity and risk profile of the bank, including the potential consequences of a bank’s failure. (More detail on the supervisory process is noted below in EC2). OSFI has also developed a Risk Tolerance Framework and supporting processes to identify institutions where OSFI’s utilization of resources should be higher and those where fewer resources can be allocated. The Framework considers risk in the context of loss to OSFI’s primary stakeholders, i.e., depositors, policyholders, and pension plan members. It also considers risk to OSFI’s reputation and credibility, which affect its ability to do its job. Moreover, as part of its broader work to update risk profiles, OSFI gathers information broadly from the external environment and industry to identify emerging issues. OSFI has an Emerging Risk Committee (ERC) with representation from all divisions within OSFI. Issues discussed by the ERC include both bank-specific and system-wide concerns. In terms of the risks posed by banks and banking groups to the soundness of the system, FISC and SAC provide the main fora for discussion. The recent guidelines on mortgage underwriting had been discussed between agencies to assess all system relevant issues. Resolvability is taken into consideration in the Risk Matrix analysis as a “significant activity” (as it is a core process). See EC6. |
| EC2 | The supervisor has processes to understand the risk profile of banks and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis |
| Description and findings re EC2 | OSFI’s supervisory processes are designed to be dynamic, iterative and continuous to guide its bank-specific supervisory work. OSFI’s documents including Supervisory Framework, Assessment Criteria and Corporate Governance Guideline provide for fuller detail than is possible here, but the outline of the processes and methodology is as follows: A supervisory strategy identifying the work necessary to keep the bank’s risk profile current is prepared annually for each bank. The strategy has a three year horizon with a fuller description of work for the upcoming year. The intensity of the work plan reflects the nature, size, complexity and risk profile of the bank, including the potential consequences of a bank’s failure. The OSFI supervisory year runs from April to end March and the main “planning season” takes place for all institutions in September, and is refreshed towards the end of the supervisory year in February. The supervisory strategy contains a summary of historic work carried out on the institution and supervisory activity is monitored against the plan. Planning and prioritisation for each significant activity and relevant oversight function is based on the net risk assessment of the activity (see EC1), the need to update OSFI’s information on the activity due to information decay, and the importance of the activity. The supervisory strategy explicitly documents the extent to which OSFI’s information and analysis is at risk from information decay and aged information is a sufficient basis to undertake a supervisory activity. As OSFI’s approach does not include a “baseline” guideline that states certain activities or reviews need to be carried out at least according to a minimum defined frequency, the information decay component of the annual process is very important. OSFI has not set formal, dated, cycles for supervisory activity as it wishes to avoid a mechanical approach to refreshing data and the potential to overlook growing risks between the review periods. OSFI’s also compares work across banks to ensure that assessments of risk for individual banks are subject to a broader standard, and that supervisory resources are allocated effectively to higher-risk banks and significant activities. Supervisory activity comprises: 1) monitoring (bank-specific and external), 2) limited off-site reviews, and 3) extensive on-site reviews that may include testing or sampling where necessary. In terms of ensuring a forward looking approach, OSFI periodically requires banks to perform specific stress tests which OSFI uses to assess the potential impact of changes in the operating environment on individual banks or industries. Capital is assessed based on the appropriateness of its level and quality, both at present and prospectively, and under both normal and stressed conditions, given the bank’s Overall Net Risk. In the case of foreign branches, OSFI considers the adequacy of capital equivalency deposits. The effectiveness of the bank’s capital management processes for maintaining adequate capital relative to the risks across all of its significant activities is also considered in the assessment. Banks with higher Overall Net Risk are expected to maintain a higher level and quality of capital and stronger capital management processes. With respect to liquidity, banks are required to maintain, both at present and prospectively, a level of liquidity risk and liquidity management processes that are prudent, under both normal and stressed conditions. As supervisory work is conducted, the Relationship Manager updates the overall risk profile of the bank and OSFI adjusts the work priorities set out in the supervisory strategy and annual plan, as necessary. The Risk Matrix and supporting documentation detail OSFI’s formal assessment of the bank’s associated safety and soundness, both current and prospective, including its business model. Key documents are subject to sign-off protocols within OSFI. The following are key documents maintained in OSFI’s supervisory process:
|
| EC3 | The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements |
| Description and findings re EC3 | OSFI supervisors assess compliance with prudential regulations and legal requirements as part of its normal supervisory work performed using the Superintendent’s general powers of information gathering and examination pursuant to sections 628, 643 and 644 of the Bank Act. Supervisors are provided with supervisory guides and assessment criteria to assist them in assessing inherent risk and controls and oversight of the risk. Both the regulatory compliance inherent risk in each of the bank’s significant activities and the quality of the oversight function in relation to the significant activity are assessed for each bank or banking group. The assessments of regulatory compliance for the inherent risks in each of the bank’s significant activities and compliance of the bank’s oversight and control functions are contained in various supervisory documents such as significant activity section notes, Compliance/Senior Management/Board section notes and the Risk Assessment Document (RAD). Following the assessments, supervisors make recommendations to the bank to address any concerns regarding risk, controls or oversight of regulatory compliance by the bank. The assessors saw examples of OSFI’s detailed recommendations to firms outlining how firms can achieve compliance. In addition, OSFI sets out requirements in the Corporate Governance Guideline and Legislative Compliance Management for banks to demonstrate that they properly manage compliance with prudential regulations and other legal requirements in all jurisdictions in which they operate. |
| EC4 | The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators. |
| Description and findings re EC4 | The ERC (noted above) assesses the macroeconomic environment, financial system, and industry trends including cross-sectoral developments and institution specific emerging risks on a regular basis. The ERC is composed of representatives from various divisions in the Supervision and Regulatory Sectors and meets at least monthly. Staff in the Risks, Surveillance and Analytics Division is responsible for day to day environmental scanning and coordinating the ERC meetings. OSFI staff commented that the ERC documents helped supervisors to understand cross cutting themes. On occasion, the work of the ERC triggered changes to supervisory plans, or specific projects. An assessment of brokered deposits was one such project that had been undertaken. Supervisors are required to specifically include an Operating Environment assessment in the RAD for the bank. This section highlights the key environmental and industry issues and trends that currently (or may potentially) affect the institution’s risk profile given its business model. The specific Significant Activities impacted, and the degree of impact, are identified, as well as the necessary follow up actions under the supervisory plan. Ongoing market surveillance and analysis also captures key emerging risk issues such as those related to residential lending (RESL). Where appropriate, more focused work is undertaken to fully understand the materiality of risks from both a systemic and bank-specific perspective. For example, market surveillance would include housing market performance including sub-sectors like condos and regional distribution, and related markets such as condo construction. RESL market analysis is often supplemented with bank-specific risk profiles. Examples would include: condo mortgage profiles, mortgage origination and related portfolio analysis including types of mortgages (insured, uninsured, bulk insured), and specific aspects such as IRB (internal ratings based) models and capital allocation. Bank exposure to condo construction financing is also undertaken. Regular meetings are held with various provincial regulators to enhance understanding of RESL issues that may be emerging outside the banks and which could impact market dynamics. Frequency of such meetings would be on the basis of the current risk assessment. The Heads of Agency meetings (see also CP3) also inform OSFI’s understanding of the non-bank financial sector though it may be noted that in Canada, significant parts of the “non-bank” sector, i.e., wealth management, mortgage trust, securities dealer, insurance, etc. are owned or controlled by the large Canadian banks. As such, OSFI, through consolidated supervision of banks/banking groups, is aware of activities in a large portion of the non-bank sector. The assessors confirmed that OSFI has contact with non-bank supervisors but communication was not necessarily consistent, but more ad hoc and sporadic. |
| EC5 | The supervisor, in conjunction with other relevant authorities, identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability |
| Description and findings re EC5 | The FISC, (see CP1 and CP3), which meets quarterly, is a senior level committee and is focused on matters relating to the supervision of financial institutions. OSFI also works closely with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), which is responsible for anti-money-laundering and anti-terrorist financing monitoring. OSFI’s Anti-Money Laundering and Compliance Division conducts assessments and reviews of the banks’ anti-money laundering and anti-terrorist processes and procedures, and shares its results with FINTRAC. The Superintendent meets, at least quarterly, with the Relationship Managers for the large banks and the ERC. These meetings include reports from the various specialist groups such as Credit risk, Operational Risk, etc. on trends. RMs also utilise information and analysis received from the Superintendent (or FISC, via the Superintendent or OSFI Executive) in their ongoing assessments. RMs and their teams will also incorporate the information and analysis from the ERC into their risk assessment of the bank or banking group. Conversely, through the Superintendent, the RMs and ERC share information and analysis with FISC. The ERC may recommend and co-ordinate any specific supervisory actions (information requests, guidance, advisories, etc.) necessary to address systemic threats. The assessors saw examples of risk identification by the ERC, including supervisory actions taken. |
| EC6 | Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business |
| Description and findings re EC6 | While CDIC has the lead role in preparing and assessing the banks’ Resolution Plans and OSFI is the lead on recovery plans, OSFI does incorporate the resolvability of an institution into its risk analysis. It is assessed in the context of the risk matrix as a “significant activity” (ie a critical process for the firm) and the analysis takes place through the line supervisors rather than through specialist groups not least to ensure integration into the core assessment of the bank/banking group. The first iteration of the Resolvability Plans was completed in 2012. Resolvability assessments are still at an “early stage”. CDIC will coordinate discussion of the Plans with OSFI and others. As part of its early intervention mandate, OSFI assesses an “Intervention Stage” of each bank. There are specific supervisory and regulatory measures attached to each stage rating. These measures are coordinated with CDIC, which has primary responsibility for resolution matters. The Guide to Intervention clarifies the interaction between the two agencies at each phase of deterioration and heightened distress of an institution. Supervisors are assisted by a dedicated crisis management team who provide overall guidance including liaison with the banks, CDIC, host supervisors, and domestic agencies. Banks and supervisors are provided guides, assessment criteria and core principles to assist in development and assessment of the Recovery Plans. As an example of work in this area, large Canadian banks submitted revised Recovery Plans in 2012, and OSFI undertook a comparative assessment of these submissions. In addition, OSFI facilitated discussions of the Plans with CDIC, Bank of Canada, Department of Finance and US and UK regulatory authorities. CDIC has the lead role in assessing the Resolution Plans of banks. In discussion with the banks most indicated that the process of working with the authorities had been arduous but had yielded some benefits for their own understanding. The authorities frequently commented that the workstreams created by this project had “shone a light” on banks which was seen as stimulating new supervisory perspectives. OSFI does not have the direct power to require a bank to restructure but, through use of “staging” is able to bring pressure to bear on firms if necessary and can also use such tools as prudential agreements, undertakings and indeed the requirement to assess supervisability of a group at inception. The assessors saw examples of feedback to the banks following the submission of the Recovery Plans, which not only included specific recommendations but also indicated areas of future work where OSFI will be likely to refine supporting guidance. As noted above, CDIC has the lead role in preparing and assessing the actual Resolution Plans of banks. The first iteration of the Plans was completed in 2012. Resolvability assessments are at “early stage”. CDIC coordinates discussion of the Plans with OSFI and others. |
| EC7 | The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner |
| Description and findings re EC7 | In addition to the Guide to Intervention, which provides details for each level of stress that a bank experiences, OSFI has formal crisis management guidance which is set out in a “Problem Situation Binder”. This includes crisis checklists, communication plans, information gathering, resolution options, holding company issues, and discusses the lender of last resort and payment systems. As noted above, the Guide to Intervention sets out the actions to be expected from OSFI and the CDIC at each “stage” of stress, from level 0 to 4: No significant problem; early warning, risk to financial viability; financial viability in serious doubt; and non-viability/insolvency is imminent. Once a firm has been “staged” it will experience intensified supervision, and be subject to a range of supervisory measures which may include: higher capital requirements, limitations on its business activities as well as having to pay an assessment fee. The Guide to Intervention also describes the level of involvement of the CDIC at each “stage”. Also, the FISC is kept aware of institutions that are staged, and the CDIC in particular. Hence, all federal institutions are well informed and have the ability to be well prepared should an institution experience acute stress. At a system wide level, the FISC and its sub committees also functions as a coordinating mechanism between authorities. The experience of the financial crisis demonstrated that the mechanisms and relationships between the authorities functioned well and were capable of being intensified very rapidly as the situation demanded. |
| EC8 | Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this. |
| Description and findings re EC8 | The regulatory perimeter established in the Bank Act is monitored closely by OSFI although it should be noted that while banking is a federal activity, by definition, deposit taking and lending can take place in provincially incorporated institutions under provincial law. Given that a number of approvals or notifications relating to change of activity or investment are required under the Bank Act, OSFI is typically notified of any significant corporate restructurings and will assess such proposals where regulatory approval is required. When Ministerial or the Superintendent’s approval is required, the Minister or Superintended has powers to require any undertaking that they consider appropriate, thus providing scope for addressing any potential arbitrage concerns. To date OSFI has not been aware of any requests for approval, or notification of restructuring that does not require approval, in which avoidance of the regulatory perimeter has been an issue. OSFI noted that this issue could arise in large asset transactions (see the CP 7 self-assessment) or in the context of related party transactions in the course of a restructuring (see the CP 20 self-assessment). In order to provide clarity of expectation and understanding to the industry, the OSFI Advisory: Business and Powers – Ownership Interests in Commodities explains the circumstances in which taking an ownership interest in commodities would be a permissible activity and prudential standards to be followed in respect thereof. The Superintendent of Financial institutions is a member of the Heads of Agencies (HoA) Committee. This Committee is chaired by the Governor of the Bank of Canada and also includes representatives from the Department of Finance, and four provincial Securities Regulators (the Ontario Securities Commission (OSC), Autorité des marchés financiers (AMF), Alberta Securities Commission (ASC), and British Columbia Securities Commission (BCSC)). This forum allows federal financial sector authorities and provincial securities market regulators to exchange information and views, and to coordinate actions on issues of mutual concern, such as on hedge funds, the ABCP market, OTC derivatives, and shadow banking and other perimeter of regulation issues. As part of its mandate, OSFI monitors and evaluates system-wide or sectoral events or issues that may have a negative impact on the financial condition of financial institutions. Where these system-wide issues relate to the conduct of bank-like activities being performed fully or partially outside of the regulatory perimeter (e.g., use of bankruptcy remote special purpose entities (SPEs) and the growth of ABCP), these issues are raised and discussed with the responsible authorities at HoA or other fora, such as the FSIC or the SAC. |
| Assessment of Principle 8 | Compliant |
| Comments | OSFI has developed an excellent supervisory approach that supports the analysis of risk from multiple perspectives and incorporates a forward looking time dimension. In particular the OSFI approach marries its risk analysis to a supervisory outcome that can be clearly communicated to the institution, through the use of the intervention rating and the “stages” of supervisory intensity should matters of concern emerge. In terms of continuing to evolve and further enhancing the supervisory approach and, in particular, in the light of designating six banks as domestically systemically important, some areas of OSFI’s practice may be worth more attention. In the context of the conglomerate groups especially, it is recommended that OSFI intensify its analysis of groups from a legal entity based perspective to complement the understanding yielded by the examination of significant activities. OSFI should also review its communication and coordination with non-bank regulators for entities within the consolidated groups. |
| Principle 9 | Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks. |
| Essential criteria | |
| EC1 | The supervisor employs an appropriate mix of on-site and off-site supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed. |
| Description and findings re EC1 | All supervisory work (on and off site) is conducted using the Superintendent’s examination powers defined in sections 643 and 644 of the Bank Act. OSFI’s Supervisory Framework provides the overall approach that OSFI uses to supervise banks and banking groups in Canada. See the summarized version of the Framework in the Description and findings re EC 1 in BCP 8 – Supervisory approach. There is no separation between the on and off-site functions. OSFI’s organizational model is risk-based and separates the line supervisors dedicated to banks and the specialists (credit, models, market risk, etc). The effectiveness and integration of on-site and off-site supervisory work is therefore assessed throughout the supervisory process and changes are made, if and when required. Either line supervisors or the specialist teams may go on-site though the specialist teams will include at least one member of the line supervisory staff to promote understanding and integration. The quality and effectiveness of supervisory assessments is supported by an extensive set of supervisory guides and tools (ie templates for documentation of OSFI assessments which are annotated with guidance to the supervisor with respect to issues that must be considered). The number, knowledge and experience of assigned staff are based on the size, nature, complexity and risk profile of each bank. A team of approximately seven staff is dedicated specifically for each of the six major Canadian banks. Supervisory staff are also supported by risk and risk specialist teams (e.g., credit, market, operational, corporate governance). The same supervisory staff perform the full range of supervisory work (light off-site to extensive on-site) for any specific bank. As noted in CP8, a Supervisory Strategy is prepared for each bank annually and outlines the supervisory work planned, both on and off-site. The assessors were able to review Supervisory Strategy documents for a number of major banks. The assessors were able to discuss the balance of on-site reviews with firms of different sizes. For major firms an extensive on-site program can be executed. One firm quoted 15 significant reviews over a two year period, for example. Smaller institutions, mentioned between three to six on-site reviews and follow up visits over the course of a year. OSFI indicated that its preference was to initiate scoping visits in order to assess whether resource intensive programs needed to be established. The flexibility of the supervisory strategy, in terms of being able to adapt it to emerging risks, was felt to be instrumental in mobilizing resources quickly into an institution. Firms with whom the assessors spoke indicated that OSFI had demonstrated effectiveness in identifying the risks that needed to be examined in greater depth. Firms also noted that OSFI’s practice of pressing firms to identify whether a deficiency in one area of the bank had been replicated in another was an arduous but successful discipline. |
| EC2 | The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions. |
| Description and findings re EC2 | The planning and execution of OSFI’s continuum of supervisory activities (including on-site and off-site) are supported by extensive supervisory guidance and supervisory tools. Supervisory strategies are developed at both institution and sector level accompanied by internal supervisory guidance on how to complete the Supervisory Strategy document for an individual bank, and on the planning process for Supervision Sector as a whole. As noted in CP8, the supervisory planning “season” takes place in September and is refreshed in February. This will include discussion with the risk specialists to build a view on what is needed at the institution and sectoral level. The resulting strategy documents act as the work plan for the year ahead, and the work year runs April to March. During the course of on-going supervision through the year, OSFI monitors the progress of its supervisory activities. Off-site and on-site supervision executed by the same supervisory staff. Relationship Managers (RMs), supervisors and specialists conduct supervisory work across the continuum described in the Supervisory Strategy document. RMs coordinate this on and off-site work and are responsible for approving and signing off on any letters sent to the banks. The planning process is designed to enhance the utilization of supervisory resources based on the size, nature, complexity and risk profile of the institution, and seeks to ensure that the activities are conducted on a thorough and consistent basis, with clear responsibilities, objectives and outputs. The assessors saw examples of quarterly monitoring documents prepared by OSFI which drew on the output of both off-site and on-site supervisory work. |
| EC3 | The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable and obtains, as necessary, additional information on the banks and their related entities. |
| Description and findings re EC3 | OSFI makes use of prudential returns (see CP10) but also internal documents prepared by the firm for its own management and control proposes, including risk policies, limit structures, audit and compliance reports, capital planning reports, including economic capital, policies and strategies supporting the operational management function of the firm such as organization and operational structure, data on resources, staffing and training; compensation policies and practices. The information is verified through comparing multiples sources, selective testing of controls and interviews with bank management. |
| EC4 | The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as:
|
| Description and findings re EC4 | OSFI undertakes a range of reviews and types of analysis which feed into the primary assessment documents: the Risk Assessment Document and Risk Matrix.
In terms of communicating findings to a bank, in addition to ongoing discussions with the bank’s management, OSFI communicates to banks through various formal, written reports. Annually, or as appropriate, the RM writes a Supervisory Letter to the bank. The Supervisory Letter is the primary written communication to the bank. It summarizes OSFI’s key findings and recommendations (and requirements, as necessary) based on the supervisory work that was conducted since the last Supervisory Letter was issued, and discloses or affirms the bank’s Composite Risk Rating. During the year, OSFI may also issue Interim Letters to the bank so as to provide the bank with timely feedback on issues arising from a specific body of supervisory work. The Interim Letter is sent to the appropriate senior manager within the bank, and a copy may also be provided to other individuals within the bank, if warranted. Regular and timely follow up by OSFI on matters in these letters is a specific part of its supervisory process and is evidenced by a Follow Up Document (FUD). This document contains a list of findings, recommendations and requirements that have been communicated to the bank. Follow up occurs during ongoing supervisory contact, for example as part of monitoring meetings. |
| EC5 | The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any |
| Description and findings re EC5 | OSFI’s Emerging Risk Committee (ERC), has a set of tools and reports developed specifically for the systemic review of emerging risks arising from the national and international environment. For a list of some of these tools and reports, see below. The ERC assesses the macroeconomic environment, financial system, industry (including cross-sectoral developments) and institution-specific emerging risks on a regular basis. The systemic risks identified by the ERC can result in OSFI requiring banks to take significant actions. OSFI’s liquidity reporting requirements for banks were developed as a result of ERC findings on systemic liquidity risks. OSFI regularly requires banks to complete OSFI system-wide stress tests, whether macro stress test, retail, recession etc. Follow up work deriving from findings of the ERC or as a result of banks’ own stress testing would be fed back to banks and followed up as part of the normal supervisory process (which requires specific protocols around follow up practices, including the Follow Up Document (FUD)). The assessors noted records of OSFI providing information on its forward looking analysis to a range of firms. |
| EC6 | The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk |
| Description and findings re EC6 | As noted in the Supervisory Framework, “OSFI uses, where appropriate, the work of others to reduce the scope of its supervisory work and minimize duplication of effort. […]effectiveness. For example, as supervisors do not perform audit work, they may use the detailed testing performed by a FRFI’s external auditor and Internal Audit function to help them assess the effectiveness of controls.” OSFI notes that the Framework specifically employs the word “use”, and not the word “rely” on, the work of internal auditors. OSFI further notes that one objective in assessing the Internal Audit function is to determine the extent to which it can use the work of this function to ensure that appropriate controls are in place and are being followed at the operational level. Specific OSFI requirements for internal audit are described in OSFI’s Corporate Governance Guideline and Assessment Criteria for Internal Audit. The assessment of Internal Audit is a regular part of OSFI’s supervisory work and is completed using a combination of on-site and off-site work. In addition, OSFI maintains regular and close contact with the Audit Committees within banks as one of its conduits for assessing the quality of the internal audit function. |
| EC7 | The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models |
| Description and findings re EC7 | Specific OSFI requirements and expectations for board governance are described in OSFI’s Corporate Governance Guideline and Assessment Criteria for the Board of Directors and Senior Management. OSFI has access to the institution’s board as necessary. For larger institutions, OSFI meets with senior management and the audit and risk committees of the board at least semi annually to discuss the results of its supervisory activities and other material issues. The meetings with the audit and risk committees are structured to enable OSFI to meet with the members of the committees without the presence of management, at the discretion of the committee or OSFI. OSFI executives, including the Superintendent, participate in these meetings. For smaller institutions, these meetings are arranged on an as-needed basis. In addition, for larger institutions, meetings are held quarterly with Chairs of audit and risk committees of the board as well as following significant activity reviews based on findings. As part of their monitoring work, OSFI supervisors will also typically meet on a quarterly basis with members of the Bank’s senior and middle management such as the Chief Audit Executive, Chief Risk Executive, Chief Compliance Executive, Business Unit Heads, etc. Meetings with members of the Bank’s board, senior and middle management also take place as part of supervisory review work on specific significant activities of the bank. The frequency of the meetings with senior management and board committees generally increases in cases where OSFI has material prudential concerns. OSFI will make recommendations to the Bank’s board, senior and middle management if significant problems or weaknesses are discovered as a result of the supervisory review work on the bank. All firms the assessors met with commented on the close level of contact maintained by OSFI, not only through these “set pieces” and formal follow up contacts but on a more day to day basis. The assessors reviewed materials demonstrating OSFI’s identification of material deficiencies in significant activities (“intervention notices”); the communication of findings to the Board and the effectiveness of the outcome. It was clear that if OSFI considered that progress on or remedy of deficiencies was not taking place then it was prepared to escalate the issue to the Board. The records indicated that this strategy was successful. The assessors were also able to confirm with banks with whom they spoke that OSFI maintained a “close touch” with the individual institutions. Every firm with which the assessors spoke referred to the regularity and frequency of OSFI contact with the Board (executive and non-executive), the senior management including Chief Risk Officers, heads of risk functions, heads of compliance, and the chairs of the significant committees (audit, group risk and compliance). Meetings are supplemented by regular planned telephone contact (such as weekly calls with the CRO of the larger firms, but regular contact even with smaller institutions). |
| EC8 | The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary |
| Description and findings re EC8 | There are specific supervisory guides and letter templates related to documentation and communication of supervisory findings, recommendations and requirements to the bank on a timely basis. In addition, after a review of a significant activity, or at least once a year, a management report is issued to the institution indicating whether there are any prudential issues that need to be addressed. In cases where a number of significant activities are reviewed in a year, the results of these reviews are also summarized in an annual report to the institution. Issuance of the reports is preceded by meetings with top management and, in the case of larger institutions and followed by meetings with the board (Audit Committee) in order to explain any issues and seek resolution. In the case of smaller institutions, OSFI also meets with the board (Audit Committee) if there are material prudential issues. OSFI’s Management Reports are addressed to the CEO and copied to the chair of the audit committee. As noted in EC7, OSFI will meet with the bank’s Board and will hold in camera sessions with the non-executive board members. Firms commented that they had had the experience that closing sessions with management at the end of a review might communicate a softer message than the formal written document but that OSFI has been responsive and adapted to this feedback. |
| EC9 | The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner |
| Description and findings re EC9 | There is a specific standard template that supervisors use to complete follow-up of actions taken by banks to address supervisory concerns, recommendations and requirements. The Relationship Manager (RM) for the bank has the overall responsibility for making sure that appropriate and timely follow up is completed on a regular basis. This follow up is typically done on a quarterly basis although it may be more or less frequent depending on the nature of the issue and the timing of the bank’s actions. When the recommendations for follow up action were set by the specialist risk teams, the teams must confirm “closure” although the RM has overall responsibility for monitoring progress on the recommendations or requirements in the follow-up activities. The RM will take appropriate supervisory escalation if issues have not been addressed adequately or within the agreed deadlines. Regular and timely follow up is a specific part of OSFI’s supervisory process and is evidenced by a Follow Up Document (FUD). This document contains a list of findings, recommendations and requirements that have been communicated to the bank. An item might remain on the FUD for an extended period and this is because it is almost always insufficient for a firm simply to have performed the follow up action and informed the supervisor. An item is closed and removed from the FUD only when OSFI has returned to the bank and is satisfied that the outcome of the changes are what was required. Firms confirmed that this is the OSFI practice. The follow up process includes escalation to more senior supervisory staff and/or bank management, as necessary. This includes escalation to the Board for more significant matters, as the assessors were able to observe in the records. |
| EC10 | The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements. |
| Description and findings re EC10 | While there are many provisions in the Bank Act that require banks to obtain the prior notice and/or approval of the Superintendent for transactions that could result in significant changes in their activities, structure and overall condition there is no specific requirement to notify OSFI of a material adverse development. Nevertheless, a list of provisions requiring notice or approval is contained the Schedule to the Administrative Monetary Penalties (OSFI) Regulations. There are over seventy potential infringements noted in the Schedule related to failures to notify OSFI/the Superintended as required by the laws or agreements. Sections 157 and 158 of the Bank Act describe the duty to manage and duty of care for all directors and officers of the bank. Section 328 of the Bank Act requires auditors to report to CEO and CFO on “any transactions or conditions …..affecting the well-being of the bank”. The Superintendent is required to receive a copy of this report. OSFI sets a clear expectation that senior management should keep OSFI informed regarding any significant or material developments at the bank in advance of the developments. For example, OSFI’s Supervisory Framework notes:
|
| EC11 | The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties |
| Description and findings re EC11 | The use of work of third parties is specifically described in OSFI’s supervisory methodology (e.g., page 3 of the Supervisory Framework and as quoted in EC6 above), and is supported by documentation regarding the nature of the work and the extent of its use. OSFI notes that it “makes use” of third party work rather than “relies” upon it. It is, though, rare for OSFI to commission third party work for which it bears the expense. More often OSFI will require a firm to have work carried out – sometimes the choice of provider can include the firm’s external auditor and on other times it may not. Depending on the circumstance, OSFI may insist on participating in the scoping of such work to ensure it will focus on the relevant issue or deficiency. OSFI has identified instances of incorrect advice having been given to firms by external consultants and is cautious in the use it makes of any third party work. |
| EC12 | The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action |
| Description and findings re EC12 | OSFI has developed, and is continuing to upgrade and evolve, a powerful system of reports showing key metrics available for an individual bank, peer group or total industry. There sixty standardized reports and supervisors can also develop and run ad-hoc reports – including creating bespoke peer groups (and covering tailored time horizons) - on an as needed basis. This is the Business Intelligence (BI) tool. OSFI supervisors use an Electronic Data Management System (EDMS) to store and manage all electronic information received from banks. This will include such items as management information and audit reports. Key Performance Indicator reports automatically highlight outliers, notable movements and breaches of any thresholds for supervisory follow up and attention. |
| Additional criteria | |
| AC1 | The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate. |
| Description and findings re AC1 | OSFI has established a quality assurance (QA) framework. The Quality Assurance Function will conduct two different types of reviews: Supervisory Process Reviews and Specific Reviews. Supervisory Process reviews will cover key components of the core supervisory process (Planning, Execution and update of risk profile, and Reporting and intervention) and are the primary focus of QA reviews. Specific reviews form a smaller part of the QA work and are intended to assess current areas of supervisory importance and important Supervision processes (e.g., Supervision Business Planning Process). Periodic audits by an independent Internal Audit (IA) department are able to complement the quality assurance performed by line management. IA audits supervisory work for consistent application of the supervisory methodology and effectiveness in executing the methodology across institutions. Results of these reviews are provided to line management and the Superintendent and are discussed with OSFI’s Audit Committee and are published on OSFI’s website. Action plans are developed to address identified weakness both in the methodology and in its execution. However, in practice, assessors noted that IA has only done one review of a specialist area (CMRAS) in last three years and no reviews of deposit-taking supervision more broadly. OSFI’s Practices Division also monitors development of practices by other regulators, with a view to enhancing OSFI practices, where necessary. |
| Assessment of Principle 9 | Compliant |
| OSFI has high standards of supervisory practice and a supervisory style and structure that is oriented around a close touch principle that is consistently delivered. This approach underpins OSFI’s ability to articulate and reinforce its supervisory expectations. OSFI is perceived as accessible to the industry and its willingness to listen was widely praised. While OSFI’s perceived lack of rigidity was appreciated, OSFI’s authority with the firms was confirmed. The close touch approach yields many benefits to OSFI in terms of supervisory outcomes but the challenge that always remains is that close understanding of the counterpart can lead to a loss of direction and momentum such that OSFI must guard against being slow to be assertive. Although OSFI employs a number of tracking systems, some of them, such as the “Follow Up Document”, do not necessarily lend themselves to prioritization or re-prioritization, if needed, of key issues and an overarching clear view of whether suitable progress is being made on supervisory issues. It is recommended that OSFI consider whether its internal monitoring systems could be enhanced to further support the overarching, and risk focused view of the institution as well as acting as a tool to maintain pressure on an institution as appropriate. Given the nature of the close supervisory relationships that have been established it is very unlikely that OSFI would be surprised by a material adverse development in an institution of which it had not been pre-notified. Nonetheless, the assessors identified at least one occasion on which an institution had not communicated to OSFI in advance and it is recommended that this discipline be enforced through an amendment to the Bank Act, to avoid any doubt on the obligations of the firm towards OSFI. Importantly OSFI does not see its processes or analytics as static but seeks to develop its capacities over time, whether by refreshing its processes, IT system or staff skill sets. |
|
| Principle 10 | Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts. |
| Essential criteria | |
| EC1 | The supervisor has the power to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk |
| Description and findings re EC1 | OSFI has strong powers for information gathering which permits it to require any data that is deemed necessary, either consolidated or solo. The legal powers are noted below. In practice OSFI collects consolidated data for all banking groups as well as the consolidated data for all sub-groups of regulated entities and solo data for the parent entities of banking groups. Major features of the legal framework are as follows: Section 628 of the Bank Act specifies that a bank shall provide the Superintendent with such information, at such times and in such form as the Superintendent may require. Subsection 643(2) specifies that the Superintendent or a person acting under the Superintendent’s direction
Additionally, there are many cases within the Bank Act where there is more specificity provided on a requirement for reporting by federally regulated financial institutions (FRFIs) including banks, such as the requirement to file a copy of its annual statement with the Superintendent (Section 312). OSFI is a consolidated supervisor and as such has access to all records within the legal structure of any financial institution over which it has regulatory authority. This includes all domestic and foreign subsidiaries, branches, trust companies and other legal entities. Much supervisory information is obtained through a standardized schedule of regulatory returns (financial or non-financial) that are completed by all banks. Capital adequacy, balance sheet, profitability, liquidity, market risk and asset quality are covered by standard prudential returns. Related party transactions and large exposures are not in the suite of standard information requirements from OSFI. OSFI also obtains direct management information from firms. This includes standing requests for information packages provided to the board and senior management reports. OSFI also undertakes targeted ad-hoc data calls as the supervisory need arises. Additional information is obtained from banks using FIC data, a shared database of banking information of common interest that is shared with peer agencies (Bank of Canada and CDIC). OSFI maintains many of the regulatory returns, and the Bank of Canada maintains those returns for which they are the primary user of the data. With respect to data on large exposures, OSFI monitors exposures through management information submitted by the banks. (See CP19). Formal regular reporting on related parties is not required from all firms. (See CP20). |
| EC2 | The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally |
| Description and findings re EC2 | Subsection 308(4) of the Bank Act states that a bank’s financial statements shall, except as otherwise specified by the Superintendent, be prepared in accordance with Generally Accepted Accounting Principles (GAAP), the primary source of which is the Handbook of the Canadian Institute of Chartered Accountants. The Canadian Accounting Standards Board adopted International Financial Reporting Standards (IFRS) for publicly accountable enterprises commencing 2011. All banks reporting to OSFI are required to use IFRS, as communicated in April 2008. As noted above, subsection 308(4) provides the Superintendent with the authority to specify accounting treatment other than that required by GAAP (which for banks is IFRS); however, OSFI has not specified accounting requirements that are contrary to IFRS. OSFI has issued a Manual of Reporting Forms and Instructions for Deposit-Taking Institutions. The Manual is the primary source for information on instructions for completing many of OSFI’s regulatory returns. The instructions posted on OSFI’s website are approved by the Financial Information Committee (FIC) and by OSFI’s subject matter experts. Instructions are administered by the FRFI Data Management Division, within OSFI’s Corporate Services sector. The deposit-taking institution (DTI) instructions are updated on an annual basis at minimum, based on changes that are either being requested by the regulator or by new/modifications to applicable accounting standards for the upcoming year, through the Annual Housekeeping Exercise (see EC12 for further details). The instructions do not restate the language/wording used in the IFRS Standards but rather refer each return to the applicable accounting standard within the IFRS manual, and also provide additional clarification that the regulator feels would benefit the financial institutions in filling out those returns. Banks and their chartered accountants are ultimately responsible for properly researching and understanding each applicable accounting standard and OSFI provides guidance as necessary. OSFI has also issued guidance on existing accounting practices. These guidelines, while consistent with IFRS, outline OSFI’s additional expectations with respect to identified areas of risk. The objectives of these guidelines are to ensure that bank accounting and reporting is prudentially sound and aim to encourage Canadian Banks to adopt international best practices as developed by the Basel Committee on Banking Supervision (BCBS). (Also refer to BCP 27). |
| EC3 | The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximises the use of relevant and reliable inputs and are consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes. |
| Description and findings re EC3 | IFRS is the basis for both external and regulatory reporting for banks, supplemented by OSFI guidelines where required. In addition to IFRS requirements, OSFI has specifically asked banks to follow two guidance documents relating to valuation practices:
In situations where models are relied upon to provide valuations, the Guideline outlines additional requirements. As per sections 8.11.2 and 8.11.8 of the Guideline, as well as the Implementation Note - Approval of Regulatory Capital Models for Deposit-Taking Institutions (2009), a bank must have an independent unit that is responsible for initial and ongoing validation of all internal models including those used for valuation purposes. When marking to model or using third-party valuations, the Guideline requires banks to have procedures in place for considering valuation adjustments. OSFI expects the following valuation adjustments/reserves to be formally considered at a minimum: unearned credit spreads (i.e., credit valuation adjustments), close-out costs, operational risks, early termination, investing and funding costs, and future administrative costs and, where appropriate, model risk. For regulatory capital purposes, valuation adjustments must also be considered for less liquid positions. OSFI’s risk-based Supervisory Framework supports the use of the work of others, where appropriate, to reduce the scope of its supervisory work, minimize duplication of effort and to enhance OSFI’s efficiency and its effectiveness. This includes, but is not limited to the reliance of the work of External Auditors with respect to the fairness of audited financial statements which include fair value estimates prepared in accordance with the requirements of IFRSs. Please refer to the response at EC10 for a description of OSFI’s reliance on the banks’ appointed auditor. The assessors saw examples of supervisory work where concerns with respect to independent price verification processes had been identified and acted upon. The assessors also discussed instances when OSFI had required adjustments to reported data and also associated changes to its valuations and procedures. |
| EC4 | The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank |
| Description and findings re EC4 | Key supervisory information is collected on at least a quarterly basis and includes information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, risk concentrations, asset quality, loan loss provisioning, interest rate risk, and market risk. OSFI also requires significant levels of management information from banks, particularly from the systemic firms. This is consistent with the approach of assessing the significant activities of the firm. In more stressful situations that could deteriorate into significant systemic or bank risk issues, the frequency of collection is tailored to the risk and need to ensure there is no information decay. The assessors saw evidence of enhanced monitoring during stressed periods. |
| EC5 | In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data). |
| Description and findings re EC5 | Regulatory data is submitted per definitions and timelines as documented in the Financial Returns and Instructions available on OSFI’s web site. The frequency of information can vary by either calendar dates or banks’ fiscal time periods. The six systemically important banks have the same year end dates and most other banks also share the same fiscal year-end dates facilitating comparison of various peer groups. Quarter-end interim financial (stock and flow) information for banks is received, reviewed and analysed by OSFI supervisors. Quarterly meetings are held with the Superintendent and Assistant Superintendent, Supervision Sector to review and compare the current risk assessment of the large, conglomerate banks. Peer group comparisons are frequently used as part of OSFI’s supervisory work. The system responsible for regulatory return processing is the Tri-Agency Database System (TDS). This is a shared system with FIC partners (the Bank of Canada and CDIC), and is physically housed at the Bank of Canada. Data is transferred to OSFI and loaded into a data warehouse, which is accessed by OSFI Supervisory and Regulatory Sectors using a Business Intelligence (BI) tool. At OSFI, the regulatory returns are primarily maintained by the Regulatory Information Division, under the FRFI Data Management Division. Information Management/Information Technology (IM/IT) will support and maintain any technical requirements such as data storage facilities (databases and data warehouses). Defined “Information Steward” roles are identified within Supervision and Regulation Sectors, to provide data-specific subject matter expertise. Executive-level resources (Director and up) provide input into and guidance on data governance. See EC12 for details on data governance. OSFI undertakes a quarterly summary analysis of the risk profile of banks, including undertaking a peer group review. |
| EC6 | The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information. |
| Description and findings re EC6 | OSFI’s information access powers, as noted in EC1, are specified in the Bank Act sections 628 and 643. These powers are applicable to the consolidated operations of the bank or banking group and cover any and all geographies, product or business lines, legal entities, operations (including those that are outsourced) and assets on a global basis. The information power extends to the parent entity in cases where the parent entity is not a bank holding company (and could, for example, for a smaller bank be a commercial entity as discussed under CPs 6 and 7). This information is used to support the supervisors’ risk assessment of the bank including where appropriate, an assessment of the bank’s resolution plans. The assessment of bank resolution plans is the responsibility of CDIC. OSFI is responsible for assessing the recoverability plans for banks. The assessors saw examples of follow up information requirements sent by OSFI in relation to information deficiencies in a bank’s Recovery Plan. |
| EC7 | The supervisor has the power to access all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required. |
| Description and findings re EC7 | OSFI’s information access powers, as noted in EC1, are specified in the Bank Act sections 628 and 643. Furthermore, in respect of access to the bank’s Board, Section 187 of the Bank Act provides the power whereby:
|
| EC8 | The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended |
| Description and findings re EC8 | OSFI enforces compliance with regulatory return schedules using Late and Erroneous Filing Penalties (LEFP) Framework (see also OSFI’s LEFP Guide), which is based on the authorities provided under sections 24 through 37 of the OSFI Act and the associated Administrative Monetary Penalties (OSFI) Regulations (the Regulations). The Superintendent has authority to impose penalties against financial institutions or natural persons in respect of the violations set forth in the Regulations. Section 5 of the Regulations sets out the monetary penalties applicable to minor violations covered by the LEFP Framework. Under the Regulations, banks are assessed penalties for each day a bank has not submitted an error free return after the due date. OSFI expects the accuracy of financial reporting from a bank to be addressed through internal and external audit procedures. Additionally, banks are expected to have appropriate controls in place to ensure the accuracy of all information (financial or non-financial) submitted. There is, however, no management sign off to attest the accuracy of regulatory returns to OSFI. Information pertaining to return filing is posted on OSFI’s website under:
In setting the due dates for regulatory returns, OSFI considers the timeliness of the data required, in consultation with the appropriate industry associations and with FIC partners (see EC5). |
| EC9 | The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a programme for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts. |
| Description and findings re EC9 | The FRFI Data Management Division has validation rules to assist with checking the regulatory return data sent by the banks, prior to the data being accepted and loaded. The rules are created or modified as part of the process of maintaining regulatory returns (see EC12 for more details). The data subject matter experts (“Information Stewards”) provide the requirements for the validation rules. These validation rules are created in and maintained within the TDS application itself. Validation rules are posted to the Automated Data Transfer (ADT) site. Access to the site is restricted to banks and requires a login. The ADT user manual is posted on the OSFI website. (There are also data validation routines in the OSFI Business Intelligence data warehouse, once the data is in-house). Validation rules are used to spot data inconsistencies and to define positive and negative values. Cross-return validation rules will return an error if differences in specific data points are detected between returns. In addition Relationship Managers (RMs) (Supervision sector) and Regulatory Information Division (Corporate Services sector) personnel periodically check and verify the supervisory returns. Consistent with OSFI’s risk based approach, the verification of supervisory returns and the validity and integrity of other information collected is predicated on the risk profile and systemic importance of the bank. As part of their regular review and monitoring work, RMs will assess the quality of data or information received, particularly when the bank is an outlier relative to other banks or the information submitted may need additional clarification. OSFI expects the accuracy of financial reporting from a bank to be addressed through management and financial controls including internal and external audit procedures. Banks are expected to have appropriate controls in place to ensure the accuracy of all non-financial information submitted. OSFI’s FRFI Data Management Division is developing a plan to further enhance the quality of data in cooperation with the subject matter expert data user group. This work will begin in 2014. |
| EC10 | The supervisor clearly defines and documents the roles and responsibilities of external experts, including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilised for routine validation or to examine specific aspects of banks’ operations. |
| Description and findings re EC10 | OSFI’s Supervisory Framework supports the use of the work of others, where appropriate, to reduce the scope of its supervisory work, minimize duplication of effort and to enhance OSFI’s efficiency and its effectiveness. This includes, but is not limited to the use of the work of External Auditors. It is unusual for the Superintendent to appoint any person to access bank information and carry out supervisory work to be exercised to engage external experts to conduct specific focused reviews and assessment of bank operations. This power is typically only used in unusual or difficult situations, such as forensic work. It is, however, not uncommon for external parties to be used to review and assess bank operations as a result of recommendations that OSFI has made to the bank to improve operations. When this happens, OSFI is usually involved in setting expectations for the work (e.g., scope) of the external party and receives a copy of any report and recommendations resulting from the work. With respect to external auditors, OSFI relies upon banks’ external auditors to provide an opinion on whether the audited financial statements present fairly in all material respects. OSFI’s intent to rely on the opinion of the appointed auditor is communicated each year through OSFI’s reliance letter. With respect to independent consultant reviews, OSFI will provide input to the bank in terms of the competencies, expertise that the selected candidate must possess. OSFI will also provide input to the bank so that the proposed scope of the review meets OSFI’s requirements. If OFSI has concerns in terms of particular candidate being selected, this will typically be discussed with the bank prior to the final selection being made. Once the appropriate candidate has been selected, there is an opportunity for OSFI to conduct an opening in camera session to ensure there are no conflicts of interest, and to determine the work will be completed as required by both the Bank and OSFI. This meeting would include a review of the terms of reference, review scope, and credentials of the selected candidate. During the review, there is further opportunity for OSFI and the consultant to conduct in camera sessions to provide updates, concerns, etc., as necessary. At the end of the review there would be an in camera session to go over the results. Additionally the review results, and the quality of the work completed, would be assessed internally by OSFI. Any concerns could be discussed with both the consultant and the Bank as deemed necessary. The assessors saw examples of engagement letters from a bank to an external consultant regarding a review of the bank’s risk management function. OSFI supervisors were directly involved in developing the engagement letter. |
| EC11 | The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes |
| Description and findings re EC11 | Progress reports and meetings are a regular part of the engagement letter with the external experts when they are used and it is made clear in the scoping stage that material issues are brought to OSFI’s attention when the external expert is undertaking an activity for supervisory purposes. This practice is consistent with Section 328 of the Bank Act which requires the auditor of a bank to report in writing to the CEO and CFO of the bank any transactions or conditions that have come to the attention of the auditor affecting the well-being of the bank that in the opinion of the auditor are not satisfactory and require rectification. This includes reporting on transactions of the bank that in the opinion of the auditor are outside the powers of the bank, and loans owing to the bank by any person the aggregate amount of which exceeds one half of one percent of the regulatory capital of the bank and in respect of which, in the opinion of the auditor, loss to the bank is likely to occur. The auditor is required to provide the Superintendent with a copy of this report. |
| EC12 | The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need. |
| Description and findings re EC12 | Review of the scope and utility of data provided by firms falls to the Financial Information Committee (FIC) which is a sub-committee of the FISC and is mandated to support cost effective collection of data from financial institutions. FIC currently meets on a quarterly basis, and is chaired by the OSFI Director of Data Management. “Housekeeping” is a term used to describe the FIC agencies’ annual review of regulatory returns. Each FIC agency canvasses their organization for change requests to the regulatory returns, or requirements for new regulatory returns. Each FIC organization has their own internal governance for approving those change requests (see OSFI’s below). FIC will then coordinate the requirements to ensure that only the data relevant to business need is collected and that there is no duplication of ask between FIC agencies. The Industry Association ( In 2010-2011, a Financial Information Management Policy was written at OSFI and agreed to in principle. A centralized role of Director, Data Management was created in the Corporate Services sector to support its operationalization. Current data governance supporting supervisory work includes the Supervision Sector Data Governance Committee, with representation from the different Supervision groups, to challenge and assess Supervision data needs (both regulatory and ad hoc). At OSFI, major changes or new additions to bank data or regulatory returns are prioritized as part of overall OSFI planning to ensure they have adequate resources assigned. Information received from banks for planned supervisory work is designed to meet the particular needs of each review, and as such each request is specifically tailored. Data subject matter experts (including Supervisors) throughout OSFI dedicate time to reviewing the content and quality of the regulatory return data. The housekeeping process is managed by FRFI Data Management Division. |
| Assessment re Principle 10 | Compliant |
| Comments | OSFI receives a wealth of information from its supervised banks. There is a standard suite of prudential returns, although there are some gaps (large exposures and related party lending) which are not reflected here, but in CPs 19 and 20 respectively. OSFI makes financial data on the banks publicly available on its website. OSFI places considerable emphasis on obtaining management information from firms. This is consistent with the supervisory approach that focuses on significant activities carried out by the firms. Necessarily, though, management information is less susceptible to peer group analysis (between entity and over time) as it is not standardized for purposes of comparison. Also management and other ad hoc data arrangements are not necessarily subject to same controls, historical retention and good data management practices, though OSFI was mindful of the issue of reconciliation of view between prudential and management data and also of on ensuring the quality of banks’ validation and verification of their own information. In terms of verification of reliability of prudential information, OSFI pays close attention to the quality of key data metrics, notably reliability of capital data that is reported. There were instances of on-site investigation of data processes and controls. OSFI has established process for regular review of reporting requirements, and should ensure that this process is keeping pace with needs. It is recommended that there is greater emphasis on determining ongoing supervision data needs and incorporating into standardized returns. Moreover, as the work on recovery and resolution planning has stimulated more attention for the individual legal entities, and this may in turn trigger fresh thinking on standardized prudential data needs. |
| Principle 11 | Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking licence or to recommend its revocation. |
| Essential criteria | |
| EC1 | The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified. |
| Description and findings re EC1 | OSFI’s statutory mandate requires that it promptly advise the management and board of a financial institution in the event the institution is not in sound financial condition or is not complying with its governing statute law or supervisory requirements under that law and, in such a case, to take, or require the management or board to take, the necessary corrective measures or series of measures to deal with the situation in an expeditious manner (section 4 of the (OSFI Act). Section 4 also provides that OSFI should promote the adoption by management and boards of directors of policies and procedures designed to manage and control risk. To fulfill these objectives, OSFI supervises banks in accordance with its Supervisory Framework, which describes the principles, concepts, and core processes that OSFI uses to assess the safety and soundness of financial institutions, and to identify issues or areas of concern early in order that timely corrective actions may be taken. Acting in accordance with the Supervisory Framework OSFI issues a Supervisory Letter to a bank within 45 calendar days of the completion of supervisory work. The Supervisory Letter also indicates to the bank that a response is required within 30 calendar days of the date of the letter. Discussions with firms indicated that OSFI was clear in communicating its intent in such letters but at the same time was open to discussion in terms of clarifying its position if necessary. Recommendations coming out of supervisory work were signaled to firms prior to the conclusion of the review—with urgency and at a senior level if appropriate. For a bank incorporated in Canada, the Supervisory Letter is addressed to the Chief Executive Officer (CEO) and copied to the Chair of the Audit Committee (and Risk Committee, where applicable). OSFI’s recommendations and appropriate remedial actions are discussed with the bank’s management and, as appropriate, the CEO, board and/or Chair of the Audit Committee. When a bank is a subsidiary of a foreign bank, remedial actions may also be discussed with the CEO and the Chair of the Audit Committee at the parent company. For a Canadian branch of a foreign bank, the Supervisory Letter is addressed to, and discussed with, the Principal Officer of the branch. Remedial actions may also be discussed with the CEO and the Chair of the Audit Committee at the branch’s home office. In all cases, OSFI analyzes the appropriateness of the bank’s responses to any supervisory recommendations, and actively follows up on all responses until the issues are successfully resolved. This follow-up process is usually undertaken as part of OSFI’s regular supervision monitoring work, unless the issues are of such significance that they require special monitoring. Where issues are material and long-term in nature, OSFI requires financial institutions to provide quarterly progress reports, which are reviewed and discussed with the institution. When OSFI identifies urgent issues or requires a bank to take significant remedial actions, the foregoing process would be expedited, and the frequency and intensity of monitoring and reporting would be enhanced. This process of early identification, monitoring, reporting and escalation is reflected in OSFI’s Guide to Intervention for Federally Regulated Deposit-Taking Institutions (Guide to Intervention). The “stages” of intervention are set out in the Guide and should OSFI have concerns as identified deficiencies in respect of the institution and is concerned that these deficiencies could lead to the development of problems, then it will move to “stage” the institution. This process involves OSFI formally notifying management, board of directors and external auditor of the institution by way of a supervisory letter that the institution is at Stage 1 and that the institution is required to take measures to mitigate or rectify the identified deficiencies. In addition OSFI will meet with the management, board of directors (or a committee of the board) and/or the external auditor of the institution to outline concerns and discuss remedial actions. Furthermore OSFI will write to notify the firm of the surcharge that will apply to it during its period of being “staged.” There are four stages of escalation, the last of which might lead to OSFI “taking control” of the institution (a specific term under the act—typically a prelude to liquidation) and OSFI may apply for winding up. Any recommendation issued to a bank is recorded in a “follow up document” which is monitored closely by OSFI. An item cannot be removed from the tracking report, until OSFI has satisfied itself—typically by revisiting the institution—that changes had been made and were delivering the expected outcome. During the period during which the institution is “staged” OSFI increases the frequency and intensity of monitoring and reporting requirements; conducts enhanced and more frequent supervisory reviews; and may transfer responsibility for the troubled bank to OSFI’s Enhanced Assessment Team (this would be the case for the smaller institutions). OSFI might, if conditions warranted, establish an on-going presence at the bank and direct external specialists to assess certain areas of risk (at the bank’s expense). In such circumstances OSFI would be involved in the scoping of the work to be undertaken. OSFI noted, and banks confirmed, that the process of exiting from “staging” is lengthy and can be expected to last more than a year. |
| EC2 | The supervisor has available an appropriate range of supervisory tools for use when, in the supervisor’s judgement, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened. |
| Description and findings re EC2 | As previously noted, section 4 of the OSFI Act requires that OSFI supervise institutions in order to determine whether they are complying with their governing law and supervisory requirements, and requires that OSFI promptly advise the management and board of directors of a financial institution in the event that the institution is not in sound financial condition or is not complying with its governing law or supervisory requirements. In carrying out this mandate, section 4 also provides that OSFI’s is to strive to protect the interests of depositors. To ensure that OSFI can fulfill its obligations under section 4 of the OSFI Act, the Bank Act provides the Superintendent with a broad range of discretionary tools to address perceived concerns at an institution, including compliance issues and unsafe or unsound business activities. In addition to a comprehensive suite of statutory tools, OSFI is empowered to develop and use a number of administrative tools. A number of OSFI’s statutory tools are described in detail in EC3 of this Principle and also in ECs5 and6 of CP 1. OSFI’s administrative tools, and other applicable statutory tools that are not addressed in EC3, are discussed below. OSFI’s core administrative supervisory tools are expressed in its Supervisory Framework and Guide to Intervention and are also discussed in EC1. More specifically, the supervisory review process results in an institution-specific Composite Risk Rating18 and a Stage Rating. These ratings are tools that OSFI uses to measure and convey its views to management and the board of directors on the safety and soundness of a bank with respect to depositors. Where OSFI identifies concerns, the Supervisory Framework and Guide to Intervention summarize the range of additional supervisory tools that may be applied at each stage of intervention as the severity of the situation escalates, as noted in EC1. In addition to the statutory tools described in EC3 of this Principle, other tools include:
OSFI noted that it has not yet had to use its formal power to remove a director but on occasion when OSFI has indicated that it would be willing to move to this step, there was compliance with OSFI’s expressed wishes. It is OSFI’s preference not to wield its legal powers as a first resort, not least because its basis for acting with legal force is strongly drawn in the Bank Act. |
| EC3 | The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios. |
| Description and findings re EC3 | The Bank Act grants the Superintendent a number of different discretionary powers to act where a bank exceeds or falls below established prudential thresholds, ratios, or measures. The Superintendent is empowered to act regardless of the instrument by which a given threshold is established (i.e., by legislation, regulations, or administratively by guidelines). These powers can be used to address a range of scenarios and may be used jointly with other regulatory and supervisory tools.
OSFI has the power to intervene at an early stage to require a bank to take actions to prevent it from reaching its prudential thresholds and requirements. As noted in Principle 1, OSFI’s statutory mandate actually requires it to intervene at an early stage. More specifically, subsection 4(2) of the OSFI Act provides that OSFI must promptly advise the management and board of directors of a financial institution in the event that the institution is not in sound financial condition or is not complying with its governing statute law or supervisory requirements, which may include prudential thresholds, and in such a case, to take, or require the management or board to take, the necessary corrective measures or series of measures to deal with the situation in an expeditious manner. In discussion banks were conscious of OSFI’s mandate for “early intervention” and considered that OSFI acted on it. As also noted in CP 1, to fulfill its mandate, OSFI has developed its Supervisory Framework to ensure early intervention in order to increase the likelihood that corrective measures will be effective in maintaining the safety and stability of the institution and the sector. Further, OSFI’s Guide to Intervention outlines the types of involvement that banks can normally expect from OSFI (as well as from CDIC) and summarizes the circumstances under which certain intervention measures may be expected and escalated. These intervention measures may be used to ensure compliance with prudential thresholds. The assessors saw examples of OSFI’s actions when seeking to ensure that institutions meet or continue to meet prudential thresholds. In such cases the Supervisory Letters informed the bank that it was “staged” (see EC1 above), articulated clearly the grounds for OSFI’s concerns and outlined the actions required by the respective banks. Such requirements included: additional capital above the regulatory target levels; the development and delivery of concrete plans to reduce specific portfolios over time; to develop an alternative business strategy; and to strengthen risk management practices. OSFI has also acted to prevent a bank from repatriating capital to the parent company (e.g., dividends) until OSFI was satisfied that outstanding issues were properly addressed. OSFI noted that when it is working within the staging framework, it is conscious that it may need recourse to its statutory powers, although this is uncommon, and therefore OSFI prepares the grounds for its case accordingly. An OSFI decision could be challenged by judicial review. The test would be whether OSFI had acted within its authority under the law, not whether OSFI had grounds to pursue action. In other words, the correctness of the manner in which OSFI executed its action could be challenged but not OSFI’s judgment concerning the prudential basis for its action (eg that a bank were inadequately capitalized). |
| EC4 | The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking licence. |
| Description and findings re EC4 | ECs 2 and 3 of this Principle outline all of OSFI’s powers, tools, and measures to address, at an early stage, the scenarios described in EC2. As previously detailed, OSFI’s mandate requires that it intervenes early so that institutions are encouraged to respond expeditiously to address concerns. OSFI’s approach to supervision, as expressed through its Supervisory Framework and Guide to Intervention, are structured to support this mandate and outline the range of supervisory powers, tools, and measures that can be expected to be applied as the gravity of the situation escalates. While ECs 2 and 3 summarize the measures that may be used to address the examples listed in this EC, we briefly re-summarize them here with additional details:
|
| EC5 | The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein. |
| Description and findings re EC5 | Section 980 provides that every person who, without reasonable cause, contravenes any provision of the Act or the regulations is guilty of an offence. Such contraventions may be subject to punishment under section 985 of the Act, which can include monetary fines and/or imprisonment. The term “person” refers to both natural persons and legal entities, meaning that criminal sanctions may be applied to the bank, the Board, management or individuals therein. Further, sections 647 and 647.1 provide the Superintendent with the power to disqualify or remove senior officers and directors. In finding that a person is not suitable to hold office, the Superintendent may consider the person’s competence, business record, experience, conduct or character, and whether the person has contravened or, by action or negligence, has contributed to the contravention of the Bank Act, a direction, an order, or term or condition. Such disqualification may be thought of as a sanction. OSFI has also developed and published “fit and proper” standards for directors and senior management in its Guideline on Background Checks on Directors and Senior Management of Federally Regulated Entities. Banks are expected to adopt and apply these standards when establishing policies and procedures regarding the conduct of responsible persons. OSFI’s evaluation of an institution’s compliance with the Guideline may serve to identify areas of concern, which may then be used as a tool to guide or inform a decision to disqualify or remove a person. The Superintendent may also, pursuant to the Administrative Monetary Penalties (OSFI) Regulations, impose civil monetary penalties on a bank for a number of statutory violations, such as failure to: seek necessary transaction approvals; comply with terms and conditions, directions of compliance, orders, or prudential agreements; etc. There are no examples of OSFI having needed to proceed to formal exercise of its power (see EC 2). |
| EC6 | The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system. |
| Description and findings re EC6 | OSFI has generally defined the term “ring-fencing” as the concurrent or sequential application of any number of supervisory powers, tools, and measures to address perceived contagion risks to the bank that may result from the actions and/or activities of others in the corporate structure. In practice, enhanced oversight of the bank is often (but not always) preceded by staging of the bank. As with its Supervisory Framework and Guide to Intervention, OSFI’s use of ring-fencing measures can be intensified as concerns escalate. More detailed examples of the measures and powers that OSFI typically uses to support ring-fencing include:
|
| EC7 | The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution). |
| Description and findings re EC7 | OSFI would coordinate and collaborate with relevant domestic and, where applicable, international authorities in deciding when and how to effect the orderly resolution of a problem bank. Domestically, as discussed in Principle 1, the Financial Institutions Supervisory Committee (FISC) is the federal-level forum legislated to facilitate consultations and the exchange of information among its members on matters relating directly to the supervision of institutions. The role and function of FISC includes discussing confidential prudential concerns with problem institutions and giving consideration to when and how to effect the orderly resolution of problem banks. It is most likely that resolution would be preceded by staging of the institution pursuant to OSFI’s Guide to Intervention, which outlines the types of escalating involvement and coordination that banks can expect from OSFI and CDIC, and summarizes the circumstances when resolution may be triggered. More specifically, when a bank reaches Stage 4: Non-viability/Insolvency Imminent, the bank will have experienced severe financial difficulties and its condition deteriorated to such an extent that:
When the Superintendent has decided to take control, the Superintendent has the option to:
When evaluating which resolution mechanism to use, FISC will consider the nature, size and complexity of the bank and its problems, and the viability of its recovery plan. Canada’s large banks are required to prepare recovery plans based on OSFI’s direction and guidance (with input from the members of FISC). OSFI provides banks’ plans to CDIC for the purpose of assisting CDIC with resolution planning. The major banks are entering their third or fourth iteration of recovery plans though resolution plans are still first generation. There are plans to extend recovery and resolution planning to the smaller institutions later in 2013. Internationally, OSFI has entered into formal information sharing and supervisory cooperation arrangements (Memoranda of Understanding) with over 30 foreign supervisory authorities. OSFI routinely exchanges information with foreign home and host regulators. Where recovery or resolution actions are contemplated in respect of an internationally active bank, OSFI would also increase its efforts to coordinate and collaborate with foreign supervisors, as appropriate. To date, OSFI has not had any experience in the resolution of a bank since OSFI was established in 1987 in the wake of bank failures earlier in that decade. |
| Additional criteria | |
| AC1 | Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions. |
| Description and findings re AC1 | OSFI’s statutory mandate guards against undue delays in taking appropriate corrective actions. More specifically, pursuant to section 4 of the OSFI Act, OSFI’s mandate requires that it promptly advise the management and board of a financial institution in the event the institution is not in sound financial condition or is not complying with its governing statue law or supervisory requirements under that law and, in such a case, to take, or require the management or board to take, the necessary corrective measures or series of measures to deal with the situation in an expeditious manner. Discussions with staff and also banks confirmed that the mandate has instilled a culture of seeking to intervene with a bank at as early a stage as possible. |
| AC2 | When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them. |
| Description and findings re AC2 | The OSFI Act and the Bank Act grant the Superintendent and OSFI the discretionary authority to inform other domestic and foreign regulators of its actions, and to coordinate its actions with them, if deemed appropriate. As detailed in CP 2, section 22 of the OSFI Act and section 636 of the Bank Act establish rules for OSFI on the appropriate use of information obtained as a result of the administration or enforcement of any Act of Parliament. More specifically, these sections provide that, subject to a limited number of exceptions, information about federally regulated financial institutions obtained by OSFI, and OSFI’s interaction with them, is deemed confidential and may only be used for lawful supervisory purposes. One of the permitted exceptions allows for the sharing of confidential information with other government agencies or bodies that regulate or supervise financial institutions, for the purposes related to that regulation or supervision. Subject to securing MOUs with other regulators and supervisors, OSFI would rely on this exception to share information with, for example, domestic provincial insurance regulators that may regulate non-bank subsidiaries of banks. Internationally, OSFI shares information, as appropriate, with foreign regulators with which it has a home-host relationship and an MOU. Such information sharing may also take place when OSFI hosts or attends supervisory colleges or crisis management groups. See also CP3. |
| Assessment of Principle 11 | Compliant |
| Comment | OSFI has a wide range of corrective and sanctioning powers under the Bank Act. These powers do not extend to issues in connection with AML/CTF which is governed by separate legislation and is noted under CP29. OSFI’s mandate requires early intervention and OSFI has designed, in collaboration with the CDIC, a structured approach for applying progressively more intensive supervisory intervention. The intervention approach is predicated on OSFI’s direct powers, although OSFI’s preference is to obtain traction with the firm on a voluntary basis, where OSFI’s authority is underpinned by the existence of its legal powers. OSFI carries out its intervention carefully, with the understanding that it must build its legal case at each stage in the event it has recourse to the use of its powers. The “staging” process allows OSFI to intensify restrictions and requirements for an institution (limitation on business, higher capital etc) and it exerts a discipline on chief executives who must report to their boards that they have been staged. While this particular discipline of transparency may be less effective in smaller institutions, the financial consequences of restrictions are likely to be felt. It is possible for an institution to remain “staged” for a period of time. Partly this is in recognition of the fact that successful remedial and corrective actions, including OSFI’s satisfying itself on the changes in practice, is not a rapid process. The challenge for OSFI is to maintain pressure on the institution to make meaningful progress over a credible and situation specific appropriate timeline in order to exit staging (and not relapse in the near future). OSFI is conscious of this risk and broadly, with a few exceptions, the assessors were not able to identify instances where a supervisory situation had drifted. There was evidence of instances where OSFI considered an issue had become too protracted and had therefore applied sharp escalation leading to subsequent progress with the bank. It is recommended that OSFI institute post facto reviews of staging cases in addition to interim reviews in order to identify, for the future, how best to ensure appropriate momentum through the staging phase. Nevertheless, notwithstanding OSFI’s internal review mechanisms, the staging process may be vulnerable to the potential or have the capacity to extend unduly. In other words, a firm might transition up and down between stages without fully exiting the staging process. The lack of a “clean exit” may be due to the fact that OSFI has no power or mandate to insist on the exit from the market of a bank whose business strategy is non-viable, so long as that bank is maintaining its prudential thresholds and depositors are not at immediate risk. The authorities should consider whether further legal authority or powers are required to enable it to move more promptly to address situations where a bank’s business model is deemed or proved to be non-viable over a period of time. |
| Principle 12 | Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide. |
| Essential criteria | |
| EC1 | The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system. |
| Description and findings re EC1 | OSFI has broad powers under the Bank Act (to supervise all significant Canadian banking groups on a consolidated basis, when a regulated bank or regulated bank holding company is the ultimate parent. The consolidated assessment includes all of a bank’s material domestic and foreign entities and activities. Supervisory work and risk assessment is focused on identifying material risks to a bank. As such, OSFI identifies a bank’s “significant activities”—a line of business, unit or process, which may be domestic or cross-border – that are fundamental to the bank’s business model and its ability to meet its overall business objectives. Supervisory work is planned at the significant activity level. For each significant activity, the level of net risk is assessed by ensuring a thorough understanding of the nature of the activity and the environment in which it operates, identifying and assessing the activity’s key inherent risks, and determining the quality of risk management. However, significant activity and structure of group entities will not necessarily be the same. OSFI maintains its records of group structure on an up to date basis (as an annex to the risk assessment document) and the supervisory activities will pay particular attention to significant subsidiaries. Recent work on recovery and resolution planning has been the catalyst for more investigation and supervisory follow up. OSFI has had some experience of acting to work with banks when risks emerged in non-domestic jurisdictions. OSFI has also carried out cross sectoral examinations into banks’ handling of reputation and contagion risk. OSFI seeks to confirm that banks are actively assessing and managing such risks with competence. |
| EC2 | The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure. |
| Description and findings re EC2 | OSFI imposes its prudential standards on a consolidated basis and receives and analyzes a bank’s consolidated, audited financial statements to assess overall financial performance. Supervisory analysis also considers financial performance by significant activity, whether domestic or cross-border. Within the context of the consolidated group the Superintendent has power to obtain information and review the overall activities of a banking group, both domestic and cross-border:
|
| EC3 | The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations |
| Description and findings re EC3 | Supervisory work (on and off site) is conducted using the Superintendent’s powers outlined in Part XIII of the Bank Act. In particular, examination powers are defined in sections 643 and 644. In accordance with OSFI’s Supervisory Framework, supervision of Canadian banks is conducted on a consolidated basis, which involves an assessment of all of a bank’s material domestic and foreign entities and activities. As part of the process of identifying significant activities within a banking group, OSFI identifies the material host jurisdictions (see also EC1). In accordance with the Supervisory Framework, OSFI assesses the quality of both operational management (responsible for day-to-day controls) and the independent oversight of all significant activities, including when a significant activity is a cross-border or foreign operation. The assessment of operational management of a cross-border or foreign operation includes determining that it has the necessary expertise and capabilities to manage the operation in a safe and sound manner and in compliance with Canadian regulatory and supervisory requirements. Bank management must follow OSFI’s governance expectations as set out in OSFI’s Corporate Governance Guideline. OSFI regularly liaises with domestic and foreign counterparts as part of its on-going monitoring process, and does on-site work in other countries as deemed necessary. OSFI has established formal arrangements (Memoranda of Understanding) with a large number of foreign supervisors to provide a framework for effective cooperation and information sharing. As a home regulator, these agreements facilitate OSFI receiving information on the financial condition and adequacy of risk management of Canadian banks’ operations outside Canada. Likewise, as the host regulator, OSFI shares confidential information impacting the safety and soundness of cross-border establishments of foreign banks operating in Canada. Although OSFI does not have explicit criteria or processes for assessing the quality of supervision in a host country, such assessments are undertaken when a bank’s activities extend to an unfamiliar jurisdiction. In countries in which banks have material operations, OSFI will periodically meet with the host regulator in their offices to determine their standards of practice and to review their documentation and findings related to the bank’s local operations. The assessors noted that OSFI has issued recommendations to banks specifically focused on improving group compliance including particular attention to enterprise wide standards and cross border operations. |
| EC4 | The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate |
| Description and findings re EC4 | The frequency and scope of on-site reviews of foreign locations is based upon the risk profile of the bank and reviewed at a minimum during the annual planning of supervisory strategy. Supervisory work (on and off site) is conducted using the Superintendent’s powers outlined in Part XIII of the Bank Act. In particular, examination powers are defined in sections 643 and 644. Each year, OSFI develops an annual supervisory strategy and plan for the banking group, including its foreign operations, and adjusts its strategy and plan throughout the year as needed. Planned supervisory work for each significant activity, including when the activity is a foreign operation, considers: the net risk assessment of the activity; the need to update OSFI’s information on the activity; and the importance of the activity to the bank’s overall risk profile. Supervisory work may range from basic monitoring, to limited off-site reviews, or to extensive on-site reviews. As a result of this planning, on-site reviews of material foreign operations take place periodically. OSFI would normally plan to meet the host country supervisor during these reviews to discuss the bank’s foreign operation and review the host country supervisor’s documentation. Contact with the host country supervisor is maintained between visits, as necessary, a point that the assessors were able to corroborate in contact with some relevant host country assessors. On an annual basis, OSFI typically performs one to three major cross border onsite inspections in respect of its conglomerate deposit taking institutions. The number of reviews is determined in accordance with OSFI’s risk-based approach. In addition, relationship management teams hold quarterly teleconference calls with key host supervisors to share views, opinions and concerns. The assessors were able to confirm this finding with some host supervisors (on a sample basis) who attested to an open and constructive dialogue with OSFI. |
| EC5 | The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action |
| Description and findings re EC5 | OSFI has powers to obtain information and therefore review the parent entity and related affiliates of some but not all banks. OSFI’s powers cover the systemically important banks but for those smaller banks for which private ownership is permitted (ie there is no regulated bank holding company in place), OSFI does not have the power to review the activities of a bank’s parent company and of companies affiliated with the parent company on an on-going basis. However, by virtue of section 635 of the Bank Act, OSFI has the power to direct a controller or affiliate of the bank to provide information that OSFI might need. Additionally, at the licensing phase, OSFI assesses its future information needs and if necessary puts in place information undertakings to ensure the supervisability of the entity within its corporate structure. OSFI’s regulatory and supervisory frameworks only apply to the federally regulated financial institution (i.e., the bank) and, through consolidated supervision, its subsidiaries. Consequently, OSFI’s ability to review the activities of these unregulated entities, and assess the possible impact of these activities on the safety and soundness of the bank, is limited to information that: (a) is publicly available; (b) can be leveraged through the consideration of transactions (e.g., at the time of incorporation or acquisitions of significant interest); or (c) might be gathered pursuant to an Letter of Undertaking with a controlling parent where arranged with OSFI. As noted in EC1, summarized parent company information and assessment is included in the Risk Assessment Document for the bank. The assessors noted supervisory work scoping the onsite review of an institution where OSFI had identified significant concerns with respect to the risk to the bank stemming from some of the parent’s activities. |
| EC6 | The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that:
|
| Description and findings re EC6 | OSFI has the powers to limit the range of activities and locations of the activities of the consolidated group. The Bank Act provides the Superintendent with extensive remedial powers to impose regulatory limits on the activities of a bank or banking group. These powers are discussed in CP11, but domestic and subsidiary banks, see sections 644.1 to 656 and for authorized foreign banks, see sections 614.1 to 627. Of particular relevance are the Superintendent’s powers to issue a Direction of Compliance, issue a divestment order, or to restrict the bank’s activities, each of which can target the bank’s foreign operations. Information gathering powers rest particularly in sections 628 and 643 of the Bank Act. Further, section 470 requires a bank to enter into Undertakings as required by the Superintendent to provide access to records of controlled domestic and foreign subsidiaries and authorizes the Superintendent to enter into agreements with foreign regulators in that regard. OSFI noted that when it is not comfortable with the supervisory regime in the foreign jurisdiction, it will require an even higher standard of controls and oversight by the bank. There are a number of examples when OSFI has conducted reviews on the foreign group entities. In addition to working in partnership with the local supervisor, OSFI has focused on what the bank is doing to manage its systems and to prompt higher standards of the bank’s own management oversight. Part of this conversation would necessarily be with head office to question group governance and oversight. |
| EC7 | In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a stand-alone basis and understands its relationship with other members of the group |
| Description and findings re EC7 | In the context of consolidated supervision, OSFI supervises individual banks within the group either alone or in conjunction with host supervisors in other jurisdictions. This supervision includes understanding the interrelationships between other members in the group. For the major banks, where the corporate structure is headed by the bank itself, OSFI obtains solo data in addition to consolidated data. Major banking subsidiaries within the wider group are identified and OSFI follows the Basel framework by applying at lower levels to all internationally active banks on a consolidated basis. OSFI does not routinely obtain solo information in respect of each individual bank within the group. OSFI supervises primarily on a consolidated basis. Some of OSFI’s primary supervisory processes provide information on intra group transactions. Reporting examples include liquidity reporting by currency and major entity, capital reporting and solo capital reporting and analysis. Crisis Management submissions are also helpful in this regard and discussion of material individual transactions. In addition, host supervisors often look at flows between local branches and subs within their jurisdiction and often discuss these with the Canada as the home-country supervisor. |
| Additional criteria | |
| AC1 | For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies |
| Description and findings re AC1 | Any person wishing to have a significant interest in, and/or control of, a bank must receive approval from the Minister to acquire this significant interest/control (see BCP 5 EC5 and BCP 6). Pursuant to the Bank Act, the Minister considers the business record and experience of the person and the character and integrity of the person, among other considerations (sections 27 and 396). OSFI’s recommendation in respect of the acquisition of significant interest/control takes into account these legislative considerations. The Instruction Guide for Incorporating Banks and Transaction Instruction A No. 23 set out information requirements that assist in this determination. OSFI requires that persons that would have a significant interest in/control of a bank provide details of whether they have been the subject of any criminal proceedings or administrative sanctions. Where the person is a corporate entity, OSFI engages the Canadian Security Intelligence Service (CSIS) to conduct a security assessment. Where the person is an individual, OSFI obtains personal information, including curriculum vitae and a completed OSFI Security Information Form so that law enforcement (Royal Canadian Mounted Police (RCMP)) and intelligence (CSIS) agencies can conduct security assessments. |
| Assessment of Principle 12 | Compliant |
| Comments | OSFI has a strong legal and regulatory framework for consolidated supervision which it applies consistently. OSFI is mindful of the distribution of risks throughout the group and the need for strong risk management, internal controls and flow of information within the consolidated groups. OSFI has gone beyond the Basel framework by requiring solo entity information on the parent banks for the systemic banking groups in Canada. Nevertheless, with this exception, OSFI has generally placed less emphasis on the individual banks within groups, structuring its work around the concept of “significant activity”. Recent work on recovery and resolution planning though has required group structures to be scrutinized on a legal entity basis and, by OSFI’s own admission, has “shone a light” on issues that may need to be assessed on a prudential basis. OSFI are encouraged to continue strongly with the analysis of supervisory implications of legal entity structures. It is recommended that OSFI receive solo data for all regulated banks within the banking groups, irrespective of whether the parent entity is a bank. OSFI is also recommended to look more closely and systematically at intra-group exposures, so that it can monitor and probe as necessary exposures between the bank and other entities within a group, perhaps through introducing new prudential returns (as a part of the review suggested in CP10). Not least in the light of the recent D-SIB designation of the six systemic banks, OSFI is recommended to consider the non-domestic entities and consider whether its cycle of visits is sufficient. While OSFI’s annual planning process always takes a risk based approach in considering such reviews, and while it is clear that OSFI staff have a sound understanding of the more vulnerable international regions in which banks are exposed, the acknowledged systemic nature of the D-SIBs might warrant closer frequency of attention to the more remote parts of the group. OSFI does not, though, have powers to review the activities of parent companies of smaller banks that are owned by commercial companies. While OSFI has strong information gathering powers, as noted above, and has to date imposed information undertakings on parent entities at time of licensing, it is recommended as a further iteration of good practice that OSFI always make parental data access and notification of material parental business and governance changes a condition of licensing. Additionally, this requirement can be emphasized publicly as part of the Guidelines for Incorporation. |
| Principle 13 | Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks. |
| Essential criteria | |
| EC1 | The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors. |
| Description and findings re EC1 | OSFI has established bank-specific colleges for all of its internationally active banks. OSFI has invited all material host supervisors to take part in those colleges and to share information in regards to the banks’ activities with the view of ensuring effective consolidated supervision. The assessors saw papers prepared for colleges and also summarizing findings from colleges which in some instances also included details of follow up actions planned by the host authorities. OSFI has hosted several types of college meetings that are structured to reflect the nature of the banking group and the needs of its supervisory counterparts. Colleges include: Crisis Management Panels, Core Colleges and Universal Colleges (whereby over 50 counterparts were invited to take part), Regional Colleges and Anti-Money Laundering Colleges. OSFI noted that they had observed the exchanges in the colleges becoming richer as relationships became more established. As OSFI proceeds with colleges focused on specific themes (eg operational risk) it is thought that the exchanges will deepen further. OSFI was conscious of and sensitive to the needs of host supervisors where Canadian banks were systemic for the local economy. Colleges were supplemented with bilateral contact though it was noted that contact was typically initiated by the host jurisdiction. |
| EC2 | Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group and on the supervisors’ assessments on the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding or MoUs) are in place to enable the exchange of confidential information. |
| Description and findings re EC2 | OSFI has entered into formal information sharing and cooperation arrangements (MoUs) with over 30 foreign supervisory authorities. These MoUs are comprehensive, and cover a wide range of information, including material risks and risk management practices of the bank, as well as the supervisors’ assessment of the safety and soundness of the bank. OSFI routinely exchanges information with foreign home and host regulators. OSFI conducts regular (usually quarterly) telephone conferences with either all foreign regulators or regulators of the key jurisdictions, depending on the institution that is being assessed. In between these formal meetings, the Relationship Managers (i.e., the OSFI employees who are primarily responsible for the bank) have discussions with key host regulators, as needed. These discussions are initiated by either side as necessary to address issues that arise which are too time-sensitive to wait for the next quarterly call. OSFI also hosts and participates in College of Supervisors meetings for banking conglomerates, where appropriate. The most recent round of colleges included a general supervisory college for the five largest banking groups in Canada, followed by a Crisis Management Panel for the largest banks (all of whom have prepared recovery plans). Banks typically commented favourably on the extent to which they had been involved in preparing for and receiving feedback after such colleagues. Many host regulators also conduct a yearly visit to Canada. These visits include meetings with each of the relevant OSFI Relationship Managers and Regulation Sector staff (e.g., officials from the Policy and Research divisions). The assessors were able to review papers that reflected college exchanges and which confirmed the nature of the information exchanges that took place, as well as documenting follow up actions that the host supervisory authorities were likely to undertake as a result of the discussions. It was clear that in some instances host supervisors had materially altered their perceptions of risks within the group as a result of such colleges. |
| EC3 | Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups. |
| Description and findings re EC3 | As noted in EC2, OSFI has extensive collaborative relationships with other regulators. Both home and host jurisdictions share their supervisory concerns and work plans with one another, and work towards coordinating the supervision of cross-border banking groups. OSFI has ongoing discussions with material host supervisors for the purpose of identifying areas that OSFI should focus on during onsite reviews of banks. OSFI will contact the foreign host regulator in cases where it plans to undertake an onsite review in the host jurisdiction and will discuss the broad scope of the planned supervisory activities. OSFI will outline its broad plans with respect to the onsite review, and ask the host regulator if they wish to participate in the review. At a minimum, OSFI will have a post-review meeting with the host regulator to share its views and discuss its findings. In addition, joint on-site reviews have been performed in a number of cases with a shared objective of increasing effectiveness and efficiency. The assessors were able to review information that demonstrated a number of joint supervisory reviews with other supervisors in different jurisdictions. |
| EC4 | The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks where appropriate to ensure consistency of messages on group-wide issues. |
| Description and findings re EC4 | As a home supervisor, OSFI develops a communication strategy with the relevant host supervisor prior to, and after, a review. The scope and nature of the communication strategy is tailored to the risk profile and the bank’s cross-border operations. Following a joint review, OSFI will, as appropriate, work with the host supervisor to establish common views/messages that are communicated to the bank, as well as agreed-upon supervisory activities. As indicated above, OSFI has developed communication protocols with the most significant host (and home) jurisdictions. In discussions with banks, firms were of the view that their home and host supervisors adopted consistent and well articulated supervisory positions. |
| EC5 | Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality. |
| Description and findings re EC5 | The OSFI Act enables OSFI to collaborate and share information with its foreign supervisory and resolution counterparts. Acting both as the home and host supervisory authority OSFI has participated in developing cross-border crisis cooperation frameworks. As a home authority, in collaboration with CDIC, OSFI has established bank-specific Crisis Management Panels (with relevant domestic and foreign regulators), which facilitate the sharing of information relevant to recovery and resolution planning efforts. As host authority, OSFI has been involved in discussions with crisis management groups for G-SIBs with Canadian presence. In one instance OSFI has contributed to the formalization of a specific cross border collaboration agreement (consistent with FSB expectations for G-SIBs) and has participated in firm specific Crisis Management Panels. Domestically, there are a number of cooperation and coordination mechanisms—for both the recovery and resolution stages and which operate at the federal level. The Financial Institutions Supervisory Committee (FISC), which is chaired by the Superintendent of Financial Institutions (see CP3) is the focal point for coordination at a domestic level. In addition to FISC, crisis management communication and coordination issues between OSFI (the authority requiring banks to develop recovery plans) and CDIC (the resolution planning authority) are addressed in an OSFI/CDIC Strategic Alliance Agreement, as well as the Guide to Intervention for Federally Regulated Deposit-Taking Institutions. As the primary regulator of banks, OSFI has required the large banks to develop recovery plans, and CDIC is developing resolution plans for these institutions. |
| EC6 | Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures. |
| Description and findings re EC6 | CDIC is the authority responsible for developing resolution plans, while OSFI has responsibility for recovery plans. CDIC, in collaboration with OSFI and the other FISC partners, developed first generation resolution plans for the big six banks in December 2012. The big six banks’ third (in some instances fourth) iteration of the recovery plans were received in the first quarter of 2013. (prepared in accordance with directions from OSFI) is due in March 2013. Domestically, through the legislated FISC mechanism and the OSFI-CDIC Strategic Alliance Agreement (noted in EC5), OSFI and CDIC collaborate closely on recovery and resolution issues, including (anticipated) actions with respect to specific banks. Also, the OSFI-CDIC Guide to Intervention for Federally Regulated Deposit-Taking Institutions (noted in CPs 8, 9 and 11) outlines the types of intervention and involvement that a bank can normally expect from OSFI and CDIC at various stages of recovery, and describes the coordination mechanisms in place between OSFI and CDIC. Internationally, where a bank with cross-border operations takes recovery actions (or contemplates recovery actions), OSFI will liaise, share information, and discuss supervisory actions/interventions with the relevant foreign supervisors pursuant to the MoUs (discussed in EC1). Also, CDIC has recently obtained the legislative authority under the CDIC Act to share member institution-specific information with relevant foreign authorities subject to a condition that the Superintendent (in relation to information provided by OSFI to the CDIC) and the CDIC board agree with the release of the information. In this regard, CDIC is working with the Federal Deposit Insurance Corporation (U.S.) to develop a resolution-focused MOU. OSFI is also working on an addendum to its MoU with the FDIC that addresses recovery planning. The crisis management-focused agreement with the FDIC is not a stand-alone MoU. but rather is an addendum to the OSFI/FDIC/OCC/FED MoU. As noted above, paragraph 22(2)(a) of the OSFI Act permits OSFI to share information with the FDIC even if they were only acting as a resolution authority. The addendum sets out info sharing protocol and expectations more generally re ‘crisis management planning,’ which encompasses recovery and resolution planning. The addendum, much like an MOU that CDIC signed with the FDIC, clearly delineates responsibility of OSFI (prudential supervision and responsible for guiding recovery planning) and CDIC (deposit insurer and resolution authority). |
| EC7 | The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks. |
| Description and findings re EC7 | The Bank Act covers both domestic and foreign banks operating in Canada. Foreign bank subsidiaries and branches are subject to laws and regulations that, with exceptions, are those that are applicable to domestic banks. Under the Act, all foreign bank operations in Canada are subject to prudential oversight, regular on-site inspections and regulatory reporting requirements although differences pertain due to the different range of legal powers possible over a branch entity. For example, a branch is not a separate legal entity. It is not therefore required to maintain a Canadian board. As such, the corporate governance requirements that apply to domestic entities do not apply to branches. That being said, OSFI requires that the branch name a principal officer (s.536 BA). The principal officer is expected to oversee the management of the branch and is accountable for the branch’s operations. OSFI has the power to remove a principal officer (s.617.2 BA). Earnings, capital and liquidity are not assessed for branches as they cannot be assessed the same way as for other banks. A branch’s earnings and liquidity are subject to management by the foreign bank, and instead of risk-based capital the branch is required to maintain a Capital Equivalency Deposit in Canada. Further, a formal assessment of the adequacy of “Out of Canada Support” is required. This is a structured assessment which takes into account the following items:
In the light of limitations OSFI has in terms of intervening with the parent entity of the branch and in order to limit the risk to Canadians, branches are not permitted to take retail deposits (i.e., deposits under $150,000) (s. 545 BA). |
| EC8 | The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups. |
| Description and findings re EC8 | Under section 643 of the Bank Act, OSFI has the authority to examine banks on-site (offices and subsidiaries) and to access the records of banks in order to assess their safety and soundness and compliance with due diligence requirements. Also, pursuant to the MoUs with foreign authorities (as discussed in previous ECs), OSFI notifies a foreign host regulator when it intends to conduct an on-site examination in the host regulator’s jurisdiction. |
| EC9 | The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks. |
| Description and findings re EC9 | EC9 is not applicable, as there are no booking offices operating in Canada. OSFI does not permit shell banks to operate in Canada. |
| EC10 | A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action. |
| Description and findings re EC10 | As a matter of practice, OSFI will not act on information received from another supervisor unless it consults with that supervisor. The assessors confirmed instances where OSFI had consulted with other supervisory authorities. |
| Assessment of Principle 13 | Compliant |
| Comments | OSFI has a more significant role as a home supervisor than a host supervisor and in some regions outside Canada, the major Canadian banks are systemic for the local economy. OSFI monitors the evolution and development of its banks in foreign territories and allocates supervisory resources accordingly. Home and host relationships appear to be strong in relation to significant overseas relationships and to function smoothly where Canadian banking presence may be strong locally, but is relatively minor in respect of the group’s activities. OSFI has witnessed the growing confidence and effectiveness of its collegiate relationships and is moving to target more specific themes. Work on crisis management, resolution and recovery is progressing, in coordination with the CDIC. In terms of continued evolution of effective home host relationships it is recommended that OSFI ensures that it considers the potential needs in a crisis of supervisors in jurisdictions where the Canadian company is material and anticipates these as far as possible. |
B. Prudential Regulations and Requirements
| Principle 14 | Corporate governance. The supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organizational structure, control environment, responsibilities of the banks’ Boards and senior management,20 and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor establish the responsibilities of a bank’s Board and senior management with respect to corporate governance to ensure there is effective control over the bank’s entire business. The supervisor provides guidance to banks and banking groups on expectations for sound corporate governance. |
| Description and findings re EC1 | Legislative requirements are outlined in Part VI – Corporate Governance of the Bank Act. Duties of the board are set out in the Bank Act and in OSFI’s Corporate Governance Guideline. Among other things, directors must manage the affairs of the bank, establish an audit committee and a conduct review committee and procedures for conflicts of interest, complaints and disclosure. The Bank Act also sets out the duties of the required committees. Subsection 194(3) outlines the duties of the Audit Committee. Subsection 195(3) outlines the duties of the Conduct Review Committee. OSFI’s Corporate Governance Guideline (originally issued in 2003) covers comprehensively OSFI’s expectations for the responsibilities of a bank’s board. The Guideline was revised in 2013 to include more formalized, explicit and detailed requirements in the areas of governance, risk management and compensation, among others. The Guideline also covers specific expectations for matters subject to board approval, including, for example, the risk appetite and internal control framework, succession planning and CEO performance review. The Guideline is supported by internal (non-public) assessment criteria for supervisors to use in evaluating boards and senior management. OSFI indicated that there was extensive consultation with the banks prior to finalizing the Guideline as well as outreach with instructions (including through OSFI’s Corporate Governance Division) once the Guideline was issued to ensure banks understood OSFI’s expectations. Banks generally concurred that consultation on new Guidelines was extensive and they had a good understanding of the requirements. |
| EC2 | The supervisor regularly assesses a bank’s corporate governance policies and practices, and their implementation, and determines that the bank has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. The supervisor requires banks and banking groups to correct deficiencies in a timely manner. |
| Description and findings re EC2 | OSFI has been conducting regular and comprehensive on-site and off-site reviews of corporate governance. In 2011, OSFI conducted detailed reviews of risk management and corporate governance at the large Canadian banks. The results of this review were used as input into the revised Corporate Governance Guideline. Interim supervisory letters with feedback were also sent to each bank. The associated bank actions are tracked via the follow-up document (FUD) process. OSFI established a Corporate Governance Division in 2010 in the Supervision Support area to provide technical expertise in corporate governance and enterprise risk management. Although ongoing supervision is conducted by the relationship management teams, the Corporate Governance Division act as a center of expertise and is consulted on applying the Guideline and assessing appropriate expectations, for example for smaller or more specialized institutions. The Corporate Governance Division tracks interpretations and reviews risk matrices for large banks. This helps ensure consistency of approach, particularly where institutions are permitted to adopt alternative approaches. As part of its quarterly monitoring for large banks, OSFI will:
|
| EC3 | The supervisor determines that governance structures and processes for nominating and appointing Board members are appropriate for the bank and across the banking group. Board membership includes experienced non-executive members, where appropriate. Commensurate with the risk profile and systemic importance, Board structures include audit, risk oversight and remuneration committees with experienced non-executive members. |
| Description and findings re EC3 | OSFI’s Corporate Governance Guideline sets out expectations with respect to board member skills and competencies and the process for succession planning for new board members. An internal supervisory assessment guide covers director qualifications, independence and other factors. The Guideline requires banks to notify OSFI of any potential changes to board composition. As set out in the Guideline, OSFI expects the board to be independent from senior management. The CEO and board chair must be separate but otherwise OSFI does not impose specific prescriptive independence requirements. The risk committee must be comprised of non-executive directors, including the chair. In practice for the larger, more complex banks, the boards are comprised of independent directors except for the president and CEO. OSFI’s Board of Directors Assessment Criteria also outline the elements that supervisors will consider when looking at board composition. The Bank Act also contains certain requirements for director independence. No more than two thirds of directors can be ‘affiliated’ with the bank, where OSFI has discretion to determine whether an individual is ‘affiliated’. This limitation does not apply where the bank is owned by another federally regulated financial institution. No more than 15 percent of directors may be employees of the bank or up to four for a board of seven directors. The audit committee must have a majority of independent directors. Subsection 157(2) of the Bank Act requires the establishment of an audit committee and Conduct Review Committee. For listed companies, provincial securities laws require the board to have a majority of independent directors and an independent chair, adopt fit and proper requirements and conduct board assessments. The independence requirements do not apply to subsidiaries. The 2011 cross-system review of corporate governance conducted by OSFI included peer comparisons and discussions with bank chairs on topics such as succession planning and director skills. The processes used by the large banks to monitor and track the skill sets of the boards were reviewed and compared, including competency matrices where available. Discussions were held with the board chairs that included succession planning given, for example, director retirements. As well a comparison was undertaken of skill sets against the proposed expectations to identify potential gaps. This was included for internal purposes and reported to the OSFI Executive. |
| EC4 | Board members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty”.21 |
| Description and findings re EC 4 | The Bank Act includes a duty of care provision which explicitly requires directors to act in the best interests of the bank and to exercise the care, diligence and skill of a reasonably prudent person. OSFI’s Corporate Governance Guideline and ongoing supervision activities as described under EC3 above appear appropriate to evaluate the qualifications and effectiveness of board members. OSFI does not approve directors prior to appointment, although it may informally encourage banks to address competency or compositional deficiencies on their board. |
| EC5 | The supervisor determines that the bank’s Board approves and oversees implementation of the bank’s strategic direction, risk appetite22 and strategy, and related policies, establishes and communicates corporate culture and values (e.g., through a code of conduct), and establishes conflicts of interest policies and a strong control environment. |
| Description and findings re EC5 | OSFI’s Corporate Governance Guideline addresses the requirements for the board to oversee the bank’s strategy, risk appetite, policies and controls. The Bank Act requires a bank to implement a conflicts of interest policy. These requirements are enforced through ongoing supervisory activity, including review by supervisors of board policies, risk appetite statements and other control framework documentation on a periodic basis, and providing feedback to banks on these documents. Supervisors review the implementation of these policies and framework documents in the context of particular business line or risk reviews. During the cross-system review of corporate governance in 2011, supervisors discussed with directors their processes for developing the risk appetite framework, strategic planning processes, related monitoring and information provided to the board. OSFI supervisors and management meet at least annually with the full board which provides an opportunity to discuss strategy. For large banks supervisors meet throughout the year with individual committee chairs. OSFI supervisors indicated that they are increasingly attuned to risk culture differences across banks. |
| EC6 | The supervisor determines that the bank’s Board, except where required otherwise by laws or regulations, has established fit and proper standards in selecting senior management, maintains plans for succession, and actively and critically oversees senior management’s execution of Board strategies, including monitoring senior management’s performance against standards established for them. |
| Description and findings re EC6 | OSFI’s Guideline on Background Checks on Directors and Senior Management requires banks to implement a policy to effectively ensure fit and proper standards for directors and senior management. Other than at the time of licensing, OSFI does not generally conduct its own background checks on officers, but relies on the bank to enforce its own policy. The Corporate Governance Guideline addresses succession planning and performance and requires the board to consider succession plans for the Board, CEO and other members of senior management. Succession planning and monitoring of management against board approved plans and objectives were areas covered during OSFI’s 2011 cross-system corporate governance review. |
| EC7 | The supervisor determines that the bank’s Board actively oversees the design and operation of the bank’s and banking group’s compensation system, and that it has appropriate incentives, which are aligned with prudent risk taking. The compensation system, and related performance standards, are consistent with long-term objectives and financial soundness of the bank and is rectified if there are deficiencies. |
| Description and findings re EC7 | OSFI’s Corporate Governance Guideline requires the board to set an appropriate compensation policy consistent with the Financial Stability Board (FSB) Principles for Sound Compensation Practices. In 2009, OSFI notified all banks by letter of the expectation to comply with the FSB principles and the associated implementation principles. In 2009–10, OSFI conducted a cross-system review of compensation practices among the six largest banks. This included review of performance scorecards for key roles such as CEO and CRO. Internal analysis was prepared comparing and contrasting practices across these banks. Recommendations were issued to banks regarding deficiencies as a result and supervisors regularly track progress. Annual reviews have been conducted by supervisors since then. Assessors’ review of individual Significant Activity review finding letters provided evidence that supervisors are also reviewing compensation practices within business lines and their considering their impact on business risk taking. |
| EC8 | The supervisor determines that the bank’s Board and senior management know and understand the bank’s and banking group’s operational structure and its risks, including those arising from the use of structures that impede transparency (e.g., special-purpose or related structures). The supervisor determines that risks are effectively managed and mitigated, where appropriate. |
| Description and findings re EC8 | OSFI’s Corporate Governance Guideline sets out expectations for the board and senior management oversight of the business, including organisational structure and subsidiaries Supervisors meet regularly with directors and the full board and have the opportunity to discuss any changes to organizational structures or structures of potential concern and ensure they are understood by the board. Supervisors maintain a good understanding of each bank’s operational structure through the quarterly monitoring process, where banks flag any potential material changes to the operational or legal structure. The quarterly risk assessment document prepared for each bank includes an outline of the corporate structure in an Annex. This has been extensively enhanced through the recovery and resolution planning process, which has involved ongoing dialogue with banks about corporate structure. Assessors saw evidence of the focus on structural risk through the analysis and feedback on recovery plans. The more problematic complex securitization structures that were heavily affected during the financial crisis have been wound back, and for banks with run-off portfolios held since the crisis, OSFI continues to monitor their wind-down. OSFI’s Credit Risk Division regularly reviews securitization and structured credit activities of large banks as part of its on-site reviews at the large banks, including oversight by the bank’s senior management and where appropriate, boards. |
| EC9 | The supervisor has the power to require changes in the composition of the bank’s Board if it believes that any individuals are not fulfilling their duties related to the satisfaction of these criteria. |
| Description and findings re EC9 | The Bank Act gives OSFI authority to remove a person from office as a director if the Superintendent is of the opinion that the person is not suitable to hold that office. In practice, this authority has never been exercised, although supervisors noted instances where they have worked with banks to achieve changes in the composition of board over time or commented on its make-up or expertise where improvements were considered necessary. |
| Additional criteria | |
| AC1 | Laws, regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material and bona fide information that may negatively affect the fitness and propriety of a bank’s Board member or a member of the senior management. |
| Description and findings re AC1 | OSFI’s Corporate Governance Guideline states that banks should notify OSFI of any potential changes to the membership of the board and senior management, and any circumstances that may adversely affect their suitability. For certain matters it is not uncommon for the board chair, or chair of the relevant committee to contact OSFI Executive directly. Discussions with supervisors and banks indicated that banks are fully aware of the need to promptly report any matters of significance to OSFI. |
| Assessment of Principle 14 | Compliant |
| Comments | OSFI has a comprehensive program for supervision of corporate governance at large and smaller banks. Notable features of the approach include very regular contact with directors on both a formal and informal level, and a centralized unit responsible for corporate governance supervision. |
| Principle 15 | Risk management process. The supervisor determines that banks23 have a comprehensive risk management process (including effective Board and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate24 all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.25 |
| Essential criteria | |
| EC1 | The supervisor determines that banks have appropriate risk management strategies that have been approved by the banks’ Boards and that the Boards set a suitable risk appetite to define the level of risk the banks are willing to assume or tolerate. The supervisor also determines that the Board ensures that:
|
| Description and findings re EC1 | As discussed under CP 8 and CP9, OSFI supervisors assess the quality of risk management using detailed criteria for each identified control function and OSFI’s Corporate Governance Guideline and associated assessment criteria. The Guideline and assessment criteria are designed to ensure that banks establish and maintain a sound risk management culture. OSFI’s supervisory Guidelines and practices address risk management strategy, governance and risk appetite and their implementation. Assessors observed broad coverage of banks’ risk management governance through OSFI’s ongoing monitoring process and periodic business line and risk function reviews conducted by appropriately staffed specialist risk functions within OSFI. The quality of risk management is typically assessed through supervisory reviews of a bank’s Significant Activities. The supervisory reviews of risk management of a bank include assessing the characteristics (mandate, organization structure, policies and procedures, etc.) and performance (how well does the function carry out its mandate and responsibilities). As discussed under CP 14, the Corporate Governance Division has conducted specific reviews of enterprise-wide risk governance at the large banks that have addressed these areas. The scope of risk governance reviews conducted at large banks typically includes areas of focus such as risk committee structures, the risk framework itself, risk appetite, mandate and independence of the risk control functions, reporting and infrastructure. Supervisors make recommendations for improvements in risk governance and implementation and follow up to ensure they are implemented over time. Several banks noted OSFI’s focus on risk culture, which has in some cases prompted them to conduct external assessments of staff risk awareness. |
| EC2 | The supervisor requires banks to have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. The supervisor has an effective process to determines that these processes are adequate or take appropriate corrective action:
|
| Description and findings re EC2 | OSFI’s Corporate Governance Guideline and the criteria used by supervisors for assessing the quality of risk management explicitly require banks to take an enterprise-wide view of risk. In addition to the risk governance reviews, supervisors regularly review each bank’s key risk framework and risk policy documents. OSFI maintains comprehensive internal assessment guides and training programs for supervisors on how to conduct risk management assessments. For the large banks, Supervisors review risk committee agendas and papers, reports from the CRO to the board and other internal bank risk reports on a regular basis to ensure that risk measurement and monitoring processes are operating effectively and that risks arising from the external environment are incorporated into the risk management process. Processes to benchmark banks against peers (including cross-system reviews) and recommend mitigating actions where needed help to ensure that risk processes are appropriate for the risk profile and systemic importance of the bank. In particular, cross-system reviews in a range of risk areas are regularly used to allow comparison of risk management practices across peer groups. Assessors saw strong evidence of regular risk management governance reviews, at a corporate level and through individual business lines (such as capital markets, retail lending) and processes (such as technology). |
| EC3 | The supervisor determines that risk management strategies, policies, processes and limits are:
|
| Description and findings re EC3 | As noted under EC1 and EC2, there is a comprehensive program including guidance and supervision practices for assessment of risk management policies, strategies and processes in place. Assessors saw evidence that supervisors request and assess the bank’s risk framework documentation and evidence of the review and communication of risk management frameworks as part of ongoing supervision. Review of implementation is performed through more in-depth, on-site significant activity reviews. Across all banks, OSFI supervisors have made a clear emphasis on risk appetite definition and monitoring of the risk profile against the bank’s appetite and policies. Assessors saw evidence of regular review of board-approved risk appetite statements, and supervisors’ recommendations to ensure these are translated into risk tolerances and appropriate risk limits for individual businesses within each bank. Review of exceptions against policies and limits in areas such as credit and market risk is a routine part of ongoing monitoring and significant activity reviews. |
| EC4 | The supervisor determines that the bank’s Board and senior management obtain sufficient information on, and understand, the nature and level of risk being taken by the bank and how this risk relates to adequate levels of capital and liquidity. The supervisor also determines that the Board and senior management regularly review and understand the implications and limitations (including the risk measurement uncertainties) of the risk management information that they receive. |
| Description and findings re EC4 | OSFI has adopted an approach of very regular meetings (as often as quarterly) with large bank directors, including the chairs of the risk committee. Although informal, meetings typically include a standing set of agenda items. Risk reporting packages may be discussed to ensure directors understand information being provided to them. Risk governance reviews and significant activity reviews typically include an assessment of information that is reported to the board. Assessors saw evidence that supervisors may also meet with directors in the course of specific significant activity reviews help to reinforce OSFI’s expectation that directors receive sufficient information to understand and manage the bank’s risks. |
| EC5 | The supervisor determines that banks have an appropriate internal process for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile. The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy assessments and strategies. |
| Description and findings re EC5 | Supervisors regularly assess bank’s internal processes for assessing capital and liquidity risk appetite and sufficiency. OSFI has issued an ICAAP Guideline and Liquidity Principles Guideline that follow BCBS standards and sound practice guidance. These are supported by specific internal supervisory guides and/or templates used by OSFI supervisors for assessing these areas. Each quarter, supervisors reconcile each bank’s capital against internal targets, which are required to cover Pillar 2 risks, buffers and forthcoming regulatory changes. In addition, Supervisors perform and document an annual ICAAP review. Different aspects of the ICAAPs are reviewed each year and bank practices are benchmarked against peers. Discussions with banks and review of relevant documentation indicate ICAAP process is well internalized and used within the banks and well integrated with capital planning, stress testing and risk appetite processes. OSFI expects banks to incorporate risk appetite and risk profile measures into stress testing and capital and liquidity management processes. Discussions with banks suggested that this approach is quite robust within the largest banks. |
| EC6 | Where banks use models to measure components of risk, the supervisor determines that:
|
| Description and findings re EC6 | OSFI has issued several guidelines and advisories consistent with Basel Committee requirements detailing expectations for the use of models by banks. These guidelines also address expectations in respect of the corporate governance of model use by the bank, for example the adequacy of the board and senior management understanding of the models and their outputs. Included requirements for regular and independent validation and testing of the bank’s models. OSFI expects banks to apply these to all models, not only those used for capital requirement modeling. As discussed under BCP 16, OSFI has a well documented and rigorous internal process for model validation and approval, including a standing committee which meets quarterly to review and approve models before use and a modeling unit with appropriate quantitative expertise. A separate division (Risk Measurement and Analytics Assessment Services - RMAAS) within OSFI’s Supervision Sector staffed with appropriately qualified staff carries out the assessments. In addition, credit, market and operational risk specialists also review and assess other risk models that do not require regulatory approval (e.g., are used to operate businesses) as a part of their review work. RMAAS regularly reviews model performance metrics for reasonableness and receives updates from the banks on model changes and performance. Detailed reviews are conducted to ensure banks comply with standards on model use and perform regular independent validation and testing. |
| EC7 | The supervisor determines that banks have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types, products and counterparties. The supervisor also determines that these reports reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely basis to the bank’s Board and senior management in a form suitable for their use. |
| Description and findings re EC7 | Risk reporting and assessing the quality of risk data is a component of nearly all supervisory reviews. Because reporting of various risk measures is key to many of OSFI’s ongoing monitoring activities, significant attention is spent on the accuracy of the reporting and systems producing the reporting. In 2011, OSFI conducted a review that focused on the risk management reporting capabilities of the six largest Canadian banks. The primary objective of this review was to understand the banks’ abilities to aggregate risk data, produce enterprise-wide level reports and integrate such reports in its management activities. An additional objective was to signal to the banks that the risk MIS reporting expectations are being raised. OSFI is in the process of requesting that banks conduct self assessments against the BCBS Principles for Effective Risk Data Aggregation and Risk Reporting issued in January 2013. OSFI also assesses the adequacy of bank information systems under normal and stressed circumstances using the bank’s Resolution and Recovery Plan. |
| EC8 | The supervisor determines that banks have adequate policies and processes to ensure that the banks’ Boards and senior management understand the risks inherent in new products,26 material modifications to existing products, and major management initiatives (such as changes in systems, processes, business model and major acquisitions). The supervisor determines that the Boards and senior management are able to monitor and manage these risks on an ongoing basis. The supervisor also determines that the bank’s policies and processes require the undertaking of any major activities of this nature to be approved by their Board or a specific committee of the Board. |
| Description and findings re EC8 | OSFI’s Corporate Governance Guideline sets out the expectations for risk oversight by banks’ boards and senior management. OSFI monitors board engagement in and oversight of new products through the quarterly monitoring process and specific on-site reviews of significant activities. Supervisors are kept apprised of new products and potential new products, acquisitions or systems changes. Supervisors indicated that they often request the risk and board reporting for any new product or project that might pose supervisory concern and review them for completeness of the risk assessment that was provided to the board. Banks confirmed that they are proactive in keeping OSFI informed of any new products changes within the business. OSFI’s operational risk specialists also regularly perform reviews of the new product approval process, as well as reviewing its implementation in practice on particular business line reviews. |
| EC9 | The supervisor determines that banks have risk management functions covering all material risks with sufficient resources, independence, authority and access to the banks’ Boards to perform their duties effectively. The supervisor determines that their duties are clearly segregated from risk-taking functions in the bank and that they report on risk exposures directly to the Board and senior management. The supervisor also determines that the risk management function is subject to regular review by the internal audit function. |
| Description and findings re EC9 | The Corporate Governance Guideline and the assessment criteria for each risk management oversight function have specific criteria regarding the sufficiency of resources and the adequacy of independence, authority and direct reporting and access to the board. There are specific guides and section note templates that assist supervisors in their assessment of a bank’s oversight functions. These tools are aligned with the assessment criteria for the oversight functions. OSFI assesses the segregation of the duties of the oversight functions from the risk taking activities of the bank on an on-going basis, and particularly during on-site reviews of particular significant activities (or business lines). OSFI also expects that the oversight functions are reviewed by the bank’s internal audit on a regular basis through review of audit plans and reports. Supervisors cover the role and performance of internal audit and its oversight of risk functions within the scope of all business line reviews. OSFI expects banks to observe good risk management practices in terms of the independence of risk functions and reporting, which typically involves the ‘3 lines of defense’ model. This does not mean that risk-taking functions are not accountable for risk management, however, a point made by a number of banks. |
| EC10 | The supervisor requires larger and more complex banks to have a dedicated risk management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO of a bank is removed from his/her position for any reason, this should be done with the prior approval of the Board and generally should be disclosed publicly. The bank should also discuss the reasons for such removal with its supervisor. |
| Description and findings re EC10 | OSFI’s Corporate Governance Guideline includes specific requirements regarding the establishment of dedicated risk management functions and the board’s role in the appointment and review of the CRO. All large, conglomerate and more complex banks in Canada have dedicated risk management functions overseen by a Chief Risk Officer. The CRO is a critical contact point for OSFI and supervisors have very regular contact with bank CROs. While OSFI has not taken a strict approach to requiring dedicated risk management functions at smaller banks, OSFI would recommend the establishment if supervisors concluded that risks were not being adequately controlled and overseen. OSFI’s Corporate Governance Guideline places the obligation on the board to approve any major changes to the risk management framework or implementation, which would be expected to include the change of CRO. The Guideline also requires notification to OSFI of any potential changes to senior management. Given that OSFI’s approach emphasizes very frequent ongoing communication with the board, CEO and CRO, it is highly likely that OSFI would be aware of any potential dismissal of a CRO and would have the opportunity to discuss the reasons for dismissal. |
| EC11 | The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk, interest rate risk in the banking book and operational risk. |
| Description and findings re EC11 | OSFI has issued relatively comprehensive Guidelines for some risk areas, including structural interest rate risk, outsourcing and liquidity risk. OSFI has issued targeted guidance on topics such as outsourcing, derivatives, pledging of assets, impairment and residential mortgage underwriting. In some cases, OSFI has issued Advisories notifying banks of the need to adopt new BCBS guidance, including for example sound practices for operational risk and Pillar 3 requirements. Credit risk guidance is contained primarily in the Capital Adequacy Requirements Guideline and to some extent in the ICAAP guidance. These Guidelines do not apply to foreign bank branches. OSFI has not issued specific guidance on country risks or concentration risk management. General Market Risk management guidance is also contained within the Capital Adequacy Requirements Guideline, which only applies to banks with a significant trading book; this is not an unusual international practice however given that most small banks do not face material market risk. General operational risk guidance is also contained in the CAR Guideline following BCBS standards. In addition, as noted above, OSFI has issued an advisory encouraging banks to adhere to BCBS Sound Practices for Operational Risk Management. |
| EC12 | The supervisor requires banks to have appropriate contingency arrangements, as an integral part of their risk management process, to address risks that may materialize and actions to be taken in stress conditions (including those that will pose a serious risk to their viability). If warranted by its risk profile and systemic importance, the contingency arrangements include robust and credible recovery plans that take into account the specific circumstances of the bank. The supervisor, working with resolution authorities as appropriate, assesses the adequacy of banks’ contingency arrangements in the light of their risk profile and systemic importance (including reviewing any recovery plans) and their likely feasibility during periods of stress. The supervisor seeks improvements if deficiencies are identified. |
| Description and findings re EC12 | OSFI expects banks to have comprehensive contingency plans in areas such as liquidity management, capital and operational (business continuity) risk. In addition, OSFI expects banks to develop contingency plans for potential crisis management situations, such as Eurozone scenarios where OSFI has done a significant amount of analysis with the large banks. OSFI reviews bank contingency planning in these areas, conducts benchmarking and provides feedback to banks. As discussed further in CP8, large banks have been required to submit annual recovery plans for the last four years. OSFI has undertaken comparative assessments and provided feedback to banks on their plans. In addition, OSFI facilitated discussions of the Plans with the Canada Deposit Insurance Corporation, Bank of Canada, Department of Finance, and US and UK regulatory authorities. The banks were provided with feedback on OSFI’s assessment of the recovery plan and advised on further work that is being planned. The letter contained key industry observations and associated OSFI recommendations as well as bank-specific recommendations to close identified gaps. OSFI is in the process of rolling out recovery planning to smaller banks in a risk-focused manner. |
| EC13 | The supervisor requires banks to have forward-looking stress testing programs, commensurate with their risk profile and systemic importance, as an integral part of their risk management process. The supervisor regularly assesses a bank’s stress testing programme and determines that it captures material sources of risk and adopts plausible adverse scenarios. The supervisor also determines that the bank integrates the results into its decision-making, risk management processes (including contingency arrangements) and the assessment of its capital and liquidity levels. Where appropriate, the scope of the supervisor’s assessment includes the extent to which the stress testing programme:
|
| Description and findings re EC13 | OSFI has issued a Stress Testing Guideline and its stress testing supervision program appears quite mature. OSFI requires banks to perform prescribed industry-level stress tests on a regular basis. Banks also conduct their own stress tests on current and emerging risks, which are reviewed by supervisors. The results of stress testing are required to be included in the bank’s risk management processes. Banks have been required to demonstrate implementation of the Stress Testing Guideline through their ICAAP submissions, modeling reviews and the industry-wide stress tests conducted by OSFI with the banks. This was confirmed from discussions with banks, which have integrated stress testing within their own risk and capital processes. In 2011 and 2012, OSFI assessed the use of stress testing by large Canadian banks as required by the Stress Testing Guideline. The objective was to assess the extent to which stress testing is embedded in the bank’s enterprise-wide management framework, including capital and liquidity management, and strategic planning. OSFI’s review included assessing whether the stress testing feeds into the bank’s decision-making process, including setting its risk appetite, setting exposure limits, and evaluating strategic choices in the longer-term business planning. Recommendations were made and follow-up work will continue through 2013. |
| EC14 | The supervisor assesses whether banks appropriately account for risks (including liquidity impacts) in their internal pricing, performance measurement and new product approval process for all significant business activities. |
| Description and findings re EC14 | OSFI expects banks to have rigorous new product approval processes and this is regularly reviewed through on-site and off-site supervision activity. Supervisors indicated that banks often discuss any significant new products with their supervisors prior to introducing them. Supervisors regularly request new product approval documentation to ensure risks have been appropriately identified and assessment performed against risk appetite. Risk governance and operational risk management reviews also commonly include new product approval governance, policies and practices at a bank-wide level. The scope of significant business line reviews may where appropriate include consideration of compensation and performance reporting. Supervisors have reviewed the performance metrics for bank staff in particular business lines to determine if these may give incentives for excessive risk taking. |
| Additional criteria | |
| AC1 | The supervisor requires banks to have appropriate policies and processes for assessing other material risks not directly addressed in the subsequent Principles, such as reputational and strategic risks. |
| Description and findings re AC1 | OSFI’s general approach to risk management assessment covers all material risks. Assessors saw evidence in ICAAP feedback letters of supervisory recommendations regarding risk coverage. It was noted in discussions with banks that OSFI expects banks to consider, for example, strategies for reputational risks. |
| Assessment of Principle 15 | Largely Compliant |
| Comments | OSFI’s practical implementation of risk management supervision is of a very high standard in terms of scope, depth and quality of analysis. Supervisors have a rigorous process for assessing and rating inherent risk and the quality of risk management and acting on any deficiencies. Specialist teams play an integral part in providing risk-based review and peer comparison. OSFI operates at a relatively principles-based level and does not tend to issue extensive, detailed risk management guidance. OSFI has issued overarching guidance regarding risk governance within the Corporate Governance Guideline, which includes reference to oversight. While this approach allows for a more flexible and potentially responsive to differing institutions and risks, OSFI could usefully provide a more comprehensive and consistent set of written guidance as to its expectations across all risk areas. The existing set of standards dealing with risk management is characterized by somewhat inconsistent format and application (guidelines vs. advisories), does not comprehensively cover all risk areas (credit risk, operational risk, problem asset management, concentrations and country risk) or limited in application (market risk). As a world-leading regulator it would be expected that OSFI would make available to banks a comprehensive suite of risk management standards, even if at a relatively high level or based largely on BCBS guidance. |
| Principle 16 | Capital adequacy.27 The supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards. |
| Essential criteria | |
| EC 1 | Laws, regulations or the supervisor require banks to calculate and consistently observe prescribed capital requirements, including thresholds by reference to which a bank might be subject to supervisory action. Laws, regulations or the supervisor define the qualifying components of capital, ensuring that emphasis is given to those elements of capital permanently available to absorb losses on a going concern basis. |
| Description and findings re EC1 | Subsection 485(1) of the Bank Act requires banks to maintain adequate capital and liquidity. The Bank Act provides that Superintendent may make guidelines on the maintenance of adequate capital. Even when a bank complies with formal requirements, the Superintendent may order the bank to increase its capital, and the bank must comply within a time specified by the Superintendent. Section 949 of the Bank Act imposes similar requirements on bank holding companies. OSFI’s capital adequacy requirements are contained in its Capital Adequacy Requirements (CAR) Guideline, which covers the provisions of Basel II, 2.5 and III. OSFI has adopted the Basel II/III wording to a very significant extent. There are no obvious departures from Basel requirements. Note that this assessment did not include a detailed review of capital requirements against BCBS standards. OSFI’s Basel III capital requirements became effective at the international starting date of 1 January 2013. In addition, OSFI has indicated its expectation that all banks meet the fully phased-in capital ratios, including the capital conservation buffer, effective at the start of 2013 rather than over the BCBS timeline that extends out to 2019. OSFI has not accelerated the implementation of CVA capital in recognition of the potential market impacts from imposing this requirement ahead of the international community. Non-complying capital instruments will be phased out over the BCBS transitional period. Further, OSFI expects all institutions to attain “all-in” target capital ratios of 8.5 percent for total tier 1 and 10.5 percent for total capital by the first quarter of 2014. These expectations are set out in the CAR Guideline. A feature of the Canadian capital regime is the application of both a risk-based ratio and a leverage ratio. Some banks indicated that this requirement is an important factor constraining leverage at Canadian banks. OSFI’s assets to capital multiple (ACM) test applies to all banks and is calculated by dividing the institution’s total assets, including specified off-balance sheet items, by total capital. All items that are deducted from capital are excluded from total assets. Under this test, total assets must be no greater than 20 times capital, although this multiple can be exceeded with the Superintendent’s prior approval to an amount no greater than 23 times. Alternatively, the Superintendent may prescribe a lower multiple. In setting the assets to capital multiple for individual institutions, the Superintendent will consider such factors as operating and management experience, strength of parent, earnings, diversification of assets, type of assets and appetite for risk. Supervisors assess capital each quarter against the bank’s target capital level. Annually, supervisors complete a detailed Capital Section Note which provides a comprehensive assessment of capital including an overall capital strength rating. A breach of either the risk-based or ACM would be considered very seriously by supervisors. Failure to manage capital to these limits would trigger supervisory intervention consistent with the OSFI Guide to Intervention. Supervisory action will be taken proportional to the shortfall and circumstances that caused the shortfall and may include a range of actions, including restrictions on distributions and submission of a capital plan. |
| EC2 | At least for internationally active banks,28 the definition of capital, the risk coverage, the method of calculation and thresholds for the prescribed requirements are not lower than those established in the applicable Basel standards. |
| Description and findings re EC2 | OSFI has adopted BCBS standards for capital adequacy covering credit, market and operational risk. OSFI has adopted a significant portion of the Basel wording for most aspect of its CAR guidance and there are no material deviations from the BCBS standards evident in terms of risk coverage or prescribed requirements. The CAR includes comprehensive cross references to BCBS paragraphs which aids in the transparency of its requirements. However, a detailed review of all aspects of the CAR against BCBS requirements was not within the scope of this review. OSFI has fully implemented the Basel III requirements for definition of capital for new capital instruments. The BCBS rules permit national discretion in respect of requiring contingent capital instruments to be written off or converted to common stock upon a trigger event. OSFI has determined that conversion is more consistent with traditional insolvency consequences and reorganization norms and better respects the legitimate expectations of all stakeholders. One technical matter relating to definition of capital is that OSFI’s CAR Guideline includes a longstanding Canadian provision to allow ‘purchase for cancellation’ of any Tier 1 or Tier 2 instrument at any time subject to OSFI approval. OSFI consulted with BCBS secretariat, which did not have concerns about this provision; however, there is no BCBS FAQ available that would formally clarify this position. The provision could be viewed as inconsistent with the Basel III prohibition on incentives to redeem or calls within the first five years of an Additional Tier 1 or Tier 2 capital instrument. There have been only a small number of approvals under this provision in recent years. |
| EC3 | The supervisor has the power to impose a specific capital charge and/or limits on all material risk exposures, if warranted, including in respect of risks that the supervisor considers not to have been adequately transferred or mitigated through transactions (e.g., securitization transactions)29 entered into by the bank. Both on-balance sheet and off-balance sheet risks are included in the calculation of prescribed capital requirements. |
| Description and findings re EC3 | OSFI has authority to issues orders to a bank to raise capital and can issue directions on most aspects of a bank’s activities, including limiting risk exposures. However, this legal authority is rarely if ever used. Instead, OSFI focuses on banks’ internal targets and limits in most cases. Under the CAR Guideline, supervisors have discretion to impose higher capital requirements on a particular bank. Supervisors indicated this is generally done through review of banks’ internal capital targets and adjustments to ICAAPs rather than an adjustment to risk-weighted assets or the required capital ratio. However, in some instances it was observed that supervisors have set an explicit higher regulatory capital ratio requirement for particular higher risk banks or a lower ACM. Additional capital requirements have been imposed due to model deficiencies. According to the CAR Guideline, the ACM requirement for each bank is privately communicated that reflects an OSFI view of the individual bank. Assessors observed instances of a lower ACM multiple being applied to institutions with heightened risks or poor risk management. Guidance on conducting the Internal Capital Adequacy Assessment Process (ICAAP) requires banks to consider all material risks including those not covered under Pillar 1. The guidance requires banks to consider whether minimum regulatory capital requirements fully capture risks, especially when business has been securitized and the risk transfer assumed in the securitization framework may not be complete. |
| EC4 | The prescribed capital requirements reflect the risk profile and systemic importance of banks30 in the context of the markets and macroeconomic conditions in which they operate and constrain the build-up of leverage in banks and the banking sector. Laws and regulations in a particular jurisdiction may set higher overall capital adequacy standards than the applicable Basel requirements. |
| Description and findings re EC4 | As discussed under EC3, OSFI’s CAR Guideline indicates that the Superintendent may set higher target capital ratios for individual institutions or groups of institutions where circumstances warrant. As described under EC1, OSFI has recently announced the imposition of a 1 percent capital surcharge by 2016 for the six systemically important domestic banks. OSFI has also accelerated the phased introduction of the Basel III capital requirements. The Basel III framework contemplates the possibility for supervisors to impose a higher capital requirement due to macroeconomic conditions and OSFI has incorporated this provision into it CAR Guideline. Additional capital could be required when aggregate credit growth is judged to be associated with a build-up of material system-wide risk in Canada or in other jurisdictions where an institution has credit exposures. The ACM leverage ratio, which is applied in parallel with the BCBS risk-based measure, serves to constrain banks’ overall leverage. It was noted that this impact has become more pronounced with the implementation of IFRS beginning in fiscal year 2011. OSFI issued guidance indicating that as the accounting rules are the starting point for the ACM, securitization assets which are not derecognized or which are not exempted from consolidation should be included in the calculation of the ACM. This change had materially increased the reported ACM for banks that are active in securitization. For foreign banks, OSFI considers the adequacy of capital through the use of capital equivalency deposits. |
| EC5 | The use of banks’ internal assessments of risk as inputs to the calculation of regulatory capital is approved by the supervisor. If the supervisor approves such use: (a) such assessments adhere to rigorous qualifying standards; (b) any cessation of such use, or any material modification of the bank’s processes and models for producing such internal assessments, are subject to the approval of the supervisor; (c) the supervisor has the capacity to evaluate a bank’s internal assessment process in order to determine that the relevant qualifying standards are met and that the bank’s internal assessments can be relied upon as a reasonable reflection of the risks undertaken; (d) the supervisor has the power to impose conditions on its approvals if the supervisor considers it prudent to do so; and (e) if a bank does not continue to meet the qualifying standards or the conditions imposed by the supervisor on an ongoing basis, the supervisor has the power to revoke its approval. |
| Description and findings re EC5 | Internal models are subject to supervisory review and approval as set out in various OSFI advisories including Approval of Regulatory Capital Models for Deposit-Taking Institutions. OSFI may disallow or defer the use of a model, constrain its use or require modifications. Banks are required to monitor and report the performance of internal models and OSFI may revoke approval to use a model. Before a bank is allowed to use internal models for regulatory capital, OSFI reviews readiness, including data and systems, compliance to the minimum requirements of Basel II and III and their performance in measuring risk. OSFI has approved seven banks for use of internal models for market risk, and 10 banks for use of advanced credit risk models including nine using Advanced IRB (AIRB) and one using Foundation IRB. This includes all of the major Canadian banks and several foreign bank subsidiaries. A number of IRB banks continue to use the standardized approach to credit risk for more than 10 percent of their credit risk weighted assets. It has not been feasible for them to develop IRB models for all portfolios and subsidiaries, particularly in other jurisdictions. One bank has to date been approved for use of Advanced Measurement Approaches (AMA) to operational risk. OSFI has indicated that it expects all of the large banks to make significant progress in 2013 toward AMA approval. Basel II transitional floors are still in effect, generally at 90%. Assessors observed that OSFI has a very rigorous process for approval of new models and modifications to existing approved models. A Capital Models Review Committee meets on quarterly basis to consider detailed analysis on each model approval proposal. A models dashboard provides a snapshot of the status of models. Banks are required to maintain inventories of the models they use for the calculation of regulatory capital as well as logs of all modifications to approved models. This allows OSFI to be aware of changes in their use and to review and take appropriate supervisory action. Banks must submit a self-assessment of compliance and indicate the materiality of the business covered by the model. Banks must also indicate the impact of the model’s use on Pillar 1 capital requirements. OSFI has a specialist division dedicated to risk measurement and analytics assessment that contains staff with experience in model development at financial institutions. This division reviews and follows up with the banks on anomalies in their reports of model performance quarterly. This division is also responsible for the review, analysis and recommendations on applications to implement/modify models to verify that they meet minimum requirements. Conditions are frequently applied to model approvals. Conditions for approval that require further work have deadlines. OSFI supervisors verify compliance with deadlines and that their recommendations for permanent processes are followed. These conditions could include floors or ceiling to inputs or outputs, requirements to perform and report further work. In addition, OSFI has conducted a number of cross-industry IRB model validation reviews over the last two years focusing on specific portfolios such as CRE, residential mortgages and credit card lending. These reviews have uncovered fundamental deficiencies in some banks’ model design as well as instances where model performance has broken down since approval. Examples from recent reviews include CRE models, where some banks are using corporate models and residential mortgage LGD models. OSFI takes comfort from the fact that the overall Basel II transitional capital floors are still in effect, and in some cases where models were particularly inadequate has raised floor levels closer to 100%. OSFI also applies capital penalties where model performance issues are more significant. OSFI’s overall expectation is that there will be no capital relief without improvements in risk measurement and management. |
| EC6 | The supervisor has the power to require banks to adopt a forward-looking approach to capital management (including the conduct of appropriate stress testing).31 The supervisor has the power to require banks:
|
| Description and findings re EC6 | OSFI expects banks to adopt a forward-looking approach to capital management and assesses this on a regular basis. This includes explicit consideration of stress testing, non-Pillar 1 risks and buffers within an institution’s internal capital target. For the larger/IRB institution, it includes an evaluation of economic capital modeling and use. Both the ICAAP and stress testing processes and results comprise part of the framework used by OSFI supervisors to assess the capital adequacy of banks. Supervisors review bank capital quarterly using an ICAAP target calculator. Supervisors have also conducted in-depth reviews of bank’s ICAAP process, including at a cross-system level in 2001. Contingency planning is required to be embedded in the development of realistic capital plans and this is review during the ongoing supervisory process as well as OSFI’s recovery planning work. Capital forecasting in the context of Basel III has been a particular focus in the last two years. As OSFI indicated that it expects banks to meet the Basel III requirements (except for phase-out of non-qualifying instruments and CVA) effective January 2013. Requests for reductions in capital (i.e., capital calls and repurchases) are made through OSFI’sApprovals and Precedents group, which assesses each request on its technical merits and consults with the core supervision team on prudential aspects, including capital planning and forecasts. Contingency planning is required to be embedded in the development of realistic capital plans. OSFI’s ICAAP Guideline explicitly requires banks to factor in the potential difficulties of raising additional capital during downturns or other times of stress. Capital plans are regularly reviewed by supervisors. OSFI has required the large banks to consider capital contingency planning in the context of recovery planning activities. |
| AC1 | For non-internationally active banks, capital requirements, including the definition of capital, the risk coverage, the method of calculation, the scope of application and the capital required, are broadly consistent with the principles of the applicable Basel standards relevant to internationally active banks. |
| Description and findings re AC1 | OSFI’s capital adequacy guidelines apply equally to both large and small banks, although smaller banks normally adopt the standardized approaches to credit and operational risk and are not subject to market risk capital requirements if they do not have a material trading book. In addition, OSFI guidelines on Stress Testing and the ICAAP are applicable with standardized scenarios employed as part of the supervisory review process for less complex institutions. |
| AC2 | The supervisor requires adequate distribution of capital within different entities of a banking group according to the allocation of risks.32 |
| Description and findings re AC2 | OSFI capital guidance requires that capital adequacy be determined at the level of the parent bank on a consolidated and sub-consolidated basis. That is, all banks within a group must meet the capital requirements for themselves and their consolidated subsidiaries. The supervisory review process requires that complex institutions assess their allocation of capital by activities and that capital policies, procedures, authority and resources are monitored across the banking group. In addition, OSFI expects an institution’s capital planning to consider the risks of its foreign operations and also the availability of capital and assets in Canada to protect Canadian depositors. OSFI has issued draft guidance to the large banks (each of which is the head of the banking group) on solo bank capital. Where Canadian banks have substantial regulated subsidiaries, OSFI has required capital adjustments to ensure the solo bank retains sufficient capital to protect depositors even if it is unable to access the capital invested in the subsidiary. |
| Assessment of Principle 16 | Compliant |
| Comments | OSFI takes a proactive and conservative approach to capital adequacy. Supervisors regularly assess banks’ capital management and planning and use stress testing to assess the adequacy of capital on a regular basis. OSFI has fully adopted Basel II and Basel III and has accelerated the timeline for banks to implement the fully phased-in requirements. This approach should help maintain the reputation of Canadian banks as subject to a strong and conservative capital regime. In addition, OSFI has retained its own leverage ratio requirement in addition to the Basel risk-based ratios. Canada has also been one of the first countries to establish its regime for domestically systemically important banks (D-SIBs) consistent with the BCBS standard and to announce that it will impose a 1 percent capital surcharge, effective in 2016. Over time, OSFI may wish to consider whether the surcharge should differentiate across banks according to their risk or systemic importance. Concerns regarding inconsistencies across countries in the internal modeling of capital requirements by banks have emerged as an international concern. OSFI has implemented a rigorous program to review and approve banks’ internal models. Some recent reviews of credit risk IRB modeling across banks in particular lending segments have found deficiencies in complying with OSFI expectations. This situation is not unusual for many countries, but calls into question whether banks had sufficient clarity about OSFI’s expectations. OSFI has significant model validation work underway including follow-up with banks on identified issues. Moreover, OSFI has been careful to communicate an overall message to banks that there will be no capital reductions from modeling without associated improvements in risk measurement and management. However, continued vigilance will be required in this area. It is recommended that OSFI seek a formal BCBS FAQ to be published regarding the permissibility of ‘purchase for cancellation’ under the Basel III definition of capital rules. |
| Principle 17 | Credit risk.33 The supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk34 (including counterparty credit risk)35 on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and investment portfolios. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have appropriate credit risk management processes that provide a comprehensive bank-wide view of credit risk exposures. The supervisor determines that the processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank, take into account market and macroeconomic conditions and result in prudent standards of credit underwriting, evaluation, administration and monitoring. |
| Description and findings re EC1 | Credit risk management is assessed as a fundamental component of the bank’s enterprise-wide Risk Management function. The Risk Management function is assessed through supervisory reviews of a bank’s significant activities. The supervisory reviews of risk management of a bank include both characteristics (mandate, organization structure, policies and procedures, etc.) and performance (how well does the function carry out its mandate and responsibilities). The quality of supervisory assessments is supported by an extensive set of supervisory guides and tools (templates for documentation). The Bank Act and OSFI’s Prudent Person Approach Guideline provide very high level requirements for prudent management of a bank’s lending portfolio. Section 465 of the Bank Act states that the directors of a bank shall establish and the bank shall adhere to investment and lending policies, standards and procedures that a reasonable and prudent person would apply in respect of a portfolio of investments and loans to avoid undue risk of loss and obtain a reasonable return. OSFI’s Corporate Governance Guideline addresses the role of the board and senior management in risk management governance more broadly. OSFI Capital Adequacy Requirements (CAR) Guideline sets out the requirements for bank-wide credit risk management in relation to the risk weighting of credit risk exposures for capital purposes. As they are directed at preconditions for calculating capital requirements, the CAR do not cover all aspects of credit risk management. Moreover, the CAR are not applicable to foreign bank branches. OSFI’s coverage of credit risk management during on-site reviews is frequent and comprehensive for the large banks. OSFI has a team of approximately 20 staff in its credit risk division, including several dedicated to monitoring and surveillance. These staff perform detailed credit risk reviews of significant business lines at the large banks and may also be called on to conduct reviews at smaller banks. Each bank’s inherent credit risk and credit risk management is explicitly rated by supervisors. During the supervisory planning process, credit risk reviews are targeted at businesses where credit risk management concerns have been identified, rapidly growing lending segments, or in areas identified as potential emerging risks by OSFI’s Emerging Risk Committee. These issues are documented in the Risk Assessment Document and the rationale for each planned on-site or off-site credit risk review is documented in the annual supervision plan for each bank, including reasons for deferring review of a particular area. OSFI supervisors use various internal supervisory guides and credit assessment tools in conducting supervisory work regarding credit risk and credit risk management. Significant Activity Reviews of bank’s main lending segments (corporate, CRE, residential, credit cards, HELOCs) are performed typically including credit risk specialists for the large banks. These reviews involve significant on-site file review on a sampled basis. For the large banks, the credit risk specialists replicate the banks’ own internal ratings on a sampled basis. Recommendations are made to adjust ratings or provisions where appropriate. Credit risk reviews of a significant business line would typically assess:
|
| EC2 | The supervisor determines that a bank’s Board approves, and regularly reviews, the credit risk management strategy and significant policies and processes for assuming,36 identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk (including counterparty credit risk and associated potential future exposure) and that these are consistent with the risk appetite set by the Board. The supervisor also determines that senior management implements the credit risk strategy approved by the Board and develops the aforementioned policies and processes. |
| Description and findings re EC2 | OSFI expects boards to approve strategies and significant policies. Supervisors review the board-approved credit policies and the credit risk management framework documentation. On-site reviews of credit risk typically assess whether significant policies, processes and limits are aligned with the board-approved risk appetite. Credit specialists and the relationship management teams will review credit policies and changes to policies and credit information provided to the board on a regular basis and in the context of specific business line reviews. As an example of particular focus on board involvement and risk governance, OSFI is conducting a cross-industry review of risk governance in the retail credit segment, which focuses on risk appetite setting and monitoring. This review has included discussions with directors in the course of the examination to gauge their understanding of the risk governance framework. Credit risk specialists also have expertise in securitisation and other structured credit vehicles and assess the credit risk in the bank’s participation in these structures. Overall the coverage of credit risk governance is comprehensive. |
| EC3 | The supervisor requires, and regularly determines, that such policies and processes establish an appropriate and properly controlled credit risk environment, including:
|
| Description and findings re EC3 | Review of scope and findings documentation for recent large bank on-site reviews of credit risk in significant activities and business lines cover these areas to a large extent. The scope of each credit risk review is agreed between the credit risk specialists and the bank relationship management team based on analysis of key risk areas and risk management concerns that may be evident. Underwriting and approval criteria (including the approval authority), policies, and processes are assessed for appropriateness and effectiveness as part of every credit risk review, including criteria around renewals and refinancing. Also reviewed are adherence to credit policies (underwriting/renewal/refinancing criteria), on-going monitoring activities (including annual reviews of borrowers), with examiners looking for evidence that a borrower continues to demonstrate ability /willingness to repay. File reviews selectively include assessments of documentation, covenant compliance, collateral security and accuracy of risk ratings and provisioning. Credit risk reviews also typically include:
In addition, the quarterly review of board reports provides high level overview of board-level reporting for adequacy. Credit limits, both transactional and concentration, are assessed during credit risk reviews for reasonableness in light of the bank’s risk appetite, profile and capital levels and their communication to the relevant staff. A range of aspects of credit risk management in the residential mortgage segment is specifically addressed in OSFI’s recent Guideline B-20 Residential Mortgage Underwriting Practices and Procedures. This Guideline was issued following recent international guidance and also concerns about practices in the Canadian housing market. |
| EC4 | The supervisor determines that banks have policies and processes to monitor the total indebtedness of entities to which they extend credit and any risk factors that may result in default including significant unhedged foreign exchange risk. |
| Description and findings re EC4 | OSFI expects banks to monitor the total indebtedness of its borrowers through processes such as their regular, annual review of credit files (and associated confirmation of credit needs/capacity), and supervisors assess against this expectation as part of significant activity reviews. OSFI also assesses the ability of banks to aggregate all borrower and connected credit risk exposures across the institution, including FX risk where applicable. During file review, examiners test the ability to aggregate all credit exposure of a borrower, including connected exposures. This applies to all types of credit: retail and wholesale. A standard template is used for the file review process. OSFI has reviewed banks’ ability to aggregate data across borrowers and has requested the large banks perform a self-assessment against the recent BCBS guidance on Risk Data Aggregation. |
| EC5 | The supervisor requires that banks make credit decisions free of conflicts of interest and on an arm’s length basis. |
| Description and findings re EC5 | Under the Bank Act, banks are required to have policies on conflicts of interest and to establish formal reporting and compliance processes with these policies. Part XI – Self-Dealing of the Bank Act establishes rules around related party transactions. OSFI expects that the risk approval function is structurally independent from the lending function, that loan workout is independent from origination, and that limits and exceptions are approved by a function independent of underwriting. |
| EC6 | The supervisor requires that the credit policy prescribes that major credit risk exposures exceeding a certain amount or percentage of the bank’s capital are to be decided by the bank’s Board or senior management. The same applies to credit risk exposures that are especially risky or otherwise not in line with the mainstream of the bank’s activities. |
| Description and findings re EC6 | Credit risk reviews assess credit delegations and whether transactions of a significant size are subject to higher level approvals, including by the board. Supervisors assess the processes for setting borrower limits, including ensuring that all transactions (both on and off-balance sheet) are included and that limits are reviewed regularly. |
| EC7 | The supervisor has full access to information in the credit and investment portfolios and to the bank officers involved in assuming, managing, controlling and reporting on credit risk. |
| Description and findings re EC7 | Sections 628 to 644 of the Bank Act, provide OSFI with full access to credit and investment information and to the bank officers responsible for any aspect of credit risk at the bank. In practice, OSFI supervisors have complete access to data on a bank’s loan portfolio and meets regularly with staff involved in credit risk management as well as during on-site credit risk visits. Supervisors regularly receive and review internal management credit reporting reports such as those showing the largest exposures or significant new loans. Banks also report some credit risk information on their regulatory returns, such as impaired loans and some arrears data, as well as IRB ratings. |
| EC8 | The supervisor requires banks to include their credit risk exposures into their stress testing programmes for risk management purposes. |
| Description and findings re EC8 | OSFI’s Stress Testing Guideline sets out OSFI’s expectations that stress testing is embedded in the enterprise’s risk management program. The guideline articulates that the stress testing program should cover a range of risks including credit risk exposures. OSFI’s ICAAP Guideline sets out OSFI’s expectation with respect to using stress testing to evaluate adequacy of internal capital to mitigate enterprise’s risks such as credit risk exposures. OSFI regularly reviews compliance with these requirements. In 2010, OSFI conducted a cross-system review (consisting of six major banks) to identify gaps in each bank’s self-assessment against OSFI’s expectations detailed in the Stress Testing Guideline. In 2011, OSFI executed a cross-system Stress Test – Use Test review to assess if stress tests were used for capital management, risk management, liquidity management and strategy management. A component on use of stress testing for risk management purposes includes assessing use of stress tests for credit risk management. Relationship Managers, through quarterly monitoring/annual review of minutes, reports, and presentations etc., also become aware of stress testing results. Items required for review and follow up are undertaken depending on the issue. In addition, retail consumer credit was identified as an emerging macro-economic risk and banks were required to complete stress tests on an ad hoc basis. In 2010, OSFI required a Canadian retail debt stress test wherein banks were asked to estimate losses emanating from retail exposures over a two year stressed period. In 2012, the Canadian consumer debt stress test required the banks to estimate credit losses from consumer debt portfolios (i.e., impact to uninsured residential mortgages, home equity lines of credit, credit cards, secured and unsecured personal lines of credit and small business) and insurance claims under an extreme stress scenario prescribed by the supervisor. Discussions with banks indicate they regularly use their stress testing capabilities to assess the impact of potential scenarios (such as a sharp rise in unemployment) on their credit portfolios and report these results to their boards. They feel this process gives them very valuable insights into the performance of their credit portfolios and serves as an input to risk appetite setting. |
| Assessment of Principle 17 | Compliant |
| Comment | OSFI’s credit risk supervision function is effective and forward-looking. Supervisors conduct regular detailed on-site review of banks’ significant and higher risk portfolios; any areas of emerging concern are investigated and action taken on rectification. OSFI and banks make active use of stress testing to evaluate the nature and size of risks in their portfolio. While OSFI has issued guidance on specific credit risk areas such as residential mortgages and valuations, as well as on capital requirements for credit risk, it does not have an overarching credit risk management guideline. Most regulators have issued broad supervisory guidance on credit risk management. As discussed under BCP 15, OSFI should develop comprehensive guidance on credit risk management in line with international standards to ensure its expectations and minimum standards are well understood. |
| Principle 18 | Problem assets, provisions and reserves.37 The supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.38 |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to formulate policies and processes for identifying and managing problem assets. In addition, laws, regulations or the supervisor require regular review by banks of their problem assets (at an individual level or at a portfolio level for assets with homogenous characteristics) and asset classification, provisioning and write-offs. |
| Description and findings re EC1 | OSFI’s on-site reviews of lending businesses always include review and assess the bank’s established policies and procedures around problem recognition and remedial loan management. Banks are expected to perform regular, frequent review of problem loans, and demonstrate appropriate reporting to senior management and the Board. Supervisors regularly review watch lists (for the large banks) and other internal credit risk reporting to ensure problem assets are receiving full attention and visibility. Detailed credit file reviews that are conducted in specific lending businesses assess the effectiveness of the policies in practice, appropriateness of risk ratings and adequacy of provisions. OSFI supervisors will enhance the monitoring of credit portfolios where gross impaired assets exceed acceptable levels. |
| EC2 | The supervisor determines the adequacy of a bank’s policies and processes for grading and classifying its assets and establishing appropriate and robust provisioning levels. The reviews supporting the supervisor’s opinion may be conducted by external experts, with the supervisor reviewing the work of the external experts to determine the adequacy of the bank’s policies and processes |
| Description and findings re EC2 | OSFI has issued guidance on Impairment - Sound Credit Risk Assessment and Valuation of Financial Instruments at Amortized Cost as well as on appropriate collective provisioning levels. Collective Allowances - Sound Credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost. The credit risk review file reviews specifically test the appropriateness of risk ratings, timeliness of downgrades and adequacy of provisions. In some cases credit risk specialists test whether ratings the bank has assigned to particular borrowers can be replicated. Due to concerns that banks may lower collective allowance levels under IFRS, supervisors have been encouraging banks to maintain their collective allowance levels and regularly assesses their adequacy. Any material changes to collective allowance models or the level of collective allowances are reviewed and assessed by OSFI supervisors to ensure they remain prudent. This work is coordinated by OSFI’s quantitative modelling group and may also involve Accounting Policy experts. |
| EC3 | The supervisor determines that the bank’s system for classification and provisioning takes into account off-balance sheet exposures.39 |
| Description and findings re EC3 | Supervisors assess the accuracy of risk ratings and the adequacy of provisions during on-site visits. As part of a credit risk review, banks are required to provide portfolio listings detailing all facilities for a borrower, whether on or off-balance sheet. The accuracy of the portfolio information is tested in the file review, and borrower/facility risk ratings downgraded if necessary. A securitization cross-system review included off-balance sheet securitization vehicles as the primary focus. The Credit Risk Division has 4–5 staff with structured credit expertise and regularly includes securitization in credit risk reviews. |
| EC4 | The supervisor determines that banks have appropriate policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions. |
| Description and findings re EC4 | Supervisors review quarterly data on provisioning levels, comparisons to impairment levels and trends. This information is also reported and monitored at an aggregate level and special analyses have been conducted within OSFI on a cross-industry basis to assess the appropriateness of provisioning levels in the current environment of very low losses. Provisioning policies and procedures are tested at the transactional level through detailed review of selected credit files. The review also includes assessing whether provisions reflect realistic repayment and recovery expectations, and consider market and macroeconomic conditions. |
| EC5 | The supervisor determines that banks have appropriate policies and processes, and organizational resources for the early identification of deteriorating assets, for ongoing oversight of problem assets, and for collecting on past due obligations. For portfolios of credit exposures with homogeneous characteristics, the exposures are classified when payments are contractually in arrears for a minimum number of days (e.g., 30, 60, 90 days). The supervisor tests banks’ treatment of assets with a view to identifying any material circumvention of the classification and provisioning standards (e.g., rescheduling, refinancing or reclassification of loans). |
| Description and findings re EC5 | OSFI’s guidance on Impairment provides expectations with respect to the timing of classification of assets. This includes defining non-performing status according to days past due (generally 90 days or 180 days for credit cards). Requirement for use of IRB approaches for credit risk capital (CAR Guideline) also include the definition of default for capital purposes. OSFI credit risk reviews include assessing the adequacy of policies, procedures and organizational resources for early identification of deteriorating assets, on-going oversight of problem loans and loan workout/collection activities. The file review results provide evidence to support assessment, as well as test the appropriateness of loan classification. Evidence from credit risk reviews indicates that supervisors regularly challenge bank risk ratings and classification processes and criteria. |
| EC6 | The supervisor obtains information on a regular basis, and in relevant detail, or has full access to information concerning the classification of assets and provisioning. The supervisor requires banks to have adequate documentation to support their classification and provisioning levels. |
| Description and findings re EC6 | Supervisors typically receive quarterly information from the bank on asset impairments and provisioning. For large banks, supervisors would regularly receive internal reporting on problem credits or watch listed exposures. For retail portfolios, this includes arrears information. Provisioning documentation for credit risk files is reviewed during on-site credit risk reviews and challenged where necessary. |
| EC7 | The supervisor assesses whether the classification of the assets and the provisioning is adequate for prudential purposes. If asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (e.g., if the supervisor considers existing or anticipated deterioration in asset quality to be of concern or if the provisions do not fully reflect losses expected to be incurred), the supervisor has the power to require the bank to adjust its classifications of individual assets, increase its levels of provisioning, reserves or capital and, if necessary, impose other remedial measures. |
| Description and findings re EC7 | As determined through the detailed file review part of a credit risk review, recommendations for risk rating changes/additional provisions are a normal part of supervisory work. OSFI expects the bank to make the necessary adjustments and advise OSFI of their actions in their response to OSFI’s letter. Any pervasive problems with risk ratings or provisions would be the subject of separate recommendations to the bank to make improvements to their risk rating and/or provisioning policies and procedures. |
| EC8 | The supervisor requires banks to have appropriate mechanisms in place for regularly assessing the value of risk mitigants, including guarantees, credit derivatives and collateral. The valuation of collateral reflects the net realizable value, taking into account prevailing market conditions. |
| Description and findings re EC8 | The effectiveness of these processes is tested in credit file reviews. The OSFI CAR Guideline also includes requirements for valuation, collateral, and use of guarantees and other risk mitigants in the context of credit risk capital requirements. OSFI recently conducted a review of collateral management across a number of banks and made recommendations for improvements in practices. |
| EC9 | Laws, regulations or the supervisor establish criteria for assets to be:
|
| Description and findings re EC9 | OSFI guidance addresses the classification of loans as nonperforming and recognition of income on non-performing loans, specifically Impairment - Sound Credit Risk Assessment and Valuation of Financial Instruments at Amortized Cost; and Collective Allowances—Sound Credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost. Banks are otherwise required to follow accounting standards with respect to the classification of loans as impaired. A bank’s compliance with the above requirements is selectively tested in the file reviews. OSFI supervisors also periodically review auditors’ working papers with respect to review of loan classification. |
| EC10 | The supervisor determines that the bank’s Board obtains timely and appropriate information on the condition of the bank’s asset portfolio, including classification of assets, the level of provisions and reserves and major problem assets. The information includes, at a minimum, summary results of the latest asset review process, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected to be incurred. |
| Description and findings re EC10 | Problem recognition and remedial loan management as well as portfolio analysis and reporting are reviewed during a typical full scope on-site credit risk review. OSFI accordingly looks for banks to provide problem account reporting to senior management and the board of directors, including results of asset reviews, trends in quality, and expectations for further deterioration or losses. |
| EC11 | The supervisor requires that valuation, classification and provisioning, at least for significant exposures, are conducted on an individual item basis. For this purpose, supervisors require banks to set an appropriate threshold for the purpose of identifying significant exposures and to regularly review the level of the threshold. |
| Description and findings re EC11 | OSFI expects that, at a minimum, all individual non-retail exposure risk ratings are assessed annually. If the exposure is considered impaired, it is be assessed for an individual allowance as per accounting requirements. Provisions for significant exposures are regularly reviewed by credit risk staff and external auditors. OSFI reviews provisions assigned to large impaired credits through on-site reviews and review of banks problem asset listings or watch lists. |
| EC12 | The supervisor regularly assesses any trends and concentrations in risk and risk build-up across the banking sector in relation to banks’ problem assets and takes into account any observed concentration in the risk mitigation strategies adopted by banks and the potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers the adequacy of provisions and reserves at the bank and banking system level in the light of this assessment. |
| Description and findings re EC12 | The Credit Risk Division, risk surveillance unit and the Emerging Risk Committee identify and assess trends across the banking sector in relation to problem assets. The Credit Risk Division prepares a regular dashboard report to the Emerging Risk Committee rating areas of highest risk and potential risk build-up. The supervisory planning process uses this information to incorporate appropriate business line reviews or enhanced monitoring for in the annual supervisory plans of banks that are particularly affected. More timely reviews can also be scheduled in the interim if circumstances change. OSFI has conducted internal analysis across the industry on collective allowance levels. In their quarterly monitoring for large and small banks supervisors review the level of total allowances and the level of non-performing loans, relative to total loans, and the source of the increase or decrease. Supervisors also review collective allowance models. This information has from time to time been used to provide direction to banks on appropriate collective allowance levels. |
| Assessment of Principle 18 | Compliant |
| Comments | Supervisors review the appropriateness of loan classification and the speed of recognition during on-site credit risk reviews. Credit quality indicators for the industry and individual banks are closely monitored and reported to OSFI management and supervisors. Levels of problem assets in most lending segments remain low but continued attention to problem asset management processes is critical to detect and manage any early negative trends. Problem asset management appears to be well covered in on-site credit risk reviews, but little published guidance is available. OSFI should consider setting out its expectations with respect to problem asset management in comprehensive guidance on credit risk management, as discussed in BCP 15 and BCP 17. |
| Principle 19 | Concentration risk and large exposure limits. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.40 |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk.41 Exposures arising from off-balance sheet as well as on-balance sheet items and from contingent liabilities are captured. |
| Description and findings re EC1 | The Prudent Person Approach Guideline requires banks to have written investment policies and to set limits for loans, types of loans, loans from different sources, industries and geographic regions. OSFI’s Large Exposure Limits Guideline requires banks to set out in writing their internal policies on large exposures, including exposures to individual customers, financial institutions, and countries. OSFI’s Stress Testing and ICAAP expectations include consideration of risk concentrations. Supervisors monitor exposure concentrations, particularly in areas that have been identified as potential risk areas (such as uninsured mortgages, commercial real estate and HELOCs). Credit monitoring reports that are regularly prepared and circulated to supervisors include exposures by industry and region, for example. Supervisors also regularly monitor concentrations through risk management reports provided by the bank. Assessors observed examples where OSFI proactively raised concerns about concentrations to particular products or geographies and requiring banks to take remedial action to diversity risks or reduce exposures. A bank’s management of concentration and large exposure risks is assessed as a fundamental component of the bank’s enterprise-wide risk management function. In addition, credit reviews cover bank policies and processes to consider the total exposure of a borrower, including connected party exposure, when establishing approval authorities and monitoring of credit risk concentrations. Compliance with policies and processes is selectively tested in the file review component. |
| EC2 | The supervisor determines that a bank’s information systems identify and aggregate on a timely basis, and facilitate active management of, exposures creating risk concentrations and large exposure42 to single counterparties or groups of connected counterparties. |
| Description and findings re EC2 | OSFI has in the recent years conducted reviews of the large bank’s ability to readily aggregate and report exposures to single counterparties or concentration areas (e.g., country risks) and occasionally tests this ability through ad hoc data requests. OSFI has also asked banks to conduct a self assessment against the recent BCBS guidance on data aggregation. Credit risk reviews includes an assessment of the bank’s ability to identify and aggregate credit risk exposures to single counterparties or connections. The identification and active management of connected exposures is tested during the file review component of our work. In addition, frequent ad hoc requests are made of banks, requesting aggregate exposure to single names/connections, or industries of concern. This provides evidence of bank’s ability (or inability) to collect and report on exposures in a timely manner. |
| EC3 | The supervisor determines that a bank’s risk management policies and processes establish thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff. The supervisor also determines that the bank’s policies and processes require all material concentrations to be regularly reviewed and reported to the bank’s Board. |
| Description and findings re EC3 | As part of a supervisory review, OSFI reviews the banks process for establishing limits for various risk concentrations (credit, market, etc.) and monitoring for compliance. Supervisors also expect that the bank’s risk management function should assess the adequacy of portfolio information/reports received from the line of business for decision making, risk management and control purposes. Supervisors take action when a bank’s credit concentrations become excessive and instances of this occurring were in evidence. Within credit risk, the accuracy of concentration risk reporting and determining whether the bank is compliant with Board-approved concentration limits (where appropriate) is reviewed and assessed. This also includes reviewing and assessing that any Board-approved limit is regularly reviewed by the Board for appropriateness and compliance. |
| EC4 | The supervisor regularly obtains information that enables concentrations within a bank’s portfolio, including sectoral, geographical and currency exposures, to be reviewed. |
| Description and findings re EC4 | OSFI supervisors conduct quarterly risk monitoring across the conglomerate banks, and selected smaller deposit-taking institutions. This includes risk exposures by sector, geography, single name and other risk areas of concern or interest (i.e., U.S. corporate, commercial real estate, credit derivatives, non-income qualified mortgages, etc.). Regulatory returns include some loan portfolio breakdowns and industry sectors, which permits some standardised portfolio analysis. OSFI does not have a regulatory return for all banks to report their large exposures and demonstrate compliance with OSFI’s Large Exposure Limits Guideline. However, OSFI maintains a separate database containing all exposures above $10 million at large banks and some smaller banks. Updated data is provided by the banks on a quarterly basis for supervisors to assess industry and single-name concentrations. Additional portfolio information is also obtained as a result of ad hoc information requests, to allow for assessment of a bank’s exposures by various risk factors and segmentation. Supervisors have obtained and reviewed portfolio information at the transaction level to facilitate segmentation and analysis by various risk factors. |
| EC5 | In respect of credit exposure to single counterparties or groups of connected counterparties, laws or regulations explicitly define, or the supervisor has the power to define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor may exercise discretion in applying this definition on a case by case basis. |
| Description and findings re EC5 | OSFI’s Large Exposure Limits Guideline and the Large Exposure Limits guidance note on Common Risk specifically limit exposures to single counterparties or groups of connected counterparties. The Guideline defines an exposure (including off-balance sheet exposure) and defines connection between entities as a common risk, including material financial interdependence. Compliance with OSFI’s Large Exposure Limits Guideline and the accuracy and application of “connected accounts” are selectively tested in the file review component of supervisory work. OSFI’s credit reviews of wholesale lending activities (large or small banks) assess whether the bank is accurately establishing connected exposures. |
| EC6 | Laws, regulations or the supervisor set prudent and appropriate43 requirements to control and constrain large credit exposures to a single counterparty or a group of connected counterparties. “Exposures” for this purpose include all claims and transactions (including those giving rise to counterparty credit risk exposure), on-balance sheet as well as off-balance sheet. The supervisor determines that senior management monitors these limits and that they are not exceeded on a solo or consolidated basis. |
| Description and findings re EC6 | OSFI’s Large Exposure Limits Guideline defines an exposure (including off-balance sheet exposures such as irrevocable advised credit commitments) and defines connection between entities as a common risk, including material financial interdependence to be assessed by the bank. The guideline establishes a maximum limit for single or connected entities of 25 percent of total capital. However, OSFI’s expectation is that banks set their own lower limits on single large exposures and that the 25 percent limit would be applied only in exceptional cases. OSFI has also issued a guidance note on Large Exposure Limits regarding common risk. Review of credit risk reporting would assess the adequacy of reporting against internal concentration (including single name/group) limits. At the file level, total exposure of a borrower, or connected counterparties, is expected to include on and off-balance sheet. |
| EC7 | The supervisor requires banks to include the impact of significant risk concentrations into their stress testing programmes for risk management purposes. |
| Description and findings re EC7 | Under OSFI’s Stress Testing requirements, banks must consider risk concentrations that arise directly from risk taking activities as well as concentrations that arise from actions to mitigate risk. OSFI’s stress scenarios typically include assumptions that highlight vulnerabilities in particular sections, such as residential mortgages. Banks indicated that their own stress testing programs incorporate scenarios designed to affect particular portfolios, including in foreign jurisdictions. |
| Additional criteria | |
| AC1 | In respect of credit exposure to single counterparties or groups of connected counterparties, banks are required to adhere to the following:
|
| Description and findings re AC1 | Large exposure limits set out in OSFI’s Large Exposure Limits Guideline require banks to adhere to a 25 percent of capital limit for credit exposures to singe counterparties or group of connected counterparties. OSFI does not define large exposures in terms of those that are 10 percent or more of capital; however, all loans in excess of $10 million are recorded in a database for the large banks. For banks that are subsidiaries of other regulated entities, the limit is 100 percent of capital with a notification threshold at 50 percent of capital. |
| Assessment of Principle 19 | Largely Compliant |
| Comments | Although concentration risk management is covered only indirectly in guidance on stress testing and ICAAPs, in practice there was good evidence that OSFI supervisors monitor concentrations individual bank portfolios and take action when concentrations appear excessive. Through its risk surveillance and monitoring unit, the risk specialist teams and the Emerging Risk Committee, OSFI has a strong capability for identifying and monitoring concentrations across the industry and ensuring that attention is focused on them through stress testing and cross-industry reviews. OSFI imposes a 25 percent of capital limit on single large exposures, and according to its Large Exposure Limits Guideline expects institutions to set their own, lower limits; however, an example showed one bank monitoring only the 25 percent limit. Although OSFI maintains a database of larger banks’ exposures above $10 million, there is no formal regulatory return for large exposure limit compliance reporting to supervisors covering all banks or a clear notification threshold for action or closer monitoring. In addition, the limit for subsidiary banks is substantially higher (100 percent of capital). It is recommended that OSFI strengthen its large exposure reporting and monitoring regime to include, for example, regular regulatory reporting and notification of exposures greater than a specified level (for example, 10 percent) of capital. In addition, OSFI’s Large Exposure guidance dates from 1994 and OSFI should consider updating its guidance in light of the BCBS project currently underway and to cover concentration risks more generally. OSFI could also reconsider whether the higher exposure limit for subsidiary banks continues to be appropriate. |
| Principle 20 | Transactions with related parties. In order to prevent abuses arising in transactions with related parties44 and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties45 on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes. |
| Essential criteria | |
| EC1 | Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive definition of “related parties”. This considers the parties identified in the footnote to the Principle. The supervisor may exercise discretion in applying this definition on a case by case basis. |
| Description and findings re EC1 | Section 486 of the Bank Act defines the term “related party” for the purposes of Part XI (self-dealing). The definition is tailored specifically to achieve the objective of identifying persons considered to be in positions of influence over the bank. As such, the Bank Act provides that the parent or sister company of a bank is a related party of the bank. In addition, directors and senior officers of the bank or the bank’s parent are related parties of the bank. Subsidiaries of the bank are not included in the definition of related parties. The Superintendent may designate a person a related party where they would not otherwise be considered to be related, thus providing discretion in the application of the self-dealing regime on a case-by-case basis where prudential concerns arise (subsection 486(3)). |
| EC2 | Laws, regulations or the supervisor require that transactions with related parties are not undertaken on more favorable terms (e.g., in credit assessment, tenor, interest rates, fees, amortization schedules, requirement for collateral) than corresponding transactions with non-related counterparties.46 |
| Description and findings re EC2 | Part XI (self-dealing) of the Bank Act sets out the related party regime to which banks are subject. The general premise underlying the regime is that related party transactions are prohibited, subject to certain exceptions. In practice, any type of contract, arrangement or undertaking, whether written or verbal, between a bank and a related party, constitutes a transaction, as well as making a guarantee on behalf of a related party; making an investment in any securities of a related party; taking an assignment of, or otherwise acquiring a loan made to, a related party; taking a security interest in the securities of a related party. The exceptions to the general prohibition typically involve transactions that do not give rise to the concern that a related party will use its unusual bargaining power against the bank’s best interests. These exceptions can be broadly grouped into the following six categories:
The payment of salaries, fees, stock options, pension benefits, incentive benefits or other benefits to directors, officers or employees of the bank are exempted from the application of the related party regime (paragraph 487(2)(c)). |
| EC3 | The supervisor requires that transactions with related parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the bank’s Board. The supervisor requires that Board members with conflicts of interest are excluded from the approval process of granting and managing related party transactions. |
| Description and findings re EC3 | Where a permitted related party transaction exceeds specified amounts (i.e., materiality or in relation to capital—see below) or poses special risks (e.g., in the course of restructuring—see below) OSFI requires the board to approve the transaction. Board involvement is required in determining the applicability of the related party regime based on materiality. Pursuant to the Bank Act, a bank’s materiality criteria (immaterial transactions being exempt from the related party regime) must be established by the bank’s CRC and approved by the Superintendent (section 490). Prior board approval is required in the following permitted related party transactions:
|
| EC4 | The supervisor determines that banks have policies and processes to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction. |
| Description and findings re EC4 | Banks are required to establish formal procedures to resolve conflicts of interest, including techniques for the identification of potential conflict situations. This could include instances where a person benefitting from a transaction is part of the process of granting or managing the transaction. Bank must designate a committee of the board to monitor conflict of interest procedures. Pursuant to the Bank Act, the CRC’s duties include requiring bank management to establish procedures for complying with Part XI (self-dealing), reviewing these procedures and their effectiveness in ensuring the bank’s compliance with Part XI and reviewing the practices of the bank to ensure that any transactions with related parties that may have a material effect on the stability or solvency of the bank are identified. The bank is required to report to the Superintendent on the CRC’s mandate and responsibilities and procedures dealing with self-dealing and the directors of the bank are required to report yearly to the Superintendent on what the CRC did in carrying out its responsibilities (section 195). |
| EC5 | Laws or regulations set, or the supervisor has the power to set on a general or case by case basis, limits for exposures to related parties, to deduct such exposures from capital when assessing capital adequacy, or to require collateralization of such exposures. When limits are set on aggregate exposures to related parties, those are at least as strict as those for single counterparties or groups of connected counterparties. |
| Description and findings re EC5 | As discussed in EC1, related party transactions are addressed by the Bank Act and OSFI has set criteria for assessing materiality of these exposures. Credit exposures to related parties are generally prohibited, with certain exceptions. For those exceptions, OSFI’s large exposure limit of 25 percent of capital would apply for an individual counterparty. The Bank Act provides for a limit of 50 percent of capital for aggregate exposures to directors, officers and their interests (subsection 497(2)). As a result, the permissible aggregate exposure to these related parties is twice the allowable large exposure limit for a single counterparty. In respect of collateralization of exposures, the Bank Act states that a bank may make a loan to or a guarantee on behalf of a related party of the bank or take an assignment of or otherwise acquire a loan to a related party of the bank if the loan or guarantee is fully secured by securities of or guaranteed by the Government of Canada or the government of a province (section 491). There are no general requirements to deduct related party exposures from capital. While subsidiaries of the bank are not considered related parties under the Bank Act, substantial investments in unconsolidated entities and deconsolidated subsidiaries are deducted from capital. |
| EC6 | The supervisor determines that banks have policies and processes to identify individual exposures to and transactions with related parties as well as the total amount of exposures, and to monitor and report on them through an independent credit review or audit process. The supervisor determines that exceptions to policies, processes and limits are reported to the appropriate level of the bank’s senior management and, if necessary, to the Board, for timely action. The supervisor also determines that senior management monitors related party transactions on an ongoing basis, and that the Board also provides oversight of these transactions. |
| Description and findings re EC6 | Normal supervisory work includes reviewing the report on related party transactions prepared for the bank’s Conduct Review Committee. Such reporting includes attestations from senior management regarding compliance with related party/conflict of interest policies and that such policies are effective to ensure the bank is complying with regulatory requirements governing self-dealing, including legislative limits. For example, for one large bank, the Chief Risk Officer attests quarterly to the bank’s corporate governance committee as to compliance with the bank’s related party and covered person policy and the aggregate value of relevant exposures. |
| EC7 | The supervisor obtains and reviews information on aggregate exposures to related parties. |
| Description and findings re EC7 | Reporting to banks’ compliance committees must include an assessment of related party limits under the Bank Act, which includes the 50 percent limit on aggregate exposures to related parties. The annual compliance report is provided to OSFI. There is no regulatory return covering related party exposures. |
| Assessment of Principle 20 | Largely Compliant |
| Comments | By law transactions with related parties are prohibited with certain key exceptions. There are explicit board reporting and oversight requirements for related party transactions set out in the Bank Act. OSFI supervisors typically review a bank’s oversight of compliance obligations, generally on an annual basis. However, there is no formal regulatory return for reporting related party exposures more frequently to OSFI. OSFI should establish a more formalized regime, including regular regulatory reporting of exposures, for monitoring related party transactions. In addition, OSFI should consider whether the Bank Act limit on aggregate related party exposures of 50 percent of capital to directors, officers and their interests should be lowered to a level more consistent with the large exposures limits. |
| Principle 21 | Country and transfer risks. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk47 and transfer risk48 in their international lending and investment activities on a timely basis. |
| Essential criteria | |
| EC1 | The supervisor determines that a bank’s policies and processes give due regard to the identification, measurement, evaluation, monitoring, reporting and control or mitigation of country risk and transfer risk. The supervisor also determines that the processes are consistent with the risk profile, systemic importance and risk appetite of the bank, take into account market and macroeconomic conditions and provide a comprehensive bank-wide view of country and transfer risk exposure. Exposures (including, where relevant, intra-group exposures) are identified, monitored and managed on a regional and an individual country basis (in addition to the end-borrower/end-counterparty basis). Banks are required to monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures. |
| Description and findings re EC1 | OSFI’s Large Exposure Limits Guideline and Prudent Person guidance require banks to set out in writing their internal policies on large exposures, including exposures to individual customers, financial institutions, and countries. Further guidance on country risk and its consideration is setting internal capital targets is provided in OSFI’s ICAAP requirements. The ICAAP Guideline states that:
OSFI supervisors monitor the country risks of the large banks with international operations as part of routine supervision, and more detailed investigation is undertaken when concerns about particular countries or regions arise. Supervisors assess whether banks have policies in place to set and enforce appropriate limits. Many of the large Canadian banks have significant non-Canadian operations and supervisors regularly review country-specific loan portfolios where such portfolios are considered to be of potentially higher risk. Supervisors’ quarterly review of Board risk reports includes reviewing country risk limits and changes in these limits, as well as associated compliance reporting. Supervisors make ad hoc information requests for specific geographic exposure reports where deemed necessary (e.g., Eurozone exposures) and these are compiled into regular reports that are provided to the Superintendent. |
| EC2 | The supervisor determines that banks’ strategies, policies and processes for the management of country and transfer risks have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. |
| Description and findings re EC2 | OSFI conducts regular reviews of overall risk governance frameworks and their implementation, which includes board approval of all significant policies and the process for implementation and review. Supervisors review country and transfer risk policies once approved by the board. Their implementation may be reviewed in the context of credit risk reviews or ongoing country exposure analysis performed for the large banks as discussed above. |
| EC3 | The supervisor determines that banks have information systems, risk management systems and internal control systems that accurately aggregate, monitor and report country exposures on a timely basis; and ensure adherence to established country exposure limits. |
| Description and findings re EC3 | OSFI has undertaken a considerable amount of supervisory activity with banksin recent years to ensure banks improve their risk data aggregation and reporting abilities. Ad hoc data requests to banks on particular country exposures, such as for the Eurozone countries, enables supervisors to obtain greater comfort in the accuracy and completeness of this reporting. Country exposures are also are captured on quarterly regulatory reporting and would be subject to review by auditors. |
| EC4 | There is supervisory oversight of the setting of appropriate provisions against country risk and transfer risk. There are different international practices that are all acceptable as long as they lead to risk-based results. These include:
|
| Description and findings re EC4 | OSFI does not set provisioning for country risks. Banks are expected to follow accounting policies consistent with the accounting standards that reflect provisions for impairment for individual impaired loans and collective provisions that reflect the overall risk of impairment in the portfolio, which may include country and transfer risks. OSFI Guidelines on asset impairment (Impairment—Sound credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost; and Collective Allowances—Sound Credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost) address expectations for provisioning under accepted accounting standards. This includes consideration of sovereign loans or groups of loan with common risk characteristics such as geography, economic or political factors. The sufficiency of provision levels is reviewed during on-site credit risk reviews and through regular quarterly monitoring. Provisioning is reviewed for adequacy and compliance with accounting standards by external auditors. |
| EC5 | The supervisor requires banks to include appropriate scenarios into their stress testing programmes to reflect country and transfer risk analysis for risk management purposes. |
| Description and findings re EC5 | Scenarios involving offshore disruptions are included in stress testing programs. These may have both direct and indirect impacts on a bank’s portfolio. For example, banks have assessed the impact of an Asian deflationary scenario on country exposures. Banks have also performed simulations of a further escalation in the euro crisis. |
| EC6 | The supervisor regularly obtains and reviews sufficient information on a timely basis on the country risk and transfer risk of banks. The supervisor also has the power to obtain additional information, as needed (e.g., in crisis situations). |
| Description and findings re EC6 | Country risk exposures are reviewed during ongoing credit risk monitoring in as much as they are included in the bank’s board risk reports. Assessors observed instances where OSFI had raised concerns about a bank’s country risk exposures and imposed consequential actions to require the bank to reduce its exposures and hold additional capital. Regulatory returns include exposures by country. Supervisors also request more detailed exposure information on countries of interest or concern. In particular, the large banks have been reporting regularly to OSFI on their Eurozone exposures, and these exposures are monitored in aggregate and for any concentration risk to individual banks. |
| Assessment of Principle 21 | Compliant |
| Comments | OSFI supervisors monitor and ensure appropriate management of key country exposures of concern (for example, Eurozone, US and Caribbean loan books). Supervisors of the large banks regularly obtain reports on banks largest foreign exposure concentrations. OSFI has not issued guidance specifically addressing the management of country and transfer risks. These risks are only briefly mentioned in other guidance and OSFI should consider setting out its expectations more clearly and comprehensively in published guidance. |
| Principle 22 | Market risk. The supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have appropriate market risk management processes that provide a comprehensive bank-wide view of market risk exposure. The supervisor determines that these processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank; take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity; and clearly articulate the roles and responsibilities for identification, measuring, monitoring and control of market risk. |
| Description and findings re EC1 | OSFI’s supervision framework and risk management assessment criteria includes general expectations for enterprise-wide risk management, including market risk. These include requirements relating to risk appetite, risk profile, identification, measuring, monitoring and control of risk. More specifically, Chapter 9 OSFI’s 2013 Capital Adequacy Requirements (CAR) Guideline details OSFI’s requirements for market risk management as set out in the applicable BCBS standards implementing Basel II, 2.5 and III. The Market Risk Capital Adequacy Guideline applies to banks with a trading book of greater than 10 percent of total assets or $1 billion and do not apply to foreign bank branches. Banks are assessed against risk management criteria and the CAR Guideline though significant activity reviews and regular monitoring. Banks whose market risk management processes are not deemed to be commensurate with their stated risk appetite, actual exposures, or market conditions are identified through these avenues. Any gaps in risk management processes are addressed through supervisory letters to the banks. Should the situation warrant, banks may be subject to higher market risk capital requirements until remedial action is taken to address the gaps. OSFI has made use of increases in market risk capital multipliers to address risk concerns. OSFI’s Capital Markets Risk Assessment Services Division, which has technical expertise in market risk, conducts regular on-site reviews of larger banks market risk management activities. The need for a market risk review is identified through the structured supervisory planning process based on significant activities, outstanding supervisory actions and concerns or potential emerging risk areas. Some reviews are conducted outside Canada at major trading centers. |
| EC2 | The supervisor determines that banks’ strategies, policies and processes for the management of market risk have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. |
| Description and findings re EC2 | In its review of banks’ market risk management functions, OSFI will review the relevant business strategy, policies and key processes to ensure that they are approved by the board. Furthermore, reporting to the board and key committees will typically be assessed to ensure that members receive sufficient information to ensure that policies and processes are implemented in a manner that is consistent with the approved strategy. |
| EC3 | The supervisor determines that the bank’s policies and processes establish an appropriate and properly controlled market risk environment including:
|
| Description and findings re EC3 | As per BCBS requirements, OSFI’s CAR Guideline, Chapter 9, outlines the requirements for the accurate and timely identification and aggregation of data including the monitoring and reporting of market risk exposure to a bank’s Board and Senior Management. The Guideline addresses requirement that limits are set and monitored for appropriateness, that banks have an independent risk control unit that is responsible for the reporting, analysis, monitoring of limits, and detailed requirements for models. As discussed under EC1, on-site reviews of market risk assess compliance with the above control areas. |
| EC4 | The supervisor determines that there are systems and controls to ensure that banks’ marked-to-market positions are revalued frequently. The supervisor also determines that all transactions are captured on a timely basis and that the valuation process uses consistent and prudent practices, and reliable market data verified by a function independent of the relevant risk-taking business units (or, in the absence of market prices, internal or industry-accepted models). To the extent that the bank relies on modeling for the purposes of valuation, the bank is required to ensure that the model is validated by a function independent of the relevant risk-taking businesses units. The supervisor requires banks to establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid, and stale positions. |
| Description and findings re EC4 | As per the BCBS standards, the CAR Guideline requires banks to have documented policies and procedures for the process of valuation. A bank must have an independent unit that is responsible for initial and ongoing validation of all internal models including those used for valuation purposes. When marking to model or using third-party valuations, the Guideline requires banks to have procedures in place for considering valuation adjustments. Independent Price Verification (IPV) is typically assessed as part of any OSFI review of a bank’s trading business. Furthermore, in 2009, OSFI conducted a cross-sector review of Canada’s largest banks to assess the effectiveness of their IPV policies and procedures. As part of this review, banks were assessed against the following criteria:
As part of the approval review of a bank’s Internal Models Approach for market risk a bank must demonstrate that it has an established data governance policy and standards for ensuring relevance, accuracy and integrity from the source to the model output. |
| EC5 | The supervisor determines that banks hold appropriate levels of capital against unexpected losses and make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities. |
| Description and findings re EC5 | Chapter 9 of OSFI’s CAR Guideline defines OSFI’s expectations with respect to valuation adjustments in the calculation of appropriate capital for market risk, consistent with BCBS standards. As part of their procedures for marking to market, institutions must establish and maintain procedures for considering valuation adjustments. The guideline details circumstances under which valuation uncertainties may occur. In determining internal capital targets, banks are expected to consider potential unexpected losses which are identified through back-testing breaches for market risk. In approving market risk models, OSFI may require capital multipliers for risk other than those identified in the market risk framework or for back-testing breaches. |
| EC6 | The supervisor requires banks to include market risk exposure into their stress testing programmes for risk management purposes. |
| Description and findings re EC6 | OSFI’s Stress Testing Guideline specifically requires relevant and material market risk to be included in a bank’s stress testing program. This includes risks such as:
|
| Assessment of Principle 22 | Compliant |
| Comments | OSFI’s market risk supervision program for large banks appears comprehensive and includes both on-site review of practices as well as detailed model review. OSFI should consider clarifying its market risk management expectations for foreign bank branches and banks with small or no trading books, which are not subject to the Capital Adequacy Requirement Guideline on Market Risk. |
| Principle 23 | Interest rate risk in the banking book. The supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk49 in the banking book on a timely basis. These systems take into account the bank’s risk appetite, risk profile and market and macroeconomic conditions. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have an appropriate interest rate risk strategy and interest rate risk management framework that provides a comprehensive bank-wide view of interest rate risk. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of interest rate risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the risk appetite, risk profile and systemic importance of the bank, take into account market and macroeconomic conditions, and are regularly reviewed and appropriately adjusted, where necessary, with the bank’s changing risk profile and market developments. |
| Description and findings re EC1 | OSFI’s Interest Rate Risk Management (IRRM) Guideline provides formal guidance to banks on interest rate risk management and associated control frameworks. The Guideline was issued following the BCBS 2004 guidance on Principles for the Management and Supervision of Interest Rate Risk. The IRRM Guideline supports the BCBS guidance and provides further specific guidance on the following:
The goal of the SIRR review was to update OSFI’s assessment of inherent interest rate risk in the banking book, and the effectiveness of associated control frameworks at the institutions reviewed. The following elements were assessed:
Supervisors will typically determine the timing of its review of interest rate risk management for an institution based on the risk profile of that institution. Given that risk profiles vary from institution to institution, the timing of reviews will naturally vary as well. |
| EC2 | The supervisor determines that a bank’s strategy, policies and processes for the management of interest rate risk have been approved, and are regularly reviewed, by the bank’s Board. The supervisor also determines that senior management ensures that the strategy, policies and processes are developed and implemented effectively. |
| Description and findings re EC2 | OSFI’s IRRM Guideline states that the Board is ultimately responsible for the risk appetite of a bank. Complex institutions are expected to establish a senior management committee (ALCO) responsible for oversight of asset liability management activities. The Supervisory Framework states that the Board is responsible for approving the business strategy and associated policies and controls. Supervisors review banks’ overall strategies for the management of interest rate risk, risk policies and tolerances, and their implementation. This may involve review of policy documentation, ALCO committee papers, among other things. |
| EC3 | The supervisor determines that banks’ policies and processes establish an appropriate and properly controlled interest rate risk environment including:
|
| Description and findings re EC3 | The relevant areas are covered in the IRRM Guideline and are reviewed as discussed under EC1.
|
| EC4 | The supervisor requires banks to include appropriate scenarios into their stress testing programmes to measure their vulnerability to loss under adverse interest rate movements. |
| Description and findings re EC4 | The IRRM Guideline requires that banks engage in sensitivity and stress testing, and specifies certain standard measures (e.g., parallel shifts of the yield curve). The comprehensiveness of stress testing is assessed in the context of the size and complexity of the bank in question. The SIRR review included a comprehensive assessment of banks’ stress testing programs. Aspects considered in this assessment included the identification of key risk factors, the inclusion of scenarios under which key assumptions or parameters break down, consideration for illiquid positions, and the inclusion of “worst case” scenarios in addition to more probable scenarios. |
| Additional criteria | |
| AC1 | The supervisor obtains from banks the results of their internal interest rate risk measurement systems, expressed in terms of the threat to economic value, including using a standardized interest rate shock on the banking book. |
| Description and findings re AC1 | The IRRM Guideline provides specific direction regarding the disclosure of interest rate risk exposures. Banks are required to disclose the results of certain measures, including the following:
|
| AC2 | The supervisor assesses whether the internal capital measurement systems of banks adequately capture interest rate risk in the banking book. |
| Description and findings re AC2 | OSFI’s ICAAP Guideline addresses the adequacy of internal capital measurement systems of banks as they relate to interest rate risk in the banking book. Supervisors review the bank’s ICAAP and the resulting capital targets to ensure they capture interest rate risk. |
| Assessment of Principle 23 | Compliant |
| Comments | OSFI has issued guidance on interest rate risk management and banks are expected to reflect interest rate risk in their ICAAPs. Supervisors conduct regular off-site monitoring through standard reporting of interest rate shock impacts on earnings and capital. A proactive approach to interest risk management will, of course, be critical in a rising interest rate risk environment. |
| Principle 24 | Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to consistently observe prescribed liquidity requirements including thresholds by reference to which a bank is subject to supervisory action. At least for internationally active banks, the prescribed requirements are not lower than, and the supervisor uses a range of liquidity monitoring tools no less extensive than, those prescribed in the applicable Basel standards. |
| Description and findings re EC1 | The Liquidity Principles Guideline specifies OSFI expectations for banks regarding liquidity and its management. The Guideline incorporate the BCBS 2008 liquidity sound practices guidance explicitly maps OSFI’s requirements to the corresponding Basel principle. OSFI is currently updating and expanding this guidance and is currently consulting with industry on a revised draft that includes the Basel III requirements. OSFI has indicated that regardless of the Basel implementation timeline, it expects banks to achieve 100% LCR by the end of 2013. A key and additional liquidity metric in Canada is the net cumulative cash flow, a survival horizon metric based on an analysis of stressed contractual cash inflows and outflows. The Net Cumulative Cash Flow (NCCF) measure is a survival horizon metric that quantifies the length of time before an institution’s cumulative net cash flow drops below zero, once factoring in the stock of available liquid assets. As per the new draft Liquidity Principles, the liquidity scenario assumed in the NCCF encompasses a combination of idiosyncratic and systemic stresses which measure the impacts of assumptions over a one year liquidity horizon. Stress assumptions result in:
The NCCF is applied on a consolidated basis, and also on a major currency basis. This metric is being introduced at select smaller institutions as well, with thresholds determined by the level of complexity of the individual banks OSFI’s assessment of banks’ liquidity risk is performed through a combination of significant activity reviews and regular monitoring. The quality and effectiveness of supervisory assessments is further supported by internal supervisory tools (e.g., a liquidity section note). Supervisory resources involved in the work include Capital Markets Risk Assessment Services (CMRAS), which has a staff complement of 16. In 2012, 8 large banks completed a self-assessment of their compliance with OSFI’s revised Liquidity Principles Guideline. OSFI has not conducted full-scope on-site reviews of liquidity risk management at the large banks since 2008, due to the volume of other liquidity and funding monitoring that has been underway with the banks. Off-site monitoring has been intensive and in addition to monitoring of metrics including the new Basel III measures has included reviews of liquidity policies and contingency plans and discussions with internal audit. |
| EC2 | The prescribed liquidity requirements reflect the liquidity risk profile of banks (including on- and off-balance sheet risks) in the context of the markets and macroeconomic conditions in which they operate. |
| Description and findings re EC2 | OSFI’s prescribed liquidity requirement is currently set via the NCCF. NCCF is applied to large banks according to their systemic importance and is being selectively applied to smaller banks with higher liquidity risk profiles. For the largest banks, the threshold for the NCCF metric was initially set at six weeks. However, in light of market turmoil since that time and a perceived increase in liquidity risk at the banks, this threshold has been progressively increased and now stands at 20 weeks for the consolidated balance sheet. In addition, the Liquidity Principles require all banks to set a liquidity risk appetite that is consistent with their business strategy and role in the financial system. The supervisor’s liquidity risk rating for a bank considers both the level of liquidity risk as well as the quality of liquidity risk management. The control framework around liquidity risk management is expected to be commensurate with the level of inherent liquidity risk at the institution, which factors in both the state of the markets and also macroeconomic conditions. |
| EC3 | The supervisor determines that banks have a robust liquidity management framework that requires the banks to maintain sufficient liquidity to withstand a range of stress events, and includes appropriate policies and processes for managing liquidity risk that have been approved by the banks’ Boards. The supervisor also determines that these policies and processes provide a comprehensive bank-wide view of liquidity risk and are consistent with the banks’ risk profile and systemic importance. |
| Description and findings re EC3 | The Liquidity Principles outline comprehensive expectations with respect to liquidity risk management frameworks. Banks have been required to conduct a self assessment against the Principles and correct any gaps. Supervisors regularly review banks liquidity risk appetite setting and operating metrics and discuss these with them. OSFI has progressively increased its NCCF standard to ensure more robust levels of liquidity over the last several years. Application of the NCCF, monitoring of the LCR (for large banks), banks’ internal metrics and banks’ own stress testing of liquidity enables supervisors to assess whether banks have sufficient liquidity to withstand a range of stress events. Supervisors prepare a regular documented analysis of each bank’s liquidity risk management. The analysis covers topics including liquidity risk tolerance, strategies and goals, metrics such as NCCF, LCR and NSFR, available unencumbered liquid assets, contractual maturity mismatch, funding concentrations, contingent liquidity and stress testing. |
| EC4 | The supervisor determines that banks’ liquidity strategy, policies and processes establish an appropriate and properly controlled liquidity risk environment including:
|
| Description and findings re EC4 | The above expectations are covered in OSFI’s Liquidity Principles Guideline. Compliance is reviewed through on-site reviews for smaller banks and for ongoing off-site monitoring for larger banks, although full scope on-site reviews of large banks are undertaken from time to time. |
| EC5 | The supervisor requires banks to establish, and regularly review, funding strategies and policies and processes for the ongoing measurement and monitoring of funding requirements and the effective management of funding risk. The policies and processes include consideration of how other risks (e.g., credit, market, operational and reputation risk) may impact the bank’s overall liquidity strategy, and include:
|
| Description and findings re EC5 | Banks’ funding strategies are regularly reviewed by the supervisor. Internal assessment guides aid supervisors in review of funding plans and strategies. OSFI has focused on higher risk funding strategies such as smaller institutions that rely on brokered deposits and worked with banks to diversify their funding and access more stable sources. Section notes prepared by supervisors on a regular basis include a detailed analysis of each bank’s funding and liquidity strategy. |
| EC6 | The supervisor determines that banks have robust liquidity contingency funding plans to handle liquidity problems. The supervisor determines that the bank’s contingency funding plan is formally articulated, adequately documented and sets out the bank’s strategy for addressing liquidity shortfalls in a range of stress environments without placing reliance on lender of last resort support. The supervisor also determines that the bank’s contingency funding plan establishes clear lines of responsibility, includes clear communication plans (including communication with the supervisor) and is regularly tested and updated to ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s risk profile and systemic importance, the bank’s contingency funding plan is feasible and requires the bank to address any deficiencies. |
| Description and findings re EC6 | OSFI’s Liquidity Principles require banks to have a formal Contingency Funding Plan (CFP) that clearly sets out the strategies for addressing liquidity shortfalls in emergency situations. OSFI has reviewed the large banks’ CFPs as part of the Guideline’s self-assessment process. Plans were also the subject of detailed review as part of OSFI’s recent assessment of banks’ resolution and recovery plans. |
| EC7 | The supervisor requires banks to include a variety of short-term and protracted bank-specific and market-wide liquidity stress scenarios (individually and in combination), using conservative and regularly reviewed assumptions, into their stress testing programmes for risk management purposes. The supervisor determines that the results of the stress tests are used by the bank to adjust its liquidity risk management strategies, policies and positions and to develop effective contingency funding plans. |
| Description and findings re EC7 | In addition to OSFI’s Stress Testing Guideline, Principle 6 of the Liquidity Principles Guideline provides additional detail on what OSFI expects from banks’ stress testing programs. This principle states that stress testing should be conducted on a regular basis, include both systemic and idiosyncratic scenarios and consider the effects in both the short- and long-term. The self-assessment exercise established in the Liquidity Principles Guideline addressed the issue of stress testing, and included scenario design, the types of scenarios run, consistency with risk limits and links to the funding plan, and contingent obligations. The self-assessment exercise established in the Liquidity Principles Guideline covered stress testing scenario design, the types of scenarios run, consistency with risk limits and links to the funding plan, and contingent obligations. Supervisors review liquidity stress test results and their use within banks to ensure they test a range of scenarios and that the results inform the bank’s assessment of its liquidity risk profile and tolerances. |
| EC8 | The supervisor identifies those banks carrying out significant foreign currency liquidity transformation. Where a bank’s foreign currency business is significant, or the bank has significant exposure in a given currency, the supervisor requires the bank to undertake separate analysis of its strategy and monitor its liquidity needs separately for each such significant currency. This includes the use of stress testing to determine the appropriateness of mismatches in that currency and, where appropriate, the setting and regular review of limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant currency individually. In such cases, the supervisor also monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s ability to transfer liquidity from one currency to another across jurisdictions and legal entities. |
| Description and findings re EC8 | Supervisors complete a regular comprehensive analysis of each bank’s liquidity risk profile. This includes identification of foreign currency transformation risks. The Annex to the Liquidity Principles Guideline requires separate measurement and reporting of foreign currencies. Specifically, institutions with international operations comprising more than 10 percent of total funding or total assets in foreign currencies should measure and report NCCF separately by significant currencies (e.g., CAD, US and Euro). The management of foreign-currency liquidity is also covered in Principle 4 of the Guideline, where it is expected that banks document in their policies their management of foreign currency positions, including limits, any internal support arrangements, and any transferability concerns. |
| Additional criteria | |
| AC1 | The supervisor determines that banks’ levels of encumbered balance-sheet assets are managed within acceptable limits to mitigate the risks posed by excessive levels of encumbrance in terms of the impact on the banks’ cost of funding and the implications for the sustainability of their long-term liquidity position. The supervisor requires banks to commit to adequate disclosure and to set appropriate limits to mitigate identified risks. |
| Description and findings re AC1 | OSFI has issued a Guideline on the Pledging of Assets. The Guideline requires each bank to set limits on encumbrance of assets, and amounts pledged are reported to OSFI quarterly on regulatory returns and included in public disclosures. Pledging of assets was covered during a cross-industry review of collateral management practices in 2009-10. The level of pledged assets is a standing agenda item on regular meetings with banks. Recovery planning work has caused some banks to review their pledged asset limits. |
| Assessment of Principle 24 | Compliant |
| Comments | OSFI has applied a strong focus on liquidity management since the financial crisis and has maintained this intensity. Banks have significantly increased their liquidity reserves and adopted more prudent funding profiles, relative to the start of the crisis. OSFI developed its own liquidity measure and has progressively raised the expectations on banks for maintaining a prudent level of liquid assets, moving toward compliance with the new Basel III measures as soon as possible and reducing reliance on short-term wholesale funding. However, much of OSFI’s liquidity supervision has been conducted off-site for the large banks. OSFI should ensure that, even with significant off-site analysis, reporting and review occurring, supervisors should maintain regular on-site coverage of liquidity risk management to verify the effective application of policies and controls in practice. |
| Principle 25 | Operational risk. The supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk50 on a timely basis. |
| Essential criteria | |
| EC1 | Law, regulations or the supervisor require banks to have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the bank’s risk profile, systemic importance, risk appetite and capital strength, take into account market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank on a bank-wide basis (including periods when operational risk could increase). |
| Description and findings re EC1 | OSFI’s Capital Adequacy Requirements Guideline encourages banks to comply with the BCBS Principles for the Sound Management of Operational Risk. This was reinforced through a letter by the Superintendent to deposit-taking institutions in August 2011, following the release of the updated Sound Practices. OSFI has also included the Sound Practices and its other operational risk governance expectations within an Operational Risk Self-Assessment Program template, which can be used by deposit-taking institutions in determining the level of compliance with the Sound Practices. As part of OSFI’s supervisory rating and risk assessment system, supervisors rate inherent operational risk and operational risk management and control. OSFI’s Operational Risk Division consists of 16 staff, of which 12 typically focus on banks. This unit provides assistance to Relationship Managers in their assessment of operational risk and risk management. They also conduct cross-system assessments focused on specific aspects of operational risk and risk management. Banks need to demonstrate to OSFI that, on an on-going basis, their corporate governance and risk management (control) practices related to operational risk are commensurate with the nature, scope, complexity and risk profile of the institution, account for market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank. More specifically, verification that the bank has appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk, occurs as follows:
|
| EC2 | The supervisor requires banks’ strategies, policies and processes for the management of operational risk (including the banks’ risk appetite for operational risk) to be approved and regularly reviewed by the banks’ Boards. The supervisor also requires that the Board oversees management in ensuring that these policies and processes are implemented effectively. |
| Description and findings re EC2 | OSFI expects the board of directors to periodically review and approve the bank’s operational risk management framework as well as the bank’s risk appetite for operational risk. The framework is required to provide a firm-wide definition of operational risk and lay down the principles of how operational risk is to be identified, assessed, monitored, and controlled/mitigated. In practice, OSFI has recommended that particular banks strengthen the board review and approval process as the result of operational risk framework reviews and assessors reviewed letters communicating formal recommendations. The self assessment template indicates that OSFI expects the board to review its framework regularly to ensure that the bank is managing the operational risks arising from external market changes and other environmental factors, as well as those operational risks associated with new products, activities or systems. The board is also required to ensure that the operational risk management framework is revised, as necessary, in light of this analysis, so that material operational risks are captured within the framework. |
| EC3 | The supervisor determines that the approved strategy and significant policies and processes for the management of operational risk are implemented effectively by management and fully integrated into the bank’s overall risk management process. |
| Description and findings re EC3 | Supervisors assesses banks against the expectations outlined in the BCBS Sound Practices paper, such as the effectiveness in translating the operational risk management framework established by the board into specific policies and procedures that can be implemented and verified within the different business units. These aspects are tested by operational risk specialists who attend significant activity reviews of particular business lines. Supervisors also review the extent to which operational risk management is integrated within the overall risk management framework, including risk appetite setting and monitoring, control, planning and compliance frameworks. Specific reviews of operational risk management may include:
|
| EC4 | The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery and business continuity plans to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In so doing, the supervisor determines that the bank is able to operate as a going concern and minimize losses, including those that may arise from disturbances to payment and settlement systems, in the event of severe business disruption. |
| Description and findings re EC4 | OSFI’s supervisors apply the requirements for resiliency/contingency and business continuity plans described in the BCBS Sound Practices guidance, which are designed to ensure that banks have in place resiliency/contingency and business continuity plans to ensure their ability to operate on an ongoing basis and limit losses in the event of severe business disruption. As an example of OSFI’s work in this area, in 2011, OSFI conducted a supervisory review of the six largest deposit-taking institutions to review the quality and comprehensiveness of the banks’ business continuity management programs. The objective was to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In addition, it allowed OSFI to determine whether the banks were able to operate as a going concern and minimize losses, and to benchmark practices amongst the banks. OSFI also receives regular reports from the Bank of Canada on payment system outages. |
| EC5 | The supervisor determines that banks have established appropriate information technology policies and processes to identify, assess, monitor and manage technology risks. The supervisor also determines that banks have appropriate and sound information technology infrastructure to meet their current and projected business requirements (under normal circumstances and in periods of stress), which ensures data and system integrity, security and availability and supports integrated and comprehensive risk management. |
| Description and findings re EC5 | OSFI’s supervisory assessment of information technology is a core component of its overall operational risk assessment. OSFI’s specialists conduct examinations of operational risks, includes reviews of IT oversight and governance, critical business applications, legacy systems platforms, IT processes for application development, maintenance, technology infrastructure management, and change management. These IT-focused examinations are risk-based. Information technology may also be assessed as a significant activity in larger banks. OSFI supervisors also have access to a standardized template to guide their assessment of information technology at banks. OSFI employs staff with IT control qualifications to conduct these reviews, and also has used specialized external IT consultants as necessary. In addition to focused supervisory reviews, Relationship Management teams:
The assessment concluded that:
|
| EC6 | The supervisor determines that banks have appropriate and effective information systems to:
|
| Description and findings re EC6 | OSFI’s operational risk supervisory process includes verification that the institution has in place effective operational risk management reporting processes and systems. Such verification occurs on an ongoing basis, particularly including the following:
Following the review, each bank was asked to self-assess all of its enterprise-wide risk management data aggregation and reporting capabilities against standards, including operational risk. These self-assessments have been completed and reviewed by OSFI, and each bank has developed a long-term plan to enhance its existing operational, credit, market and liquidity risk management reporting capabilities. |
| EC7 | The supervisor requires that banks have appropriate reporting mechanisms to keep the supervisor apprised of developments affecting operational risk at banks in their jurisdictions. |
| Description and findings re EC7 | OSFI’s supervisory practices are predicated on open communication with financial institutions and this approach appears to be successful in promoting prompt communication about any potential outages or operational problems. This was confirmed through discussions with the banks. Formal reporting mechanisms include:
|
| EC8 | The supervisor determines that banks have established appropriate policies and processes to assess, manage and monitor outsourced activities. The outsourcing risk management programme covers:
|
| Description and findings re EC8 | OSFI’s Outsourcing Guideline contains comprehensive requirements covering the above areas. It requires banks to have established appropriate policies and processes to assess, manage and monitor operational risk associated with outsourced activities and to establish contingency plans. Material outsourcing activities are often reviewed during the course of on-site reviews covering operational risk. In 2007, OSFI reviewed outsourcing practices at the six largest banks focusing on Governance and Risk Management, Contractual Protections, Management and Monitoring and Business Continuity Management. |
| Additional criteria | |
| AC1 | The supervisor regularly identifies any common points of exposure to operational risk or potential vulnerability (e.g., outsourcing of key operations by many banks to a common service provider or disruption to outsourcing providers of payment and settlement activities). |
| Description and findings re AC1 | OSFI has identified common points of exposures and emerging operational risks to banks, such as the recent focus on cyber risks. OSFI regularly reviews the FRFI’s critical third party providers to assess potential vulnerability. For example, during the 2011 Business Continuity Management cross-sector review encompassing the six conglomerate banks, one of the key objectives was to determine how each FRFI ensures that it will have continuity of service from its critical third party providers. In addition, each of these FRFIs was asked to provide a list of critical third party service providers and the services utilized. Also, the recent Recovery Planning efforts provided relevant factual information as to the important outsourcing relationships and service level agreements. OSFI also has in place an information-sharing agreement with the Bank of Canada to inform OSFI of payment systems matters of immediate concern to the financial health of a FRFI and matters that may be less material but could be informative from a trend perspective. The information received from the Bank of Canada includes the Bank’s operational outages reports. |
| Assessment of Principle 25 | Compliant |
| Comments | OSFI has a strong program for assessing operational risk management at banks. OSFI employs a dedicated operational risk team, which includes technology risk experts. It reviews of banks’ operational risk framework with a view to promoting best practice, and conducts regular cross-industry reviews to highlight areas of potential concern, such as legacy systems and cyber risks. OSFI has relied explicitly on the BCBS Sound Practice guidance in setting expectations for banks, but has not issued its own overall guidance on operational risk. OSFI has issued guidance in targeted areas such as outsourcing. OSFI should consider issuing more comprehensive guidance on setting out its expectations for operational risk management more broadly and covering areas such as business continuity expectations. |
| Principle 26 | Internal control and audit. The supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent51 internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have internal control frameworks that are adequate to establish a properly controlled operating environment for the conduct of their business, taking into account their risk profile. These controls are the responsibility of the bank’s Board and/or senior management and deal with organizational structure, accounting policies and processes, checks and balances, and the safeguarding of assets and investments (including measures for the prevention and early detection and reporting of misuse such as fraud, embezzlement, unauthorized trading and computer intrusion). More specifically, these controls address:
|
| Description and findings re EC1 | OSFI’s Corporate Governance Guideline, and other guidelines and advisories including those on ICAAP and operational risk, describe OSFI’s requirements for the board and senior management to establish an adequate and properly controlled operating environment, covering in general terms the areas listed in this EC. Assessment criteria for rating the board and senior management specify OSFI’s requirements for the acceptable quality of controls and oversight of bank’s operating environment. Supervisory assessments of the quality and effectiveness a bank’s internal control framework is a key component of OSFI’s on-site significant activity and control area reviews and are supported by an extensive set of internal supervisory guides. |
| EC2 | The supervisor determines that there is an appropriate balance in the skills and resources of the back office, control functions and operational management relative to the business origination units. The supervisor also determines that the staff of the back office and control functions have sufficient expertise and authority within the organization (and, where appropriate, in the case of control functions, sufficient access to the bank’s Board) to be an effective check and balance to the business origination units. |
| Description and findings re EC2 | Assessors saw evidence from on-site and off-site reviews documentation that the adequacy of control functions and operational management are subject to regular supervisory review and that issues raised in internal audits and other reviews are reported directly to the board. As described under CP24 above, OSFI’s Operational Risk Division provides support to Relationship Managers in assessing risk in back office operations and related control environments. Operational risk specialists often participate on reviews of significant activities, such as capital markets businesses, to assist in assessing the control environment. |
| EC3 | The supervisor determines that banks have an adequately staffed, permanent and independent compliance function52 that assists senior management in managing effectively the compliance risks faced by the bank. The supervisor determines that staff within the compliance function are suitably trained, have relevant experience and have sufficient authority within the bank to perform their role effectively. The supervisor determines that the bank’s Board exercises oversight of the management of the compliance function. |
| Description and findings re EC3 | OSFI’s Legislative Compliance Management Guideline sets out clear requirements for the Compliance function. Criteria used to complete the assessment of the Compliance function include assessing the quality of staff and their level of independence. There are specific internal supervisory guides and templates for assessing the Compliance function at a bank. OSFI’s Anti-Money Laundering Compliance and Corporate Governance divisions provide support to RMs in reviewing compliance risk and related board oversight. OSFI noted a strong function on ensuring effective compliance functions, including at smaller banks. Supervisors regularly conduct on-site reviews of banks’ compliance functions. |
| EC4 | The supervisor determines that banks have an independent, permanent and effective internal audit function53 charged with:
|
| Description and findings re EC4 | Specific OSFI requirements for internal audit are described in OSFI’s Corporate Governance Guideline and Assessment Criteria for Internal Audit used by supervisors. The assessment of Internal Audit is a regular part of OSFI’s supervisory work and is completed using a combination of on-site and off-site work. The adequacy of the internal audit function is assessed in the course of each significant activity review conducted of the bank and on an overall basis and often makes findings with respect to required improvements. The internal audit function assessment includes its audit work on the other functions such as risk management, compliance, etc. Criteria used to complete the assessment of the Internal Audit function specifically include the appropriateness of the Internal Audit mandate and its level of independence. There are internal supervisory guides and templates for assessing the Internal Audit function at a bank. |
| EC5 | The supervisor determines that the internal audit function:
|
| Description and findings re EC5 | Supervisors regularly review the internal audit function through both on-site and off-site supervisory review. They review many of the above areas in the course of significant activity reviews as well as in overall risk governance reviews of banks. Reviews of the internal audit function itself are conducted periodically. Supervisors use a set of published assessment criteria as well as internal supervisory guides which addresses resourcing, independence, planning and reporting of internal audit and the other areas noted in the criteria. OSFI’s Outsourcing Guideline requires that banks obtain audit rights for all material outsourcing arrangements. The contract or outsourcing agreement is expected to clearly stipulate the audit requirements and at a minimum, it should give the bank the right to evaluate the service provided or, alternatively to cause an independent auditor to evaluate, on its behalf, the service provided. This includes a review of the service provider’s internal control environment as it relates to the service being provided. Supervisors meet with internal auditors to review their work and in some cases recommend specific areas for review. Supervisors of large banks regularly meet with the Chief Internal Auditor to review internal audit results and audit plans. |
| Assessment of Principle 26 | Compliant |
| Comments | OSFI’s supervision program includes a high degree of interaction with the internal audit functions of banks and their reporting to the bank’s audit committee. Supervisors appear to have appropriately balanced oversight and use of internal audit work auditors without placing undue reliance on it. |
| Principle 27 | Financial reporting and external audit. The supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function. |
| Essential criteria | |
| EC1 | The supervisor54 holds the bank’s Board and management responsible for ensuring that financial statements are prepared in accordance with accounting policies and practices that are widely accepted internationally and that these are supported by recordkeeping systems in order to produce adequate and reliable data. |
| Description and findings re EC1 | The Canadian Accounting Standards Board adopted International Financial Reporting Standards (IFRS) for publically accountable enterprises for annual periods beginning on or after January 1, 2011. All OSFI federally regulated financial institutions are publically accountable enterprises and thus prepare financial statements in accordance with IFRS. The Canadian audit profession is governed by the International Standards on Auditing (ISAs), which are set by the International Auditing and Assurance Standards Board (IAASB), an independent standard setting body that serves the public interest by setting high-quality international standards for auditing. Unless material weaknesses have been identified in the independent audit function, OSFI relies upon banks’ external auditors to conduct an audit in accordance with Canadian Generally Accepted Auditing Standards and to provide an opinion on whether the audited financial statements present fairly in all material respects in accordance with IFRSs. The Bank Act and OSFI’s Corporate Governance Guideline place clear responsibility on the board for the production of accurate financial statements. The Bank Act requires that the directors of a bank place before the shareholders at every annual meeting the report of the auditor or auditors of the bank. The Act also requires that each financial institution establish an audit committee comprised of non-employee directors, a majority of whom are not affiliated with the institution. The statutory duties of the audit committee include reviewing the annual statements of the institution, evaluating and approving internal control procedures for the institution, and meeting with the independent oversight providers to review their functions and discuss the effectiveness of the institution’s internal controls and reporting practices. The Corporate Governance Guideline requires that the audit committee probe, question and hold regular in camera meetings with the external auditor to understand all of the relevant issues and how these issues have been resolved. Audit committees should discuss with the external auditor the overall result of the audit, the annual and quarterly financial statements and related documents in the audit report, the quality of the financial statements and any related concerns. OSFI supervisors meet regularly (typically quarterly for the large Canadian banks) with the internal auditor, external auditor and chair of the board risk committee to discuss any financial reporting matters that may arise. |
| EC2 | The supervisor holds the bank’s Board and management responsible for ensuring that the financial statements issued annually to the public bear an independent external auditor’s opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards. |
| Description and findings re EC2 | The Canadian Public Accountability Board (CPAB) oversees the quality of the work of the external audit firms. CPAB is the national body responsible for the regulation of public accounting firms and is a Federal not-for-profit corporation. CPAB was created by the Canadian Securities Administrators, OSFI and the Canadian Institute of Chartered Accountants. OSFI has an MOU with CPAB which allows CPAB to share findings with OSFI on a high level (i.e., non institution-specific) basis. OSFI’s Accounting Policy Division meets with CPAB on a biannual basis for this purpose. OSFI’s Accounting Policy Division reviews the financial statements and the independent auditor’s report to the audit committee on a quarterly basis for Canada’s conglomerate banks. OSFI meets with the external auditors of the conglomerate banks quarterly to probe and question areas of significant auditor and management judgment affecting accounting policies, accounting estimates and financial statement disclosures. For smaller banks, the Accounting Policy Division works on accounting and auditing matters as issues arises. |
| EC3 | The supervisor determines that banks use valuation practices consistent with accounting standards widely accepted internationally. The supervisor also determines that the framework, structure and processes for fair value estimation are subject to independent verification and validation, and that banks document any significant differences between the valuations used for financial reporting purposes and for regulatory purposes. |
| Description and findings re EC3 | IFRS is the basis for both external and regulatory reporting for banks, supplemented by OSFI guidelines where required. OSFI has issued guidance relating to valuation practices where needed to clarify its expectations for certain aspects under IFRS:
|
| EC4 | Laws or regulations set, or the supervisor has the power to establish the scope of external audits of banks and the standards to be followed in performing such audits. These require the use of a risk and materiality based approach in planning and performing the external audit. |
| Description and findings re EC4 | Subsection 323(2) of the Bank Act requires banks to be audited in accordance with generally accepted auditing standards, the primary source of which is the Canadian Auditing Standards contained in the Handbook of the Canadian Institute of Chartered Accountants. As per Canadian Auditing Standard (CAS) 320, in conducting an audit of financial statements, the overall objective of the auditor is to obtain reasonable assurance that the financial statements as a whole are free from material misstatement, whether due to fraud or error. This is done by obtaining sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. CAS 320 further requires that in establishing the overall audit strategy, the auditor determine materiality for the financial statements as a whole. If, in the specific circumstances of the entity, there is one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements, the auditor shall also determine the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures. |
| EC5 | Supervisory guidelines or local auditing standards determine that audits cover areas such as the loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting. |
| Description and findings re EC5 | As audits are conducted under ISAs, the above areas (loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting) are covered by the audit scope. |
| EC6 | The supervisor has the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards. |
| Description and findings re EC6 | OSFI may revoke the appointment of an external auditor that is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards under subsection 317(2) of the Bank Act. |
| EC7 | The supervisor determines that banks rotate their external auditors (either the firm or individuals within the firm) from time to time. |
| Description and findings re EC7 | The Canadian Chartered Accounting profession is a member of the International Federation of Accountants (IFAC) which follows the Canadian professions’ Rules of Professional Conduct. Currently, the Rules of Professional conduct require audit partner rotation every seven years with a minimum of five years off thereafter. |
| EC8 | The supervisor meets periodically with external audit firms to discuss issues of common interest relating to bank operations. |
| Description and findings re EC8 | OSFI’s supervision approach includes regular industry-level meetings with external audit firms to discuss issues of common interest as well as bilateral meetings between supervisors and the external auditor of each bank, generally quarterly. Banks and supervisors indicated that they find the regular discussion and exchange of information very effective and an important supervisory tool. The Accounting Policy Division meets periodically (at least twice a year) with the Auditor Advisory Committee of the Auditing Firms to address issues relating to bank accounting and auditing. The AAC is comprised of the lead audit and technical partners of the big four firms. |
| EC9 | The supervisor requires the external auditor, directly or through the bank, to report to the supervisor matters of material significance, for example failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the bank’s financial reporting process or other matters that they believe are likely to be of material significance to the functions of the supervisor. Laws or regulations provide that auditors who make any such reports in good faith cannot be held liable for breach of a duty of confidentiality. |
| Description and findings re EC9 | Under the Bank Act, it is the duty of the auditor or auditors of a bank to report in writing to the bank and OSFI any transactions or conditions that have come to the attention of the auditor or auditors affecting the ‘well being’ of the bank that, in the opinion of the auditor, are not satisfactory. The applicable auditing guideline (Canadian Audit and Assurance Standard Board’s Audit Guidance 17) provides further details on the types of transactions that would be considered reportable under the ‘well being’ letter requirement; these generally include those that would jeopardize the ability of the bank to continue as a going concern or for example, involve contravention of legislated capital or liquidity requirements. In addition, section 325 of the Bank Act states that the Superintendent may require the auditors to report directly to the Superintendent on the extent of procedures of the auditor in the examination of the annual statement and require the auditor to enlarge or extend the scope of the examination or direct that any other procedure be performed in any particular case. The auditor does not have an ongoing legal obligation to report to OSFI instances of compliance breaches or potential prudential concerns, although discussions with auditors indicates that they generally would view it as their responsibility to report any significant concerns to OSFI. OSFI was actively involved in developing the new BCBS guidance on the External Audit of Banks, which has been released in draft form for consultation and is expected to be finalised shortly. The draft guidance contains a requirement for timely reporting of prudential concerns. OSFI will require banks to adhere to this guidance. Section 333 of the Bank Act provides that any oral or written statement or report made by the auditor has qualified privilege (e.g., cannot be held liable for breach of duty made in good faith). |
| Additional criteria | |
| AC1 | The supervisor has the power to access external auditors’ working papers, where necessary. |
| Description and findings re AC1 | Section 643 of the Bank Act provides the Superintendent with the authority to review the auditor’s working papers. Supervisors indicated that this is done periodically. |
| Assessment of Principle 27 | Compliant |
| Comments | OSFI supervisors have established strong ongoing communication channels with external auditors and are able to leverage their resources and expertise when needed. While auditors have a statutory duty to report to the bank and OSFI issues affecting the well being of the bank, the ‘well being letter’ requirements may not cover all matters of prudential interest to OSFI. In addition, the formal statutory nature of this requirement may hinder timely and open communication of matters of potential prudential concern that do not rise to the level of immediacy or severity set out in the Bank Act or associated audit guidance. OSFI expects to require banks to adhere to forthcoming BCBS guidance on external audit, which will include a more generalised reporting requirement on matters of prudential concern. This will supplement appropriately the Bank Act reporting expectations. |
| Principle 28 | Disclosure and transparency. The supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require periodic public disclosures55 of information by banks on a consolidated and, where appropriate, solo basis that adequately reflect the bank’s true financial condition and performance, and adhere to standards promoting comparability, relevance, reliability and timeliness of the information disclosed. |
| Description and findings re EC1 | Banks are required to prepare annual financial statements on a consolidated basis in compliance with IFRS as adopted in Canada. Subsection 308(1) of the Bank Act requires every bank to have a report from an auditor on the annual financial statements. The Bank Act provides that financial statements shall, except as otherwise specified by the Superintendent, be prepared in accordance with generally accepted accounting principles, the primary source of which is the Handbook of the Canadian Institute of Chartered Accountants. OSFI has authority to specify additional accounting guidance or additional disclosure or require that a specific accounting option be followed. OSFI’s ability to make specifications for additional disclosure or to specify an IFRS option is also set out in International Standard on Auditing 210 (ISA 210) and the equivalent Canadian Auditing Standard 210 (CAS 210). OSFI makes these specifications in rare situations where there is a need for additional accounting guidance; for example, OSFI issued detailed guidance on transitional aspects of IFRS in 2010. This guidance addressed issues such as comparability. The timeliness and content of the issuance of financial statements for publicly listed banks is further dictated by securities regulations. Banks that have subsidiaries, which includes the largest Canadian banks among others, do not currently publicly disclosure solo financial statements and there are no requirements to do so. OSFI requires all banks and federally regulated trust and loan companies to follow BCBS Pillar 3 standards. OSFI issued an Advisory in November 2007 with the implementation of Basel II indicating its expectations with respect to Pillar 3 disclosure requirements. Since then, OSFI has issued subsequent Advisories when revised or additional Pillar 3 requirements have been issued by the BCBS, including the enhanced disclosure requirements under Basel 2.5 in 2012 and Basel III and the requirements on remuneration disclosure requirements in 2011. OSFI had issued draft guidance on Basel III Pillar 3 capital disclosures at the time of the mission and issued the final guidance in July 2013. OSFI has also issued additional disclosure requirements for banks including guidelines on Annual Disclosures and Derivatives Disclosures, as well as disclosure aspects of the Guidelines on Mortgage Underwriting Practices and Liquidity Principles. |
| EC2 | The supervisor determines that the required disclosures include both qualitative and quantitative information on a bank’s financial performance, financial position, risk management strategies and practices, risk exposures, aggregate exposures to related parties, transactions with related parties, accounting policies, and basic business, management, governance and remuneration. The scope and content of information provided and the level of disaggregation and detail is commensurate with the risk profile and systemic importance of the bank. |
| Description and findings re EC2 | The scope of information required under IFRS includes qualitative and quantitative disclosure requirements on a bank’s financial performance and financial position. The Basel Pillar 3 disclosure requirements address qualitative and quantitative information on a bank’s risk management strategies and practices, risk exposures, and basic business, management, governance and remuneration. The additional disclosures set out by OSFI in its guidance encompass other risk information that is considered useful in allowing the public to assess bank risk profiles and risk management. For example, during the recent sovereign debt crisis, OSFI required banks to make certain additional disclosures regarding exposures to certain sovereigns in Q1 2012 in order to provide greater market transparency. OSFI’s new requirements for banks that are designated as D-SIBs include an expectation to adopt the recommendations of the Financial Stability Board’s Enhanced Disclosure Task Force, future disclosure recommendations in the banking arena that are endorsed by international standard setters and the Financial Stability Board, as well as evolving domestic and international bank risk disclosure best practices. |
| EC3 | Laws, regulations or the supervisor require banks to disclose all material entities in the group structure. |
| Description and findings re EC3 | Paragraph 308(3)(a) of the Bank Act requires disclosure of all material entities in the group structure in the bank’s annual statement. |
| EC4 | The supervisor or another government agency effectively reviews and enforces compliance with disclosure standards. |
| Description and findings re EC4 | Disclosures contained in banks’ annual financial statements are reviewed by external auditors as per IAS 720 “The auditor’s responsibilities relating to other information in documents containing audited financial statements”. Financial statements are also submitted to securities regulators. In addition, OSFI’s Accounting Policy Division reviews the financial statements of the major banking organizations quarterly and annually and comments on any potential accounting issues of concern, which are followed up by supervisors. OSFI proactively enforces compliance with its disclosure requirements. In 2006, OSFI provided a ‘roadmap’ template for institutions to complete to demonstrate their compliance with the initial Pillar 3 requirements. Since then, the Accounting Policy Division has done periodic reviews of Pillar 3 disclosures to enforce compliance and ensure all required disclosures have been included. In that regard, issues have been raised with banks with regard to the accessibility of disclosures and Pillar 3 reports on bank web sites. The Accounting Policy unit has also recently performed a review against the specific disclosure requirements set out in OSFI’s the 2012 mortgage lending Guideline. Section 642 of the Bank Act requires the Superintendent to prepare a report annually to Parliament respecting the disclosure of information by banks and describing the state of progress made in enhancing disclosure of information in the financial services industry. |
| EC5 | The supervisor or other relevant bodies regularly publishes information on the banking system in aggregate to facilitate public understanding of the banking system and the exercise of market discipline. Such information includes aggregate data on balance sheet indicators and statistical parameters that reflect the principal aspects of banks’ operations (balance sheet structure, capital ratios, income earning capacity, and risk profiles). |
| Description and findings re EC5 | OSFI makes available consolidated data for all banks on its website on a quarterly and monthly basis. For each bank, users can generate a report showing the consolidated statement of financial position, income statement, impaired assets, capital adequacy components and derivative contracts. In addition, the Bank of Canada publishes aggregate banking system statistics with a reasonable level of detail on a monthly basis. This does not include risk indicators (for example, arrears or impairments), information on liquidity and funding, exposure concentrations or performance indicators. |
| Additional criteria | |
| AC1 | The disclosure requirements imposed promote disclosure of information that will help in understanding a bank’s risk exposures during a financial reporting period, for example on average exposures or turnover during the reporting period. |
| Description and findings re AC1 | OSFI has issued additional disclosure requirements for banks in response to specific risk issues. OSFI’s B20-Residential Mortgage Underwriting Practices and Procedures requires additional disclosure to provide greater transparency, clarity and public confidence in residential mortgage underwriting. The guideline indicates that, as a matter of principle, banks should publicly disclose sufficient information related to their residential mortgage portfolios for market participants to be able to conduct an adequate evaluation of the soundness and condition of their residential mortgage operations. Disclosures include, for example:
|
| Assessment of Principle 28 | Compliant |
| Comments | OSFI has implemented all Pillar 3 requirements and has been proactive in including enhanced disclosure expectations for Canadian banks. Canadian D-SIBs will be expected to adopt the recommendations of the Financial Stability Board’s Enhanced Disclosure Task. Pillar 3 requirements have been issued in Advisories rather than a Guideline. Advisories provide OSFI with the flexibility to address issues quickly. OSFI plans to issue a Guideline once the BCBS Working Group on disclosures issues its final report on findings and recommendations. As OSFI and the banks view Pillar 3 requirements, which have been in effect since 2008, as minimum required standards, we recommend that OSFI consider issuing a Guideline on disclosure. In keeping with OSFI’s leading practice in other areas, OSFI could provide greater financial and risk data in a more useable format for analysis by the public. The OSFI data access tool on its web site is not particularly user friendly, does not facilitate analysis (for example, over time or across peers) or flexible access (for example, via spreadsheet). Some other regulators publish substantially more information in time series format on bank performance and risk indicators at the aggregate and individual institution level. OSFI may wish to review best practices in other countries and consider publication of time series data sourced from its regulatory returns that would enhance the public understanding of banks’ operations and risk profile. |
| Principle 29 | Abuse of financial services. The supervisor determines that banks have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities. |
| Essential criteria | |
| EC1 | Laws or regulations establish the duties, responsibilities and powers of the supervisor related to the supervision of banks’ internal controls and enforcement of the relevant laws and regulations regarding criminal activities. |
| Description and findings re EC1 | Section 4 of the Office of the Superintendent of Financial Institutions Act states that OSFI shall “supervise financial institutions in order to determine whether they are in sound financial condition and are complying with their governing statute law and supervisory requirements under that law”. Sections 628 to 644 of the Bank Act provide the Superintendent with general powers to examine banks, while sections 645 to 655 provide the Superintendent with broad and specific powers to take remedial actions, including up to taking control of a bank in order to do “all things necessary to or expedient to protect the rights and interests of depositors and other creditors of the bank”. In Canada, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations applies a regulatory framework to the banking sector with the aim of detecting and deterring money laundering and terrorist financing. Enforcement of the PCMLTFA and its associated regulations is the responsibility of the Financial Transactions and Analysis Centre of Canada (FINTRAC). OSFI and FINTRAC have the authority to share information with each other. A MoU was signed in 2004 with respect to information sharing of the federally regulated financial institutions. OSFI considers that the relationship is relatively mature at this stage. While there are quarterly meetings at the working level, with corresponding meetings at the executive level, the executive level is comfortable about meeting as needed. Additionally, FINTRAC no longer carries out separate assessments of the banks but works alongside OSFI. Two assessments under this new procedure have been carried out so far and the reduction of potential overlap and duplication is a benefit. OSFI also noted that it requested and received interpretative issues from FINTRAC while, conversely, FINTRAC and the Department of Finance, consults with OSFI on risk management issues. OSFI has issued high level guidance to banks on the freezing obligations under UNSCR on the prevention, suppression and disruption of the financing or proliferation of weapons of mass destruction. OSFI staff have not yet been trained in relation to the 2012 FATF Recommendations as OSFI has been waiting for the (recently finalised) FATF methodology of evaluation. |
| EC2 | The supervisor determines that banks have adequate policies and processes that promote high ethical and professional standards and prevent the bank from being used, intentionally or unintentionally, for criminal activities. This includes the prevention and detection of criminal activity, and reporting of such suspected activities to the appropriate authorities. |
| Description and findings re EC2 | In Canada, regulations under the PCMLTFA require banks to develop and apply written policies and procedures that are kept up to date and approved by a senior officer, for the purposes of complying with subsection 9.6(1) of the PCMLTFA (which obligates banks to have programs in place intended to ensure their compliance with Part 1 of the PCMLTFA). OSFI’s Deterring and Detecting Money Laundering and Terrorist Financing (AML/ATF) Guideline sets out OSFI’s expectations with respect to the risk management and controls that should be in place to detect and deter money laundering and to enable banks to comply with the PCMLTFA. OSFI’s Background Checks on Directors and Senior Management of FREs (Responsible Persons) Guideline sets out OSFI’s expectations with respect to the measures that should be in place to screen “Responsible Persons” by federally regulated financial institutions (FRFIs) when such persons are hired. The Anti-Money Laundering and Compliance Division (AMLC) is responsible for OSFI’s AML/ATF assessment program. AMLC uses a risk-based approach to prioritizing the frequency and depth of AML/ATF assessments at banks, and applies these enterprise- wide including branches and subsidiaries of banks located outside Canada. Banks are categorized into three broad groups based on the overall level of observed ML and TF risk. Criteria such as size, geographic operations, types of financial products, and delivery channels are factored in for determining the overall level of risk. Banks showing the highest overall risk profile as rated by OSFI are subject to a joint OSFI-FINTRAC AML/ATF assessment approximately every three years; others are either assessed approximately every four to five years depending on the risk level. The Joint assessment is planned so that OSFI and FINTRAC focus on risk management and compliance elements respectively. For banks where the observed ML and TF risk is low as rated by OSFI, banks are assessed solely by FINTRAC. The joint assessment program does not preclude either agency from conducting on-site assessments separately but is designed to minimize impact on banks. Starting in 2013, separate assessments are the exception rather than the rule. The timing of assessments may vary depending on workloads, prioritized work arising at other financial institutions, and other supervisory issues. OSFI’s risk assessment of its institutions (as discussed in CP8) is broken down by significant activity and risk management is a critical component in assessing the net risk of any significant activity. Hence the risk management of AML is critical in deriving the overall ranking institutions by level of ML/TF risk. Each AML/ATF assessment includes a segment that evaluates a bank’s Responsible Person screening process. While all banks are subject to the Responsible Persons Guideline, only banks that are being subject to the AML/ATF assessment methodology are subject to the an evaluation of their compliance with the Guideline. The PCMLTFA does not require banks to “detect” criminal activity, in the sense of being certain that a financial transaction is linked to a predicate offence as the proceeds of crime. Instead, banks only need reach a threshold of suspicion: section 7 of the PCMLTFA requires banks to report financial transactions to FINTRAC where there are reasonable grounds to suspect that a transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist financing offence. Each OSFI AML/ATF assessment evaluates the systems and processes in place at a bank to flag transactions which are considered unusual, and scrutinize them as potentially suspicious. In addition, processes to flag and report other transactions (large cash transactions, electronic funds transfers) are also evaluated. Apart from ML/TF risk as it may relate to broader internal and external fraud, OSFI’s supervisory assessment process involves institutions demonstrating that, on an on-going basis, their corporate governance and risk management (control) practices related to operational risk (which includes fraud risk) are commensurate with the nature, scope, complexity and risk profile of the institution. Such fraud includes rogue/unauthorized trading, credit card fraud, mortgage fraud, cyber-crime, etc. |
| EC3 | In addition to reporting to the financial intelligence unit or other designated authorities, banks report to the banking supervisor suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness or reputation of the bank. |
| Description and findings re EC3 | The PCMLTFA requires banks to report to FINTRAC any financial transaction or attempted financial transaction in respect of which there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission or attempted commission of a ML offence or a TF offence. This obligation applies to any suspicious activity and is not limited to situations material to the safety, soundness or reputation of a bank. Accordingly, such reports are not filed with OSFI. However, OSFI does have the ability to see the file copies of such reports, pursuant to governing legislation. Other formal reporting mechanisms of suspicious activities and incidents of fraud, include:
|
| EC4 | If the supervisor becomes aware of any additional suspicious transactions, it informs the financial intelligence unit and, if applicable, other designated authority of such transactions. In addition, the supervisor, directly or indirectly, shares information related to suspected or actual criminal activities with relevant authorities. |
| Description and findings re EC4 | If during the AML/ATF assessment of a bank, OSFI becomes aware of transactions that appear to be suspicious, OSFI will ask the bank whether such transactions were reported to FINTRAC, and, if not, request the bank to consider whether the transactions should have been so reported. OSFI does not, except for egregious and obvious cases, attempt to second-guess a bank’s decision to report or not report a particular transaction or attempted transaction. OSFI noted that it is very focused on a bank’s processes to determine the suspiciousness of a transaction and the investigation process. This includes timeliness of notification and approval to report the transaction to FINTRAC and also the quality of information that is supplied to FINTRAC. Often OSFI has recommendations on process gaps which are documented in the “FUD” (see CPs 8 and 9) and are subject to the follow up and eventual sign-off and closure procedures in OSFI. In terms of communication to firms there are two clear categories; the first are “requirements” which are backed by the legislation and the second are “recommendations” which do not relate specifically to the statutory powers. However, as with all OSFI recommendations, the supervisor expects the firm to undertake remedial action in a timely manner and failure to do so might result in the intervention processes being initiated. |
| EC5 | The supervisor determines that banks establish CDD policies and processes that are well documented and communicated to all relevant staff. The supervisor also determines that such policies and processes are integrated into the bank’s overall risk management and there are appropriate steps to identify, assess, monitor, manage and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries and regions, as well as to products, services, transactions and delivery channels on an ongoing basis. The CDD management programme, on a group-wide basis, has as its essential elements: |
| (a) | a customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks; |
| Description and findings re EC5(a) | The PCMLTFR (paragraph 71(1)(c)) requires banks to assess and document the risk of a money laundering offence or a terrorist financing offence. The Act further prescribes criteria to be applied by banks in determining if a client is a high risk client. Section 71.1 of the PCMLTFR sets out additional measures to be taken where high risks are identified. OSFI’s AML/ATF Guideline sets out OSFI’s expectation that banks’ policies and procedures include client due diligence standards for dealing with clients who exhibit levels of risk that are unacceptable to the bank. OSFI’s AML/ATF assessment program examines the processes by which banks apply this expectation, and it includes consideration of: the numbers of suspicious transaction reports a bank may have filed with FINTRAC; whether the bank has a list of types of business or occupation for which banking services will not be provided; whether the risk assessment methodology of the bank is reasonably designed to identify and monitor high risk customers. Other than prohibited transactions (eg terrorist financing) there are no ex ante prohibitions on business relationships a bank may not enter but OSFI expects to understand what the bank’s risk appetite for its business relationships is and also to find conformity of practice with the policy statement when OSFI undertakes file reviews. If a bank opted to maintain a high risk category of relationship then OSFI expects to be shown the rationale. OSFI also noted that it would press banks when it became aware that one bank was prepared to transact with a category/counterparty that it knew peer banks were withdrawing from. Essentially OSFI expected to see “demarketing” or higher levels of controls if a higher risk category of customer appeared on the files and OSFI needed to understand the bank’s method of identifying the high risk counterparties and the procedures that were put in place around that counterparty. |
| (b) | a customer identification, verification and due diligence programme on an ongoing basis; this encompasses verification of beneficial ownership, understanding the purpose and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant; |
| Description and findings re EC5(b) | The PCMLTFA and PCMLTFR impose obligations on banks to ascertain the identity of prescribed customers; determine the beneficial owner(s) who own at least 25 percent of the shares of clients that are corporations; determine if there are any other parties who will have access to the account; and keep appropriate records. The standard will increase from February 2014 from the bank having to use “reasonable measures” to determine the beneficial owners to a clear requirement to actually identify the beneficial owners and to take reasonable measures to confirm the accuracy of this information. The choice of a 25 percent threshold (no threshold is specified by the FATF) was informed by a review of international practices, notably the EU. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by FRFIs to comply with these requirements. A key feature of the program is the review of samples of customer records for the purpose of assessing the overall strengths of the measures used to comply with the regulatory requirements. |
| (c) | policies and processes to monitor and recognise unusual or potentially suspicious transactions; |
| Description and findings re EC5(c) | The PCMLTFA requires banks to be able to identify and report to FINTRAC every financial transaction, including attempted financial transactions, in respect of which there are reasonable grounds to believe that the transaction is related to the commission of a money laundering offence or a terrorist financial offence. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements. This includes assessing how banks identify potentially suspicious transactions, the case management systems that are used to determine if such transactions are suspicious, and the processes used to report them to FINTRAC. Before onsite visits, OSFI obtains the policies and procedures which, as noted below are then evaluated in terms of their actual operation when the team is on site. |
| (d) | enhanced due diligence on high-risk accounts (e.g., escalation to the bank’s senior management level of decisions on entering into business relationships with these accounts or maintaining such relationships when an existing relationship becomes high-risk); |
| Description and findings re EC5(d) | The PCMLTFA requires banks to apply a risk assessment to customers and determine the risk of money laundering or terrorist financing. In respect of high risk customers, the PCMLTFR requires banks to: take reasonable measures to keep client information and beneficial ownership information about the client (if it is an entity) up to date; take reasonable measures to conduct ongoing monitoring for the purpose of detecting suspicious transactions; and mitigate the risks identified. After February 1, 2014, the PCMLTFR will be amended to require banks, in respect of high risk customers, to: take enhanced measures to ascertain the identity of the client, and to take any other enhanced measures to mitigate risk, including enhanced measures to keep client identification and beneficial ownership information up to date, and conducting enhanced ongoing monitoring of the business relationship with the client. As of February 1, 2014, the PCMLTFR will also require banks to conduct ongoing monitoring of their business relationship with all clients, in accordance with the risk assessment undertaken as required by the PCMLTFA. OSFI’s AML/ATF Guideline sets out OSFI’s expectation that banks have processes in place to escalate client relationships where there are elevated levels of risk, and to have a process to exit the relationship where the bank considers the risk of ML or TF to be unacceptable. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements. OSFI noted that it followed a clear framework, reviewing files, interviewing senior officers, and following up on site to confirm execution of the firm’s stated policies. If for example certain categories of customer were expected to be subject to enhanced due diligence, OSFI expected to see a differentiation of the due diligence in the file reviews. |
| (e) | enhanced due diligence on politically exposed persons (including, among other things, escalation to the bank’s senior management level of decisions on entering into business relationships with these persons); and |
| Description and findings re EC5(e) | The PCMLTFA and PCMLTFR require banks to determine under prescribed circumstances whether individual clients are Politically Exposed Foreign Persons (PEFPs) as defined in the PCMLTFA. If a client is determined to be a PEFP, the bank must apply prescribed measures which include: take reasonable measures to establish the source of the funds that have been, will be or are expected to be deposited in the account in question or used for the transaction in question; obtain the approval of senior management to keep the account open or have senior management review the transaction in question; and conduct enhanced ongoing monitoring of the activities in respect of the account for the purpose of detecting suspicious transactions. These measures must be applied within prescribed timelines. OSFI’s AML/ATF Guideline establishes that, although domestic PEPs are not explicitly defined or caught by the PCMLTFA, banks should factor in to their risk assessment the occupation of clients who disclose to banks that they are domestic PEPs, as part of their determination of the level of risk such clients may present. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements and expectations. OSFI commented that it had met with mixed results so far but also noted that Finance has consulted on new proposals so further development is possible. OSFI considers that it has communicated its expectations in this area explicitly and frequently to the banks and that some improvements are being made. Legislation could help. |
| (f) | Clear rules on what records must be kept on CDD and individual transactions and their retention period. Such records have at least a five year retention period. |
| Description and findings re EC5(f) | The PCMLTFA and PCMLTFR prescribe in detail the records which must be kept by banks as a result of ascertaining the customer’s identity, and other prescribed CDD measures. OSFI does not set these requirements and in any event does not have rule-making power in this area. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with record keeping requirements associated with the foregoing requirements. |
| EC6 | The supervisor determines that banks have in addition to normal due diligence, specific policies and processes regarding correspondent banking. Such policies and processes include: |
| (a) | gathering sufficient information about their respondent banks to understand fully the nature of their business and customer base, and how they are supervised; and |
| Description and findings re | The PCMLTFA and PCMLTFR set out prescribed measures which apply to banks’ correspondent banking relationships although such relationships are not prohibited. |
| EC6(a) | OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements where the bank’s correspondent banking relationships are considered to be high risk. |
| (b) | not establishing or continuing correspondent relationships with those that do not have adequate controls against criminal activities or that are not effectively supervised by the relevant authorities, or with those banks that are considered to be shell banks. |
| Description and findings re EC6(b) | The PCMLTFA prohibits banks from entering into correspondent banking relationships with shell banks. The PCMLTFA and PCMLTFR set out prescribed identification and due diligence measures which apply to banks’ correspondent banking relationships. These include measures to ascertain whether such foreign banks have adequate controls against criminal activities and are appropriately supervised. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements. |
| EC7 | The supervisor determines that banks have sufficient controls and systems to prevent, identify and report potential abuses of financial services, including money laundering and the financing of terrorism. |
| Description and findings re EC7 | OSFI gathers information about the controls and systems in place at banks which are designed to detect and deter ML and TF: 1. Customer Identification. OSFI examines samples of customer files to assess the quality of the systems used by banks so they ensure that prescribed customers’ identities are ascertained in accordance with prescribed measures. 2. Risk Assessment. OSFI analyses the risk assessment methodology of banks to assess how it identifies high risk customers, according to prescribed criteria. OSFI also examines samples of high risk customers’ files to assess the quality of the enhanced measures required to be applied to such customers. 3. Reporting to FINTRAC. OSFI assesses the process used by banks to flag potentially suspicious transactions and determine if they should be reported to FINTRAC. A similar assessment is made with respect to other transactions to be reported to FINTRAC (large cash transactions, electronic funds transfers, terrorist property). Apart from ML risk, as it relates to broader internal and external fraud risks, OSFI’s supervisory assessment involves institutions demonstrating that, on an on-going basis, their risk management (control) practices related to operational risk (which includes fraud risk) are commensurate with the nature, scope, complexity and risk profile of the institution. These assessments occur through significant activity reviews, as well as through regular monitoring processes, and include fraud such as rogue/unauthorized trading, credit card fraud, mortgage fraud, cyber-crime, etc. Such supervisory assessments are conducted by the Relationship Management teams and associated support groups (i.e., operational risk, credit risk, etc.). Where OSFI has concerns regarding the sufficiency of the controls and systems that are in place it will issue recommendations to the institution which will be monitored and followed up according to OSFI’s processes, including documentation in the “FUD” (see CPs 8 and 9). |
| EC8 | The supervisor has adequate powers to take action against a bank that does not comply with its obligations related to relevant laws and regulations regarding criminal activities. |
| Description and findings re EC8 | OSFI does not administer the PCMLTFA. (See also EC1). OSFI noted that sanctions fall into two categories. First those supervisory sanctions under the Bank Act (including “staging” and intervention and which can lead to agreements or orders of compliance as necessary). Staging has been used in respect of AML issues. However, the second category of sanctions is that of financial penalties which cannot be levied by OSFI but by FINTRAC pursuant to PCMLTFA. It is OSFI practice to ensure FINTRAC is copied in on all correspondence (recommendations/staging etc) to the banks and if compliance is not forthcoming then FINTRAC has the option of acting itself and banks are warned that FINTRAC may act. OSFI considers that this strategy has been extremely successful to date. |
| EC9 | The supervisor determines that banks have: |
| (a) | requirements for internal audit and/or external experts to independently evaluate the relevant risk management policies, processes and controls. The supervisor has access to their reports; |
| Description and findings re EC9(a) | Under the PCMLTFA, banks are required to audit (test for effectiveness) the following at least every two years:
OSFI assesses the content of Internal Audit reports in order to determine whether banks are testing policies, processes and controls adequately and in accordance with prescribed timelines. Consistent with the expectations of the Basel Committee’s Sound Practices paper and OSFI’s Supervisory Framework, OSFI expects internal audit and/or external experts to independently evaluate the relevant operational risk (including fraud) management policies, processes and controls. |
| (b) | established policies and processes to designate compliance officers at the banks’ management level, and appoint a relevant dedicated officer to whom potential abuses of the banks’ financial services (including suspicious transactions) are reported; |
| Description and findings re EC9(b) | Although there is no specific requirement to appoint a person to receive reports of suspicious transactions banks are required by the PCMLTFA to appoint a compliance officer who is responsible for the implementation of the bank’s compliance program. OSFI refers to this person as the Chief Anti- Money Laundering Officer (CAMLO). OSFI assesses the mandate, resources and operations of the CAMLO and his/her staff to determine whether the CAMLO appears to have adequate control over the AML/ATF program, including operations that are the responsibility of others within the bank. The expectation by OSFI is that the CAMLO will be of management status but this is not required. OSFI is more interested in ensuring that there is substance and the individual has the authority to get the job done. OSFI noted that there was expected to be a congruence between the banks approach to corporate governance and compliance in its AML functions. |
| (c) | adequate screening policies and processes to ensure high ethical and professional standards when hiring staff; or when entering into an agency or outsourcing relationship; and |
| Description and findings re EC9(c) | OSFI has set out in its Responsible Persons Guideline its expectations in respect of screening new Directors and Senior officers (referred to in the Guideline as “Responsible Persons”). In addition OSFI sets out its expectations regarding outsourcing relationships in its Guideline Outsourcing of Business Activities, Functions and Processes. OSFI analyzes the processes used by banks to comply with the Guideline by assessing employee files, and by evaluating the processes used to conduct background checks, and report to management and the Board on the results. |
| (d) | ongoing training programmes for their staff, including on CDD and methods to monitor and detect criminal and suspicious activities. |
| Description and findings re EC9(d) | Refer to EC9(a) above, which captures AML/ATF training programs. |
| EC10 | The supervisor determines that banks have and follow clear policies and processes for staff to report any problems related to the abuse of the banks’ financial services to either local management or the relevant dedicated officer or to both. The supervisor also determines that banks have and utilise adequate management information systems to provide the banks’ Boards, management and the dedicated officers with timely and appropriate information on such activities. |
| Description and findings re EC10 | With respect to the first part of this criterion, see above. With respect to reporting to the Board, OSFI’s AML/ATF Guideline sets out the expectations that banks report regularly to the Board on the overall program, as well as its effectiveness. OSFI examines reports to the Board as part of the assessment of AML/ATF controls. Other formal reporting mechanisms of suspicious activities and incidents of fraud, include:
|
| EC11 | Laws provide that a member of a bank’s staff who reports suspicious activity in good faith either internally or directly to the relevant authority cannot be held liable. |
| Description and findings re EC11 | Section 10 of the PCMLTFA provides as follows: “No criminal or civil proceedings lie against a person or an entity for making a report in good faith under section 7, 7.1 or 9, or for providing [FINTRAC] with information about suspicions of money laundering or of the financing of terrorist activities.” |
| EC12 | The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign financial sector supervisory authorities or shares with them information related to suspected or actual criminal activities where this information is for supervisory purposes. |
| Description and findings re EC12 | OSFI is one of several federal government agencies and departments that form the Illicit Financing Committee, under the leadership of the Department of Finance, which has overall responsibility for Canada’s AML/ATF regime. This committee meets regularly to discuss issues of policy addressing the risk of ML and TF in Canada. FINTRAC is responsible for ensuring compliance with the PCMLTFA. In 2004, OSFI and FINTRAC signed an MOU (following the granting of legislative authority) which allows OSFI to share information with FINTRAC about banks’ compliance with the PCMLTFA and its regulations. In the course of its AML/ATF assessment program OSFI does not normally identify actual or suspected criminal activity, but on the limited number of occasions when it does it requests the bank in question to make appropriate reporting disclosures to FINTRAC. OSFI also has MOUs with other regulators globally through which general supervisory information may be exchanged. More recently, OSFI has held supervisory colleges focused on AML (for five of its six systemic banks). There has been particular follow up on some of these banks and some regional regulators have participated particularly actively. |
| EC13 | Unless done by another authority, the supervisor has in-house resources with specialist expertise for addressing criminal activities. In this case, the supervisor regularly provides information on risks of money laundering and the financing of terrorism to the banks. |
| Description and findings re EC13 | As it relates to AML, OSFI is not a criminal investigative agency and does not have internal expertise to directly address criminal activities. OSFI would look to FINTRAC or the RCMP to provide this information to banks. OSFI has supervisory expertise to review the impact of fraud on banks. When additional technical or forensic expertise is required, independent third parties have been engaged to conduct technical reviews. |
| Assessment of Principle 29 | Largely Compliant |
| Comments | Canada is a member of the Financial Action Task Force (FATF). Its third mutual evaluation was undertaken in June 2007 and the mutual evaluation report (MER) was adopted in February 2008. Canada was placed in the FATF’s regular follow-up process and has reported back to the FATF in February 2009, February 2011, October 2011, October 2012 and February 2013. In order to exit the follow-up process Canada needs to demonstrate that three core and key recommendations that were rated PC or NC have improved to a level of C or LC. The recommendations in question relate to customer due diligence, supervisory standards and the financial investigation unit. In February 2013, the FATF determined that Canada will have improved all the core and key recommendations rated PC or NC to a level essentially equivalent to C or LC when Canada’s new CDD regulations come into force on February 1, 2014. Accordingly, Canada will come out of regular follow-up in February 2014. In terms of the assessment under the Basel Core Principles and the specific formulation of the criteria, compliance is achieved as no significant deficiencies are identified. Nevertheless there are areas in which greater clarity or focus are desirable. It is therefore recommended that OSFI explicitly states its expectation that banks’ compliance officer (CAMLO) is appointed at the management level. Additionally the Guideline (B-10) on Outsourcing of Business Activities, Functions and Processes more clearly deliver the requirement that the screening processes in place when the bank is entering into outsourcing relationships will ensure high ethical and professional standards. Additionally, although OSFI technically meets the requirement that the supervisor has adequate powers to take action against a bank, OSFI’s ability to apply sanctions (meaning penalty fines) is not in place. The staging process (see CPs 8, 9 and 11) delivers an effective sanctioning regime, but the sanctioning powers under the PCMLTFA are administered by FINTRAC. In this context it should be noted that cross country experience indicates the robustness of an AML/CFT system is heavily dependent on the effectiveness of the sanctions regime. OSFI’s practice is to ensure tight cooperation with FINTRAC so that the latter agency is fully aware of issues of concern and is able to act. Necessarily, however, OSFI cannot compel FINTRAC to act as the decision properly rests with FINTRAC itself. While such a regime encourages the close collaborative practices that OSFI and FINTRAC have developed, and while outcomes have been effective to date, there is scope for confusion, difference of interpretation or delay in action. Hence it is recommended that the Bank Act be revised to provide OSFI with powers to apply penalties. |
| Principle 14 | Corporate governance. The supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organizational structure, control environment, responsibilities of the banks’ Boards and senior management,20 and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor establish the responsibilities of a bank’s Board and senior management with respect to corporate governance to ensure there is effective control over the bank’s entire business. The supervisor provides guidance to banks and banking groups on expectations for sound corporate governance. |
| Description and findings re EC1 | Legislative requirements are outlined in Part VI – Corporate Governance of the Bank Act. Duties of the board are set out in the Bank Act and in OSFI’s Corporate Governance Guideline. Among other things, directors must manage the affairs of the bank, establish an audit committee and a conduct review committee and procedures for conflicts of interest, complaints and disclosure. The Bank Act also sets out the duties of the required committees. Subsection 194(3) outlines the duties of the Audit Committee. Subsection 195(3) outlines the duties of the Conduct Review Committee. OSFI’s Corporate Governance Guideline (originally issued in 2003) covers comprehensively OSFI’s expectations for the responsibilities of a bank’s board. The Guideline was revised in 2013 to include more formalized, explicit and detailed requirements in the areas of governance, risk management and compensation, among others. The Guideline also covers specific expectations for matters subject to board approval, including, for example, the risk appetite and internal control framework, succession planning and CEO performance review. The Guideline is supported by internal (non-public) assessment criteria for supervisors to use in evaluating boards and senior management. OSFI indicated that there was extensive consultation with the banks prior to finalizing the Guideline as well as outreach with instructions (including through OSFI’s Corporate Governance Division) once the Guideline was issued to ensure banks understood OSFI’s expectations. Banks generally concurred that consultation on new Guidelines was extensive and they had a good understanding of the requirements. |
| EC2 | The supervisor regularly assesses a bank’s corporate governance policies and practices, and their implementation, and determines that the bank has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. The supervisor requires banks and banking groups to correct deficiencies in a timely manner. |
| Description and findings re EC2 | OSFI has been conducting regular and comprehensive on-site and off-site reviews of corporate governance. In 2011, OSFI conducted detailed reviews of risk management and corporate governance at the large Canadian banks. The results of this review were used as input into the revised Corporate Governance Guideline. Interim supervisory letters with feedback were also sent to each bank. The associated bank actions are tracked via the follow-up document (FUD) process. OSFI established a Corporate Governance Division in 2010 in the Supervision Support area to provide technical expertise in corporate governance and enterprise risk management. Although ongoing supervision is conducted by the relationship management teams, the Corporate Governance Division act as a center of expertise and is consulted on applying the Guideline and assessing appropriate expectations, for example for smaller or more specialized institutions. The Corporate Governance Division tracks interpretations and reviews risk matrices for large banks. This helps ensure consistency of approach, particularly where institutions are permitted to adopt alternative approaches. As part of its quarterly monitoring for large banks, OSFI will:
|
| EC3 | The supervisor determines that governance structures and processes for nominating and appointing Board members are appropriate for the bank and across the banking group. Board membership includes experienced non-executive members, where appropriate. Commensurate with the risk profile and systemic importance, Board structures include audit, risk oversight and remuneration committees with experienced non-executive members. |
| Description and findings re EC3 | OSFI’s Corporate Governance Guideline sets out expectations with respect to board member skills and competencies and the process for succession planning for new board members. An internal supervisory assessment guide covers director qualifications, independence and other factors. The Guideline requires banks to notify OSFI of any potential changes to board composition. As set out in the Guideline, OSFI expects the board to be independent from senior management. The CEO and board chair must be separate but otherwise OSFI does not impose specific prescriptive independence requirements. The risk committee must be comprised of non-executive directors, including the chair. In practice for the larger, more complex banks, the boards are comprised of independent directors except for the president and CEO. OSFI’s Board of Directors Assessment Criteria also outline the elements that supervisors will consider when looking at board composition. The Bank Act also contains certain requirements for director independence. No more than two thirds of directors can be ‘affiliated’ with the bank, where OSFI has discretion to determine whether an individual is ‘affiliated’. This limitation does not apply where the bank is owned by another federally regulated financial institution. No more than 15 percent of directors may be employees of the bank or up to four for a board of seven directors. The audit committee must have a majority of independent directors. Subsection 157(2) of the Bank Act requires the establishment of an audit committee and Conduct Review Committee. For listed companies, provincial securities laws require the board to have a majority of independent directors and an independent chair, adopt fit and proper requirements and conduct board assessments. The independence requirements do not apply to subsidiaries. The 2011 cross-system review of corporate governance conducted by OSFI included peer comparisons and discussions with bank chairs on topics such as succession planning and director skills. The processes used by the large banks to monitor and track the skill sets of the boards were reviewed and compared, including competency matrices where available. Discussions were held with the board chairs that included succession planning given, for example, director retirements. As well a comparison was undertaken of skill sets against the proposed expectations to identify potential gaps. This was included for internal purposes and reported to the OSFI Executive. |
| EC4 | Board members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty”.21 |
| Description and findings re EC 4 | The Bank Act includes a duty of care provision which explicitly requires directors to act in the best interests of the bank and to exercise the care, diligence and skill of a reasonably prudent person. OSFI’s Corporate Governance Guideline and ongoing supervision activities as described under EC3 above appear appropriate to evaluate the qualifications and effectiveness of board members. OSFI does not approve directors prior to appointment, although it may informally encourage banks to address competency or compositional deficiencies on their board. |
| EC5 | The supervisor determines that the bank’s Board approves and oversees implementation of the bank’s strategic direction, risk appetite22 and strategy, and related policies, establishes and communicates corporate culture and values (e.g., through a code of conduct), and establishes conflicts of interest policies and a strong control environment. |
| Description and findings re EC5 | OSFI’s Corporate Governance Guideline addresses the requirements for the board to oversee the bank’s strategy, risk appetite, policies and controls. The Bank Act requires a bank to implement a conflicts of interest policy. These requirements are enforced through ongoing supervisory activity, including review by supervisors of board policies, risk appetite statements and other control framework documentation on a periodic basis, and providing feedback to banks on these documents. Supervisors review the implementation of these policies and framework documents in the context of particular business line or risk reviews. During the cross-system review of corporate governance in 2011, supervisors discussed with directors their processes for developing the risk appetite framework, strategic planning processes, related monitoring and information provided to the board. OSFI supervisors and management meet at least annually with the full board which provides an opportunity to discuss strategy. For large banks supervisors meet throughout the year with individual committee chairs. OSFI supervisors indicated that they are increasingly attuned to risk culture differences across banks. |
| EC6 | The supervisor determines that the bank’s Board, except where required otherwise by laws or regulations, has established fit and proper standards in selecting senior management, maintains plans for succession, and actively and critically oversees senior management’s execution of Board strategies, including monitoring senior management’s performance against standards established for them. |
| Description and findings re EC6 | OSFI’s Guideline on Background Checks on Directors and Senior Management requires banks to implement a policy to effectively ensure fit and proper standards for directors and senior management. Other than at the time of licensing, OSFI does not generally conduct its own background checks on officers, but relies on the bank to enforce its own policy. The Corporate Governance Guideline addresses succession planning and performance and requires the board to consider succession plans for the Board, CEO and other members of senior management. Succession planning and monitoring of management against board approved plans and objectives were areas covered during OSFI’s 2011 cross-system corporate governance review. |
| EC7 | The supervisor determines that the bank’s Board actively oversees the design and operation of the bank’s and banking group’s compensation system, and that it has appropriate incentives, which are aligned with prudent risk taking. The compensation system, and related performance standards, are consistent with long-term objectives and financial soundness of the bank and is rectified if there are deficiencies. |
| Description and findings re EC7 | OSFI’s Corporate Governance Guideline requires the board to set an appropriate compensation policy consistent with the Financial Stability Board (FSB) Principles for Sound Compensation Practices. In 2009, OSFI notified all banks by letter of the expectation to comply with the FSB principles and the associated implementation principles. In 2009–10, OSFI conducted a cross-system review of compensation practices among the six largest banks. This included review of performance scorecards for key roles such as CEO and CRO. Internal analysis was prepared comparing and contrasting practices across these banks. Recommendations were issued to banks regarding deficiencies as a result and supervisors regularly track progress. Annual reviews have been conducted by supervisors since then. Assessors’ review of individual Significant Activity review finding letters provided evidence that supervisors are also reviewing compensation practices within business lines and their considering their impact on business risk taking. |
| EC8 | The supervisor determines that the bank’s Board and senior management know and understand the bank’s and banking group’s operational structure and its risks, including those arising from the use of structures that impede transparency (e.g., special-purpose or related structures). The supervisor determines that risks are effectively managed and mitigated, where appropriate. |
| Description and findings re EC8 | OSFI’s Corporate Governance Guideline sets out expectations for the board and senior management oversight of the business, including organisational structure and subsidiaries Supervisors meet regularly with directors and the full board and have the opportunity to discuss any changes to organizational structures or structures of potential concern and ensure they are understood by the board. Supervisors maintain a good understanding of each bank’s operational structure through the quarterly monitoring process, where banks flag any potential material changes to the operational or legal structure. The quarterly risk assessment document prepared for each bank includes an outline of the corporate structure in an Annex. This has been extensively enhanced through the recovery and resolution planning process, which has involved ongoing dialogue with banks about corporate structure. Assessors saw evidence of the focus on structural risk through the analysis and feedback on recovery plans. The more problematic complex securitization structures that were heavily affected during the financial crisis have been wound back, and for banks with run-off portfolios held since the crisis, OSFI continues to monitor their wind-down. OSFI’s Credit Risk Division regularly reviews securitization and structured credit activities of large banks as part of its on-site reviews at the large banks, including oversight by the bank’s senior management and where appropriate, boards. |
| EC9 | The supervisor has the power to require changes in the composition of the bank’s Board if it believes that any individuals are not fulfilling their duties related to the satisfaction of these criteria. |
| Description and findings re EC9 | The Bank Act gives OSFI authority to remove a person from office as a director if the Superintendent is of the opinion that the person is not suitable to hold that office. In practice, this authority has never been exercised, although supervisors noted instances where they have worked with banks to achieve changes in the composition of board over time or commented on its make-up or expertise where improvements were considered necessary. |
| Additional criteria | |
| AC1 | Laws, regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material and bona fide information that may negatively affect the fitness and propriety of a bank’s Board member or a member of the senior management. |
| Description and findings re AC1 | OSFI’s Corporate Governance Guideline states that banks should notify OSFI of any potential changes to the membership of the board and senior management, and any circumstances that may adversely affect their suitability. For certain matters it is not uncommon for the board chair, or chair of the relevant committee to contact OSFI Executive directly. Discussions with supervisors and banks indicated that banks are fully aware of the need to promptly report any matters of significance to OSFI. |
| Assessment of Principle 14 | Compliant |
| Comments | OSFI has a comprehensive program for supervision of corporate governance at large and smaller banks. Notable features of the approach include very regular contact with directors on both a formal and informal level, and a centralized unit responsible for corporate governance supervision. |
| Principle 15 | Risk management process. The supervisor determines that banks23 have a comprehensive risk management process (including effective Board and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate24 all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.25 |
| Essential criteria | |
| EC1 | The supervisor determines that banks have appropriate risk management strategies that have been approved by the banks’ Boards and that the Boards set a suitable risk appetite to define the level of risk the banks are willing to assume or tolerate. The supervisor also determines that the Board ensures that:
|
| Description and findings re EC1 | As discussed under CP 8 and CP9, OSFI supervisors assess the quality of risk management using detailed criteria for each identified control function and OSFI’s Corporate Governance Guideline and associated assessment criteria. The Guideline and assessment criteria are designed to ensure that banks establish and maintain a sound risk management culture. OSFI’s supervisory Guidelines and practices address risk management strategy, governance and risk appetite and their implementation. Assessors observed broad coverage of banks’ risk management governance through OSFI’s ongoing monitoring process and periodic business line and risk function reviews conducted by appropriately staffed specialist risk functions within OSFI. The quality of risk management is typically assessed through supervisory reviews of a bank’s Significant Activities. The supervisory reviews of risk management of a bank include assessing the characteristics (mandate, organization structure, policies and procedures, etc.) and performance (how well does the function carry out its mandate and responsibilities). As discussed under CP 14, the Corporate Governance Division has conducted specific reviews of enterprise-wide risk governance at the large banks that have addressed these areas. The scope of risk governance reviews conducted at large banks typically includes areas of focus such as risk committee structures, the risk framework itself, risk appetite, mandate and independence of the risk control functions, reporting and infrastructure. Supervisors make recommendations for improvements in risk governance and implementation and follow up to ensure they are implemented over time. Several banks noted OSFI’s focus on risk culture, which has in some cases prompted them to conduct external assessments of staff risk awareness. |
| EC2 | The supervisor requires banks to have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. The supervisor has an effective process to determines that these processes are adequate or take appropriate corrective action:
|
| Description and findings re EC2 | OSFI’s Corporate Governance Guideline and the criteria used by supervisors for assessing the quality of risk management explicitly require banks to take an enterprise-wide view of risk. In addition to the risk governance reviews, supervisors regularly review each bank’s key risk framework and risk policy documents. OSFI maintains comprehensive internal assessment guides and training programs for supervisors on how to conduct risk management assessments. For the large banks, Supervisors review risk committee agendas and papers, reports from the CRO to the board and other internal bank risk reports on a regular basis to ensure that risk measurement and monitoring processes are operating effectively and that risks arising from the external environment are incorporated into the risk management process. Processes to benchmark banks against peers (including cross-system reviews) and recommend mitigating actions where needed help to ensure that risk processes are appropriate for the risk profile and systemic importance of the bank. In particular, cross-system reviews in a range of risk areas are regularly used to allow comparison of risk management practices across peer groups. Assessors saw strong evidence of regular risk management governance reviews, at a corporate level and through individual business lines (such as capital markets, retail lending) and processes (such as technology). |
| EC3 | The supervisor determines that risk management strategies, policies, processes and limits are:
|
| Description and findings re EC3 | As noted under EC1 and EC2, there is a comprehensive program including guidance and supervision practices for assessment of risk management policies, strategies and processes in place. Assessors saw evidence that supervisors request and assess the bank’s risk framework documentation and evidence of the review and communication of risk management frameworks as part of ongoing supervision. Review of implementation is performed through more in-depth, on-site significant activity reviews. Across all banks, OSFI supervisors have made a clear emphasis on risk appetite definition and monitoring of the risk profile against the bank’s appetite and policies. Assessors saw evidence of regular review of board-approved risk appetite statements, and supervisors’ recommendations to ensure these are translated into risk tolerances and appropriate risk limits for individual businesses within each bank. Review of exceptions against policies and limits in areas such as credit and market risk is a routine part of ongoing monitoring and significant activity reviews. |
| EC4 | The supervisor determines that the bank’s Board and senior management obtain sufficient information on, and understand, the nature and level of risk being taken by the bank and how this risk relates to adequate levels of capital and liquidity. The supervisor also determines that the Board and senior management regularly review and understand the implications and limitations (including the risk measurement uncertainties) of the risk management information that they receive. |
| Description and findings re EC4 | OSFI has adopted an approach of very regular meetings (as often as quarterly) with large bank directors, including the chairs of the risk committee. Although informal, meetings typically include a standing set of agenda items. Risk reporting packages may be discussed to ensure directors understand information being provided to them. Risk governance reviews and significant activity reviews typically include an assessment of information that is reported to the board. Assessors saw evidence that supervisors may also meet with directors in the course of specific significant activity reviews help to reinforce OSFI’s expectation that directors receive sufficient information to understand and manage the bank’s risks. |
| EC5 | The supervisor determines that banks have an appropriate internal process for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile. The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy assessments and strategies. |
| Description and findings re EC5 | Supervisors regularly assess bank’s internal processes for assessing capital and liquidity risk appetite and sufficiency. OSFI has issued an ICAAP Guideline and Liquidity Principles Guideline that follow BCBS standards and sound practice guidance. These are supported by specific internal supervisory guides and/or templates used by OSFI supervisors for assessing these areas. Each quarter, supervisors reconcile each bank’s capital against internal targets, which are required to cover Pillar 2 risks, buffers and forthcoming regulatory changes. In addition, Supervisors perform and document an annual ICAAP review. Different aspects of the ICAAPs are reviewed each year and bank practices are benchmarked against peers. Discussions with banks and review of relevant documentation indicate ICAAP process is well internalized and used within the banks and well integrated with capital planning, stress testing and risk appetite processes. OSFI expects banks to incorporate risk appetite and risk profile measures into stress testing and capital and liquidity management processes. Discussions with banks suggested that this approach is quite robust within the largest banks. |
| EC6 | Where banks use models to measure components of risk, the supervisor determines that:
|
| Description and findings re EC6 | OSFI has issued several guidelines and advisories consistent with Basel Committee requirements detailing expectations for the use of models by banks. These guidelines also address expectations in respect of the corporate governance of model use by the bank, for example the adequacy of the board and senior management understanding of the models and their outputs. Included requirements for regular and independent validation and testing of the bank’s models. OSFI expects banks to apply these to all models, not only those used for capital requirement modeling. As discussed under BCP 16, OSFI has a well documented and rigorous internal process for model validation and approval, including a standing committee which meets quarterly to review and approve models before use and a modeling unit with appropriate quantitative expertise. A separate division (Risk Measurement and Analytics Assessment Services - RMAAS) within OSFI’s Supervision Sector staffed with appropriately qualified staff carries out the assessments. In addition, credit, market and operational risk specialists also review and assess other risk models that do not require regulatory approval (e.g., are used to operate businesses) as a part of their review work. RMAAS regularly reviews model performance metrics for reasonableness and receives updates from the banks on model changes and performance. Detailed reviews are conducted to ensure banks comply with standards on model use and perform regular independent validation and testing. |
| EC7 | The supervisor determines that banks have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types, products and counterparties. The supervisor also determines that these reports reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely basis to the bank’s Board and senior management in a form suitable for their use. |
| Description and findings re EC7 | Risk reporting and assessing the quality of risk data is a component of nearly all supervisory reviews. Because reporting of various risk measures is key to many of OSFI’s ongoing monitoring activities, significant attention is spent on the accuracy of the reporting and systems producing the reporting. In 2011, OSFI conducted a review that focused on the risk management reporting capabilities of the six largest Canadian banks. The primary objective of this review was to understand the banks’ abilities to aggregate risk data, produce enterprise-wide level reports and integrate such reports in its management activities. An additional objective was to signal to the banks that the risk MIS reporting expectations are being raised. OSFI is in the process of requesting that banks conduct self assessments against the BCBS Principles for Effective Risk Data Aggregation and Risk Reporting issued in January 2013. OSFI also assesses the adequacy of bank information systems under normal and stressed circumstances using the bank’s Resolution and Recovery Plan. |
| EC8 | The supervisor determines that banks have adequate policies and processes to ensure that the banks’ Boards and senior management understand the risks inherent in new products,26 material modifications to existing products, and major management initiatives (such as changes in systems, processes, business model and major acquisitions). The supervisor determines that the Boards and senior management are able to monitor and manage these risks on an ongoing basis. The supervisor also determines that the bank’s policies and processes require the undertaking of any major activities of this nature to be approved by their Board or a specific committee of the Board. |
| Description and findings re EC8 | OSFI’s Corporate Governance Guideline sets out the expectations for risk oversight by banks’ boards and senior management. OSFI monitors board engagement in and oversight of new products through the quarterly monitoring process and specific on-site reviews of significant activities. Supervisors are kept apprised of new products and potential new products, acquisitions or systems changes. Supervisors indicated that they often request the risk and board reporting for any new product or project that might pose supervisory concern and review them for completeness of the risk assessment that was provided to the board. Banks confirmed that they are proactive in keeping OSFI informed of any new products changes within the business. OSFI’s operational risk specialists also regularly perform reviews of the new product approval process, as well as reviewing its implementation in practice on particular business line reviews. |
| EC9 | The supervisor determines that banks have risk management functions covering all material risks with sufficient resources, independence, authority and access to the banks’ Boards to perform their duties effectively. The supervisor determines that their duties are clearly segregated from risk-taking functions in the bank and that they report on risk exposures directly to the Board and senior management. The supervisor also determines that the risk management function is subject to regular review by the internal audit function. |
| Description and findings re EC9 | The Corporate Governance Guideline and the assessment criteria for each risk management oversight function have specific criteria regarding the sufficiency of resources and the adequacy of independence, authority and direct reporting and access to the board. There are specific guides and section note templates that assist supervisors in their assessment of a bank’s oversight functions. These tools are aligned with the assessment criteria for the oversight functions. OSFI assesses the segregation of the duties of the oversight functions from the risk taking activities of the bank on an on-going basis, and particularly during on-site reviews of particular significant activities (or business lines). OSFI also expects that the oversight functions are reviewed by the bank’s internal audit on a regular basis through review of audit plans and reports. Supervisors cover the role and performance of internal audit and its oversight of risk functions within the scope of all business line reviews. OSFI expects banks to observe good risk management practices in terms of the independence of risk functions and reporting, which typically involves the ‘3 lines of defense’ model. This does not mean that risk-taking functions are not accountable for risk management, however, a point made by a number of banks. |
| EC10 | The supervisor requires larger and more complex banks to have a dedicated risk management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO of a bank is removed from his/her position for any reason, this should be done with the prior approval of the Board and generally should be disclosed publicly. The bank should also discuss the reasons for such removal with its supervisor. |
| Description and findings re EC10 | OSFI’s Corporate Governance Guideline includes specific requirements regarding the establishment of dedicated risk management functions and the board’s role in the appointment and review of the CRO. All large, conglomerate and more complex banks in Canada have dedicated risk management functions overseen by a Chief Risk Officer. The CRO is a critical contact point for OSFI and supervisors have very regular contact with bank CROs. While OSFI has not taken a strict approach to requiring dedicated risk management functions at smaller banks, OSFI would recommend the establishment if supervisors concluded that risks were not being adequately controlled and overseen. OSFI’s Corporate Governance Guideline places the obligation on the board to approve any major changes to the risk management framework or implementation, which would be expected to include the change of CRO. The Guideline also requires notification to OSFI of any potential changes to senior management. Given that OSFI’s approach emphasizes very frequent ongoing communication with the board, CEO and CRO, it is highly likely that OSFI would be aware of any potential dismissal of a CRO and would have the opportunity to discuss the reasons for dismissal. |
| EC11 | The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk, interest rate risk in the banking book and operational risk. |
| Description and findings re EC11 | OSFI has issued relatively comprehensive Guidelines for some risk areas, including structural interest rate risk, outsourcing and liquidity risk. OSFI has issued targeted guidance on topics such as outsourcing, derivatives, pledging of assets, impairment and residential mortgage underwriting. In some cases, OSFI has issued Advisories notifying banks of the need to adopt new BCBS guidance, including for example sound practices for operational risk and Pillar 3 requirements. Credit risk guidance is contained primarily in the Capital Adequacy Requirements Guideline and to some extent in the ICAAP guidance. These Guidelines do not apply to foreign bank branches. OSFI has not issued specific guidance on country risks or concentration risk management. General Market Risk management guidance is also contained within the Capital Adequacy Requirements Guideline, which only applies to banks with a significant trading book; this is not an unusual international practice however given that most small banks do not face material market risk. General operational risk guidance is also contained in the CAR Guideline following BCBS standards. In addition, as noted above, OSFI has issued an advisory encouraging banks to adhere to BCBS Sound Practices for Operational Risk Management. |
| EC12 | The supervisor requires banks to have appropriate contingency arrangements, as an integral part of their risk management process, to address risks that may materialize and actions to be taken in stress conditions (including those that will pose a serious risk to their viability). If warranted by its risk profile and systemic importance, the contingency arrangements include robust and credible recovery plans that take into account the specific circumstances of the bank. The supervisor, working with resolution authorities as appropriate, assesses the adequacy of banks’ contingency arrangements in the light of their risk profile and systemic importance (including reviewing any recovery plans) and their likely feasibility during periods of stress. The supervisor seeks improvements if deficiencies are identified. |
| Description and findings re EC12 | OSFI expects banks to have comprehensive contingency plans in areas such as liquidity management, capital and operational (business continuity) risk. In addition, OSFI expects banks to develop contingency plans for potential crisis management situations, such as Eurozone scenarios where OSFI has done a significant amount of analysis with the large banks. OSFI reviews bank contingency planning in these areas, conducts benchmarking and provides feedback to banks. As discussed further in CP8, large banks have been required to submit annual recovery plans for the last four years. OSFI has undertaken comparative assessments and provided feedback to banks on their plans. In addition, OSFI facilitated discussions of the Plans with the Canada Deposit Insurance Corporation, Bank of Canada, Department of Finance, and US and UK regulatory authorities. The banks were provided with feedback on OSFI’s assessment of the recovery plan and advised on further work that is being planned. The letter contained key industry observations and associated OSFI recommendations as well as bank-specific recommendations to close identified gaps. OSFI is in the process of rolling out recovery planning to smaller banks in a risk-focused manner. |
| EC13 | The supervisor requires banks to have forward-looking stress testing programs, commensurate with their risk profile and systemic importance, as an integral part of their risk management process. The supervisor regularly assesses a bank’s stress testing programme and determines that it captures material sources of risk and adopts plausible adverse scenarios. The supervisor also determines that the bank integrates the results into its decision-making, risk management processes (including contingency arrangements) and the assessment of its capital and liquidity levels. Where appropriate, the scope of the supervisor’s assessment includes the extent to which the stress testing programme:
|
| Description and findings re EC13 | OSFI has issued a Stress Testing Guideline and its stress testing supervision program appears quite mature. OSFI requires banks to perform prescribed industry-level stress tests on a regular basis. Banks also conduct their own stress tests on current and emerging risks, which are reviewed by supervisors. The results of stress testing are required to be included in the bank’s risk management processes. Banks have been required to demonstrate implementation of the Stress Testing Guideline through their ICAAP submissions, modeling reviews and the industry-wide stress tests conducted by OSFI with the banks. This was confirmed from discussions with banks, which have integrated stress testing within their own risk and capital processes. In 2011 and 2012, OSFI assessed the use of stress testing by large Canadian banks as required by the Stress Testing Guideline. The objective was to assess the extent to which stress testing is embedded in the bank’s enterprise-wide management framework, including capital and liquidity management, and strategic planning. OSFI’s review included assessing whether the stress testing feeds into the bank’s decision-making process, including setting its risk appetite, setting exposure limits, and evaluating strategic choices in the longer-term business planning. Recommendations were made and follow-up work will continue through 2013. |
| EC14 | The supervisor assesses whether banks appropriately account for risks (including liquidity impacts) in their internal pricing, performance measurement and new product approval process for all significant business activities. |
| Description and findings re EC14 | OSFI expects banks to have rigorous new product approval processes and this is regularly reviewed through on-site and off-site supervision activity. Supervisors indicated that banks often discuss any significant new products with their supervisors prior to introducing them. Supervisors regularly request new product approval documentation to ensure risks have been appropriately identified and assessment performed against risk appetite. Risk governance and operational risk management reviews also commonly include new product approval governance, policies and practices at a bank-wide level. The scope of significant business line reviews may where appropriate include consideration of compensation and performance reporting. Supervisors have reviewed the performance metrics for bank staff in particular business lines to determine if these may give incentives for excessive risk taking. |
| Additional criteria | |
| AC1 | The supervisor requires banks to have appropriate policies and processes for assessing other material risks not directly addressed in the subsequent Principles, such as reputational and strategic risks. |
| Description and findings re AC1 | OSFI’s general approach to risk management assessment covers all material risks. Assessors saw evidence in ICAAP feedback letters of supervisory recommendations regarding risk coverage. It was noted in discussions with banks that OSFI expects banks to consider, for example, strategies for reputational risks. |
| Assessment of Principle 15 | Largely Compliant |
| Comments | OSFI’s practical implementation of risk management supervision is of a very high standard in terms of scope, depth and quality of analysis. Supervisors have a rigorous process for assessing and rating inherent risk and the quality of risk management and acting on any deficiencies. Specialist teams play an integral part in providing risk-based review and peer comparison. OSFI operates at a relatively principles-based level and does not tend to issue extensive, detailed risk management guidance. OSFI has issued overarching guidance regarding risk governance within the Corporate Governance Guideline, which includes reference to oversight. While this approach allows for a more flexible and potentially responsive to differing institutions and risks, OSFI could usefully provide a more comprehensive and consistent set of written guidance as to its expectations across all risk areas. The existing set of standards dealing with risk management is characterized by somewhat inconsistent format and application (guidelines vs. advisories), does not comprehensively cover all risk areas (credit risk, operational risk, problem asset management, concentrations and country risk) or limited in application (market risk). As a world-leading regulator it would be expected that OSFI would make available to banks a comprehensive suite of risk management standards, even if at a relatively high level or based largely on BCBS guidance. |
| Principle 16 | Capital adequacy.27 The supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards. |
| Essential criteria | |
| EC 1 | Laws, regulations or the supervisor require banks to calculate and consistently observe prescribed capital requirements, including thresholds by reference to which a bank might be subject to supervisory action. Laws, regulations or the supervisor define the qualifying components of capital, ensuring that emphasis is given to those elements of capital permanently available to absorb losses on a going concern basis. |
| Description and findings re EC1 | Subsection 485(1) of the Bank Act requires banks to maintain adequate capital and liquidity. The Bank Act provides that Superintendent may make guidelines on the maintenance of adequate capital. Even when a bank complies with formal requirements, the Superintendent may order the bank to increase its capital, and the bank must comply within a time specified by the Superintendent. Section 949 of the Bank Act imposes similar requirements on bank holding companies. OSFI’s capital adequacy requirements are contained in its Capital Adequacy Requirements (CAR) Guideline, which covers the provisions of Basel II, 2.5 and III. OSFI has adopted the Basel II/III wording to a very significant extent. There are no obvious departures from Basel requirements. Note that this assessment did not include a detailed review of capital requirements against BCBS standards. OSFI’s Basel III capital requirements became effective at the international starting date of 1 January 2013. In addition, OSFI has indicated its expectation that all banks meet the fully phased-in capital ratios, including the capital conservation buffer, effective at the start of 2013 rather than over the BCBS timeline that extends out to 2019. OSFI has not accelerated the implementation of CVA capital in recognition of the potential market impacts from imposing this requirement ahead of the international community. Non-complying capital instruments will be phased out over the BCBS transitional period. Further, OSFI expects all institutions to attain “all-in” target capital ratios of 8.5 percent for total tier 1 and 10.5 percent for total capital by the first quarter of 2014. These expectations are set out in the CAR Guideline. A feature of the Canadian capital regime is the application of both a risk-based ratio and a leverage ratio. Some banks indicated that this requirement is an important factor constraining leverage at Canadian banks. OSFI’s assets to capital multiple (ACM) test applies to all banks and is calculated by dividing the institution’s total assets, including specified off-balance sheet items, by total capital. All items that are deducted from capital are excluded from total assets. Under this test, total assets must be no greater than 20 times capital, although this multiple can be exceeded with the Superintendent’s prior approval to an amount no greater than 23 times. Alternatively, the Superintendent may prescribe a lower multiple. In setting the assets to capital multiple for individual institutions, the Superintendent will consider such factors as operating and management experience, strength of parent, earnings, diversification of assets, type of assets and appetite for risk. Supervisors assess capital each quarter against the bank’s target capital level. Annually, supervisors complete a detailed Capital Section Note which provides a comprehensive assessment of capital including an overall capital strength rating. A breach of either the risk-based or ACM would be considered very seriously by supervisors. Failure to manage capital to these limits would trigger supervisory intervention consistent with the OSFI Guide to Intervention. Supervisory action will be taken proportional to the shortfall and circumstances that caused the shortfall and may include a range of actions, including restrictions on distributions and submission of a capital plan. |
| EC2 | At least for internationally active banks,28 the definition of capital, the risk coverage, the method of calculation and thresholds for the prescribed requirements are not lower than those established in the applicable Basel standards. |
| Description and findings re EC2 | OSFI has adopted BCBS standards for capital adequacy covering credit, market and operational risk. OSFI has adopted a significant portion of the Basel wording for most aspect of its CAR guidance and there are no material deviations from the BCBS standards evident in terms of risk coverage or prescribed requirements. The CAR includes comprehensive cross references to BCBS paragraphs which aids in the transparency of its requirements. However, a detailed review of all aspects of the CAR against BCBS requirements was not within the scope of this review. OSFI has fully implemented the Basel III requirements for definition of capital for new capital instruments. The BCBS rules permit national discretion in respect of requiring contingent capital instruments to be written off or converted to common stock upon a trigger event. OSFI has determined that conversion is more consistent with traditional insolvency consequences and reorganization norms and better respects the legitimate expectations of all stakeholders. One technical matter relating to definition of capital is that OSFI’s CAR Guideline includes a longstanding Canadian provision to allow ‘purchase for cancellation’ of any Tier 1 or Tier 2 instrument at any time subject to OSFI approval. OSFI consulted with BCBS secretariat, which did not have concerns about this provision; however, there is no BCBS FAQ available that would formally clarify this position. The provision could be viewed as inconsistent with the Basel III prohibition on incentives to redeem or calls within the first five years of an Additional Tier 1 or Tier 2 capital instrument. There have been only a small number of approvals under this provision in recent years. |
| EC3 | The supervisor has the power to impose a specific capital charge and/or limits on all material risk exposures, if warranted, including in respect of risks that the supervisor considers not to have been adequately transferred or mitigated through transactions (e.g., securitization transactions)29 entered into by the bank. Both on-balance sheet and off-balance sheet risks are included in the calculation of prescribed capital requirements. |
| Description and findings re EC3 | OSFI has authority to issues orders to a bank to raise capital and can issue directions on most aspects of a bank’s activities, including limiting risk exposures. However, this legal authority is rarely if ever used. Instead, OSFI focuses on banks’ internal targets and limits in most cases. Under the CAR Guideline, supervisors have discretion to impose higher capital requirements on a particular bank. Supervisors indicated this is generally done through review of banks’ internal capital targets and adjustments to ICAAPs rather than an adjustment to risk-weighted assets or the required capital ratio. However, in some instances it was observed that supervisors have set an explicit higher regulatory capital ratio requirement for particular higher risk banks or a lower ACM. Additional capital requirements have been imposed due to model deficiencies. According to the CAR Guideline, the ACM requirement for each bank is privately communicated that reflects an OSFI view of the individual bank. Assessors observed instances of a lower ACM multiple being applied to institutions with heightened risks or poor risk management. Guidance on conducting the Internal Capital Adequacy Assessment Process (ICAAP) requires banks to consider all material risks including those not covered under Pillar 1. The guidance requires banks to consider whether minimum regulatory capital requirements fully capture risks, especially when business has been securitized and the risk transfer assumed in the securitization framework may not be complete. |
| EC4 | The prescribed capital requirements reflect the risk profile and systemic importance of banks30 in the context of the markets and macroeconomic conditions in which they operate and constrain the build-up of leverage in banks and the banking sector. Laws and regulations in a particular jurisdiction may set higher overall capital adequacy standards than the applicable Basel requirements. |
| Description and findings re EC4 | As discussed under EC3, OSFI’s CAR Guideline indicates that the Superintendent may set higher target capital ratios for individual institutions or groups of institutions where circumstances warrant. As described under EC1, OSFI has recently announced the imposition of a 1 percent capital surcharge by 2016 for the six systemically important domestic banks. OSFI has also accelerated the phased introduction of the Basel III capital requirements. The Basel III framework contemplates the possibility for supervisors to impose a higher capital requirement due to macroeconomic conditions and OSFI has incorporated this provision into it CAR Guideline. Additional capital could be required when aggregate credit growth is judged to be associated with a build-up of material system-wide risk in Canada or in other jurisdictions where an institution has credit exposures. The ACM leverage ratio, which is applied in parallel with the BCBS risk-based measure, serves to constrain banks’ overall leverage. It was noted that this impact has become more pronounced with the implementation of IFRS beginning in fiscal year 2011. OSFI issued guidance indicating that as the accounting rules are the starting point for the ACM, securitization assets which are not derecognized or which are not exempted from consolidation should be included in the calculation of the ACM. This change had materially increased the reported ACM for banks that are active in securitization. For foreign banks, OSFI considers the adequacy of capital through the use of capital equivalency deposits. |
| EC5 | The use of banks’ internal assessments of risk as inputs to the calculation of regulatory capital is approved by the supervisor. If the supervisor approves such use: (a) such assessments adhere to rigorous qualifying standards; (b) any cessation of such use, or any material modification of the bank’s processes and models for producing such internal assessments, are subject to the approval of the supervisor; (c) the supervisor has the capacity to evaluate a bank’s internal assessment process in order to determine that the relevant qualifying standards are met and that the bank’s internal assessments can be relied upon as a reasonable reflection of the risks undertaken; (d) the supervisor has the power to impose conditions on its approvals if the supervisor considers it prudent to do so; and (e) if a bank does not continue to meet the qualifying standards or the conditions imposed by the supervisor on an ongoing basis, the supervisor has the power to revoke its approval. |
| Description and findings re EC5 | Internal models are subject to supervisory review and approval as set out in various OSFI advisories including Approval of Regulatory Capital Models for Deposit-Taking Institutions. OSFI may disallow or defer the use of a model, constrain its use or require modifications. Banks are required to monitor and report the performance of internal models and OSFI may revoke approval to use a model. Before a bank is allowed to use internal models for regulatory capital, OSFI reviews readiness, including data and systems, compliance to the minimum requirements of Basel II and III and their performance in measuring risk. OSFI has approved seven banks for use of internal models for market risk, and 10 banks for use of advanced credit risk models including nine using Advanced IRB (AIRB) and one using Foundation IRB. This includes all of the major Canadian banks and several foreign bank subsidiaries. A number of IRB banks continue to use the standardized approach to credit risk for more than 10 percent of their credit risk weighted assets. It has not been feasible for them to develop IRB models for all portfolios and subsidiaries, particularly in other jurisdictions. One bank has to date been approved for use of Advanced Measurement Approaches (AMA) to operational risk. OSFI has indicated that it expects all of the large banks to make significant progress in 2013 toward AMA approval. Basel II transitional floors are still in effect, generally at 90%. Assessors observed that OSFI has a very rigorous process for approval of new models and modifications to existing approved models. A Capital Models Review Committee meets on quarterly basis to consider detailed analysis on each model approval proposal. A models dashboard provides a snapshot of the status of models. Banks are required to maintain inventories of the models they use for the calculation of regulatory capital as well as logs of all modifications to approved models. This allows OSFI to be aware of changes in their use and to review and take appropriate supervisory action. Banks must submit a self-assessment of compliance and indicate the materiality of the business covered by the model. Banks must also indicate the impact of the model’s use on Pillar 1 capital requirements. OSFI has a specialist division dedicated to risk measurement and analytics assessment that contains staff with experience in model development at financial institutions. This division reviews and follows up with the banks on anomalies in their reports of model performance quarterly. This division is also responsible for the review, analysis and recommendations on applications to implement/modify models to verify that they meet minimum requirements. Conditions are frequently applied to model approvals. Conditions for approval that require further work have deadlines. OSFI supervisors verify compliance with deadlines and that their recommendations for permanent processes are followed. These conditions could include floors or ceiling to inputs or outputs, requirements to perform and report further work. In addition, OSFI has conducted a number of cross-industry IRB model validation reviews over the last two years focusing on specific portfolios such as CRE, residential mortgages and credit card lending. These reviews have uncovered fundamental deficiencies in some banks’ model design as well as instances where model performance has broken down since approval. Examples from recent reviews include CRE models, where some banks are using corporate models and residential mortgage LGD models. OSFI takes comfort from the fact that the overall Basel II transitional capital floors are still in effect, and in some cases where models were particularly inadequate has raised floor levels closer to 100%. OSFI also applies capital penalties where model performance issues are more significant. OSFI’s overall expectation is that there will be no capital relief without improvements in risk measurement and management. |
| EC6 | The supervisor has the power to require banks to adopt a forward-looking approach to capital management (including the conduct of appropriate stress testing).31 The supervisor has the power to require banks:
|
| Description and findings re EC6 | OSFI expects banks to adopt a forward-looking approach to capital management and assesses this on a regular basis. This includes explicit consideration of stress testing, non-Pillar 1 risks and buffers within an institution’s internal capital target. For the larger/IRB institution, it includes an evaluation of economic capital modeling and use. Both the ICAAP and stress testing processes and results comprise part of the framework used by OSFI supervisors to assess the capital adequacy of banks. Supervisors review bank capital quarterly using an ICAAP target calculator. Supervisors have also conducted in-depth reviews of bank’s ICAAP process, including at a cross-system level in 2001. Contingency planning is required to be embedded in the development of realistic capital plans and this is review during the ongoing supervisory process as well as OSFI’s recovery planning work. Capital forecasting in the context of Basel III has been a particular focus in the last two years. As OSFI indicated that it expects banks to meet the Basel III requirements (except for phase-out of non-qualifying instruments and CVA) effective January 2013. Requests for reductions in capital (i.e., capital calls and repurchases) are made through OSFI’sApprovals and Precedents group, which assesses each request on its technical merits and consults with the core supervision team on prudential aspects, including capital planning and forecasts. Contingency planning is required to be embedded in the development of realistic capital plans. OSFI’s ICAAP Guideline explicitly requires banks to factor in the potential difficulties of raising additional capital during downturns or other times of stress. Capital plans are regularly reviewed by supervisors. OSFI has required the large banks to consider capital contingency planning in the context of recovery planning activities. |
| AC1 | For non-internationally active banks, capital requirements, including the definition of capital, the risk coverage, the method of calculation, the scope of application and the capital required, are broadly consistent with the principles of the applicable Basel standards relevant to internationally active banks. |
| Description and findings re AC1 | OSFI’s capital adequacy guidelines apply equally to both large and small banks, although smaller banks normally adopt the standardized approaches to credit and operational risk and are not subject to market risk capital requirements if they do not have a material trading book. In addition, OSFI guidelines on Stress Testing and the ICAAP are applicable with standardized scenarios employed as part of the supervisory review process for less complex institutions. |
| AC2 | The supervisor requires adequate distribution of capital within different entities of a banking group according to the allocation of risks.32 |
| Description and findings re AC2 | OSFI capital guidance requires that capital adequacy be determined at the level of the parent bank on a consolidated and sub-consolidated basis. That is, all banks within a group must meet the capital requirements for themselves and their consolidated subsidiaries. The supervisory review process requires that complex institutions assess their allocation of capital by activities and that capital policies, procedures, authority and resources are monitored across the banking group. In addition, OSFI expects an institution’s capital planning to consider the risks of its foreign operations and also the availability of capital and assets in Canada to protect Canadian depositors. OSFI has issued draft guidance to the large banks (each of which is the head of the banking group) on solo bank capital. Where Canadian banks have substantial regulated subsidiaries, OSFI has required capital adjustments to ensure the solo bank retains sufficient capital to protect depositors even if it is unable to access the capital invested in the subsidiary. |
| Assessment of Principle 16 | Compliant |
| Comments | OSFI takes a proactive and conservative approach to capital adequacy. Supervisors regularly assess banks’ capital management and planning and use stress testing to assess the adequacy of capital on a regular basis. OSFI has fully adopted Basel II and Basel III and has accelerated the timeline for banks to implement the fully phased-in requirements. This approach should help maintain the reputation of Canadian banks as subject to a strong and conservative capital regime. In addition, OSFI has retained its own leverage ratio requirement in addition to the Basel risk-based ratios. Canada has also been one of the first countries to establish its regime for domestically systemically important banks (D-SIBs) consistent with the BCBS standard and to announce that it will impose a 1 percent capital surcharge, effective in 2016. Over time, OSFI may wish to consider whether the surcharge should differentiate across banks according to their risk or systemic importance. Concerns regarding inconsistencies across countries in the internal modeling of capital requirements by banks have emerged as an international concern. OSFI has implemented a rigorous program to review and approve banks’ internal models. Some recent reviews of credit risk IRB modeling across banks in particular lending segments have found deficiencies in complying with OSFI expectations. This situation is not unusual for many countries, but calls into question whether banks had sufficient clarity about OSFI’s expectations. OSFI has significant model validation work underway including follow-up with banks on identified issues. Moreover, OSFI has been careful to communicate an overall message to banks that there will be no capital reductions from modeling without associated improvements in risk measurement and management. However, continued vigilance will be required in this area. It is recommended that OSFI seek a formal BCBS FAQ to be published regarding the permissibility of ‘purchase for cancellation’ under the Basel III definition of capital rules. |
| Principle 17 | Credit risk.33 The supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk34 (including counterparty credit risk)35 on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and investment portfolios. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have appropriate credit risk management processes that provide a comprehensive bank-wide view of credit risk exposures. The supervisor determines that the processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank, take into account market and macroeconomic conditions and result in prudent standards of credit underwriting, evaluation, administration and monitoring. |
| Description and findings re EC1 | Credit risk management is assessed as a fundamental component of the bank’s enterprise-wide Risk Management function. The Risk Management function is assessed through supervisory reviews of a bank’s significant activities. The supervisory reviews of risk management of a bank include both characteristics (mandate, organization structure, policies and procedures, etc.) and performance (how well does the function carry out its mandate and responsibilities). The quality of supervisory assessments is supported by an extensive set of supervisory guides and tools (templates for documentation). The Bank Act and OSFI’s Prudent Person Approach Guideline provide very high level requirements for prudent management of a bank’s lending portfolio. Section 465 of the Bank Act states that the directors of a bank shall establish and the bank shall adhere to investment and lending policies, standards and procedures that a reasonable and prudent person would apply in respect of a portfolio of investments and loans to avoid undue risk of loss and obtain a reasonable return. OSFI’s Corporate Governance Guideline addresses the role of the board and senior management in risk management governance more broadly. OSFI Capital Adequacy Requirements (CAR) Guideline sets out the requirements for bank-wide credit risk management in relation to the risk weighting of credit risk exposures for capital purposes. As they are directed at preconditions for calculating capital requirements, the CAR do not cover all aspects of credit risk management. Moreover, the CAR are not applicable to foreign bank branches. OSFI’s coverage of credit risk management during on-site reviews is frequent and comprehensive for the large banks. OSFI has a team of approximately 20 staff in its credit risk division, including several dedicated to monitoring and surveillance. These staff perform detailed credit risk reviews of significant business lines at the large banks and may also be called on to conduct reviews at smaller banks. Each bank’s inherent credit risk and credit risk management is explicitly rated by supervisors. During the supervisory planning process, credit risk reviews are targeted at businesses where credit risk management concerns have been identified, rapidly growing lending segments, or in areas identified as potential emerging risks by OSFI’s Emerging Risk Committee. These issues are documented in the Risk Assessment Document and the rationale for each planned on-site or off-site credit risk review is documented in the annual supervision plan for each bank, including reasons for deferring review of a particular area. OSFI supervisors use various internal supervisory guides and credit assessment tools in conducting supervisory work regarding credit risk and credit risk management. Significant Activity Reviews of bank’s main lending segments (corporate, CRE, residential, credit cards, HELOCs) are performed typically including credit risk specialists for the large banks. These reviews involve significant on-site file review on a sampled basis. For the large banks, the credit risk specialists replicate the banks’ own internal ratings on a sampled basis. Recommendations are made to adjust ratings or provisions where appropriate. Credit risk reviews of a significant business line would typically assess:
|
| EC2 | The supervisor determines that a bank’s Board approves, and regularly reviews, the credit risk management strategy and significant policies and processes for assuming,36 identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk (including counterparty credit risk and associated potential future exposure) and that these are consistent with the risk appetite set by the Board. The supervisor also determines that senior management implements the credit risk strategy approved by the Board and develops the aforementioned policies and processes. |
| Description and findings re EC2 | OSFI expects boards to approve strategies and significant policies. Supervisors review the board-approved credit policies and the credit risk management framework documentation. On-site reviews of credit risk typically assess whether significant policies, processes and limits are aligned with the board-approved risk appetite. Credit specialists and the relationship management teams will review credit policies and changes to policies and credit information provided to the board on a regular basis and in the context of specific business line reviews. As an example of particular focus on board involvement and risk governance, OSFI is conducting a cross-industry review of risk governance in the retail credit segment, which focuses on risk appetite setting and monitoring. This review has included discussions with directors in the course of the examination to gauge their understanding of the risk governance framework. Credit risk specialists also have expertise in securitisation and other structured credit vehicles and assess the credit risk in the bank’s participation in these structures. Overall the coverage of credit risk governance is comprehensive. |
| EC3 | The supervisor requires, and regularly determines, that such policies and processes establish an appropriate and properly controlled credit risk environment, including:
|
| Description and findings re EC3 | Review of scope and findings documentation for recent large bank on-site reviews of credit risk in significant activities and business lines cover these areas to a large extent. The scope of each credit risk review is agreed between the credit risk specialists and the bank relationship management team based on analysis of key risk areas and risk management concerns that may be evident. Underwriting and approval criteria (including the approval authority), policies, and processes are assessed for appropriateness and effectiveness as part of every credit risk review, including criteria around renewals and refinancing. Also reviewed are adherence to credit policies (underwriting/renewal/refinancing criteria), on-going monitoring activities (including annual reviews of borrowers), with examiners looking for evidence that a borrower continues to demonstrate ability /willingness to repay. File reviews selectively include assessments of documentation, covenant compliance, collateral security and accuracy of risk ratings and provisioning. Credit risk reviews also typically include:
In addition, the quarterly review of board reports provides high level overview of board-level reporting for adequacy. Credit limits, both transactional and concentration, are assessed during credit risk reviews for reasonableness in light of the bank’s risk appetite, profile and capital levels and their communication to the relevant staff. A range of aspects of credit risk management in the residential mortgage segment is specifically addressed in OSFI’s recent Guideline B-20 Residential Mortgage Underwriting Practices and Procedures. This Guideline was issued following recent international guidance and also concerns about practices in the Canadian housing market. |
| EC4 | The supervisor determines that banks have policies and processes to monitor the total indebtedness of entities to which they extend credit and any risk factors that may result in default including significant unhedged foreign exchange risk. |
| Description and findings re EC4 | OSFI expects banks to monitor the total indebtedness of its borrowers through processes such as their regular, annual review of credit files (and associated confirmation of credit needs/capacity), and supervisors assess against this expectation as part of significant activity reviews. OSFI also assesses the ability of banks to aggregate all borrower and connected credit risk exposures across the institution, including FX risk where applicable. During file review, examiners test the ability to aggregate all credit exposure of a borrower, including connected exposures. This applies to all types of credit: retail and wholesale. A standard template is used for the file review process. OSFI has reviewed banks’ ability to aggregate data across borrowers and has requested the large banks perform a self-assessment against the recent BCBS guidance on Risk Data Aggregation. |
| EC5 | The supervisor requires that banks make credit decisions free of conflicts of interest and on an arm’s length basis. |
| Description and findings re EC5 | Under the Bank Act, banks are required to have policies on conflicts of interest and to establish formal reporting and compliance processes with these policies. Part XI – Self-Dealing of the Bank Act establishes rules around related party transactions. OSFI expects that the risk approval function is structurally independent from the lending function, that loan workout is independent from origination, and that limits and exceptions are approved by a function independent of underwriting. |
| EC6 | The supervisor requires that the credit policy prescribes that major credit risk exposures exceeding a certain amount or percentage of the bank’s capital are to be decided by the bank’s Board or senior management. The same applies to credit risk exposures that are especially risky or otherwise not in line with the mainstream of the bank’s activities. |
| Description and findings re EC6 | Credit risk reviews assess credit delegations and whether transactions of a significant size are subject to higher level approvals, including by the board. Supervisors assess the processes for setting borrower limits, including ensuring that all transactions (both on and off-balance sheet) are included and that limits are reviewed regularly. |
| EC7 | The supervisor has full access to information in the credit and investment portfolios and to the bank officers involved in assuming, managing, controlling and reporting on credit risk. |
| Description and findings re EC7 | Sections 628 to 644 of the Bank Act, provide OSFI with full access to credit and investment information and to the bank officers responsible for any aspect of credit risk at the bank. In practice, OSFI supervisors have complete access to data on a bank’s loan portfolio and meets regularly with staff involved in credit risk management as well as during on-site credit risk visits. Supervisors regularly receive and review internal management credit reporting reports such as those showing the largest exposures or significant new loans. Banks also report some credit risk information on their regulatory returns, such as impaired loans and some arrears data, as well as IRB ratings. |
| EC8 | The supervisor requires banks to include their credit risk exposures into their stress testing programmes for risk management purposes. |
| Description and findings re EC8 | OSFI’s Stress Testing Guideline sets out OSFI’s expectations that stress testing is embedded in the enterprise’s risk management program. The guideline articulates that the stress testing program should cover a range of risks including credit risk exposures. OSFI’s ICAAP Guideline sets out OSFI’s expectation with respect to using stress testing to evaluate adequacy of internal capital to mitigate enterprise’s risks such as credit risk exposures. OSFI regularly reviews compliance with these requirements. In 2010, OSFI conducted a cross-system review (consisting of six major banks) to identify gaps in each bank’s self-assessment against OSFI’s expectations detailed in the Stress Testing Guideline. In 2011, OSFI executed a cross-system Stress Test – Use Test review to assess if stress tests were used for capital management, risk management, liquidity management and strategy management. A component on use of stress testing for risk management purposes includes assessing use of stress tests for credit risk management. Relationship Managers, through quarterly monitoring/annual review of minutes, reports, and presentations etc., also become aware of stress testing results. Items required for review and follow up are undertaken depending on the issue. In addition, retail consumer credit was identified as an emerging macro-economic risk and banks were required to complete stress tests on an ad hoc basis. In 2010, OSFI required a Canadian retail debt stress test wherein banks were asked to estimate losses emanating from retail exposures over a two year stressed period. In 2012, the Canadian consumer debt stress test required the banks to estimate credit losses from consumer debt portfolios (i.e., impact to uninsured residential mortgages, home equity lines of credit, credit cards, secured and unsecured personal lines of credit and small business) and insurance claims under an extreme stress scenario prescribed by the supervisor. Discussions with banks indicate they regularly use their stress testing capabilities to assess the impact of potential scenarios (such as a sharp rise in unemployment) on their credit portfolios and report these results to their boards. They feel this process gives them very valuable insights into the performance of their credit portfolios and serves as an input to risk appetite setting. |
| Assessment of Principle 17 | Compliant |
| Comment | OSFI’s credit risk supervision function is effective and forward-looking. Supervisors conduct regular detailed on-site review of banks’ significant and higher risk portfolios; any areas of emerging concern are investigated and action taken on rectification. OSFI and banks make active use of stress testing to evaluate the nature and size of risks in their portfolio. While OSFI has issued guidance on specific credit risk areas such as residential mortgages and valuations, as well as on capital requirements for credit risk, it does not have an overarching credit risk management guideline. Most regulators have issued broad supervisory guidance on credit risk management. As discussed under BCP 15, OSFI should develop comprehensive guidance on credit risk management in line with international standards to ensure its expectations and minimum standards are well understood. |
| Principle 18 | Problem assets, provisions and reserves.37 The supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.38 |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to formulate policies and processes for identifying and managing problem assets. In addition, laws, regulations or the supervisor require regular review by banks of their problem assets (at an individual level or at a portfolio level for assets with homogenous characteristics) and asset classification, provisioning and write-offs. |
| Description and findings re EC1 | OSFI’s on-site reviews of lending businesses always include review and assess the bank’s established policies and procedures around problem recognition and remedial loan management. Banks are expected to perform regular, frequent review of problem loans, and demonstrate appropriate reporting to senior management and the Board. Supervisors regularly review watch lists (for the large banks) and other internal credit risk reporting to ensure problem assets are receiving full attention and visibility. Detailed credit file reviews that are conducted in specific lending businesses assess the effectiveness of the policies in practice, appropriateness of risk ratings and adequacy of provisions. OSFI supervisors will enhance the monitoring of credit portfolios where gross impaired assets exceed acceptable levels. |
| EC2 | The supervisor determines the adequacy of a bank’s policies and processes for grading and classifying its assets and establishing appropriate and robust provisioning levels. The reviews supporting the supervisor’s opinion may be conducted by external experts, with the supervisor reviewing the work of the external experts to determine the adequacy of the bank’s policies and processes |
| Description and findings re EC2 | OSFI has issued guidance on Impairment - Sound Credit Risk Assessment and Valuation of Financial Instruments at Amortized Cost as well as on appropriate collective provisioning levels. Collective Allowances - Sound Credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost. The credit risk review file reviews specifically test the appropriateness of risk ratings, timeliness of downgrades and adequacy of provisions. In some cases credit risk specialists test whether ratings the bank has assigned to particular borrowers can be replicated. Due to concerns that banks may lower collective allowance levels under IFRS, supervisors have been encouraging banks to maintain their collective allowance levels and regularly assesses their adequacy. Any material changes to collective allowance models or the level of collective allowances are reviewed and assessed by OSFI supervisors to ensure they remain prudent. This work is coordinated by OSFI’s quantitative modelling group and may also involve Accounting Policy experts. |
| EC3 | The supervisor determines that the bank’s system for classification and provisioning takes into account off-balance sheet exposures.39 |
| Description and findings re EC3 | Supervisors assess the accuracy of risk ratings and the adequacy of provisions during on-site visits. As part of a credit risk review, banks are required to provide portfolio listings detailing all facilities for a borrower, whether on or off-balance sheet. The accuracy of the portfolio information is tested in the file review, and borrower/facility risk ratings downgraded if necessary. A securitization cross-system review included off-balance sheet securitization vehicles as the primary focus. The Credit Risk Division has 4–5 staff with structured credit expertise and regularly includes securitization in credit risk reviews. |
| EC4 | The supervisor determines that banks have appropriate policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions. |
| Description and findings re EC4 | Supervisors review quarterly data on provisioning levels, comparisons to impairment levels and trends. This information is also reported and monitored at an aggregate level and special analyses have been conducted within OSFI on a cross-industry basis to assess the appropriateness of provisioning levels in the current environment of very low losses. Provisioning policies and procedures are tested at the transactional level through detailed review of selected credit files. The review also includes assessing whether provisions reflect realistic repayment and recovery expectations, and consider market and macroeconomic conditions. |
| EC5 | The supervisor determines that banks have appropriate policies and processes, and organizational resources for the early identification of deteriorating assets, for ongoing oversight of problem assets, and for collecting on past due obligations. For portfolios of credit exposures with homogeneous characteristics, the exposures are classified when payments are contractually in arrears for a minimum number of days (e.g., 30, 60, 90 days). The supervisor tests banks’ treatment of assets with a view to identifying any material circumvention of the classification and provisioning standards (e.g., rescheduling, refinancing or reclassification of loans). |
| Description and findings re EC5 | OSFI’s guidance on Impairment provides expectations with respect to the timing of classification of assets. This includes defining non-performing status according to days past due (generally 90 days or 180 days for credit cards). Requirement for use of IRB approaches for credit risk capital (CAR Guideline) also include the definition of default for capital purposes. OSFI credit risk reviews include assessing the adequacy of policies, procedures and organizational resources for early identification of deteriorating assets, on-going oversight of problem loans and loan workout/collection activities. The file review results provide evidence to support assessment, as well as test the appropriateness of loan classification. Evidence from credit risk reviews indicates that supervisors regularly challenge bank risk ratings and classification processes and criteria. |
| EC6 | The supervisor obtains information on a regular basis, and in relevant detail, or has full access to information concerning the classification of assets and provisioning. The supervisor requires banks to have adequate documentation to support their classification and provisioning levels. |
| Description and findings re EC6 | Supervisors typically receive quarterly information from the bank on asset impairments and provisioning. For large banks, supervisors would regularly receive internal reporting on problem credits or watch listed exposures. For retail portfolios, this includes arrears information. Provisioning documentation for credit risk files is reviewed during on-site credit risk reviews and challenged where necessary. |
| EC7 | The supervisor assesses whether the classification of the assets and the provisioning is adequate for prudential purposes. If asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (e.g., if the supervisor considers existing or anticipated deterioration in asset quality to be of concern or if the provisions do not fully reflect losses expected to be incurred), the supervisor has the power to require the bank to adjust its classifications of individual assets, increase its levels of provisioning, reserves or capital and, if necessary, impose other remedial measures. |
| Description and findings re EC7 | As determined through the detailed file review part of a credit risk review, recommendations for risk rating changes/additional provisions are a normal part of supervisory work. OSFI expects the bank to make the necessary adjustments and advise OSFI of their actions in their response to OSFI’s letter. Any pervasive problems with risk ratings or provisions would be the subject of separate recommendations to the bank to make improvements to their risk rating and/or provisioning policies and procedures. |
| EC8 | The supervisor requires banks to have appropriate mechanisms in place for regularly assessing the value of risk mitigants, including guarantees, credit derivatives and collateral. The valuation of collateral reflects the net realizable value, taking into account prevailing market conditions. |
| Description and findings re EC8 | The effectiveness of these processes is tested in credit file reviews. The OSFI CAR Guideline also includes requirements for valuation, collateral, and use of guarantees and other risk mitigants in the context of credit risk capital requirements. OSFI recently conducted a review of collateral management across a number of banks and made recommendations for improvements in practices. |
| EC9 | Laws, regulations or the supervisor establish criteria for assets to be:
|
| Description and findings re EC9 | OSFI guidance addresses the classification of loans as nonperforming and recognition of income on non-performing loans, specifically Impairment - Sound Credit Risk Assessment and Valuation of Financial Instruments at Amortized Cost; and Collective Allowances—Sound Credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost. Banks are otherwise required to follow accounting standards with respect to the classification of loans as impaired. A bank’s compliance with the above requirements is selectively tested in the file reviews. OSFI supervisors also periodically review auditors’ working papers with respect to review of loan classification. |
| EC10 | The supervisor determines that the bank’s Board obtains timely and appropriate information on the condition of the bank’s asset portfolio, including classification of assets, the level of provisions and reserves and major problem assets. The information includes, at a minimum, summary results of the latest asset review process, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected to be incurred. |
| Description and findings re EC10 | Problem recognition and remedial loan management as well as portfolio analysis and reporting are reviewed during a typical full scope on-site credit risk review. OSFI accordingly looks for banks to provide problem account reporting to senior management and the board of directors, including results of asset reviews, trends in quality, and expectations for further deterioration or losses. |
| EC11 | The supervisor requires that valuation, classification and provisioning, at least for significant exposures, are conducted on an individual item basis. For this purpose, supervisors require banks to set an appropriate threshold for the purpose of identifying significant exposures and to regularly review the level of the threshold. |
| Description and findings re EC11 | OSFI expects that, at a minimum, all individual non-retail exposure risk ratings are assessed annually. If the exposure is considered impaired, it is be assessed for an individual allowance as per accounting requirements. Provisions for significant exposures are regularly reviewed by credit risk staff and external auditors. OSFI reviews provisions assigned to large impaired credits through on-site reviews and review of banks problem asset listings or watch lists. |
| EC12 | The supervisor regularly assesses any trends and concentrations in risk and risk build-up across the banking sector in relation to banks’ problem assets and takes into account any observed concentration in the risk mitigation strategies adopted by banks and the potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers the adequacy of provisions and reserves at the bank and banking system level in the light of this assessment. |
| Description and findings re EC12 | The Credit Risk Division, risk surveillance unit and the Emerging Risk Committee identify and assess trends across the banking sector in relation to problem assets. The Credit Risk Division prepares a regular dashboard report to the Emerging Risk Committee rating areas of highest risk and potential risk build-up. The supervisory planning process uses this information to incorporate appropriate business line reviews or enhanced monitoring for in the annual supervisory plans of banks that are particularly affected. More timely reviews can also be scheduled in the interim if circumstances change. OSFI has conducted internal analysis across the industry on collective allowance levels. In their quarterly monitoring for large and small banks supervisors review the level of total allowances and the level of non-performing loans, relative to total loans, and the source of the increase or decrease. Supervisors also review collective allowance models. This information has from time to time been used to provide direction to banks on appropriate collective allowance levels. |
| Assessment of Principle 18 | Compliant |
| Comments | Supervisors review the appropriateness of loan classification and the speed of recognition during on-site credit risk reviews. Credit quality indicators for the industry and individual banks are closely monitored and reported to OSFI management and supervisors. Levels of problem assets in most lending segments remain low but continued attention to problem asset management processes is critical to detect and manage any early negative trends. Problem asset management appears to be well covered in on-site credit risk reviews, but little published guidance is available. OSFI should consider setting out its expectations with respect to problem asset management in comprehensive guidance on credit risk management, as discussed in BCP 15 and BCP 17. |
| Principle 19 | Concentration risk and large exposure limits. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.40 |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk.41 Exposures arising from off-balance sheet as well as on-balance sheet items and from contingent liabilities are captured. |
| Description and findings re EC1 | The Prudent Person Approach Guideline requires banks to have written investment policies and to set limits for loans, types of loans, loans from different sources, industries and geographic regions. OSFI’s Large Exposure Limits Guideline requires banks to set out in writing their internal policies on large exposures, including exposures to individual customers, financial institutions, and countries. OSFI’s Stress Testing and ICAAP expectations include consideration of risk concentrations. Supervisors monitor exposure concentrations, particularly in areas that have been identified as potential risk areas (such as uninsured mortgages, commercial real estate and HELOCs). Credit monitoring reports that are regularly prepared and circulated to supervisors include exposures by industry and region, for example. Supervisors also regularly monitor concentrations through risk management reports provided by the bank. Assessors observed examples where OSFI proactively raised concerns about concentrations to particular products or geographies and requiring banks to take remedial action to diversity risks or reduce exposures. A bank’s management of concentration and large exposure risks is assessed as a fundamental component of the bank’s enterprise-wide risk management function. In addition, credit reviews cover bank policies and processes to consider the total exposure of a borrower, including connected party exposure, when establishing approval authorities and monitoring of credit risk concentrations. Compliance with policies and processes is selectively tested in the file review component. |
| EC2 | The supervisor determines that a bank’s information systems identify and aggregate on a timely basis, and facilitate active management of, exposures creating risk concentrations and large exposure42 to single counterparties or groups of connected counterparties. |
| Description and findings re EC2 | OSFI has in the recent years conducted reviews of the large bank’s ability to readily aggregate and report exposures to single counterparties or concentration areas (e.g., country risks) and occasionally tests this ability through ad hoc data requests. OSFI has also asked banks to conduct a self assessment against the recent BCBS guidance on data aggregation. Credit risk reviews includes an assessment of the bank’s ability to identify and aggregate credit risk exposures to single counterparties or connections. The identification and active management of connected exposures is tested during the file review component of our work. In addition, frequent ad hoc requests are made of banks, requesting aggregate exposure to single names/connections, or industries of concern. This provides evidence of bank’s ability (or inability) to collect and report on exposures in a timely manner. |
| EC3 | The supervisor determines that a bank’s risk management policies and processes establish thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff. The supervisor also determines that the bank’s policies and processes require all material concentrations to be regularly reviewed and reported to the bank’s Board. |
| Description and findings re EC3 | As part of a supervisory review, OSFI reviews the banks process for establishing limits for various risk concentrations (credit, market, etc.) and monitoring for compliance. Supervisors also expect that the bank’s risk management function should assess the adequacy of portfolio information/reports received from the line of business for decision making, risk management and control purposes. Supervisors take action when a bank’s credit concentrations become excessive and instances of this occurring were in evidence. Within credit risk, the accuracy of concentration risk reporting and determining whether the bank is compliant with Board-approved concentration limits (where appropriate) is reviewed and assessed. This also includes reviewing and assessing that any Board-approved limit is regularly reviewed by the Board for appropriateness and compliance. |
| EC4 | The supervisor regularly obtains information that enables concentrations within a bank’s portfolio, including sectoral, geographical and currency exposures, to be reviewed. |
| Description and findings re EC4 | OSFI supervisors conduct quarterly risk monitoring across the conglomerate banks, and selected smaller deposit-taking institutions. This includes risk exposures by sector, geography, single name and other risk areas of concern or interest (i.e., U.S. corporate, commercial real estate, credit derivatives, non-income qualified mortgages, etc.). Regulatory returns include some loan portfolio breakdowns and industry sectors, which permits some standardised portfolio analysis. OSFI does not have a regulatory return for all banks to report their large exposures and demonstrate compliance with OSFI’s Large Exposure Limits Guideline. However, OSFI maintains a separate database containing all exposures above $10 million at large banks and some smaller banks. Updated data is provided by the banks on a quarterly basis for supervisors to assess industry and single-name concentrations. Additional portfolio information is also obtained as a result of ad hoc information requests, to allow for assessment of a bank’s exposures by various risk factors and segmentation. Supervisors have obtained and reviewed portfolio information at the transaction level to facilitate segmentation and analysis by various risk factors. |
| EC5 | In respect of credit exposure to single counterparties or groups of connected counterparties, laws or regulations explicitly define, or the supervisor has the power to define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor may exercise discretion in applying this definition on a case by case basis. |
| Description and findings re EC5 | OSFI’s Large Exposure Limits Guideline and the Large Exposure Limits guidance note on Common Risk specifically limit exposures to single counterparties or groups of connected counterparties. The Guideline defines an exposure (including off-balance sheet exposure) and defines connection between entities as a common risk, including material financial interdependence. Compliance with OSFI’s Large Exposure Limits Guideline and the accuracy and application of “connected accounts” are selectively tested in the file review component of supervisory work. OSFI’s credit reviews of wholesale lending activities (large or small banks) assess whether the bank is accurately establishing connected exposures. |
| EC6 | Laws, regulations or the supervisor set prudent and appropriate43 requirements to control and constrain large credit exposures to a single counterparty or a group of connected counterparties. “Exposures” for this purpose include all claims and transactions (including those giving rise to counterparty credit risk exposure), on-balance sheet as well as off-balance sheet. The supervisor determines that senior management monitors these limits and that they are not exceeded on a solo or consolidated basis. |
| Description and findings re EC6 | OSFI’s Large Exposure Limits Guideline defines an exposure (including off-balance sheet exposures such as irrevocable advised credit commitments) and defines connection between entities as a common risk, including material financial interdependence to be assessed by the bank. The guideline establishes a maximum limit for single or connected entities of 25 percent of total capital. However, OSFI’s expectation is that banks set their own lower limits on single large exposures and that the 25 percent limit would be applied only in exceptional cases. OSFI has also issued a guidance note on Large Exposure Limits regarding common risk. Review of credit risk reporting would assess the adequacy of reporting against internal concentration (including single name/group) limits. At the file level, total exposure of a borrower, or connected counterparties, is expected to include on and off-balance sheet. |
| EC7 | The supervisor requires banks to include the impact of significant risk concentrations into their stress testing programmes for risk management purposes. |
| Description and findings re EC7 | Under OSFI’s Stress Testing requirements, banks must consider risk concentrations that arise directly from risk taking activities as well as concentrations that arise from actions to mitigate risk. OSFI’s stress scenarios typically include assumptions that highlight vulnerabilities in particular sections, such as residential mortgages. Banks indicated that their own stress testing programs incorporate scenarios designed to affect particular portfolios, including in foreign jurisdictions. |
| Additional criteria | |
| AC1 | In respect of credit exposure to single counterparties or groups of connected counterparties, banks are required to adhere to the following:
|
| Description and findings re AC1 | Large exposure limits set out in OSFI’s Large Exposure Limits Guideline require banks to adhere to a 25 percent of capital limit for credit exposures to singe counterparties or group of connected counterparties. OSFI does not define large exposures in terms of those that are 10 percent or more of capital; however, all loans in excess of $10 million are recorded in a database for the large banks. For banks that are subsidiaries of other regulated entities, the limit is 100 percent of capital with a notification threshold at 50 percent of capital. |
| Assessment of Principle 19 | Largely Compliant |
| Comments | Although concentration risk management is covered only indirectly in guidance on stress testing and ICAAPs, in practice there was good evidence that OSFI supervisors monitor concentrations individual bank portfolios and take action when concentrations appear excessive. Through its risk surveillance and monitoring unit, the risk specialist teams and the Emerging Risk Committee, OSFI has a strong capability for identifying and monitoring concentrations across the industry and ensuring that attention is focused on them through stress testing and cross-industry reviews. OSFI imposes a 25 percent of capital limit on single large exposures, and according to its Large Exposure Limits Guideline expects institutions to set their own, lower limits; however, an example showed one bank monitoring only the 25 percent limit. Although OSFI maintains a database of larger banks’ exposures above $10 million, there is no formal regulatory return for large exposure limit compliance reporting to supervisors covering all banks or a clear notification threshold for action or closer monitoring. In addition, the limit for subsidiary banks is substantially higher (100 percent of capital). It is recommended that OSFI strengthen its large exposure reporting and monitoring regime to include, for example, regular regulatory reporting and notification of exposures greater than a specified level (for example, 10 percent) of capital. In addition, OSFI’s Large Exposure guidance dates from 1994 and OSFI should consider updating its guidance in light of the BCBS project currently underway and to cover concentration risks more generally. OSFI could also reconsider whether the higher exposure limit for subsidiary banks continues to be appropriate. |
| Principle 20 | Transactions with related parties. In order to prevent abuses arising in transactions with related parties44 and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties45 on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes. |
| Essential criteria | |
| EC1 | Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive definition of “related parties”. This considers the parties identified in the footnote to the Principle. The supervisor may exercise discretion in applying this definition on a case by case basis. |
| Description and findings re EC1 | Section 486 of the Bank Act defines the term “related party” for the purposes of Part XI (self-dealing). The definition is tailored specifically to achieve the objective of identifying persons considered to be in positions of influence over the bank. As such, the Bank Act provides that the parent or sister company of a bank is a related party of the bank. In addition, directors and senior officers of the bank or the bank’s parent are related parties of the bank. Subsidiaries of the bank are not included in the definition of related parties. The Superintendent may designate a person a related party where they would not otherwise be considered to be related, thus providing discretion in the application of the self-dealing regime on a case-by-case basis where prudential concerns arise (subsection 486(3)). |
| EC2 | Laws, regulations or the supervisor require that transactions with related parties are not undertaken on more favorable terms (e.g., in credit assessment, tenor, interest rates, fees, amortization schedules, requirement for collateral) than corresponding transactions with non-related counterparties.46 |
| Description and findings re EC2 | Part XI (self-dealing) of the Bank Act sets out the related party regime to which banks are subject. The general premise underlying the regime is that related party transactions are prohibited, subject to certain exceptions. In practice, any type of contract, arrangement or undertaking, whether written or verbal, between a bank and a related party, constitutes a transaction, as well as making a guarantee on behalf of a related party; making an investment in any securities of a related party; taking an assignment of, or otherwise acquiring a loan made to, a related party; taking a security interest in the securities of a related party. The exceptions to the general prohibition typically involve transactions that do not give rise to the concern that a related party will use its unusual bargaining power against the bank’s best interests. These exceptions can be broadly grouped into the following six categories:
The payment of salaries, fees, stock options, pension benefits, incentive benefits or other benefits to directors, officers or employees of the bank are exempted from the application of the related party regime (paragraph 487(2)(c)). |
| EC3 | The supervisor requires that transactions with related parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the bank’s Board. The supervisor requires that Board members with conflicts of interest are excluded from the approval process of granting and managing related party transactions. |
| Description and findings re EC3 | Where a permitted related party transaction exceeds specified amounts (i.e., materiality or in relation to capital—see below) or poses special risks (e.g., in the course of restructuring—see below) OSFI requires the board to approve the transaction. Board involvement is required in determining the applicability of the related party regime based on materiality. Pursuant to the Bank Act, a bank’s materiality criteria (immaterial transactions being exempt from the related party regime) must be established by the bank’s CRC and approved by the Superintendent (section 490). Prior board approval is required in the following permitted related party transactions:
|
| EC4 | The supervisor determines that banks have policies and processes to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction. |
| Description and findings re EC4 | Banks are required to establish formal procedures to resolve conflicts of interest, including techniques for the identification of potential conflict situations. This could include instances where a person benefitting from a transaction is part of the process of granting or managing the transaction. Bank must designate a committee of the board to monitor conflict of interest procedures. Pursuant to the Bank Act, the CRC’s duties include requiring bank management to establish procedures for complying with Part XI (self-dealing), reviewing these procedures and their effectiveness in ensuring the bank’s compliance with Part XI and reviewing the practices of the bank to ensure that any transactions with related parties that may have a material effect on the stability or solvency of the bank are identified. The bank is required to report to the Superintendent on the CRC’s mandate and responsibilities and procedures dealing with self-dealing and the directors of the bank are required to report yearly to the Superintendent on what the CRC did in carrying out its responsibilities (section 195). |
| EC5 | Laws or regulations set, or the supervisor has the power to set on a general or case by case basis, limits for exposures to related parties, to deduct such exposures from capital when assessing capital adequacy, or to require collateralization of such exposures. When limits are set on aggregate exposures to related parties, those are at least as strict as those for single counterparties or groups of connected counterparties. |
| Description and findings re EC5 | As discussed in EC1, related party transactions are addressed by the Bank Act and OSFI has set criteria for assessing materiality of these exposures. Credit exposures to related parties are generally prohibited, with certain exceptions. For those exceptions, OSFI’s large exposure limit of 25 percent of capital would apply for an individual counterparty. The Bank Act provides for a limit of 50 percent of capital for aggregate exposures to directors, officers and their interests (subsection 497(2)). As a result, the permissible aggregate exposure to these related parties is twice the allowable large exposure limit for a single counterparty. In respect of collateralization of exposures, the Bank Act states that a bank may make a loan to or a guarantee on behalf of a related party of the bank or take an assignment of or otherwise acquire a loan to a related party of the bank if the loan or guarantee is fully secured by securities of or guaranteed by the Government of Canada or the government of a province (section 491). There are no general requirements to deduct related party exposures from capital. While subsidiaries of the bank are not considered related parties under the Bank Act, substantial investments in unconsolidated entities and deconsolidated subsidiaries are deducted from capital. |
| EC6 | The supervisor determines that banks have policies and processes to identify individual exposures to and transactions with related parties as well as the total amount of exposures, and to monitor and report on them through an independent credit review or audit process. The supervisor determines that exceptions to policies, processes and limits are reported to the appropriate level of the bank’s senior management and, if necessary, to the Board, for timely action. The supervisor also determines that senior management monitors related party transactions on an ongoing basis, and that the Board also provides oversight of these transactions. |
| Description and findings re EC6 | Normal supervisory work includes reviewing the report on related party transactions prepared for the bank’s Conduct Review Committee. Such reporting includes attestations from senior management regarding compliance with related party/conflict of interest policies and that such policies are effective to ensure the bank is complying with regulatory requirements governing self-dealing, including legislative limits. For example, for one large bank, the Chief Risk Officer attests quarterly to the bank’s corporate governance committee as to compliance with the bank’s related party and covered person policy and the aggregate value of relevant exposures. |
| EC7 | The supervisor obtains and reviews information on aggregate exposures to related parties. |
| Description and findings re EC7 | Reporting to banks’ compliance committees must include an assessment of related party limits under the Bank Act, which includes the 50 percent limit on aggregate exposures to related parties. The annual compliance report is provided to OSFI. There is no regulatory return covering related party exposures. |
| Assessment of Principle 20 | Largely Compliant |
| Comments | By law transactions with related parties are prohibited with certain key exceptions. There are explicit board reporting and oversight requirements for related party transactions set out in the Bank Act. OSFI supervisors typically review a bank’s oversight of compliance obligations, generally on an annual basis. However, there is no formal regulatory return for reporting related party exposures more frequently to OSFI. OSFI should establish a more formalized regime, including regular regulatory reporting of exposures, for monitoring related party transactions. In addition, OSFI should consider whether the Bank Act limit on aggregate related party exposures of 50 percent of capital to directors, officers and their interests should be lowered to a level more consistent with the large exposures limits. |
| Principle 21 | Country and transfer risks. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk47 and transfer risk48 in their international lending and investment activities on a timely basis. |
| Essential criteria | |
| EC1 | The supervisor determines that a bank’s policies and processes give due regard to the identification, measurement, evaluation, monitoring, reporting and control or mitigation of country risk and transfer risk. The supervisor also determines that the processes are consistent with the risk profile, systemic importance and risk appetite of the bank, take into account market and macroeconomic conditions and provide a comprehensive bank-wide view of country and transfer risk exposure. Exposures (including, where relevant, intra-group exposures) are identified, monitored and managed on a regional and an individual country basis (in addition to the end-borrower/end-counterparty basis). Banks are required to monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures. |
| Description and findings re EC1 | OSFI’s Large Exposure Limits Guideline and Prudent Person guidance require banks to set out in writing their internal policies on large exposures, including exposures to individual customers, financial institutions, and countries. Further guidance on country risk and its consideration is setting internal capital targets is provided in OSFI’s ICAAP requirements. The ICAAP Guideline states that:
OSFI supervisors monitor the country risks of the large banks with international operations as part of routine supervision, and more detailed investigation is undertaken when concerns about particular countries or regions arise. Supervisors assess whether banks have policies in place to set and enforce appropriate limits. Many of the large Canadian banks have significant non-Canadian operations and supervisors regularly review country-specific loan portfolios where such portfolios are considered to be of potentially higher risk. Supervisors’ quarterly review of Board risk reports includes reviewing country risk limits and changes in these limits, as well as associated compliance reporting. Supervisors make ad hoc information requests for specific geographic exposure reports where deemed necessary (e.g., Eurozone exposures) and these are compiled into regular reports that are provided to the Superintendent. |
| EC2 | The supervisor determines that banks’ strategies, policies and processes for the management of country and transfer risks have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. |
| Description and findings re EC2 | OSFI conducts regular reviews of overall risk governance frameworks and their implementation, which includes board approval of all significant policies and the process for implementation and review. Supervisors review country and transfer risk policies once approved by the board. Their implementation may be reviewed in the context of credit risk reviews or ongoing country exposure analysis performed for the large banks as discussed above. |
| EC3 | The supervisor determines that banks have information systems, risk management systems and internal control systems that accurately aggregate, monitor and report country exposures on a timely basis; and ensure adherence to established country exposure limits. |
| Description and findings re EC3 | OSFI has undertaken a considerable amount of supervisory activity with banksin recent years to ensure banks improve their risk data aggregation and reporting abilities. Ad hoc data requests to banks on particular country exposures, such as for the Eurozone countries, enables supervisors to obtain greater comfort in the accuracy and completeness of this reporting. Country exposures are also are captured on quarterly regulatory reporting and would be subject to review by auditors. |
| EC4 | There is supervisory oversight of the setting of appropriate provisions against country risk and transfer risk. There are different international practices that are all acceptable as long as they lead to risk-based results. These include:
|
| Description and findings re EC4 | OSFI does not set provisioning for country risks. Banks are expected to follow accounting policies consistent with the accounting standards that reflect provisions for impairment for individual impaired loans and collective provisions that reflect the overall risk of impairment in the portfolio, which may include country and transfer risks. OSFI Guidelines on asset impairment (Impairment—Sound credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost; and Collective Allowances—Sound Credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost) address expectations for provisioning under accepted accounting standards. This includes consideration of sovereign loans or groups of loan with common risk characteristics such as geography, economic or political factors. The sufficiency of provision levels is reviewed during on-site credit risk reviews and through regular quarterly monitoring. Provisioning is reviewed for adequacy and compliance with accounting standards by external auditors. |
| EC5 | The supervisor requires banks to include appropriate scenarios into their stress testing programmes to reflect country and transfer risk analysis for risk management purposes. |
| Description and findings re EC5 | Scenarios involving offshore disruptions are included in stress testing programs. These may have both direct and indirect impacts on a bank’s portfolio. For example, banks have assessed the impact of an Asian deflationary scenario on country exposures. Banks have also performed simulations of a further escalation in the euro crisis. |
| EC6 | The supervisor regularly obtains and reviews sufficient information on a timely basis on the country risk and transfer risk of banks. The supervisor also has the power to obtain additional information, as needed (e.g., in crisis situations). |
| Description and findings re EC6 | Country risk exposures are reviewed during ongoing credit risk monitoring in as much as they are included in the bank’s board risk reports. Assessors observed instances where OSFI had raised concerns about a bank’s country risk exposures and imposed consequential actions to require the bank to reduce its exposures and hold additional capital. Regulatory returns include exposures by country. Supervisors also request more detailed exposure information on countries of interest or concern. In particular, the large banks have been reporting regularly to OSFI on their Eurozone exposures, and these exposures are monitored in aggregate and for any concentration risk to individual banks. |
| Assessment of Principle 21 | Compliant |
| Comments | OSFI supervisors monitor and ensure appropriate management of key country exposures of concern (for example, Eurozone, US and Caribbean loan books). Supervisors of the large banks regularly obtain reports on banks largest foreign exposure concentrations. OSFI has not issued guidance specifically addressing the management of country and transfer risks. These risks are only briefly mentioned in other guidance and OSFI should consider setting out its expectations more clearly and comprehensively in published guidance. |
| Principle 22 | Market risk. The supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have appropriate market risk management processes that provide a comprehensive bank-wide view of market risk exposure. The supervisor determines that these processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank; take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity; and clearly articulate the roles and responsibilities for identification, measuring, monitoring and control of market risk. |
| Description and findings re EC1 | OSFI’s supervision framework and risk management assessment criteria includes general expectations for enterprise-wide risk management, including market risk. These include requirements relating to risk appetite, risk profile, identification, measuring, monitoring and control of risk. More specifically, Chapter 9 OSFI’s 2013 Capital Adequacy Requirements (CAR) Guideline details OSFI’s requirements for market risk management as set out in the applicable BCBS standards implementing Basel II, 2.5 and III. The Market Risk Capital Adequacy Guideline applies to banks with a trading book of greater than 10 percent of total assets or $1 billion and do not apply to foreign bank branches. Banks are assessed against risk management criteria and the CAR Guideline though significant activity reviews and regular monitoring. Banks whose market risk management processes are not deemed to be commensurate with their stated risk appetite, actual exposures, or market conditions are identified through these avenues. Any gaps in risk management processes are addressed through supervisory letters to the banks. Should the situation warrant, banks may be subject to higher market risk capital requirements until remedial action is taken to address the gaps. OSFI has made use of increases in market risk capital multipliers to address risk concerns. OSFI’s Capital Markets Risk Assessment Services Division, which has technical expertise in market risk, conducts regular on-site reviews of larger banks market risk management activities. The need for a market risk review is identified through the structured supervisory planning process based on significant activities, outstanding supervisory actions and concerns or potential emerging risk areas. Some reviews are conducted outside Canada at major trading centers. |
| EC2 | The supervisor determines that banks’ strategies, policies and processes for the management of market risk have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. |
| Description and findings re EC2 | In its review of banks’ market risk management functions, OSFI will review the relevant business strategy, policies and key processes to ensure that they are approved by the board. Furthermore, reporting to the board and key committees will typically be assessed to ensure that members receive sufficient information to ensure that policies and processes are implemented in a manner that is consistent with the approved strategy. |
| EC3 | The supervisor determines that the bank’s policies and processes establish an appropriate and properly controlled market risk environment including:
|
| Description and findings re EC3 | As per BCBS requirements, OSFI’s CAR Guideline, Chapter 9, outlines the requirements for the accurate and timely identification and aggregation of data including the monitoring and reporting of market risk exposure to a bank’s Board and Senior Management. The Guideline addresses requirement that limits are set and monitored for appropriateness, that banks have an independent risk control unit that is responsible for the reporting, analysis, monitoring of limits, and detailed requirements for models. As discussed under EC1, on-site reviews of market risk assess compliance with the above control areas. |
| EC4 | The supervisor determines that there are systems and controls to ensure that banks’ marked-to-market positions are revalued frequently. The supervisor also determines that all transactions are captured on a timely basis and that the valuation process uses consistent and prudent practices, and reliable market data verified by a function independent of the relevant risk-taking business units (or, in the absence of market prices, internal or industry-accepted models). To the extent that the bank relies on modeling for the purposes of valuation, the bank is required to ensure that the model is validated by a function independent of the relevant risk-taking businesses units. The supervisor requires banks to establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid, and stale positions. |
| Description and findings re EC4 | As per the BCBS standards, the CAR Guideline requires banks to have documented policies and procedures for the process of valuation. A bank must have an independent unit that is responsible for initial and ongoing validation of all internal models including those used for valuation purposes. When marking to model or using third-party valuations, the Guideline requires banks to have procedures in place for considering valuation adjustments. Independent Price Verification (IPV) is typically assessed as part of any OSFI review of a bank’s trading business. Furthermore, in 2009, OSFI conducted a cross-sector review of Canada’s largest banks to assess the effectiveness of their IPV policies and procedures. As part of this review, banks were assessed against the following criteria:
As part of the approval review of a bank’s Internal Models Approach for market risk a bank must demonstrate that it has an established data governance policy and standards for ensuring relevance, accuracy and integrity from the source to the model output. |
| EC5 | The supervisor determines that banks hold appropriate levels of capital against unexpected losses and make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities. |
| Description and findings re EC5 | Chapter 9 of OSFI’s CAR Guideline defines OSFI’s expectations with respect to valuation adjustments in the calculation of appropriate capital for market risk, consistent with BCBS standards. As part of their procedures for marking to market, institutions must establish and maintain procedures for considering valuation adjustments. The guideline details circumstances under which valuation uncertainties may occur. In determining internal capital targets, banks are expected to consider potential unexpected losses which are identified through back-testing breaches for market risk. In approving market risk models, OSFI may require capital multipliers for risk other than those identified in the market risk framework or for back-testing breaches. |
| EC6 | The supervisor requires banks to include market risk exposure into their stress testing programmes for risk management purposes. |
| Description and findings re EC6 | OSFI’s Stress Testing Guideline specifically requires relevant and material market risk to be included in a bank’s stress testing program. This includes risks such as:
|
| Assessment of Principle 22 | Compliant |
| Comments | OSFI’s market risk supervision program for large banks appears comprehensive and includes both on-site review of practices as well as detailed model review. OSFI should consider clarifying its market risk management expectations for foreign bank branches and banks with small or no trading books, which are not subject to the Capital Adequacy Requirement Guideline on Market Risk. |
| Principle 23 | Interest rate risk in the banking book. The supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk49 in the banking book on a timely basis. These systems take into account the bank’s risk appetite, risk profile and market and macroeconomic conditions. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have an appropriate interest rate risk strategy and interest rate risk management framework that provides a comprehensive bank-wide view of interest rate risk. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of interest rate risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the risk appetite, risk profile and systemic importance of the bank, take into account market and macroeconomic conditions, and are regularly reviewed and appropriately adjusted, where necessary, with the bank’s changing risk profile and market developments. |
| Description and findings re EC1 | OSFI’s Interest Rate Risk Management (IRRM) Guideline provides formal guidance to banks on interest rate risk management and associated control frameworks. The Guideline was issued following the BCBS 2004 guidance on Principles for the Management and Supervision of Interest Rate Risk. The IRRM Guideline supports the BCBS guidance and provides further specific guidance on the following:
The goal of the SIRR review was to update OSFI’s assessment of inherent interest rate risk in the banking book, and the effectiveness of associated control frameworks at the institutions reviewed. The following elements were assessed:
Supervisors will typically determine the timing of its review of interest rate risk management for an institution based on the risk profile of that institution. Given that risk profiles vary from institution to institution, the timing of reviews will naturally vary as well. |
| EC2 | The supervisor determines that a bank’s strategy, policies and processes for the management of interest rate risk have been approved, and are regularly reviewed, by the bank’s Board. The supervisor also determines that senior management ensures that the strategy, policies and processes are developed and implemented effectively. |
| Description and findings re EC2 | OSFI’s IRRM Guideline states that the Board is ultimately responsible for the risk appetite of a bank. Complex institutions are expected to establish a senior management committee (ALCO) responsible for oversight of asset liability management activities. The Supervisory Framework states that the Board is responsible for approving the business strategy and associated policies and controls. Supervisors review banks’ overall strategies for the management of interest rate risk, risk policies and tolerances, and their implementation. This may involve review of policy documentation, ALCO committee papers, among other things. |
| EC3 | The supervisor determines that banks’ policies and processes establish an appropriate and properly controlled interest rate risk environment including:
|
| Description and findings re EC3 | The relevant areas are covered in the IRRM Guideline and are reviewed as discussed under EC1.
|
| EC4 | The supervisor requires banks to include appropriate scenarios into their stress testing programmes to measure their vulnerability to loss under adverse interest rate movements. |
| Description and findings re EC4 | The IRRM Guideline requires that banks engage in sensitivity and stress testing, and specifies certain standard measures (e.g., parallel shifts of the yield curve). The comprehensiveness of stress testing is assessed in the context of the size and complexity of the bank in question. The SIRR review included a comprehensive assessment of banks’ stress testing programs. Aspects considered in this assessment included the identification of key risk factors, the inclusion of scenarios under which key assumptions or parameters break down, consideration for illiquid positions, and the inclusion of “worst case” scenarios in addition to more probable scenarios. |
| Additional criteria | |
| AC1 | The supervisor obtains from banks the results of their internal interest rate risk measurement systems, expressed in terms of the threat to economic value, including using a standardized interest rate shock on the banking book. |
| Description and findings re AC1 | The IRRM Guideline provides specific direction regarding the disclosure of interest rate risk exposures. Banks are required to disclose the results of certain measures, including the following:
|
| AC2 | The supervisor assesses whether the internal capital measurement systems of banks adequately capture interest rate risk in the banking book. |
| Description and findings re AC2 | OSFI’s ICAAP Guideline addresses the adequacy of internal capital measurement systems of banks as they relate to interest rate risk in the banking book. Supervisors review the bank’s ICAAP and the resulting capital targets to ensure they capture interest rate risk. |
| Assessment of Principle 23 | Compliant |
| Comments | OSFI has issued guidance on interest rate risk management and banks are expected to reflect interest rate risk in their ICAAPs. Supervisors conduct regular off-site monitoring through standard reporting of interest rate shock impacts on earnings and capital. A proactive approach to interest risk management will, of course, be critical in a rising interest rate risk environment. |
| Principle 24 | Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to consistently observe prescribed liquidity requirements including thresholds by reference to which a bank is subject to supervisory action. At least for internationally active banks, the prescribed requirements are not lower than, and the supervisor uses a range of liquidity monitoring tools no less extensive than, those prescribed in the applicable Basel standards. |
| Description and findings re EC1 | The Liquidity Principles Guideline specifies OSFI expectations for banks regarding liquidity and its management. The Guideline incorporate the BCBS 2008 liquidity sound practices guidance explicitly maps OSFI’s requirements to the corresponding Basel principle. OSFI is currently updating and expanding this guidance and is currently consulting with industry on a revised draft that includes the Basel III requirements. OSFI has indicated that regardless of the Basel implementation timeline, it expects banks to achieve 100% LCR by the end of 2013. A key and additional liquidity metric in Canada is the net cumulative cash flow, a survival horizon metric based on an analysis of stressed contractual cash inflows and outflows. The Net Cumulative Cash Flow (NCCF) measure is a survival horizon metric that quantifies the length of time before an institution’s cumulative net cash flow drops below zero, once factoring in the stock of available liquid assets. As per the new draft Liquidity Principles, the liquidity scenario assumed in the NCCF encompasses a combination of idiosyncratic and systemic stresses which measure the impacts of assumptions over a one year liquidity horizon. Stress assumptions result in:
The NCCF is applied on a consolidated basis, and also on a major currency basis. This metric is being introduced at select smaller institutions as well, with thresholds determined by the level of complexity of the individual banks OSFI’s assessment of banks’ liquidity risk is performed through a combination of significant activity reviews and regular monitoring. The quality and effectiveness of supervisory assessments is further supported by internal supervisory tools (e.g., a liquidity section note). Supervisory resources involved in the work include Capital Markets Risk Assessment Services (CMRAS), which has a staff complement of 16. In 2012, 8 large banks completed a self-assessment of their compliance with OSFI’s revised Liquidity Principles Guideline. OSFI has not conducted full-scope on-site reviews of liquidity risk management at the large banks since 2008, due to the volume of other liquidity and funding monitoring that has been underway with the banks. Off-site monitoring has been intensive and in addition to monitoring of metrics including the new Basel III measures has included reviews of liquidity policies and contingency plans and discussions with internal audit. |
| EC2 | The prescribed liquidity requirements reflect the liquidity risk profile of banks (including on- and off-balance sheet risks) in the context of the markets and macroeconomic conditions in which they operate. |
| Description and findings re EC2 | OSFI’s prescribed liquidity requirement is currently set via the NCCF. NCCF is applied to large banks according to their systemic importance and is being selectively applied to smaller banks with higher liquidity risk profiles. For the largest banks, the threshold for the NCCF metric was initially set at six weeks. However, in light of market turmoil since that time and a perceived increase in liquidity risk at the banks, this threshold has been progressively increased and now stands at 20 weeks for the consolidated balance sheet. In addition, the Liquidity Principles require all banks to set a liquidity risk appetite that is consistent with their business strategy and role in the financial system. The supervisor’s liquidity risk rating for a bank considers both the level of liquidity risk as well as the quality of liquidity risk management. The control framework around liquidity risk management is expected to be commensurate with the level of inherent liquidity risk at the institution, which factors in both the state of the markets and also macroeconomic conditions. |
| EC3 | The supervisor determines that banks have a robust liquidity management framework that requires the banks to maintain sufficient liquidity to withstand a range of stress events, and includes appropriate policies and processes for managing liquidity risk that have been approved by the banks’ Boards. The supervisor also determines that these policies and processes provide a comprehensive bank-wide view of liquidity risk and are consistent with the banks’ risk profile and systemic importance. |
| Description and findings re EC3 | The Liquidity Principles outline comprehensive expectations with respect to liquidity risk management frameworks. Banks have been required to conduct a self assessment against the Principles and correct any gaps. Supervisors regularly review banks liquidity risk appetite setting and operating metrics and discuss these with them. OSFI has progressively increased its NCCF standard to ensure more robust levels of liquidity over the last several years. Application of the NCCF, monitoring of the LCR (for large banks), banks’ internal metrics and banks’ own stress testing of liquidity enables supervisors to assess whether banks have sufficient liquidity to withstand a range of stress events. Supervisors prepare a regular documented analysis of each bank’s liquidity risk management. The analysis covers topics including liquidity risk tolerance, strategies and goals, metrics such as NCCF, LCR and NSFR, available unencumbered liquid assets, contractual maturity mismatch, funding concentrations, contingent liquidity and stress testing. |
| EC4 | The supervisor determines that banks’ liquidity strategy, policies and processes establish an appropriate and properly controlled liquidity risk environment including:
|
| Description and findings re EC4 | The above expectations are covered in OSFI’s Liquidity Principles Guideline. Compliance is reviewed through on-site reviews for smaller banks and for ongoing off-site monitoring for larger banks, although full scope on-site reviews of large banks are undertaken from time to time. |
| EC5 | The supervisor requires banks to establish, and regularly review, funding strategies and policies and processes for the ongoing measurement and monitoring of funding requirements and the effective management of funding risk. The policies and processes include consideration of how other risks (e.g., credit, market, operational and reputation risk) may impact the bank’s overall liquidity strategy, and include:
|
| Description and findings re EC5 | Banks’ funding strategies are regularly reviewed by the supervisor. Internal assessment guides aid supervisors in review of funding plans and strategies. OSFI has focused on higher risk funding strategies such as smaller institutions that rely on brokered deposits and worked with banks to diversify their funding and access more stable sources. Section notes prepared by supervisors on a regular basis include a detailed analysis of each bank’s funding and liquidity strategy. |
| EC6 | The supervisor determines that banks have robust liquidity contingency funding plans to handle liquidity problems. The supervisor determines that the bank’s contingency funding plan is formally articulated, adequately documented and sets out the bank’s strategy for addressing liquidity shortfalls in a range of stress environments without placing reliance on lender of last resort support. The supervisor also determines that the bank’s contingency funding plan establishes clear lines of responsibility, includes clear communication plans (including communication with the supervisor) and is regularly tested and updated to ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s risk profile and systemic importance, the bank’s contingency funding plan is feasible and requires the bank to address any deficiencies. |
| Description and findings re EC6 | OSFI’s Liquidity Principles require banks to have a formal Contingency Funding Plan (CFP) that clearly sets out the strategies for addressing liquidity shortfalls in emergency situations. OSFI has reviewed the large banks’ CFPs as part of the Guideline’s self-assessment process. Plans were also the subject of detailed review as part of OSFI’s recent assessment of banks’ resolution and recovery plans. |
| EC7 | The supervisor requires banks to include a variety of short-term and protracted bank-specific and market-wide liquidity stress scenarios (individually and in combination), using conservative and regularly reviewed assumptions, into their stress testing programmes for risk management purposes. The supervisor determines that the results of the stress tests are used by the bank to adjust its liquidity risk management strategies, policies and positions and to develop effective contingency funding plans. |
| Description and findings re EC7 | In addition to OSFI’s Stress Testing Guideline, Principle 6 of the Liquidity Principles Guideline provides additional detail on what OSFI expects from banks’ stress testing programs. This principle states that stress testing should be conducted on a regular basis, include both systemic and idiosyncratic scenarios and consider the effects in both the short- and long-term. The self-assessment exercise established in the Liquidity Principles Guideline addressed the issue of stress testing, and included scenario design, the types of scenarios run, consistency with risk limits and links to the funding plan, and contingent obligations. The self-assessment exercise established in the Liquidity Principles Guideline covered stress testing scenario design, the types of scenarios run, consistency with risk limits and links to the funding plan, and contingent obligations. Supervisors review liquidity stress test results and their use within banks to ensure they test a range of scenarios and that the results inform the bank’s assessment of its liquidity risk profile and tolerances. |
| EC8 | The supervisor identifies those banks carrying out significant foreign currency liquidity transformation. Where a bank’s foreign currency business is significant, or the bank has significant exposure in a given currency, the supervisor requires the bank to undertake separate analysis of its strategy and monitor its liquidity needs separately for each such significant currency. This includes the use of stress testing to determine the appropriateness of mismatches in that currency and, where appropriate, the setting and regular review of limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant currency individually. In such cases, the supervisor also monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s ability to transfer liquidity from one currency to another across jurisdictions and legal entities. |
| Description and findings re EC8 | Supervisors complete a regular comprehensive analysis of each bank’s liquidity risk profile. This includes identification of foreign currency transformation risks. The Annex to the Liquidity Principles Guideline requires separate measurement and reporting of foreign currencies. Specifically, institutions with international operations comprising more than 10 percent of total funding or total assets in foreign currencies should measure and report NCCF separately by significant currencies (e.g., CAD, US and Euro). The management of foreign-currency liquidity is also covered in Principle 4 of the Guideline, where it is expected that banks document in their policies their management of foreign currency positions, including limits, any internal support arrangements, and any transferability concerns. |
| Additional criteria | |
| AC1 | The supervisor determines that banks’ levels of encumbered balance-sheet assets are managed within acceptable limits to mitigate the risks posed by excessive levels of encumbrance in terms of the impact on the banks’ cost of funding and the implications for the sustainability of their long-term liquidity position. The supervisor requires banks to commit to adequate disclosure and to set appropriate limits to mitigate identified risks. |
| Description and findings re AC1 | OSFI has issued a Guideline on the Pledging of Assets. The Guideline requires each bank to set limits on encumbrance of assets, and amounts pledged are reported to OSFI quarterly on regulatory returns and included in public disclosures. Pledging of assets was covered during a cross-industry review of collateral management practices in 2009-10. The level of pledged assets is a standing agenda item on regular meetings with banks. Recovery planning work has caused some banks to review their pledged asset limits. |
| Assessment of Principle 24 | Compliant |
| Comments | OSFI has applied a strong focus on liquidity management since the financial crisis and has maintained this intensity. Banks have significantly increased their liquidity reserves and adopted more prudent funding profiles, relative to the start of the crisis. OSFI developed its own liquidity measure and has progressively raised the expectations on banks for maintaining a prudent level of liquid assets, moving toward compliance with the new Basel III measures as soon as possible and reducing reliance on short-term wholesale funding. However, much of OSFI’s liquidity supervision has been conducted off-site for the large banks. OSFI should ensure that, even with significant off-site analysis, reporting and review occurring, supervisors should maintain regular on-site coverage of liquidity risk management to verify the effective application of policies and controls in practice. |
| Principle 25 | Operational risk. The supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk50 on a timely basis. |
| Essential criteria | |
| EC1 | Law, regulations or the supervisor require banks to have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the bank’s risk profile, systemic importance, risk appetite and capital strength, take into account market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank on a bank-wide basis (including periods when operational risk could increase). |
| Description and findings re EC1 | OSFI’s Capital Adequacy Requirements Guideline encourages banks to comply with the BCBS Principles for the Sound Management of Operational Risk. This was reinforced through a letter by the Superintendent to deposit-taking institutions in August 2011, following the release of the updated Sound Practices. OSFI has also included the Sound Practices and its other operational risk governance expectations within an Operational Risk Self-Assessment Program template, which can be used by deposit-taking institutions in determining the level of compliance with the Sound Practices. As part of OSFI’s supervisory rating and risk assessment system, supervisors rate inherent operational risk and operational risk management and control. OSFI’s Operational Risk Division consists of 16 staff, of which 12 typically focus on banks. This unit provides assistance to Relationship Managers in their assessment of operational risk and risk management. They also conduct cross-system assessments focused on specific aspects of operational risk and risk management. Banks need to demonstrate to OSFI that, on an on-going basis, their corporate governance and risk management (control) practices related to operational risk are commensurate with the nature, scope, complexity and risk profile of the institution, account for market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank. More specifically, verification that the bank has appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk, occurs as follows:
|
| EC2 | The supervisor requires banks’ strategies, policies and processes for the management of operational risk (including the banks’ risk appetite for operational risk) to be approved and regularly reviewed by the banks’ Boards. The supervisor also requires that the Board oversees management in ensuring that these policies and processes are implemented effectively. |
| Description and findings re EC2 | OSFI expects the board of directors to periodically review and approve the bank’s operational risk management framework as well as the bank’s risk appetite for operational risk. The framework is required to provide a firm-wide definition of operational risk and lay down the principles of how operational risk is to be identified, assessed, monitored, and controlled/mitigated. In practice, OSFI has recommended that particular banks strengthen the board review and approval process as the result of operational risk framework reviews and assessors reviewed letters communicating formal recommendations. The self assessment template indicates that OSFI expects the board to review its framework regularly to ensure that the bank is managing the operational risks arising from external market changes and other environmental factors, as well as those operational risks associated with new products, activities or systems. The board is also required to ensure that the operational risk management framework is revised, as necessary, in light of this analysis, so that material operational risks are captured within the framework. |
| EC3 | The supervisor determines that the approved strategy and significant policies and processes for the management of operational risk are implemented effectively by management and fully integrated into the bank’s overall risk management process. |
| Description and findings re EC3 | Supervisors assesses banks against the expectations outlined in the BCBS Sound Practices paper, such as the effectiveness in translating the operational risk management framework established by the board into specific policies and procedures that can be implemented and verified within the different business units. These aspects are tested by operational risk specialists who attend significant activity reviews of particular business lines. Supervisors also review the extent to which operational risk management is integrated within the overall risk management framework, including risk appetite setting and monitoring, control, planning and compliance frameworks. Specific reviews of operational risk management may include:
|
| EC4 | The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery and business continuity plans to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In so doing, the supervisor determines that the bank is able to operate as a going concern and minimize losses, including those that may arise from disturbances to payment and settlement systems, in the event of severe business disruption. |
| Description and findings re EC4 | OSFI’s supervisors apply the requirements for resiliency/contingency and business continuity plans described in the BCBS Sound Practices guidance, which are designed to ensure that banks have in place resiliency/contingency and business continuity plans to ensure their ability to operate on an ongoing basis and limit losses in the event of severe business disruption. As an example of OSFI’s work in this area, in 2011, OSFI conducted a supervisory review of the six largest deposit-taking institutions to review the quality and comprehensiveness of the banks’ business continuity management programs. The objective was to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In addition, it allowed OSFI to determine whether the banks were able to operate as a going concern and minimize losses, and to benchmark practices amongst the banks. OSFI also receives regular reports from the Bank of Canada on payment system outages. |
| EC5 | The supervisor determines that banks have established appropriate information technology policies and processes to identify, assess, monitor and manage technology risks. The supervisor also determines that banks have appropriate and sound information technology infrastructure to meet their current and projected business requirements (under normal circumstances and in periods of stress), which ensures data and system integrity, security and availability and supports integrated and comprehensive risk management. |
| Description and findings re EC5 | OSFI’s supervisory assessment of information technology is a core component of its overall operational risk assessment. OSFI’s specialists conduct examinations of operational risks, includes reviews of IT oversight and governance, critical business applications, legacy systems platforms, IT processes for application development, maintenance, technology infrastructure management, and change management. These IT-focused examinations are risk-based. Information technology may also be assessed as a significant activity in larger banks. OSFI supervisors also have access to a standardized template to guide their assessment of information technology at banks. OSFI employs staff with IT control qualifications to conduct these reviews, and also has used specialized external IT consultants as necessary. In addition to focused supervisory reviews, Relationship Management teams:
The assessment concluded that:
|
| EC6 | The supervisor determines that banks have appropriate and effective information systems to:
|
| Description and findings re EC6 | OSFI’s operational risk supervisory process includes verification that the institution has in place effective operational risk management reporting processes and systems. Such verification occurs on an ongoing basis, particularly including the following:
Following the review, each bank was asked to self-assess all of its enterprise-wide risk management data aggregation and reporting capabilities against standards, including operational risk. These self-assessments have been completed and reviewed by OSFI, and each bank has developed a long-term plan to enhance its existing operational, credit, market and liquidity risk management reporting capabilities. |
| EC7 | The supervisor requires that banks have appropriate reporting mechanisms to keep the supervisor apprised of developments affecting operational risk at banks in their jurisdictions. |
| Description and findings re EC7 | OSFI’s supervisory practices are predicated on open communication with financial institutions and this approach appears to be successful in promoting prompt communication about any potential outages or operational problems. This was confirmed through discussions with the banks. Formal reporting mechanisms include:
|
| EC8 | The supervisor determines that banks have established appropriate policies and processes to assess, manage and monitor outsourced activities. The outsourcing risk management programme covers:
|
| Description and findings re EC8 | OSFI’s Outsourcing Guideline contains comprehensive requirements covering the above areas. It requires banks to have established appropriate policies and processes to assess, manage and monitor operational risk associated with outsourced activities and to establish contingency plans. Material outsourcing activities are often reviewed during the course of on-site reviews covering operational risk. In 2007, OSFI reviewed outsourcing practices at the six largest banks focusing on Governance and Risk Management, Contractual Protections, Management and Monitoring and Business Continuity Management. |
| Additional criteria | |
| AC1 | The supervisor regularly identifies any common points of exposure to operational risk or potential vulnerability (e.g., outsourcing of key operations by many banks to a common service provider or disruption to outsourcing providers of payment and settlement activities). |
| Description and findings re AC1 | OSFI has identified common points of exposures and emerging operational risks to banks, such as the recent focus on cyber risks. OSFI regularly reviews the FRFI’s critical third party providers to assess potential vulnerability. For example, during the 2011 Business Continuity Management cross-sector review encompassing the six conglomerate banks, one of the key objectives was to determine how each FRFI ensures that it will have continuity of service from its critical third party providers. In addition, each of these FRFIs was asked to provide a list of critical third party service providers and the services utilized. Also, the recent Recovery Planning efforts provided relevant factual information as to the important outsourcing relationships and service level agreements. OSFI also has in place an information-sharing agreement with the Bank of Canada to inform OSFI of payment systems matters of immediate concern to the financial health of a FRFI and matters that may be less material but could be informative from a trend perspective. The information received from the Bank of Canada includes the Bank’s operational outages reports. |
| Assessment of Principle 25 | Compliant |
| Comments | OSFI has a strong program for assessing operational risk management at banks. OSFI employs a dedicated operational risk team, which includes technology risk experts. It reviews of banks’ operational risk framework with a view to promoting best practice, and conducts regular cross-industry reviews to highlight areas of potential concern, such as legacy systems and cyber risks. OSFI has relied explicitly on the BCBS Sound Practice guidance in setting expectations for banks, but has not issued its own overall guidance on operational risk. OSFI has issued guidance in targeted areas such as outsourcing. OSFI should consider issuing more comprehensive guidance on setting out its expectations for operational risk management more broadly and covering areas such as business continuity expectations. |
| Principle 26 | Internal control and audit. The supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent51 internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require banks to have internal control frameworks that are adequate to establish a properly controlled operating environment for the conduct of their business, taking into account their risk profile. These controls are the responsibility of the bank’s Board and/or senior management and deal with organizational structure, accounting policies and processes, checks and balances, and the safeguarding of assets and investments (including measures for the prevention and early detection and reporting of misuse such as fraud, embezzlement, unauthorized trading and computer intrusion). More specifically, these controls address:
|
| Description and findings re EC1 | OSFI’s Corporate Governance Guideline, and other guidelines and advisories including those on ICAAP and operational risk, describe OSFI’s requirements for the board and senior management to establish an adequate and properly controlled operating environment, covering in general terms the areas listed in this EC. Assessment criteria for rating the board and senior management specify OSFI’s requirements for the acceptable quality of controls and oversight of bank’s operating environment. Supervisory assessments of the quality and effectiveness a bank’s internal control framework is a key component of OSFI’s on-site significant activity and control area reviews and are supported by an extensive set of internal supervisory guides. |
| EC2 | The supervisor determines that there is an appropriate balance in the skills and resources of the back office, control functions and operational management relative to the business origination units. The supervisor also determines that the staff of the back office and control functions have sufficient expertise and authority within the organization (and, where appropriate, in the case of control functions, sufficient access to the bank’s Board) to be an effective check and balance to the business origination units. |
| Description and findings re EC2 | Assessors saw evidence from on-site and off-site reviews documentation that the adequacy of control functions and operational management are subject to regular supervisory review and that issues raised in internal audits and other reviews are reported directly to the board. As described under CP24 above, OSFI’s Operational Risk Division provides support to Relationship Managers in assessing risk in back office operations and related control environments. Operational risk specialists often participate on reviews of significant activities, such as capital markets businesses, to assist in assessing the control environment. |
| EC3 | The supervisor determines that banks have an adequately staffed, permanent and independent compliance function52 that assists senior management in managing effectively the compliance risks faced by the bank. The supervisor determines that staff within the compliance function are suitably trained, have relevant experience and have sufficient authority within the bank to perform their role effectively. The supervisor determines that the bank’s Board exercises oversight of the management of the compliance function. |
| Description and findings re EC3 | OSFI’s Legislative Compliance Management Guideline sets out clear requirements for the Compliance function. Criteria used to complete the assessment of the Compliance function include assessing the quality of staff and their level of independence. There are specific internal supervisory guides and templates for assessing the Compliance function at a bank. OSFI’s Anti-Money Laundering Compliance and Corporate Governance divisions provide support to RMs in reviewing compliance risk and related board oversight. OSFI noted a strong function on ensuring effective compliance functions, including at smaller banks. Supervisors regularly conduct on-site reviews of banks’ compliance functions. |
| EC4 | The supervisor determines that banks have an independent, permanent and effective internal audit function53 charged with:
|
| Description and findings re EC4 | Specific OSFI requirements for internal audit are described in OSFI’s Corporate Governance Guideline and Assessment Criteria for Internal Audit used by supervisors. The assessment of Internal Audit is a regular part of OSFI’s supervisory work and is completed using a combination of on-site and off-site work. The adequacy of the internal audit function is assessed in the course of each significant activity review conducted of the bank and on an overall basis and often makes findings with respect to required improvements. The internal audit function assessment includes its audit work on the other functions such as risk management, compliance, etc. Criteria used to complete the assessment of the Internal Audit function specifically include the appropriateness of the Internal Audit mandate and its level of independence. There are internal supervisory guides and templates for assessing the Internal Audit function at a bank. |
| EC5 | The supervisor determines that the internal audit function:
|
| Description and findings re EC5 | Supervisors regularly review the internal audit function through both on-site and off-site supervisory review. They review many of the above areas in the course of significant activity reviews as well as in overall risk governance reviews of banks. Reviews of the internal audit function itself are conducted periodically. Supervisors use a set of published assessment criteria as well as internal supervisory guides which addresses resourcing, independence, planning and reporting of internal audit and the other areas noted in the criteria. OSFI’s Outsourcing Guideline requires that banks obtain audit rights for all material outsourcing arrangements. The contract or outsourcing agreement is expected to clearly stipulate the audit requirements and at a minimum, it should give the bank the right to evaluate the service provided or, alternatively to cause an independent auditor to evaluate, on its behalf, the service provided. This includes a review of the service provider’s internal control environment as it relates to the service being provided. Supervisors meet with internal auditors to review their work and in some cases recommend specific areas for review. Supervisors of large banks regularly meet with the Chief Internal Auditor to review internal audit results and audit plans. |
| Assessment of Principle 26 | Compliant |
| Comments | OSFI’s supervision program includes a high degree of interaction with the internal audit functions of banks and their reporting to the bank’s audit committee. Supervisors appear to have appropriately balanced oversight and use of internal audit work auditors without placing undue reliance on it. |
| Principle 27 | Financial reporting and external audit. The supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function. |
| Essential criteria | |
| EC1 | The supervisor54 holds the bank’s Board and management responsible for ensuring that financial statements are prepared in accordance with accounting policies and practices that are widely accepted internationally and that these are supported by recordkeeping systems in order to produce adequate and reliable data. |
| Description and findings re EC1 | The Canadian Accounting Standards Board adopted International Financial Reporting Standards (IFRS) for publically accountable enterprises for annual periods beginning on or after January 1, 2011. All OSFI federally regulated financial institutions are publically accountable enterprises and thus prepare financial statements in accordance with IFRS. The Canadian audit profession is governed by the International Standards on Auditing (ISAs), which are set by the International Auditing and Assurance Standards Board (IAASB), an independent standard setting body that serves the public interest by setting high-quality international standards for auditing. Unless material weaknesses have been identified in the independent audit function, OSFI relies upon banks’ external auditors to conduct an audit in accordance with Canadian Generally Accepted Auditing Standards and to provide an opinion on whether the audited financial statements present fairly in all material respects in accordance with IFRSs. The Bank Act and OSFI’s Corporate Governance Guideline place clear responsibility on the board for the production of accurate financial statements. The Bank Act requires that the directors of a bank place before the shareholders at every annual meeting the report of the auditor or auditors of the bank. The Act also requires that each financial institution establish an audit committee comprised of non-employee directors, a majority of whom are not affiliated with the institution. The statutory duties of the audit committee include reviewing the annual statements of the institution, evaluating and approving internal control procedures for the institution, and meeting with the independent oversight providers to review their functions and discuss the effectiveness of the institution’s internal controls and reporting practices. The Corporate Governance Guideline requires that the audit committee probe, question and hold regular in camera meetings with the external auditor to understand all of the relevant issues and how these issues have been resolved. Audit committees should discuss with the external auditor the overall result of the audit, the annual and quarterly financial statements and related documents in the audit report, the quality of the financial statements and any related concerns. OSFI supervisors meet regularly (typically quarterly for the large Canadian banks) with the internal auditor, external auditor and chair of the board risk committee to discuss any financial reporting matters that may arise. |
| EC2 | The supervisor holds the bank’s Board and management responsible for ensuring that the financial statements issued annually to the public bear an independent external auditor’s opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards. |
| Description and findings re EC2 | The Canadian Public Accountability Board (CPAB) oversees the quality of the work of the external audit firms. CPAB is the national body responsible for the regulation of public accounting firms and is a Federal not-for-profit corporation. CPAB was created by the Canadian Securities Administrators, OSFI and the Canadian Institute of Chartered Accountants. OSFI has an MOU with CPAB which allows CPAB to share findings with OSFI on a high level (i.e., non institution-specific) basis. OSFI’s Accounting Policy Division meets with CPAB on a biannual basis for this purpose. OSFI’s Accounting Policy Division reviews the financial statements and the independent auditor’s report to the audit committee on a quarterly basis for Canada’s conglomerate banks. OSFI meets with the external auditors of the conglomerate banks quarterly to probe and question areas of significant auditor and management judgment affecting accounting policies, accounting estimates and financial statement disclosures. For smaller banks, the Accounting Policy Division works on accounting and auditing matters as issues arises. |
| EC3 | The supervisor determines that banks use valuation practices consistent with accounting standards widely accepted internationally. The supervisor also determines that the framework, structure and processes for fair value estimation are subject to independent verification and validation, and that banks document any significant differences between the valuations used for financial reporting purposes and for regulatory purposes. |
| Description and findings re EC3 | IFRS is the basis for both external and regulatory reporting for banks, supplemented by OSFI guidelines where required. OSFI has issued guidance relating to valuation practices where needed to clarify its expectations for certain aspects under IFRS:
|
| EC4 | Laws or regulations set, or the supervisor has the power to establish the scope of external audits of banks and the standards to be followed in performing such audits. These require the use of a risk and materiality based approach in planning and performing the external audit. |
| Description and findings re EC4 | Subsection 323(2) of the Bank Act requires banks to be audited in accordance with generally accepted auditing standards, the primary source of which is the Canadian Auditing Standards contained in the Handbook of the Canadian Institute of Chartered Accountants. As per Canadian Auditing Standard (CAS) 320, in conducting an audit of financial statements, the overall objective of the auditor is to obtain reasonable assurance that the financial statements as a whole are free from material misstatement, whether due to fraud or error. This is done by obtaining sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. CAS 320 further requires that in establishing the overall audit strategy, the auditor determine materiality for the financial statements as a whole. If, in the specific circumstances of the entity, there is one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements, the auditor shall also determine the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures. |
| EC5 | Supervisory guidelines or local auditing standards determine that audits cover areas such as the loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting. |
| Description and findings re EC5 | As audits are conducted under ISAs, the above areas (loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting) are covered by the audit scope. |
| EC6 | The supervisor has the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards. |
| Description and findings re EC6 | OSFI may revoke the appointment of an external auditor that is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards under subsection 317(2) of the Bank Act. |
| EC7 | The supervisor determines that banks rotate their external auditors (either the firm or individuals within the firm) from time to time. |
| Description and findings re EC7 | The Canadian Chartered Accounting profession is a member of the International Federation of Accountants (IFAC) which follows the Canadian professions’ Rules of Professional Conduct. Currently, the Rules of Professional conduct require audit partner rotation every seven years with a minimum of five years off thereafter. |
| EC8 | The supervisor meets periodically with external audit firms to discuss issues of common interest relating to bank operations. |
| Description and findings re EC8 | OSFI’s supervision approach includes regular industry-level meetings with external audit firms to discuss issues of common interest as well as bilateral meetings between supervisors and the external auditor of each bank, generally quarterly. Banks and supervisors indicated that they find the regular discussion and exchange of information very effective and an important supervisory tool. The Accounting Policy Division meets periodically (at least twice a year) with the Auditor Advisory Committee of the Auditing Firms to address issues relating to bank accounting and auditing. The AAC is comprised of the lead audit and technical partners of the big four firms. |
| EC9 | The supervisor requires the external auditor, directly or through the bank, to report to the supervisor matters of material significance, for example failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the bank’s financial reporting process or other matters that they believe are likely to be of material significance to the functions of the supervisor. Laws or regulations provide that auditors who make any such reports in good faith cannot be held liable for breach of a duty of confidentiality. |
| Description and findings re EC9 | Under the Bank Act, it is the duty of the auditor or auditors of a bank to report in writing to the bank and OSFI any transactions or conditions that have come to the attention of the auditor or auditors affecting the ‘well being’ of the bank that, in the opinion of the auditor, are not satisfactory. The applicable auditing guideline (Canadian Audit and Assurance Standard Board’s Audit Guidance 17) provides further details on the types of transactions that would be considered reportable under the ‘well being’ letter requirement; these generally include those that would jeopardize the ability of the bank to continue as a going concern or for example, involve contravention of legislated capital or liquidity requirements. In addition, section 325 of the Bank Act states that the Superintendent may require the auditors to report directly to the Superintendent on the extent of procedures of the auditor in the examination of the annual statement and require the auditor to enlarge or extend the scope of the examination or direct that any other procedure be performed in any particular case. The auditor does not have an ongoing legal obligation to report to OSFI instances of compliance breaches or potential prudential concerns, although discussions with auditors indicates that they generally would view it as their responsibility to report any significant concerns to OSFI. OSFI was actively involved in developing the new BCBS guidance on the External Audit of Banks, which has been released in draft form for consultation and is expected to be finalised shortly. The draft guidance contains a requirement for timely reporting of prudential concerns. OSFI will require banks to adhere to this guidance. Section 333 of the Bank Act provides that any oral or written statement or report made by the auditor has qualified privilege (e.g., cannot be held liable for breach of duty made in good faith). |
| Additional criteria | |
| AC1 | The supervisor has the power to access external auditors’ working papers, where necessary. |
| Description and findings re AC1 | Section 643 of the Bank Act provides the Superintendent with the authority to review the auditor’s working papers. Supervisors indicated that this is done periodically. |
| Assessment of Principle 27 | Compliant |
| Comments | OSFI supervisors have established strong ongoing communication channels with external auditors and are able to leverage their resources and expertise when needed. While auditors have a statutory duty to report to the bank and OSFI issues affecting the well being of the bank, the ‘well being letter’ requirements may not cover all matters of prudential interest to OSFI. In addition, the formal statutory nature of this requirement may hinder timely and open communication of matters of potential prudential concern that do not rise to the level of immediacy or severity set out in the Bank Act or associated audit guidance. OSFI expects to require banks to adhere to forthcoming BCBS guidance on external audit, which will include a more generalised reporting requirement on matters of prudential concern. This will supplement appropriately the Bank Act reporting expectations. |
| Principle 28 | Disclosure and transparency. The supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. |
| Essential criteria | |
| EC1 | Laws, regulations or the supervisor require periodic public disclosures55 of information by banks on a consolidated and, where appropriate, solo basis that adequately reflect the bank’s true financial condition and performance, and adhere to standards promoting comparability, relevance, reliability and timeliness of the information disclosed. |
| Description and findings re EC1 | Banks are required to prepare annual financial statements on a consolidated basis in compliance with IFRS as adopted in Canada. Subsection 308(1) of the Bank Act requires every bank to have a report from an auditor on the annual financial statements. The Bank Act provides that financial statements shall, except as otherwise specified by the Superintendent, be prepared in accordance with generally accepted accounting principles, the primary source of which is the Handbook of the Canadian Institute of Chartered Accountants. OSFI has authority to specify additional accounting guidance or additional disclosure or require that a specific accounting option be followed. OSFI’s ability to make specifications for additional disclosure or to specify an IFRS option is also set out in International Standard on Auditing 210 (ISA 210) and the equivalent Canadian Auditing Standard 210 (CAS 210). OSFI makes these specifications in rare situations where there is a need for additional accounting guidance; for example, OSFI issued detailed guidance on transitional aspects of IFRS in 2010. This guidance addressed issues such as comparability. The timeliness and content of the issuance of financial statements for publicly listed banks is further dictated by securities regulations. Banks that have subsidiaries, which includes the largest Canadian banks among others, do not currently publicly disclosure solo financial statements and there are no requirements to do so. OSFI requires all banks and federally regulated trust and loan companies to follow BCBS Pillar 3 standards. OSFI issued an Advisory in November 2007 with the implementation of Basel II indicating its expectations with respect to Pillar 3 disclosure requirements. Since then, OSFI has issued subsequent Advisories when revised or additional Pillar 3 requirements have been issued by the BCBS, including the enhanced disclosure requirements under Basel 2.5 in 2012 and Basel III and the requirements on remuneration disclosure requirements in 2011. OSFI had issued draft guidance on Basel III Pillar 3 capital disclosures at the time of the mission and issued the final guidance in July 2013. OSFI has also issued additional disclosure requirements for banks including guidelines on Annual Disclosures and Derivatives Disclosures, as well as disclosure aspects of the Guidelines on Mortgage Underwriting Practices and Liquidity Principles. |
| EC2 | The supervisor determines that the required disclosures include both qualitative and quantitative information on a bank’s financial performance, financial position, risk management strategies and practices, risk exposures, aggregate exposures to related parties, transactions with related parties, accounting policies, and basic business, management, governance and remuneration. The scope and content of information provided and the level of disaggregation and detail is commensurate with the risk profile and systemic importance of the bank. |
| Description and findings re EC2 | The scope of information required under IFRS includes qualitative and quantitative disclosure requirements on a bank’s financial performance and financial position. The Basel Pillar 3 disclosure requirements address qualitative and quantitative information on a bank’s risk management strategies and practices, risk exposures, and basic business, management, governance and remuneration. The additional disclosures set out by OSFI in its guidance encompass other risk information that is considered useful in allowing the public to assess bank risk profiles and risk management. For example, during the recent sovereign debt crisis, OSFI required banks to make certain additional disclosures regarding exposures to certain sovereigns in Q1 2012 in order to provide greater market transparency. OSFI’s new requirements for banks that are designated as D-SIBs include an expectation to adopt the recommendations of the Financial Stability Board’s Enhanced Disclosure Task Force, future disclosure recommendations in the banking arena that are endorsed by international standard setters and the Financial Stability Board, as well as evolving domestic and international bank risk disclosure best practices. |
| EC3 | Laws, regulations or the supervisor require banks to disclose all material entities in the group structure. |
| Description and findings re EC3 | Paragraph 308(3)(a) of the Bank Act requires disclosure of all material entities in the group structure in the bank’s annual statement. |
| EC4 | The supervisor or another government agency effectively reviews and enforces compliance with disclosure standards. |
| Description and findings re EC4 | Disclosures contained in banks’ annual financial statements are reviewed by external auditors as per IAS 720 “The auditor’s responsibilities relating to other information in documents containing audited financial statements”. Financial statements are also submitted to securities regulators. In addition, OSFI’s Accounting Policy Division reviews the financial statements of the major banking organizations quarterly and annually and comments on any potential accounting issues of concern, which are followed up by supervisors. OSFI proactively enforces compliance with its disclosure requirements. In 2006, OSFI provided a ‘roadmap’ template for institutions to complete to demonstrate their compliance with the initial Pillar 3 requirements. Since then, the Accounting Policy Division has done periodic reviews of Pillar 3 disclosures to enforce compliance and ensure all required disclosures have been included. In that regard, issues have been raised with banks with regard to the accessibility of disclosures and Pillar 3 reports on bank web sites. The Accounting Policy unit has also recently performed a review against the specific disclosure requirements set out in OSFI’s the 2012 mortgage lending Guideline. Section 642 of the Bank Act requires the Superintendent to prepare a report annually to Parliament respecting the disclosure of information by banks and describing the state of progress made in enhancing disclosure of information in the financial services industry. |
| EC5 | The supervisor or other relevant bodies regularly publishes information on the banking system in aggregate to facilitate public understanding of the banking system and the exercise of market discipline. Such information includes aggregate data on balance sheet indicators and statistical parameters that reflect the principal aspects of banks’ operations (balance sheet structure, capital ratios, income earning capacity, and risk profiles). |
| Description and findings re EC5 | OSFI makes available consolidated data for all banks on its website on a quarterly and monthly basis. For each bank, users can generate a report showing the consolidated statement of financial position, income statement, impaired assets, capital adequacy components and derivative contracts. In addition, the Bank of Canada publishes aggregate banking system statistics with a reasonable level of detail on a monthly basis. This does not include risk indicators (for example, arrears or impairments), information on liquidity and funding, exposure concentrations or performance indicators. |
| Additional criteria | |
| AC1 | The disclosure requirements imposed promote disclosure of information that will help in understanding a bank’s risk exposures during a financial reporting period, for example on average exposures or turnover during the reporting period. |
| Description and findings re AC1 | OSFI has issued additional disclosure requirements for banks in response to specific risk issues. OSFI’s B20-Residential Mortgage Underwriting Practices and Procedures requires additional disclosure to provide greater transparency, clarity and public confidence in residential mortgage underwriting. The guideline indicates that, as a matter of principle, banks should publicly disclose sufficient information related to their residential mortgage portfolios for market participants to be able to conduct an adequate evaluation of the soundness and condition of their residential mortgage operations. Disclosures include, for example:
|
| Assessment of Principle 28 | Compliant |
| Comments | OSFI has implemented all Pillar 3 requirements and has been proactive in including enhanced disclosure expectations for Canadian banks. Canadian D-SIBs will be expected to adopt the recommendations of the Financial Stability Board’s Enhanced Disclosure Task. Pillar 3 requirements have been issued in Advisories rather than a Guideline. Advisories provide OSFI with the flexibility to address issues quickly. OSFI plans to issue a Guideline once the BCBS Working Group on disclosures issues its final report on findings and recommendations. As OSFI and the banks view Pillar 3 requirements, which have been in effect since 2008, as minimum required standards, we recommend that OSFI consider issuing a Guideline on disclosure. In keeping with OSFI’s leading practice in other areas, OSFI could provide greater financial and risk data in a more useable format for analysis by the public. The OSFI data access tool on its web site is not particularly user friendly, does not facilitate analysis (for example, over time or across peers) or flexible access (for example, via spreadsheet). Some other regulators publish substantially more information in time series format on bank performance and risk indicators at the aggregate and individual institution level. OSFI may wish to review best practices in other countries and consider publication of time series data sourced from its regulatory returns that would enhance the public understanding of banks’ operations and risk profile. |
| Principle 29 | Abuse of financial services. The supervisor determines that banks have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities. |
| Essential criteria | |
| EC1 | Laws or regulations establish the duties, responsibilities and powers of the supervisor related to the supervision of banks’ internal controls and enforcement of the relevant laws and regulations regarding criminal activities. |
| Description and findings re EC1 | Section 4 of the Office of the Superintendent of Financial Institutions Act states that OSFI shall “supervise financial institutions in order to determine whether they are in sound financial condition and are complying with their governing statute law and supervisory requirements under that law”. Sections 628 to 644 of the Bank Act provide the Superintendent with general powers to examine banks, while sections 645 to 655 provide the Superintendent with broad and specific powers to take remedial actions, including up to taking control of a bank in order to do “all things necessary to or expedient to protect the rights and interests of depositors and other creditors of the bank”. In Canada, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations applies a regulatory framework to the banking sector with the aim of detecting and deterring money laundering and terrorist financing. Enforcement of the PCMLTFA and its associated regulations is the responsibility of the Financial Transactions and Analysis Centre of Canada (FINTRAC). OSFI and FINTRAC have the authority to share information with each other. A MoU was signed in 2004 with respect to information sharing of the federally regulated financial institutions. OSFI considers that the relationship is relatively mature at this stage. While there are quarterly meetings at the working level, with corresponding meetings at the executive level, the executive level is comfortable about meeting as needed. Additionally, FINTRAC no longer carries out separate assessments of the banks but works alongside OSFI. Two assessments under this new procedure have been carried out so far and the reduction of potential overlap and duplication is a benefit. OSFI also noted that it requested and received interpretative issues from FINTRAC while, conversely, FINTRAC and the Department of Finance, consults with OSFI on risk management issues. OSFI has issued high level guidance to banks on the freezing obligations under UNSCR on the prevention, suppression and disruption of the financing or proliferation of weapons of mass destruction. OSFI staff have not yet been trained in relation to the 2012 FATF Recommendations as OSFI has been waiting for the (recently finalised) FATF methodology of evaluation. |
| EC2 | The supervisor determines that banks have adequate policies and processes that promote high ethical and professional standards and prevent the bank from being used, intentionally or unintentionally, for criminal activities. This includes the prevention and detection of criminal activity, and reporting of such suspected activities to the appropriate authorities. |
| Description and findings re EC2 | In Canada, regulations under the PCMLTFA require banks to develop and apply written policies and procedures that are kept up to date and approved by a senior officer, for the purposes of complying with subsection 9.6(1) of the PCMLTFA (which obligates banks to have programs in place intended to ensure their compliance with Part 1 of the PCMLTFA). OSFI’s Deterring and Detecting Money Laundering and Terrorist Financing (AML/ATF) Guideline sets out OSFI’s expectations with respect to the risk management and controls that should be in place to detect and deter money laundering and to enable banks to comply with the PCMLTFA. OSFI’s Background Checks on Directors and Senior Management of FREs (Responsible Persons) Guideline sets out OSFI’s expectations with respect to the measures that should be in place to screen “Responsible Persons” by federally regulated financial institutions (FRFIs) when such persons are hired. The Anti-Money Laundering and Compliance Division (AMLC) is responsible for OSFI’s AML/ATF assessment program. AMLC uses a risk-based approach to prioritizing the frequency and depth of AML/ATF assessments at banks, and applies these enterprise- wide including branches and subsidiaries of banks located outside Canada. Banks are categorized into three broad groups based on the overall level of observed ML and TF risk. Criteria such as size, geographic operations, types of financial products, and delivery channels are factored in for determining the overall level of risk. Banks showing the highest overall risk profile as rated by OSFI are subject to a joint OSFI-FINTRAC AML/ATF assessment approximately every three years; others are either assessed approximately every four to five years depending on the risk level. The Joint assessment is planned so that OSFI and FINTRAC focus on risk management and compliance elements respectively. For banks where the observed ML and TF risk is low as rated by OSFI, banks are assessed solely by FINTRAC. The joint assessment program does not preclude either agency from conducting on-site assessments separately but is designed to minimize impact on banks. Starting in 2013, separate assessments are the exception rather than the rule. The timing of assessments may vary depending on workloads, prioritized work arising at other financial institutions, and other supervisory issues. OSFI’s risk assessment of its institutions (as discussed in CP8) is broken down by significant activity and risk management is a critical component in assessing the net risk of any significant activity. Hence the risk management of AML is critical in deriving the overall ranking institutions by level of ML/TF risk. Each AML/ATF assessment includes a segment that evaluates a bank’s Responsible Person screening process. While all banks are subject to the Responsible Persons Guideline, only banks that are being subject to the AML/ATF assessment methodology are subject to the an evaluation of their compliance with the Guideline. The PCMLTFA does not require banks to “detect” criminal activity, in the sense of being certain that a financial transaction is linked to a predicate offence as the proceeds of crime. Instead, banks only need reach a threshold of suspicion: section 7 of the PCMLTFA requires banks to report financial transactions to FINTRAC where there are reasonable grounds to suspect that a transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist financing offence. Each OSFI AML/ATF assessment evaluates the systems and processes in place at a bank to flag transactions which are considered unusual, and scrutinize them as potentially suspicious. In addition, processes to flag and report other transactions (large cash transactions, electronic funds transfers) are also evaluated. Apart from ML/TF risk as it may relate to broader internal and external fraud, OSFI’s supervisory assessment process involves institutions demonstrating that, on an on-going basis, their corporate governance and risk management (control) practices related to operational risk (which includes fraud risk) are commensurate with the nature, scope, complexity and risk profile of the institution. Such fraud includes rogue/unauthorized trading, credit card fraud, mortgage fraud, cyber-crime, etc. |
| EC3 | In addition to reporting to the financial intelligence unit or other designated authorities, banks report to the banking supervisor suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness or reputation of the bank. |
| Description and findings re EC3 | The PCMLTFA requires banks to report to FINTRAC any financial transaction or attempted financial transaction in respect of which there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission or attempted commission of a ML offence or a TF offence. This obligation applies to any suspicious activity and is not limited to situations material to the safety, soundness or reputation of a bank. Accordingly, such reports are not filed with OSFI. However, OSFI does have the ability to see the file copies of such reports, pursuant to governing legislation. Other formal reporting mechanisms of suspicious activities and incidents of fraud, include:
|
| EC4 | If the supervisor becomes aware of any additional suspicious transactions, it informs the financial intelligence unit and, if applicable, other designated authority of such transactions. In addition, the supervisor, directly or indirectly, shares information related to suspected or actual criminal activities with relevant authorities. |
| Description and findings re EC4 | If during the AML/ATF assessment of a bank, OSFI becomes aware of transactions that appear to be suspicious, OSFI will ask the bank whether such transactions were reported to FINTRAC, and, if not, request the bank to consider whether the transactions should have been so reported. OSFI does not, except for egregious and obvious cases, attempt to second-guess a bank’s decision to report or not report a particular transaction or attempted transaction. OSFI noted that it is very focused on a bank’s processes to determine the suspiciousness of a transaction and the investigation process. This includes timeliness of notification and approval to report the transaction to FINTRAC and also the quality of information that is supplied to FINTRAC. Often OSFI has recommendations on process gaps which are documented in the “FUD” (see CPs 8 and 9) and are subject to the follow up and eventual sign-off and closure procedures in OSFI. In terms of communication to firms there are two clear categories; the first are “requirements” which are backed by the legislation and the second are “recommendations” which do not relate specifically to the statutory powers. However, as with all OSFI recommendations, the supervisor expects the firm to undertake remedial action in a timely manner and failure to do so might result in the intervention processes being initiated. |
| EC5 | The supervisor determines that banks establish CDD policies and processes that are well documented and communicated to all relevant staff. The supervisor also determines that such policies and processes are integrated into the bank’s overall risk management and there are appropriate steps to identify, assess, monitor, manage and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries and regions, as well as to products, services, transactions and delivery channels on an ongoing basis. The CDD management programme, on a group-wide basis, has as its essential elements: |
| (a) | a customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks; |
| Description and findings re EC5(a) | The PCMLTFR (paragraph 71(1)(c)) requires banks to assess and document the risk of a money laundering offence or a terrorist financing offence. The Act further prescribes criteria to be applied by banks in determining if a client is a high risk client. Section 71.1 of the PCMLTFR sets out additional measures to be taken where high risks are identified. OSFI’s AML/ATF Guideline sets out OSFI’s expectation that banks’ policies and procedures include client due diligence standards for dealing with clients who exhibit levels of risk that are unacceptable to the bank. OSFI’s AML/ATF assessment program examines the processes by which banks apply this expectation, and it includes consideration of: the numbers of suspicious transaction reports a bank may have filed with FINTRAC; whether the bank has a list of types of business or occupation for which banking services will not be provided; whether the risk assessment methodology of the bank is reasonably designed to identify and monitor high risk customers. Other than prohibited transactions (eg terrorist financing) there are no ex ante prohibitions on business relationships a bank may not enter but OSFI expects to understand what the bank’s risk appetite for its business relationships is and also to find conformity of practice with the policy statement when OSFI undertakes file reviews. If a bank opted to maintain a high risk category of relationship then OSFI expects to be shown the rationale. OSFI also noted that it would press banks when it became aware that one bank was prepared to transact with a category/counterparty that it knew peer banks were withdrawing from. Essentially OSFI expected to see “demarketing” or higher levels of controls if a higher risk category of customer appeared on the files and OSFI needed to understand the bank’s method of identifying the high risk counterparties and the procedures that were put in place around that counterparty. |
| (b) | a customer identification, verification and due diligence programme on an ongoing basis; this encompasses verification of beneficial ownership, understanding the purpose and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant; |
| Description and findings re EC5(b) | The PCMLTFA and PCMLTFR impose obligations on banks to ascertain the identity of prescribed customers; determine the beneficial owner(s) who own at least 25 percent of the shares of clients that are corporations; determine if there are any other parties who will have access to the account; and keep appropriate records. The standard will increase from February 2014 from the bank having to use “reasonable measures” to determine the beneficial owners to a clear requirement to actually identify the beneficial owners and to take reasonable measures to confirm the accuracy of this information. The choice of a 25 percent threshold (no threshold is specified by the FATF) was informed by a review of international practices, notably the EU. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by FRFIs to comply with these requirements. A key feature of the program is the review of samples of customer records for the purpose of assessing the overall strengths of the measures used to comply with the regulatory requirements. |
| (c) | policies and processes to monitor and recognise unusual or potentially suspicious transactions; |
| Description and findings re EC5(c) | The PCMLTFA requires banks to be able to identify and report to FINTRAC every financial transaction, including attempted financial transactions, in respect of which there are reasonable grounds to believe that the transaction is related to the commission of a money laundering offence or a terrorist financial offence. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements. This includes assessing how banks identify potentially suspicious transactions, the case management systems that are used to determine if such transactions are suspicious, and the processes used to report them to FINTRAC. Before onsite visits, OSFI obtains the policies and procedures which, as noted below are then evaluated in terms of their actual operation when the team is on site. |
| (d) | enhanced due diligence on high-risk accounts (e.g., escalation to the bank’s senior management level of decisions on entering into business relationships with these accounts or maintaining such relationships when an existing relationship becomes high-risk); |
| Description and findings re EC5(d) | The PCMLTFA requires banks to apply a risk assessment to customers and determine the risk of money laundering or terrorist financing. In respect of high risk customers, the PCMLTFR requires banks to: take reasonable measures to keep client information and beneficial ownership information about the client (if it is an entity) up to date; take reasonable measures to conduct ongoing monitoring for the purpose of detecting suspicious transactions; and mitigate the risks identified. After February 1, 2014, the PCMLTFR will be amended to require banks, in respect of high risk customers, to: take enhanced measures to ascertain the identity of the client, and to take any other enhanced measures to mitigate risk, including enhanced measures to keep client identification and beneficial ownership information up to date, and conducting enhanced ongoing monitoring of the business relationship with the client. As of February 1, 2014, the PCMLTFR will also require banks to conduct ongoing monitoring of their business relationship with all clients, in accordance with the risk assessment undertaken as required by the PCMLTFA. OSFI’s AML/ATF Guideline sets out OSFI’s expectation that banks have processes in place to escalate client relationships where there are elevated levels of risk, and to have a process to exit the relationship where the bank considers the risk of ML or TF to be unacceptable. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements. OSFI noted that it followed a clear framework, reviewing files, interviewing senior officers, and following up on site to confirm execution of the firm’s stated policies. If for example certain categories of customer were expected to be subject to enhanced due diligence, OSFI expected to see a differentiation of the due diligence in the file reviews. |
| (e) | enhanced due diligence on politically exposed persons (including, among other things, escalation to the bank’s senior management level of decisions on entering into business relationships with these persons); and |
| Description and findings re EC5(e) | The PCMLTFA and PCMLTFR require banks to determine under prescribed circumstances whether individual clients are Politically Exposed Foreign Persons (PEFPs) as defined in the PCMLTFA. If a client is determined to be a PEFP, the bank must apply prescribed measures which include: take reasonable measures to establish the source of the funds that have been, will be or are expected to be deposited in the account in question or used for the transaction in question; obtain the approval of senior management to keep the account open or have senior management review the transaction in question; and conduct enhanced ongoing monitoring of the activities in respect of the account for the purpose of detecting suspicious transactions. These measures must be applied within prescribed timelines. OSFI’s AML/ATF Guideline establishes that, although domestic PEPs are not explicitly defined or caught by the PCMLTFA, banks should factor in to their risk assessment the occupation of clients who disclose to banks that they are domestic PEPs, as part of their determination of the level of risk such clients may present. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements and expectations. OSFI commented that it had met with mixed results so far but also noted that Finance has consulted on new proposals so further development is possible. OSFI considers that it has communicated its expectations in this area explicitly and frequently to the banks and that some improvements are being made. Legislation could help. |
| (f) | Clear rules on what records must be kept on CDD and individual transactions and their retention period. Such records have at least a five year retention period. |
| Description and findings re EC5(f) | The PCMLTFA and PCMLTFR prescribe in detail the records which must be kept by banks as a result of ascertaining the customer’s identity, and other prescribed CDD measures. OSFI does not set these requirements and in any event does not have rule-making power in this area. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with record keeping requirements associated with the foregoing requirements. |
| EC6 | The supervisor determines that banks have in addition to normal due diligence, specific policies and processes regarding correspondent banking. Such policies and processes include: |
| (a) | gathering sufficient information about their respondent banks to understand fully the nature of their business and customer base, and how they are supervised; and |
| Description and findings re | The PCMLTFA and PCMLTFR set out prescribed measures which apply to banks’ correspondent banking relationships although such relationships are not prohibited. |
| EC6(a) | OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements where the bank’s correspondent banking relationships are considered to be high risk. |
| (b) | not establishing or continuing correspondent relationships with those that do not have adequate controls against criminal activities or that are not effectively supervised by the relevant authorities, or with those banks that are considered to be shell banks. |
| Description and findings re EC6(b) | The PCMLTFA prohibits banks from entering into correspondent banking relationships with shell banks. The PCMLTFA and PCMLTFR set out prescribed identification and due diligence measures which apply to banks’ correspondent banking relationships. These include measures to ascertain whether such foreign banks have adequate controls against criminal activities and are appropriately supervised. OSFI’s AML/ATF assessment program evaluates the policies and processes implemented by banks to comply with these requirements. |
| EC7 | The supervisor determines that banks have sufficient controls and systems to prevent, identify and report potential abuses of financial services, including money laundering and the financing of terrorism. |
| Description and findings re EC7 | OSFI gathers information about the controls and systems in place at banks which are designed to detect and deter ML and TF: 1. Customer Identification. OSFI examines samples of customer files to assess the quality of the systems used by banks so they ensure that prescribed customers’ identities are ascertained in accordance with prescribed measures. 2. Risk Assessment. OSFI analyses the risk assessment methodology of banks to assess how it identifies high risk customers, according to prescribed criteria. OSFI also examines samples of high risk customers’ files to assess the quality of the enhanced measures required to be applied to such customers. 3. Reporting to FINTRAC. OSFI assesses the process used by banks to flag potentially suspicious transactions and determine if they should be reported to FINTRAC. A similar assessment is made with respect to other transactions to be reported to FINTRAC (large cash transactions, electronic funds transfers, terrorist property). Apart from ML risk, as it relates to broader internal and external fraud risks, OSFI’s supervisory assessment involves institutions demonstrating that, on an on-going basis, their risk management (control) practices related to operational risk (which includes fraud risk) are commensurate with the nature, scope, complexity and risk profile of the institution. These assessments occur through significant activity reviews, as well as through regular monitoring processes, and include fraud such as rogue/unauthorized trading, credit card fraud, mortgage fraud, cyber-crime, etc. Such supervisory assessments are conducted by the Relationship Management teams and associated support groups (i.e., operational risk, credit risk, etc.). Where OSFI has concerns regarding the sufficiency of the controls and systems that are in place it will issue recommendations to the institution which will be monitored and followed up according to OSFI’s processes, including documentation in the “FUD” (see CPs 8 and 9). |
| EC8 | The supervisor has adequate powers to take action against a bank that does not comply with its obligations related to relevant laws and regulations regarding criminal activities. |
| Description and findings re EC8 | OSFI does not administer the PCMLTFA. (See also EC1). OSFI noted that sanctions fall into two categories. First those supervisory sanctions under the Bank Act (including “staging” and intervention and which can lead to agreements or orders of compliance as necessary). Staging has been used in respect of AML issues. However, the second category of sanctions is that of financial penalties which cannot be levied by OSFI but by FINTRAC pursuant to PCMLTFA. It is OSFI practice to ensure FINTRAC is copied in on all correspondence (recommendations/staging etc) to the banks and if compliance is not forthcoming then FINTRAC has the option of acting itself and banks are warned that FINTRAC may act. OSFI considers that this strategy has been extremely successful to date. |
| EC9 | The supervisor determines that banks have: |
| (a) | requirements for internal audit and/or external experts to independently evaluate the relevant risk management policies, processes and controls. The supervisor has access to their reports; |
| Description and findings re EC9(a) | Under the PCMLTFA, banks are required to audit (test for effectiveness) the following at least every two years:
OSFI assesses the content of Internal Audit reports in order to determine whether banks are testing policies, processes and controls adequately and in accordance with prescribed timelines. Consistent with the expectations of the Basel Committee’s Sound Practices paper and OSFI’s Supervisory Framework, OSFI expects internal audit and/or external experts to independently evaluate the relevant operational risk (including fraud) management policies, processes and controls. |
| (b) | established policies and processes to designate compliance officers at the banks’ management level, and appoint a relevant dedicated officer to whom potential abuses of the banks’ financial services (including suspicious transactions) are reported; |
| Description and findings re EC9(b) | Although there is no specific requirement to appoint a person to receive reports of suspicious transactions banks are required by the PCMLTFA to appoint a compliance officer who is responsible for the implementation of the bank’s compliance program. OSFI refers to this person as the Chief Anti- Money Laundering Officer (CAMLO). OSFI assesses the mandate, resources and operations of the CAMLO and his/her staff to determine whether the CAMLO appears to have adequate control over the AML/ATF program, including operations that are the responsibility of others within the bank. The expectation by OSFI is that the CAMLO will be of management status but this is not required. OSFI is more interested in ensuring that there is substance and the individual has the authority to get the job done. OSFI noted that there was expected to be a congruence between the banks approach to corporate governance and compliance in its AML functions. |
| (c) | adequate screening policies and processes to ensure high ethical and professional standards when hiring staff; or when entering into an agency or outsourcing relationship; and |
| Description and findings re EC9(c) | OSFI has set out in its Responsible Persons Guideline its expectations in respect of screening new Directors and Senior officers (referred to in the Guideline as “Responsible Persons”). In addition OSFI sets out its expectations regarding outsourcing relationships in its Guideline Outsourcing of Business Activities, Functions and Processes. OSFI analyzes the processes used by banks to comply with the Guideline by assessing employee files, and by evaluating the processes used to conduct background checks, and report to management and the Board on the results. |
| (d) | ongoing training programmes for their staff, including on CDD and methods to monitor and detect criminal and suspicious activities. |
| Description and findings re EC9(d) | Refer to EC9(a) above, which captures AML/ATF training programs. |
| EC10 | The supervisor determines that banks have and follow clear policies and processes for staff to report any problems related to the abuse of the banks’ financial services to either local management or the relevant dedicated officer or to both. The supervisor also determines that banks have and utilise adequate management information systems to provide the banks’ Boards, management and the dedicated officers with timely and appropriate information on such activities. |
| Description and findings re EC10 | With respect to the first part of this criterion, see above. With respect to reporting to the Board, OSFI’s AML/ATF Guideline sets out the expectations that banks report regularly to the Board on the overall program, as well as its effectiveness. OSFI examines reports to the Board as part of the assessment of AML/ATF controls. Other formal reporting mechanisms of suspicious activities and incidents of fraud, include:
|
| EC11 | Laws provide that a member of a bank’s staff who reports suspicious activity in good faith either internally or directly to the relevant authority cannot be held liable. |
| Description and findings re EC11 | Section 10 of the PCMLTFA provides as follows: “No criminal or civil proceedings lie against a person or an entity for making a report in good faith under section 7, 7.1 or 9, or for providing [FINTRAC] with information about suspicions of money laundering or of the financing of terrorist activities.” |
| EC12 | The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign financial sector supervisory authorities or shares with them information related to suspected or actual criminal activities where this information is for supervisory purposes. |
| Description and findings re EC12 | OSFI is one of several federal government agencies and departments that form the Illicit Financing Committee, under the leadership of the Department of Finance, which has overall responsibility for Canada’s AML/ATF regime. This committee meets regularly to discuss issues of policy addressing the risk of ML and TF in Canada. FINTRAC is responsible for ensuring compliance with the PCMLTFA. In 2004, OSFI and FINTRAC signed an MOU (following the granting of legislative authority) which allows OSFI to share information with FINTRAC about banks’ compliance with the PCMLTFA and its regulations. In the course of its AML/ATF assessment program OSFI does not normally identify actual or suspected criminal activity, but on the limited number of occasions when it does it requests the bank in question to make appropriate reporting disclosures to FINTRAC. OSFI also has MOUs with other regulators globally through which general supervisory information may be exchanged. More recently, OSFI has held supervisory colleges focused on AML (for five of its six systemic banks). There has been particular follow up on some of these banks and some regional regulators have participated particularly actively. |
| EC13 | Unless done by another authority, the supervisor has in-house resources with specialist expertise for addressing criminal activities. In this case, the supervisor regularly provides information on risks of money laundering and the financing of terrorism to the banks. |
| Description and findings re EC13 | As it relates to AML, OSFI is not a criminal investigative agency and does not have internal expertise to directly address criminal activities. OSFI would look to FINTRAC or the RCMP to provide this information to banks. OSFI has supervisory expertise to review the impact of fraud on banks. When additional technical or forensic expertise is required, independent third parties have been engaged to conduct technical reviews. |
| Assessment of Principle 29 | Largely Compliant |
| Comments | Canada is a member of the Financial Action Task Force (FATF). Its third mutual evaluation was undertaken in June 2007 and the mutual evaluation report (MER) was adopted in February 2008. Canada was placed in the FATF’s regular follow-up process and has reported back to the FATF in February 2009, February 2011, October 2011, October 2012 and February 2013. In order to exit the follow-up process Canada needs to demonstrate that three core and key recommendations that were rated PC or NC have improved to a level of C or LC. The recommendations in question relate to customer due diligence, supervisory standards and the financial investigation unit. In February 2013, the FATF determined that Canada will have improved all the core and key recommendations rated PC or NC to a level essentially equivalent to C or LC when Canada’s new CDD regulations come into force on February 1, 2014. Accordingly, Canada will come out of regular follow-up in February 2014. In terms of the assessment under the Basel Core Principles and the specific formulation of the criteria, compliance is achieved as no significant deficiencies are identified. Nevertheless there are areas in which greater clarity or focus are desirable. It is therefore recommended that OSFI explicitly states its expectation that banks’ compliance officer (CAMLO) is appointed at the management level. Additionally the Guideline (B-10) on Outsourcing of Business Activities, Functions and Processes more clearly deliver the requirement that the screening processes in place when the bank is entering into outsourcing relationships will ensure high ethical and professional standards. Additionally, although OSFI technically meets the requirement that the supervisor has adequate powers to take action against a bank, OSFI’s ability to apply sanctions (meaning penalty fines) is not in place. The staging process (see CPs 8, 9 and 11) delivers an effective sanctioning regime, but the sanctioning powers under the PCMLTFA are administered by FINTRAC. In this context it should be noted that cross country experience indicates the robustness of an AML/CFT system is heavily dependent on the effectiveness of the sanctions regime. OSFI’s practice is to ensure tight cooperation with FINTRAC so that the latter agency is fully aware of issues of concern and is able to act. Necessarily, however, OSFI cannot compel FINTRAC to act as the decision properly rests with FINTRAC itself. While such a regime encourages the close collaborative practices that OSFI and FINTRAC have developed, and while outcomes have been effective to date, there is scope for confusion, difference of interpretation or delay in action. Hence it is recommended that the Bank Act be revised to provide OSFI with powers to apply penalties. |
Summary Compliance with the Basel Core Principles
|
|
||
|---|---|---|
|
|
|
|
| 1. Responsibilities, objectives and powers | C | OSFI has the sole legal mandate for the supervision of banks in Canada. As an institution OSFI demonstrates a strong consciousness of its mandate and of working within the scope of its mandate at all times. The Bank Act, the main statute under which OSFI operates, provides OSFI with a wide range of powers that are essential to the performance of effective supervision and provides the framework within which OSFI sets and enforces the minimum prudential standards. The mandatory five-year revision to the Bank Act provides a legal framework with a ready capacity to be periodically updated to reflect the demands of the financial system and expectations placed on supervisory practice. |
| 2. Independence, accountability, resourcing and legal protection for supervisors | LC | OSFI is a government agency whose formal head is the Minister of Finance and hence, is subject to some governmental disciplines. Despite this structure, operational independence is clearly in evidence in OSFI’s practices and decision-making and is confirmed by all stakeholders including the industry. Nevertheless, the Bank Act could better distinguish OSFI’s and the Superintendent’s prudential responsibilities from those of the Minister, who must naturally take a separate range of considerations into account. The concern is to ensure that a veto on prudential grounds is securely in place regarding decisions that the Superintendent must make, such as those relating to change of control of a federally regulated bank or major acquisitions or investments made by such entities. |
| 3. Cooperation and collaboration | C | Cohesive cooperation and collaboration are the keynotes of OSFI’s relationships with relevant authorities. Federal level cooperation is supported by a common desire among the agencies and authorities to assure the safety and soundness of the Canadian financial system and its institutions. Cooperative arrangements are well established over decades and proved to be responsive and effective during the financial crisis. Foreign authorities comment very favourably on the quality of their interactions with OSFI. Moreover a number of regulatory authorities, both domestic and foreign, have turned to OSFI for technical assistance to develop their skills, confirming the degree of confidence invested in OSFI’s practices and standards. Nevertheless, there are weaknesses in the Canadian arrangements when considering the relationship between the federal and provincial authorities. touch points with the provincial regulators are less well developed and represent a potential frailty in an otherwise very well functioning system. In the specific context of the BCP assessment, which is an assessment of the federal level of supervision, it is important that there is full and free flow of information to ensure that OSFI has access to all the information it needs to carry out its mandate. |
| 4. Permissible activities | C | Under Canadian federal law a bank is an entity that is incorporated and regulated at the federal level. A bank, by definition, cannot exist at the provincial level. Canadian federal law does not, however, apply to all financial institutions that which may take deposits from the public. There are some institutions which are systemically significant for their provinces, notably Desjardins, the internationally active credit union group based in Québec, and Alberta Treasury Branches, which is a Crown incorporation owned and regulated by the province of Alberta. The BCP assessment focuses on the federal level in Canada and does not offer any assessment of the adequacy and appropriate laws, regulation and supervision applying to provincial deposit taking entities. However, it is clear that the scope of the federal system does not, and legally cannot, include all deposit- taking entities of significance. |
| 5. Licensing criteria | LC | Entry into the Canadian banking system is a carefully vetted process for domestically or foreign owned entities. OSFI’s risk tolerance around new entrants is low and focused on prudential and national security considerations as required by law. The criteria for licensing are established in law and articulated in OSFI guidelines and implemented through rigorous and well-executed policies and processes. Licensing is a two-step process, sometimes called a “two key” process in Canada. OSFI maintains prudential control over candidates for licensing as a bank meaning that although an applicant needs to obtain approval from both OSFI and the Minister in order to carry out business as a bank, the Minister’s approval is not and cannot be sought unless OSFI has already made a favourable prudential determination. Furthermore, the institution cannot commence business unless and until OSFI is satisfied that all prudential standards are met and the Superintendent issues the order to commence business. Standards established for licensing also apply for ongoing supervision except in one regard. OSFI does not, after licensing, carry out a fit and proper assessment of new directors and senior management on an ongoing basis. |
| 6. Transfer of significant ownership | LC | Banks must submit an annual “Return of Shareholders” but this filing does not always identify ultimate beneficial shareholders. There is no specific requirement for banks to notify OSFI of material adverse changes affecting the suitability of a major shareholder or controller. The risks related to both these notification issues is managed in the context of the supervisory relationship with the institution, and is, again, negligible in the context of the widely held banks but not necessarily so for smaller institutions. The issue of the “prudential veto” in respect of approvals granted by the Minister is relevant to this principle but is not reflected in the grading of this principle but in CP2 instead. |
| 7. Major acquisitions | C | The Bank Act sets clear limits upon and requirements for Ministerial approval of major acquisitions carried out by banks. Where an acquisition is subject to Ministerial approval, the regime of acquisition and investment is implemented through OSFI and the Minister. The preparation work for approval on prudential grounds is performed by OSFI and a recommendation to the Minister for approval is only put forward if OSFI is satisfied it is suitable to do so. In carrying out its assessment OSFI considers all the requirements of prudential soundness, including the future supervisability of the group following the acquisition. In common with the ownership regime discussed in CP6, it is unclear that there is a “prudential veto” securely in place and, as with CP6, this issue is reflected in the grading of CP2. There is no approval required for acquisitions made through a foreign or provincially regulated subsidiary. This is not required by the principle but exposes OSFI and the bank itself to the risk that acquisitions are approved by foreign regulator with differing standards or powers. |
| 8. Supervisory approach | C | OSFI has developed an excellent supervisory approach that supports the analysis of risk from multiple perspectives, in particular that of identifying the significant activities within the firm. The risk approach incorporates a forward looking time dimension. In particular the OSFI approach marries its risk analysis to a supervisory outcome that can be clearly communicated to the institution, through the use of the intervention rating and the “stages” of supervisory intensity should matters of concern emerge. |
| 9. Supervisory techniques and tools | C | OSFI has high standards of supervisory practice and a supervisory style and structure that is oriented around a close touch principle that is consistently delivered. This approach underpins OSFI’s ability to articulate and reinforce its supervisory expectations. OSFI is perceived as accessible to the industry and its willingness to listen was widely praised. While OSFI’s perceived lack of rigidity was appreciated, OSFI’s authority with the firms was confirmed. The close touch approach yields many benefits to OSFI in terms of supervisory outcomes but the challenge that always remains is that close understanding of the counterpart can lead to a loss of direction and momentum such that OSFI must guard against being slow to be assertive. |
| 10. Supervisory reporting | C | OSFI receives standard prudential data from firms as well as much management information and ad hoc data. Gaps in prudential data relate to large exposures and related party lending and are reflected in CPs 19 and 20, respectively. OSFI makes financial data on the banks publicly available on its website. OSFI’s emphasis on obtaining management information from firms is consistent with the supervisory approach that focuses on significant activities carried out by the firms. Necessarily, though, management information is less susceptible to peer group analysis (between entity and over time) as it is not standardized for purposes of comparison. OSFI has established process for regular review of reporting requirements, and should ensure that this process is keeping pace with needs. |
| 11. Corrective and sanctioning powers of supervisors | C | OSFI has a wide range of corrective and sanctioning powers under the Bank Act. OSFI’s mandate requires early intervention and OSFI has designed, in collaboration with the CDIC, a structured approach for applying progressively more intensive supervisory intervention. The intervention approach is predicated on OSFI’s direct powers, although OSFI’s preference is to obtain traction with the firm on a voluntary basis, where OSFI’s authority is underpinned by the existence of its legal powers. OSFI carries out its intervention carefully, with the understanding that it must build its legal case at each stage in the event it has recourse to the use of its powers. The “staging” process allows OSFI to intensify restrictions and requirements for an institution (limitation on business, higher capital etc) and it exerts a discipline on chief executives who must report to their boards that they have been staged. While this particular discipline of transparency may be less effective in smaller institutions, the financial consequences of restrictions, are likely to be felt. An institution might remain “staged” for a period of time as remedial action and OSFI’s further review cannot always be a rapid process. The challenge for OSFI is to maintain pressure on the institution to make meaningful progress over a credible and situation-specific appropriate timeline in order to exit staging (and not relapse in the near future). OSFI is conscious of this risk. |
| 12. Consolidated supervision | C | OSFI has a strong legal and regulatory framework for consolidated supervision that it applies consistently. OSFI is mindful of the distribution of risks throughout the group and the need for strong risk management, internal controls and flow of information within the consolidated groups. OSFI goes beyond the Basel framework by requiring solo entity information on the parent banks for the systemic banking groups in Canada but generally places less emphasis on the individual banks within groups, structuring its work around the concept of “significant activity”. Recent work on recovery and resolution planning though has required group structures to be scrutinized on legal entity basis and, by OSFI’s own admission has “shone a light” on issues that may need to be assessed on a prudential basis. |
| 13. Home-host relationships | C | OSFI has a more significant role as a home supervisor than a host supervisor and in some regions outside Canada, the major Canadian banks are systemic for the local economy. OSFI monitors the evolution and development of its banks in foreign territories and allocates supervisory resources accordingly. Home and host relationships appear to be strong in relation to significant overseas relationships and to function smoothly where Canadian banking presence may be strong locally, but is relatively minor in respect of the group’s activities. OSFI has witnessed the growing confidence and effectiveness of its collegiate relationships and is moving to target more specific themes. Work on crisis management, resolution and recovery is progressing, in coordination with the CDIC. |
| 14. Corporate governance | C | OSFI has a comprehensive program for supervision of corporate governance at large and smaller banks. Notable features of the approach include very regular contact with directors on both a formal and informal level, and a centralized unit responsible for corporate governance supervision. |
| 15. Risk management process | LC | OSFI’s practical implementation of risk management supervision is of a very high standard in terms of scope, depth and quality of analysis. Supervisors have a rigorous process for assessing and rating inherent risk and the quality of risk management and acting on any deficiencies. Specialist teams play an integral part in providing risk-based review and peer comparison. OSFI operates at a principles-based level and does not tend to issue extensive, detailed risk management guidance. While this approach is more flexible and potentially responsive to differing institutions and risks, OSFI could usefully provide a more comprehensive and consistent set of written guidance as to its expectations across all risk areas. The existing set of standards dealing with risk management is characterized by somewhat inconsistent format and application (guidelines vs. advisories), does not comprehensively cover all risk areas (credit risk, operational risk, problem asset management, concentrations and country risk) or limited in application (market risk). As a world-leading regulator it would be expected that OSFI would make available to banks a comprehensive suite of risk management standards, even if at a relatively high level or based largely on BCBS guidance. |
| 16. Capital adequacy | C | OSFI takes a proactive and conservative approach to capital adequacy. Supervisors regularly assess banks’ capital management and planning and use stress testing to assess the adequacy of capital on a regular basis. OSFI has fully adopted Basel II and Basel III and has accelerated the timeline for banks to implement the fully phased-in requirements. This approach should help maintain the reputation of Canadian banks as subject to a strong and conservative capital regime. In addition, OSFI has retained its own leverage ratio requirement in addition to the Basel risk-based ratios. Canada has also been one of the first countries to establish its regime for domestically systemically important banks (D-SIBs) consistent with the BCBS standard and to announce that it will impose a 1 percent capital surcharge, effective in 2016. Concerns regarding inconsistencies across countries in the internal modeling of capital requirements by banks have emerged as an international concern. OSFI has implemented a rigorous program to review and approve banks’ internal models. Some recent reviews of credit risk IRB modeling across banks in particular lending segments have found deficiencies in complying with OSFI expectations. This situation is not unusual for many countries, but calls into question whether banks had sufficient clarity about OSFI’s expectations. OSFI has significant model validation work underway including follow-up with banks on identified issues. Moreover, OSFI has been careful to communicate an overall message to banks that there will be no capital reductions from modeling without associated improvements in risk measurement and management. However, continued vigilance will be required in this area. |
| 17. Credit risk | C | OSFI’s credit risk supervision function is effective and forward-looking. Supervisors conduct regular detailed on-site review of banks’ significant and higher risk portfolios; any areas of emerging concern are investigated and action taken on rectification. OSFI and banks make active use of stress testing to evaluate the nature and size of risks in their portfolio. While OSFI has issued guidance on specific credit risk areas such as residential mortgages and valuations, as well as on capital requirements for credit risk, it does not have an overarching credit risk management guideline. Most regulators have issued broad supervisory guidance on credit risk management. |
| 18. Problem assets, provisions, and reserves | C | Supervisors review the appropriateness of loan classification and the speed of recognition during on-site credit risk reviews. Credit quality indicators for the industry and individual banks are closely monitored and reported to OSFI management and supervisors. Levels of problem assets in most lending segments remain low but attention to problem asset management processes is critical to detect and manage any early negative trends. Problem asset management appears to be well covered in on-site credit risk reviews, but little published guidance is available from OSFI. |
| 19. Concentration risk and large exposure limits | LC | Although concentration risk management is mentioned at a high level in guidance on stress testing and ICAAPs, in practice there was good evidence that OSFI Supervisors monitor concentrations individual bank portfolios and take action when concentrations appear excessive. Through its risk surveillance and monitoring unit, the risk specialist teams and the Emerging Risk Committee, OSFI has a strong capability for identifying and monitoring concentrations across the industry and ensuring that attention is focused on them through stress testing and cross-industry reviews. OSFI imposes a 25 percent of capital limit on large exposures. Although OSFI maintains a database of larger banks’ exposures above $10 million, there is no formal regulatory return for large exposure limit compliance reporting to supervisors covering all banks or a clear notification threshold for action or closer monitoring. In addition, the limit for subsidiary banks is substantially higher (100 percent of capital). |
| 20. Transactions with related parties | LC | By law transactions with related parties are prohibited with certain key exceptions. There are explicit board reporting and oversight requirements for related party transactions set out in the Bank Act. OSFI supervisors typically review a bank’s oversight of compliance obligations, generally on an annual basis. However, there is no formal regulatory return for reporting related party exposures more frequently to OSFI. In addition, the Bank Act limit on aggregate related party exposures to directors and officers of 50 percent of capital is very high relative to the limits on large exposures and international expectations. |
| 21. Country and transfer risks | C | OSFI supervisors monitor and ensure appropriate management of key country exposures of concern (for example, Eurozone, U.S. and Caribbean loan books). Supervisors of the large banks regularly obtain reports on banks’ largest foreign exposure concentrations. Although country risk management is covered under other guidance at a high level, OSFI has not issued specific guidance on the management of country and transfer risks that clarify and detail OSFI’s expectations. |
| 22. Market risk | C | OSFI’s market risk supervision program for large banks appears comprehensive and includes both on-site review of practices as well as detailed model review. |
| 23. Interest rate risk in the banking book | C | OSFI has issued guidance on interest rate risk management and banks are expected to reflect interest rate risk in their ICAAPs. Supervisors conduct regular off-site monitoring through standard reporting of interest rate shock impacts on earnings and capital. A proactive approach to interest risk management will, of course, be critical in a rising interest rate risk environment. |
| 24. Liquidity risk | C | OSFI has applied a strong focus on liquidity management since the financial crisis and has maintained this intensity. Banks have significantly increased their liquidity reserves and adopted more prudent funding profiles, relative to the start of the crisis. OSFI developed its own liquidity measure and has progressively raised the expectations on banks for maintaining a prudent level of liquid assets, moving toward compliance with the new Basel III measures as soon as possible and reducing reliance on short-term wholesale funding. Much of OSFI’s recent liquidity supervision for the large banks has been conducted through off-site monitoring. |
| 25. Operational risk | C | OSFI has a strong program for assessing operational risk management at banks. OSFI employs a dedicated operational risk team, which includes technology risk experts. It reviews banks’ operational risk framework with a view to promoting best practice, and conducts regular cross-industry reviews to highlight areas of potential concern, such as legacy systems and cyber risks. OSFI has relied explicitly on the BCBS Sound Practice guidance in setting expectations for banks, but has not issued its own overall guidance on operational risk. OSFI has issued guidance in targeted areas such as outsourcing. |
| 26. Internal control and audit | C | OSFI’s supervision program includes a high degree of interaction with the internal audit functions of banks and their reporting to the bank’s audit committee. Supervisors appear to have appropriately balanced oversight and use of internal audit work auditors without placing undue reliance on it. |
| 27. Financial reporting and external audit | C | OSFI supervisors have established strong ongoing communication channels with external auditors and are able to leverage their resources and expertise when needed. While auditors have a statutory duty to report to the bank and OSFI issues affecting the well being of the bank, the ‘well being letter’ requirements may not cover all matters of prudential interest to OSFI. In addition, the formal statutory nature of this requirement may hinder timely and open communication of matters of potential prudential concern. OSFI expects to require banks to adhere to the new BCBS guidance on external audit, which will include a more generalised reporting requirement on matters of prudential concern. |
| 28. Disclosure and transparency | C | OSFI has implemented all Pillar 3 requirements and has been proactive in including enhanced disclosure expectations for Canadian banks. Canadian D-SIBs will be expected to adopt the recommendations of the Financial Stability Board’s Enhanced Disclosure Task. Pillar 3 requirements have been issued in Advisories rather than a Guideline. Advisories provide OSFI with greater flexibility particularly for technical or policy matters subject to change. In keeping with OSFI’s leading practice in other areas, OSFI could provide greater financial and risk data in a more useable format for analysis by the public. The OSFI data access tool on its web site is not particularly user friendly, does not facilitate analysis (for example, over time or across peers) or flexible access (for example, via spreadsheet). Some other regulators publish substantially more information in time series format on bank performance and risk indicators at the aggregate and individual institution level. |
| 29. Abuse of financial services | LC | The last FATF review identified concerns in relation to FINTRAC’s supervisory practices and the lack of enforceable customer due diligence requirements in the PCMLTFA. In terms of the assessment under the Basel Core Principles and the specific formulation of the criteria, the test is not identical, however minor deficiencies remain including areas in which greater clarity or focus are desirable. |
|
|
||
|---|---|---|
|
|
|
|
| 1. Responsibilities, objectives and powers | C | OSFI has the sole legal mandate for the supervision of banks in Canada. As an institution OSFI demonstrates a strong consciousness of its mandate and of working within the scope of its mandate at all times. The Bank Act, the main statute under which OSFI operates, provides OSFI with a wide range of powers that are essential to the performance of effective supervision and provides the framework within which OSFI sets and enforces the minimum prudential standards. The mandatory five-year revision to the Bank Act provides a legal framework with a ready capacity to be periodically updated to reflect the demands of the financial system and expectations placed on supervisory practice. |
| 2. Independence, accountability, resourcing and legal protection for supervisors | LC | OSFI is a government agency whose formal head is the Minister of Finance and hence, is subject to some governmental disciplines. Despite this structure, operational independence is clearly in evidence in OSFI’s practices and decision-making and is confirmed by all stakeholders including the industry. Nevertheless, the Bank Act could better distinguish OSFI’s and the Superintendent’s prudential responsibilities from those of the Minister, who must naturally take a separate range of considerations into account. The concern is to ensure that a veto on prudential grounds is securely in place regarding decisions that the Superintendent must make, such as those relating to change of control of a federally regulated bank or major acquisitions or investments made by such entities. |
| 3. Cooperation and collaboration | C | Cohesive cooperation and collaboration are the keynotes of OSFI’s relationships with relevant authorities. Federal level cooperation is supported by a common desire among the agencies and authorities to assure the safety and soundness of the Canadian financial system and its institutions. Cooperative arrangements are well established over decades and proved to be responsive and effective during the financial crisis. Foreign authorities comment very favourably on the quality of their interactions with OSFI. Moreover a number of regulatory authorities, both domestic and foreign, have turned to OSFI for technical assistance to develop their skills, confirming the degree of confidence invested in OSFI’s practices and standards. Nevertheless, there are weaknesses in the Canadian arrangements when considering the relationship between the federal and provincial authorities. touch points with the provincial regulators are less well developed and represent a potential frailty in an otherwise very well functioning system. In the specific context of the BCP assessment, which is an assessment of the federal level of supervision, it is important that there is full and free flow of information to ensure that OSFI has access to all the information it needs to carry out its mandate. |
| 4. Permissible activities | C | Under Canadian federal law a bank is an entity that is incorporated and regulated at the federal level. A bank, by definition, cannot exist at the provincial level. Canadian federal law does not, however, apply to all financial institutions that which may take deposits from the public. There are some institutions which are systemically significant for their provinces, notably Desjardins, the internationally active credit union group based in Québec, and Alberta Treasury Branches, which is a Crown incorporation owned and regulated by the province of Alberta. The BCP assessment focuses on the federal level in Canada and does not offer any assessment of the adequacy and appropriate laws, regulation and supervision applying to provincial deposit taking entities. However, it is clear that the scope of the federal system does not, and legally cannot, include all deposit- taking entities of significance. |
| 5. Licensing criteria | LC | Entry into the Canadian banking system is a carefully vetted process for domestically or foreign owned entities. OSFI’s risk tolerance around new entrants is low and focused on prudential and national security considerations as required by law. The criteria for licensing are established in law and articulated in OSFI guidelines and implemented through rigorous and well-executed policies and processes. Licensing is a two-step process, sometimes called a “two key” process in Canada. OSFI maintains prudential control over candidates for licensing as a bank meaning that although an applicant needs to obtain approval from both OSFI and the Minister in order to carry out business as a bank, the Minister’s approval is not and cannot be sought unless OSFI has already made a favourable prudential determination. Furthermore, the institution cannot commence business unless and until OSFI is satisfied that all prudential standards are met and the Superintendent issues the order to commence business. Standards established for licensing also apply for ongoing supervision except in one regard. OSFI does not, after licensing, carry out a fit and proper assessment of new directors and senior management on an ongoing basis. |
| 6. Transfer of significant ownership | LC | Banks must submit an annual “Return of Shareholders” but this filing does not always identify ultimate beneficial shareholders. There is no specific requirement for banks to notify OSFI of material adverse changes affecting the suitability of a major shareholder or controller. The risks related to both these notification issues is managed in the context of the supervisory relationship with the institution, and is, again, negligible in the context of the widely held banks but not necessarily so for smaller institutions. The issue of the “prudential veto” in respect of approvals granted by the Minister is relevant to this principle but is not reflected in the grading of this principle but in CP2 instead. |
| 7. Major acquisitions | C | The Bank Act sets clear limits upon and requirements for Ministerial approval of major acquisitions carried out by banks. Where an acquisition is subject to Ministerial approval, the regime of acquisition and investment is implemented through OSFI and the Minister. The preparation work for approval on prudential grounds is performed by OSFI and a recommendation to the Minister for approval is only put forward if OSFI is satisfied it is suitable to do so. In carrying out its assessment OSFI considers all the requirements of prudential soundness, including the future supervisability of the group following the acquisition. In common with the ownership regime discussed in CP6, it is unclear that there is a “prudential veto” securely in place and, as with CP6, this issue is reflected in the grading of CP2. There is no approval required for acquisitions made through a foreign or provincially regulated subsidiary. This is not required by the principle but exposes OSFI and the bank itself to the risk that acquisitions are approved by foreign regulator with differing standards or powers. |
| 8. Supervisory approach | C | OSFI has developed an excellent supervisory approach that supports the analysis of risk from multiple perspectives, in particular that of identifying the significant activities within the firm. The risk approach incorporates a forward looking time dimension. In particular the OSFI approach marries its risk analysis to a supervisory outcome that can be clearly communicated to the institution, through the use of the intervention rating and the “stages” of supervisory intensity should matters of concern emerge. |
| 9. Supervisory techniques and tools | C | OSFI has high standards of supervisory practice and a supervisory style and structure that is oriented around a close touch principle that is consistently delivered. This approach underpins OSFI’s ability to articulate and reinforce its supervisory expectations. OSFI is perceived as accessible to the industry and its willingness to listen was widely praised. While OSFI’s perceived lack of rigidity was appreciated, OSFI’s authority with the firms was confirmed. The close touch approach yields many benefits to OSFI in terms of supervisory outcomes but the challenge that always remains is that close understanding of the counterpart can lead to a loss of direction and momentum such that OSFI must guard against being slow to be assertive. |
| 10. Supervisory reporting | C | OSFI receives standard prudential data from firms as well as much management information and ad hoc data. Gaps in prudential data relate to large exposures and related party lending and are reflected in CPs 19 and 20, respectively. OSFI makes financial data on the banks publicly available on its website. OSFI’s emphasis on obtaining management information from firms is consistent with the supervisory approach that focuses on significant activities carried out by the firms. Necessarily, though, management information is less susceptible to peer group analysis (between entity and over time) as it is not standardized for purposes of comparison. OSFI has established process for regular review of reporting requirements, and should ensure that this process is keeping pace with needs. |
| 11. Corrective and sanctioning powers of supervisors | C | OSFI has a wide range of corrective and sanctioning powers under the Bank Act. OSFI’s mandate requires early intervention and OSFI has designed, in collaboration with the CDIC, a structured approach for applying progressively more intensive supervisory intervention. The intervention approach is predicated on OSFI’s direct powers, although OSFI’s preference is to obtain traction with the firm on a voluntary basis, where OSFI’s authority is underpinned by the existence of its legal powers. OSFI carries out its intervention carefully, with the understanding that it must build its legal case at each stage in the event it has recourse to the use of its powers. The “staging” process allows OSFI to intensify restrictions and requirements for an institution (limitation on business, higher capital etc) and it exerts a discipline on chief executives who must report to their boards that they have been staged. While this particular discipline of transparency may be less effective in smaller institutions, the financial consequences of restrictions, are likely to be felt. An institution might remain “staged” for a period of time as remedial action and OSFI’s further review cannot always be a rapid process. The challenge for OSFI is to maintain pressure on the institution to make meaningful progress over a credible and situation-specific appropriate timeline in order to exit staging (and not relapse in the near future). OSFI is conscious of this risk. |
| 12. Consolidated supervision | C | OSFI has a strong legal and regulatory framework for consolidated supervision that it applies consistently. OSFI is mindful of the distribution of risks throughout the group and the need for strong risk management, internal controls and flow of information within the consolidated groups. OSFI goes beyond the Basel framework by requiring solo entity information on the parent banks for the systemic banking groups in Canada but generally places less emphasis on the individual banks within groups, structuring its work around the concept of “significant activity”. Recent work on recovery and resolution planning though has required group structures to be scrutinized on legal entity basis and, by OSFI’s own admission has “shone a light” on issues that may need to be assessed on a prudential basis. |
| 13. Home-host relationships | C | OSFI has a more significant role as a home supervisor than a host supervisor and in some regions outside Canada, the major Canadian banks are systemic for the local economy. OSFI monitors the evolution and development of its banks in foreign territories and allocates supervisory resources accordingly. Home and host relationships appear to be strong in relation to significant overseas relationships and to function smoothly where Canadian banking presence may be strong locally, but is relatively minor in respect of the group’s activities. OSFI has witnessed the growing confidence and effectiveness of its collegiate relationships and is moving to target more specific themes. Work on crisis management, resolution and recovery is progressing, in coordination with the CDIC. |
| 14. Corporate governance | C | OSFI has a comprehensive program for supervision of corporate governance at large and smaller banks. Notable features of the approach include very regular contact with directors on both a formal and informal level, and a centralized unit responsible for corporate governance supervision. |
| 15. Risk management process | LC | OSFI’s practical implementation of risk management supervision is of a very high standard in terms of scope, depth and quality of analysis. Supervisors have a rigorous process for assessing and rating inherent risk and the quality of risk management and acting on any deficiencies. Specialist teams play an integral part in providing risk-based review and peer comparison. OSFI operates at a principles-based level and does not tend to issue extensive, detailed risk management guidance. While this approach is more flexible and potentially responsive to differing institutions and risks, OSFI could usefully provide a more comprehensive and consistent set of written guidance as to its expectations across all risk areas. The existing set of standards dealing with risk management is characterized by somewhat inconsistent format and application (guidelines vs. advisories), does not comprehensively cover all risk areas (credit risk, operational risk, problem asset management, concentrations and country risk) or limited in application (market risk). As a world-leading regulator it would be expected that OSFI would make available to banks a comprehensive suite of risk management standards, even if at a relatively high level or based largely on BCBS guidance. |
| 16. Capital adequacy | C | OSFI takes a proactive and conservative approach to capital adequacy. Supervisors regularly assess banks’ capital management and planning and use stress testing to assess the adequacy of capital on a regular basis. OSFI has fully adopted Basel II and Basel III and has accelerated the timeline for banks to implement the fully phased-in requirements. This approach should help maintain the reputation of Canadian banks as subject to a strong and conservative capital regime. In addition, OSFI has retained its own leverage ratio requirement in addition to the Basel risk-based ratios. Canada has also been one of the first countries to establish its regime for domestically systemically important banks (D-SIBs) consistent with the BCBS standard and to announce that it will impose a 1 percent capital surcharge, effective in 2016. Concerns regarding inconsistencies across countries in the internal modeling of capital requirements by banks have emerged as an international concern. OSFI has implemented a rigorous program to review and approve banks’ internal models. Some recent reviews of credit risk IRB modeling across banks in particular lending segments have found deficiencies in complying with OSFI expectations. This situation is not unusual for many countries, but calls into question whether banks had sufficient clarity about OSFI’s expectations. OSFI has significant model validation work underway including follow-up with banks on identified issues. Moreover, OSFI has been careful to communicate an overall message to banks that there will be no capital reductions from modeling without associated improvements in risk measurement and management. However, continued vigilance will be required in this area. |
| 17. Credit risk | C | OSFI’s credit risk supervision function is effective and forward-looking. Supervisors conduct regular detailed on-site review of banks’ significant and higher risk portfolios; any areas of emerging concern are investigated and action taken on rectification. OSFI and banks make active use of stress testing to evaluate the nature and size of risks in their portfolio. While OSFI has issued guidance on specific credit risk areas such as residential mortgages and valuations, as well as on capital requirements for credit risk, it does not have an overarching credit risk management guideline. Most regulators have issued broad supervisory guidance on credit risk management. |
| 18. Problem assets, provisions, and reserves | C | Supervisors review the appropriateness of loan classification and the speed of recognition during on-site credit risk reviews. Credit quality indicators for the industry and individual banks are closely monitored and reported to OSFI management and supervisors. Levels of problem assets in most lending segments remain low but attention to problem asset management processes is critical to detect and manage any early negative trends. Problem asset management appears to be well covered in on-site credit risk reviews, but little published guidance is available from OSFI. |
| 19. Concentration risk and large exposure limits | LC | Although concentration risk management is mentioned at a high level in guidance on stress testing and ICAAPs, in practice there was good evidence that OSFI Supervisors monitor concentrations individual bank portfolios and take action when concentrations appear excessive. Through its risk surveillance and monitoring unit, the risk specialist teams and the Emerging Risk Committee, OSFI has a strong capability for identifying and monitoring concentrations across the industry and ensuring that attention is focused on them through stress testing and cross-industry reviews. OSFI imposes a 25 percent of capital limit on large exposures. Although OSFI maintains a database of larger banks’ exposures above $10 million, there is no formal regulatory return for large exposure limit compliance reporting to supervisors covering all banks or a clear notification threshold for action or closer monitoring. In addition, the limit for subsidiary banks is substantially higher (100 percent of capital). |
| 20. Transactions with related parties | LC | By law transactions with related parties are prohibited with certain key exceptions. There are explicit board reporting and oversight requirements for related party transactions set out in the Bank Act. OSFI supervisors typically review a bank’s oversight of compliance obligations, generally on an annual basis. However, there is no formal regulatory return for reporting related party exposures more frequently to OSFI. In addition, the Bank Act limit on aggregate related party exposures to directors and officers of 50 percent of capital is very high relative to the limits on large exposures and international expectations. |
| 21. Country and transfer risks | C | OSFI supervisors monitor and ensure appropriate management of key country exposures of concern (for example, Eurozone, U.S. and Caribbean loan books). Supervisors of the large banks regularly obtain reports on banks’ largest foreign exposure concentrations. Although country risk management is covered under other guidance at a high level, OSFI has not issued specific guidance on the management of country and transfer risks that clarify and detail OSFI’s expectations. |
| 22. Market risk | C | OSFI’s market risk supervision program for large banks appears comprehensive and includes both on-site review of practices as well as detailed model review. |
| 23. Interest rate risk in the banking book | C | OSFI has issued guidance on interest rate risk management and banks are expected to reflect interest rate risk in their ICAAPs. Supervisors conduct regular off-site monitoring through standard reporting of interest rate shock impacts on earnings and capital. A proactive approach to interest risk management will, of course, be critical in a rising interest rate risk environment. |
| 24. Liquidity risk | C | OSFI has applied a strong focus on liquidity management since the financial crisis and has maintained this intensity. Banks have significantly increased their liquidity reserves and adopted more prudent funding profiles, relative to the start of the crisis. OSFI developed its own liquidity measure and has progressively raised the expectations on banks for maintaining a prudent level of liquid assets, moving toward compliance with the new Basel III measures as soon as possible and reducing reliance on short-term wholesale funding. Much of OSFI’s recent liquidity supervision for the large banks has been conducted through off-site monitoring. |
| 25. Operational risk | C | OSFI has a strong program for assessing operational risk management at banks. OSFI employs a dedicated operational risk team, which includes technology risk experts. It reviews banks’ operational risk framework with a view to promoting best practice, and conducts regular cross-industry reviews to highlight areas of potential concern, such as legacy systems and cyber risks. OSFI has relied explicitly on the BCBS Sound Practice guidance in setting expectations for banks, but has not issued its own overall guidance on operational risk. OSFI has issued guidance in targeted areas such as outsourcing. |
| 26. Internal control and audit | C | OSFI’s supervision program includes a high degree of interaction with the internal audit functions of banks and their reporting to the bank’s audit committee. Supervisors appear to have appropriately balanced oversight and use of internal audit work auditors without placing undue reliance on it. |
| 27. Financial reporting and external audit | C | OSFI supervisors have established strong ongoing communication channels with external auditors and are able to leverage their resources and expertise when needed. While auditors have a statutory duty to report to the bank and OSFI issues affecting the well being of the bank, the ‘well being letter’ requirements may not cover all matters of prudential interest to OSFI. In addition, the formal statutory nature of this requirement may hinder timely and open communication of matters of potential prudential concern. OSFI expects to require banks to adhere to the new BCBS guidance on external audit, which will include a more generalised reporting requirement on matters of prudential concern. |
| 28. Disclosure and transparency | C | OSFI has implemented all Pillar 3 requirements and has been proactive in including enhanced disclosure expectations for Canadian banks. Canadian D-SIBs will be expected to adopt the recommendations of the Financial Stability Board’s Enhanced Disclosure Task. Pillar 3 requirements have been issued in Advisories rather than a Guideline. Advisories provide OSFI with greater flexibility particularly for technical or policy matters subject to change. In keeping with OSFI’s leading practice in other areas, OSFI could provide greater financial and risk data in a more useable format for analysis by the public. The OSFI data access tool on its web site is not particularly user friendly, does not facilitate analysis (for example, over time or across peers) or flexible access (for example, via spreadsheet). Some other regulators publish substantially more information in time series format on bank performance and risk indicators at the aggregate and individual institution level. |
| 29. Abuse of financial services | LC | The last FATF review identified concerns in relation to FINTRAC’s supervisory practices and the lack of enforceable customer due diligence requirements in the PCMLTFA. In terms of the assessment under the Basel Core Principles and the specific formulation of the criteria, the test is not identical, however minor deficiencies remain including areas in which greater clarity or focus are desirable. |
Recommended Actions to Improve Compliance with the Basel Core Principles and the Effectiveness of Regulatory and Supervisory Frameworks
|
|
|
|---|---|
| CP1 | It is recommended that ways be explored to strengthen the enforceability of guidelines through statutory changes to the powers of OSFI under the Bank Act. It is further recommended that consideration be given to whether there are any key prudential standards that would benefit from a migration to the format of a regulation. |
| CP2 | It is recommended that the authorities codify the “prudential veto” clearly in the Bank Act in respect of all approvals in which prudential considerations are relevant (for example, transfer of ownership and investment). It is recommended that the authorities consider exempting the supervisors from the government’s fiscal controls and administrative guidance, as in the case of some other financial agencies, in order to enhance OSFI’s financial autonomy. |
| CP3 | It is recommended that more frequent and structured arrangements, modeled perhaps on current formats, are put in place to ensure that relevant information is shared actively and proactively as necessary between provincial and federal authorities, rather than only on request, in order to enhance firm- and group-specific supervision and wider systemic understanding. |
| CP4 | The scope of the federal system does not, and cannot under current law, encompass all deposit-taking entities of significance. The relevant Canadian authorities should assess and as necessary revise laws and arrangements to ensure the soundness and stability of the entire financial system within Canada, and not only the federal aspect of that system. |
| CP5 | OSFI should institute a policy of assessing the fitness and properness of all new board members and new senior management executives. |
| CP6 | OSFI should consider a standardized form for the annual reporting of shareholdings and should institute an annual check on ultimate beneficial ownership on all institutions in order to obtain comfort that OSFI will have timely notification should indirect holdings or changes in ownership and control—whether increasing or decreasing—take place. There should be a specific requirement for banks to notify OSFI of material adverse changes affecting the suitability of a major shareholder or controller. It is recommended that at a minimum OSFI introduce an explicit reporting requirement. If necessary, a requirement to file such a report to the Superintendent could be included in the next revision of the Bank Act. |
| CP7 | It is recommended that the Bank Act be amended to introduce an approval, or at minimum, notification requirement to OSFI when an acquisition is made through a foreign or provincially-regulated subsidiary. |
| CP8 | It is recommended that OSFI intensify its analysis of groups from a legal entity based perspective to complement the understanding yielded by the examination of significant activities. OSFI should also review the effectiveness of its communication and coordination with non-bank regulators for entities within the consolidated groups. |
| CP9 | It is recommended that OSFI consider whether its internal monitoring systems could be enhanced to further support the overarching, and risk-focused view of the institution to ensure timely actions and progress. A requirement should be introduced, through amendment to the Bank Act or otherwise, for a bank to notify OSFI in advance of any material adverse development in the institution. |
| CP10 | It is recommended that OSFI review its prudential data needs to support ongoing supervision, taking into account particularly recent work on recovery and resolution planning which places greater focus on the individual legal entities. |
| CP11 | It is recommended that OSFI institute post facto reviews of staging cases in addition to interim reviews in order to identify how best to ensure appropriate momentum through the staging phase. The authorities should consider whether further legal authority or powers are required to enable them to move more promptly to address situations where a bank’s business model is deemed or proved to be non-viable over a period of time. |
| CP12 | OFSI should require solo data for all regulated banks within the consolidated banking groups where this is not already the practice. It is recommended that OSFI require periodic data on intra-group transactions. OSFI should formalize its policy to always make access to parental data and notification of material parental business and governance changes a condition of licensing for those instances where the parent entity is not a regulated entity. |
| CP13 | It is recommended that in its recovery planning, OSFI consider and anticipate the potential needs in a crisis of supervisors in jurisdictions where the Canadian entity is material. |
| CP15 | OSFI should review its current set of prudential Guidelines relating to risk management against international standards and other OSFI prudential expectations and issue expanded or new guidance to close any identified gaps, particularly in areas such as credit risk. |
| CP16 | Over time, OSFI may wish to consider whether the D-SIB capital surcharge should differ across banks according to their risk or systemic importance. It is recommended that OSFI seek a formal BCBS Basel III FAQ to be published regarding the ‘purchase for cancellation’ provision for Additional Tier 1 and Tier 2 capital instruments. |
| CP17 | As discussed under BCP 15, OSFI should develop comprehensive guidance on credit risk management in line with international standards to ensure its expectations and minimum standards are well understood. |
| CP18 | OSFI should consider setting out its expectations with respect to problem asset management in comprehensive guidance on credit risk management, as discussed in BCP 15 and BCP 17. |
| CP19 | It is recommended that OSFI strengthen its large exposure reporting and monitoring regime to include, for example, regular regulatory reporting of compliance and notification of exposures greater than a specified level of capital. OSFI’s Large Exposure Guideline dates from 1994 and OSFI should consider updating its guidance in light of the BCBS project currently underway and to cover concentration risks more generally. OSFI should also reconsider whether the higher exposure limit for subsidiary banks continues to be appropriate. |
| CP20 | OSFI should establish a more formalized regime, including regular regulatory reporting, for monitoring related-party transactions. In addition, OSFI should consider whether the Bank Act limit on aggregate related party exposures of 50 percent of capital to directors and officers should be lowered to a level more consistent with the limits on large exposures. |
| CP21 | OSFI should consider issuing guidance documenting its expectations for the management of country and transfer risks. |
| CP22 | OSFI should consider clarifying its market risk management expectations for foreign bank branches and banks with small or no trading books, which are not subject to the Capital Adequacy Requirement Guideline on Market Risk. |
| CP24 | OSFI should ensure that, even with significant off-site analysis, reporting and review occurring, supervisors maintain regular on-site coverage of liquidity risk management to verify the effective application of policies and controls in practice. |
| CP25 | OSFI should consider issuing more comprehensive guidance on setting out its expectations for operational risk management and covering areas such as business continuity expectations. |
| CP28 | As OSFI and the banks view Pillar 3 requirements as minimum required disclosure practice, OSFI should consider issuing Pillar 3 requirements in Guideline format. OSFI may wish to review best practices in other countries and consider publication of time series data sourced from its regulatory returns that would enhance the public understanding of banks’ operations and risk profile. |
| CP29 | It is recommended that OSFI explicitly state its expectation that banks’ compliance officer (CAMLO) is appointed at the management level. It is also recommended that Guideline (B-10) on Outsourcing of Business Activities, Functions and Processes be amended to more clearly establish the requirement that the screening processes that are in place when the bank is entering into outsourcing relationships will ensure high ethical and professional standards. |
|
|
|
|---|---|
| CP1 | It is recommended that ways be explored to strengthen the enforceability of guidelines through statutory changes to the powers of OSFI under the Bank Act. It is further recommended that consideration be given to whether there are any key prudential standards that would benefit from a migration to the format of a regulation. |
| CP2 | It is recommended that the authorities codify the “prudential veto” clearly in the Bank Act in respect of all approvals in which prudential considerations are relevant (for example, transfer of ownership and investment). It is recommended that the authorities consider exempting the supervisors from the government’s fiscal controls and administrative guidance, as in the case of some other financial agencies, in order to enhance OSFI’s financial autonomy. |
| CP3 | It is recommended that more frequent and structured arrangements, modeled perhaps on current formats, are put in place to ensure that relevant information is shared actively and proactively as necessary between provincial and federal authorities, rather than only on request, in order to enhance firm- and group-specific supervision and wider systemic understanding. |
| CP4 | The scope of the federal system does not, and cannot under current law, encompass all deposit-taking entities of significance. The relevant Canadian authorities should assess and as necessary revise laws and arrangements to ensure the soundness and stability of the entire financial system within Canada, and not only the federal aspect of that system. |
| CP5 | OSFI should institute a policy of assessing the fitness and properness of all new board members and new senior management executives. |
| CP6 | OSFI should consider a standardized form for the annual reporting of shareholdings and should institute an annual check on ultimate beneficial ownership on all institutions in order to obtain comfort that OSFI will have timely notification should indirect holdings or changes in ownership and control—whether increasing or decreasing—take place. There should be a specific requirement for banks to notify OSFI of material adverse changes affecting the suitability of a major shareholder or controller. It is recommended that at a minimum OSFI introduce an explicit reporting requirement. If necessary, a requirement to file such a report to the Superintendent could be included in the next revision of the Bank Act. |
| CP7 | It is recommended that the Bank Act be amended to introduce an approval, or at minimum, notification requirement to OSFI when an acquisition is made through a foreign or provincially-regulated subsidiary. |
| CP8 | It is recommended that OSFI intensify its analysis of groups from a legal entity based perspective to complement the understanding yielded by the examination of significant activities. OSFI should also review the effectiveness of its communication and coordination with non-bank regulators for entities within the consolidated groups. |
| CP9 | It is recommended that OSFI consider whether its internal monitoring systems could be enhanced to further support the overarching, and risk-focused view of the institution to ensure timely actions and progress. A requirement should be introduced, through amendment to the Bank Act or otherwise, for a bank to notify OSFI in advance of any material adverse development in the institution. |
| CP10 | It is recommended that OSFI review its prudential data needs to support ongoing supervision, taking into account particularly recent work on recovery and resolution planning which places greater focus on the individual legal entities. |
| CP11 | It is recommended that OSFI institute post facto reviews of staging cases in addition to interim reviews in order to identify how best to ensure appropriate momentum through the staging phase. The authorities should consider whether further legal authority or powers are required to enable them to move more promptly to address situations where a bank’s business model is deemed or proved to be non-viable over a period of time. |
| CP12 | OFSI should require solo data for all regulated banks within the consolidated banking groups where this is not already the practice. It is recommended that OSFI require periodic data on intra-group transactions. OSFI should formalize its policy to always make access to parental data and notification of material parental business and governance changes a condition of licensing for those instances where the parent entity is not a regulated entity. |
| CP13 | It is recommended that in its recovery planning, OSFI consider and anticipate the potential needs in a crisis of supervisors in jurisdictions where the Canadian entity is material. |
| CP15 | OSFI should review its current set of prudential Guidelines relating to risk management against international standards and other OSFI prudential expectations and issue expanded or new guidance to close any identified gaps, particularly in areas such as credit risk. |
| CP16 | Over time, OSFI may wish to consider whether the D-SIB capital surcharge should differ across banks according to their risk or systemic importance. It is recommended that OSFI seek a formal BCBS Basel III FAQ to be published regarding the ‘purchase for cancellation’ provision for Additional Tier 1 and Tier 2 capital instruments. |
| CP17 | As discussed under BCP 15, OSFI should develop comprehensive guidance on credit risk management in line with international standards to ensure its expectations and minimum standards are well understood. |
| CP18 | OSFI should consider setting out its expectations with respect to problem asset management in comprehensive guidance on credit risk management, as discussed in BCP 15 and BCP 17. |
| CP19 | It is recommended that OSFI strengthen its large exposure reporting and monitoring regime to include, for example, regular regulatory reporting of compliance and notification of exposures greater than a specified level of capital. OSFI’s Large Exposure Guideline dates from 1994 and OSFI should consider updating its guidance in light of the BCBS project currently underway and to cover concentration risks more generally. OSFI should also reconsider whether the higher exposure limit for subsidiary banks continues to be appropriate. |
| CP20 | OSFI should establish a more formalized regime, including regular regulatory reporting, for monitoring related-party transactions. In addition, OSFI should consider whether the Bank Act limit on aggregate related party exposures of 50 percent of capital to directors and officers should be lowered to a level more consistent with the limits on large exposures. |
| CP21 | OSFI should consider issuing guidance documenting its expectations for the management of country and transfer risks. |
| CP22 | OSFI should consider clarifying its market risk management expectations for foreign bank branches and banks with small or no trading books, which are not subject to the Capital Adequacy Requirement Guideline on Market Risk. |
| CP24 | OSFI should ensure that, even with significant off-site analysis, reporting and review occurring, supervisors maintain regular on-site coverage of liquidity risk management to verify the effective application of policies and controls in practice. |
| CP25 | OSFI should consider issuing more comprehensive guidance on setting out its expectations for operational risk management and covering areas such as business continuity expectations. |
| CP28 | As OSFI and the banks view Pillar 3 requirements as minimum required disclosure practice, OSFI should consider issuing Pillar 3 requirements in Guideline format. OSFI may wish to review best practices in other countries and consider publication of time series data sourced from its regulatory returns that would enhance the public understanding of banks’ operations and risk profile. |
| CP29 | It is recommended that OSFI explicitly state its expectation that banks’ compliance officer (CAMLO) is appointed at the management level. It is also recommended that Guideline (B-10) on Outsourcing of Business Activities, Functions and Processes be amended to more clearly establish the requirement that the screening processes that are in place when the bank is entering into outsourcing relationships will ensure high ethical and professional standards. |
Authorities’ Response
The Canadian authorities wish to express their appreciation to the IMF and its assessment team for their assessment of the Canadian banking sector. The Canadian authorities share the view that Canada, primarily through the Office of the Superintendent of Financial Institutions (OSFI), has a very high level of observance with the Basel Core Principles for Effective Banking Supervision (BCPs).
Canada is highly committed to the FSAP process and the insights that the IMF can provide with respect to a country’s financial sector through this process. Canada fully agrees that it is important to continually review and seek to improve the regulatory framework and supervision practices.
The IMF has made a number of observations and recommendations, which could further enhance the very high degree of compliance with the BCPs. These will be given consideration by the relevant Canadian authorities, having due regard to the various initiatives currently planned or underway, and taking into account the features of the Canadian regime that contributed to the performance of the Canadian banking system during and post-crisis.
1
The assessment team comprised Katharine Seal (IMF) and Heidi Richards (Australian Prudential Regulation Authority, Consultant).
2
Source: Bank of Canada.
3
The shadow banking system is referred to as market-based financing activities by the authorities to highlight the large involvement of regulated financial institutions (in repos or money market funds for example) and government entities (in mortgage securitization).
4
CDIC’s mandate, responsibilities and objectives are set out in the Canada Deposit Insurance Corporation Act.
5
Bank of Canada’s mandate, responsibilities and objectives are governed by the Bank of Canada Act.
6
FCAC’s mandate, responsibilities and objectives are set out in the Financial Consumer Agency of Canada Act.
7
FINTRAC’s mandate, responsibilities and objectives are governed by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. OSFI conducts reviews of banks’ policies and procedures to ensure compliance with anti-money laundering and anti-terrorist financing legislation.
8
A separate agency (FCAC) has been created and mandated with overseeing compliance with consumer provisions, all of which are clearly identified as such in the Bank Act and FCAC Act. There is a legislated delineation between the separate OSFI and FCAC mandates and both agencies are separately accountable to the Minister of Finance.
9
A one-year extension was approved by the Parliament of Canada in 2006.
10
A small portion of OSFI’s budget relating to certain functions performed by the Office of the Chief Actuary is dependent on appropriations, but these functions are not connected to the supervision of financial institutions.
11
The terms “during good behaviour” and “during pleasure” are principles of Canadian law that describe different types of appointments.
12
These conflict of interest measures also apply to anyone appointed to the position of Superintendent in accordance with subsection 5(5) of the OSFI Act (i.e., in the Superintendent’s absence or incapacity).
13
Please refer to CP3 and CP1 further details on the FISC.
14
For example, the
15
To facilitate discussion, the OSFI Act and the Bank Act provide for the exchange and protection of confidential information between these bodies.
16
Unless otherwise indicated, all references to sections, subsections or paragraphs are in relation to the Bank Act.
17
Unless otherwise indicated, all references to sections, subsections or paragraphs are in relation to the Bank Act.
18
The Composite Risk Rating is an assessment of an institution’s risk profile after considering the risk inherent in significant activities, the quality of risk management, and earnings, capital and liquidity.
19
Unless otherwise indicated, all references to sections, subsections or paragraphs are in relation to the Bank Act.
20
Please refer to footnote 27 under Principle 5.
21
The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional Corporate Governance Roundtables”, 2003, www.oecd.org/dataoecd/19/26/23742340.pdf.) defines “duty of care” as “The duty of a board member to act on an informed and prudent basis in decisions with respect to the company. Often interpreted as requiring the board member to approach the affairs of the company in the same way that a ‘prudent man’ would approach their own affairs. Liability under the duty of care is frequently mitigated by the business judgment rule.” The OECD defines “duty of loyalty” as “The duty of the board member to act in the interest of the company and shareholders. The duty of loyalty should prevent individual board members from acting in their own interest, or the interest of another individual or group, at the expense of the company and all shareholders.”
22
“Risk appetite” reflects the level of aggregate risk that the bank’s Board is willing to assume and manage in the pursuit of the bank’s business objectives. Risk appetite may include both quantitative and qualitative elements, as appropriate, and encompass a range of measures. For the purposes of this document, the terms “risk appetite” and “risk tolerance” are treated synonymously.
23
For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure, encompassing the bank’s individual business lines and business units. Where a bank is a member of a group of companies, the risk management framework should in addition cover the risk exposure across and within the “banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the bank or members of the banking group through other entities in the wider group.
24
To some extent the precise requirements may vary from risk type to risk type (Principles 15 to 25) as reflected by the underlying reference documents.
25
It should be noted that while, in this and other Principles, the supervisor is required to determine that banks’ risk management policies and processes are being adhered to, the responsibility for ensuring adherence remains with a bank’s Board and senior management.
26
New products include those developed by the bank or by a third party and purchased or distributed by the bank.
27
The Core Principles do not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel II and/or Basel III. The Committee does not consider implementation of the Basel-based framework a prerequisite for compliance with the Core Principles, and compliance with one of the regimes is only required of those jurisdictions that have declared that they have voluntarily implemented it.
28
The Basel Capital Accord was designed to apply to internationally active banks, which must calculate and apply capital adequacy ratios on a consolidated basis, including subsidiaries undertaking banking and financial business. Jurisdictions adopting the Basel II and Basel III capital adequacy frameworks would apply such ratios on a fully consolidated basis to all internationally active banks and their holding companies; in addition, supervisors must test that banks are adequately capitalized on a stand-alone basis.
29
Reference documents: Enhancements to the Basel II framework, July 2009 and: International convergence of capital measurement and capital standards: a revised framework, comprehensive version, June 2006.
30
In assessing the adequacy of a bank’s capital levels in light of its risk profile, the supervisor critically focuses, among other things, on (a) the potential loss absorbency of the instruments included in the bank’s capital base, (b) the appropriateness of risk weights as a proxy for the risk profile of its exposures, (c) the adequacy of provisions and reserves to cover loss expected on its exposures and (d) the quality of its risk management and controls. Consequently, capital requirements may vary from bank to bank to ensure that each bank is operating with the appropriate level of capital to support the risks it is running and the risks it poses.
31
“Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario analyses and reverses stress testing.
32
Please refer to Principle 12, Essential Criterion 7.
33
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets.
34
Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans and advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading activities.
35
Counterparty credit risk includes credit risk exposures arising from OTC derivative and other financial instruments.
36
“Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or counterparty risk associated with various financial instruments.
37
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets.
38
Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit required by a supervisor in addition to provisions (“above the line” charges to profit).
39
It is recognized that there are two different types of off-balance sheet exposures: those that can be unilaterally cancelled by the bank (based on contractual arrangements and therefore may not be subject to provisioning), and those that cannot be unilaterally cancelled.
40
Connected counterparties may include natural persons as well as a group of companies related financially or by common ownership, management or any combination thereof.
41
This includes credit concentrations through exposure to: single counterparties and groups of connected counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided by a single counterparty), counterparties in the same industry, economic sector or geographic region and counterparties whose financial performance is dependent on the same activity or commodity as well as off-balance sheet exposures (including guarantees and other commitments) and also market and other risk concentrations where a bank is overly exposed to particular asset classes, products, collateral, or currencies.
42
The measure of credit exposure, in the context of large exposures to single counterparties and groups of connected counterparties, should reflect the maximum possible loss from their failure (i.e., it should encompass actual claims and potential claims as well as contingent liabilities). The risk weighting concept adopted in the Basel capital standards should not be used in measuring credit exposure for this purpose as the relevant risk weights were devised as a measure of credit risk on a basket basis and their use for measuring credit concentrations could significantly underestimate potential losses (see “Measuring and controlling large credit exposures, January 1991).
43
Such requirements should, at least for internationally active banks, reflect the applicable Basel standards. As of September 2012, a new Basel standard on large exposures is still under consideration.
44
Related parties can include, among other things, the bank’s subsidiaries, affiliates, and any party (including their subsidiaries, affiliates and special purpose entities) that the bank exerts control over or that exerts control over the bank, the bank’s major shareholders, Board members, senior management and key staff, their direct and related interests, and their close family members as well as corresponding persons in affiliated companies.
45
Related party transactions include on-balance sheet and off-balance sheet credit exposures and claims, as well as, dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. The term transaction should be interpreted broadly to incorporate not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a bank has an existing exposure) subsequently becomes a related party.
46
An exception may be appropriate for beneficial terms that are part of overall remuneration packages (e.g., staff receiving credit at favorable rates).
47
Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than sovereign risk as all forms of lending or investment activity whether to/with individuals, corporates, banks or governments are covered.
48
Transfer risk is the risk that a borrower will not be able to convert local currency into foreign exchange and so will be unable to make debt service payments in foreign currency. The risk normally arises from exchange restrictions imposed by the government in the borrower’s country. (Reference document: IMF paper on External Debt Statistics—Guide for compilers and users, 2003).
49
Wherever “interest rate risk” is used in this Principle the term refers to interest rate risk in the banking book. Interest rate risk in the trading book is covered under Principle 22.
50
The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition includes legal risk but excludes strategic and reputational risk.
51
In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of interest in the performance measurement of staff in the compliance, control and internal audit functions. For example, the remuneration of such staff should be determined independently of the business lines that they oversee.
52
The term “compliance function” does not necessarily denote an organizational unit. Compliance staff may reside in operating business units or local subsidiaries and report up to operating business line management or local management, provided such staff also have a reporting line through to the head of compliance who should be independent from business lines.
53
The term “internal audit function” does not necessarily denote an organizational unit. Some countries allow small banks to implement a system of independent reviews, e.g., conducted by external experts, of key internal controls as an alternative.
54
In this Essential Criterion, the supervisor is not necessarily limited to the banking supervisor. The responsibility for ensuring that financial statements are prepared in accordance with accounting policies and practices may also be vested with securities and market supervisors.
55
For the purposes of this Essential Criterion, the disclosure requirement may be found in applicable accounting, stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisor.