Insights Header image
Insights Header image
Insights Header image

Guideline E-23: The Draft Enterprise-Wide Risk Management Guideline

January 2017 Financial Services Bulletin 3 minute read

The Office of the Superintendent of Financial Institutions (“OSFI”) released for comment its draft Enterprise-Wide Model Risk Management Guideline (“Guideline E-23”) on December 21, 2016.  The proposed guideline will apply to banks, foreign bank branches, bank holding companies, federally regulated trust and loan companies and cooperative retail associations.  OSFI asks that all interested parties submit written comments to OSFI no later than February 28, 2017.  The final version of the guideline is expected to come into force on November 1, 2017.

An Enterprise-Wide Model Risk Management Framework

Guideline E-23 seeks to establish a common standard for enterprise-wide model risk management to ensure that relevant institutions of all sizes, complexity and risk profile have a baseline understanding of the minimum level of expectations with respect to their use of models. Since models are approximations of reality, the use of models inherently carries with it a risk of error and consequent loss.

An enterprise-wide view of risk implies that modeling is used across an institution for a myriad of different applications under the rubric of risk management and stress testing, such as, for example, regulatory capital models, internal risk management models, valuation/pricing models and/or business decision-making models. Guideline E-23 is applicable to all models that have a material impact on the risk profile of an institution.

Guideline E-23 outlines the minimum prudent practices for internal model development, review, approval, use and modification which can be applied by institutions as they become increasingly reliant on models.  It is an institution’s responsibility to develop a consistent set of policies and procedures to identify, assess, manage and control the risks inherent to modeling based on the principles set out in the guideline.  It should be noted that Guideline E-23 considers specific challenges that the usage of models may pose for small and medium sized institutions.  Moreover, the guideline distinguishes between the institutions that are approved to use internal models for regulatory capital purposes (which are termed “internal models approved institutions” or “IMAIs”) and those that are not (termed “standardized Institutions” or “SIs”).  Guideline E-23 will not replace OSFI’s guidance with respect to models already set forth in other OSFI guidelines (see for example, the model validation requirement in Chapter 4 of the Capital Adequacy Requirements), but instead aims to supplement such pre-existing guidance.

Key Characteristics

An enterprise-wide model risk management framework should exhibit the following key characteristics, each of which is described in detail in Guideline E-23:

a) Appropriate governance systems over model usage;

b) Model materiality classifications and limitations, where appropriate, over the use of individual models;

c) Policies and processes around model selection and development;

d) Independent vetting and ongoing validation/review processes that continually assess the model’s performance and suitability;

e) Change control processes governing each stage of the model’s life cycle;

f) Internal audit functions to independently assess the model risk management governance and compliance framework; and

g) A model inventory that catalogues the type, classification and performance of all models in use, or that have been developed or recently decommissioned that could act as a benchmark or necessary substitute for a model in use.[1]

Other major jurisdictions have already codified standards and best practices for managing and controlling the use of models. Such codification is becoming increasingly important because of the evolution of banking markets and the amplified use of internal models by financial institutions.

If appropriate given the size, complexity and risk profile of an institution, it is expected that the governance and implementation of Guideline E-23 will be rolled into an institution’s overall governance framework established pursuant to OSFI’s Corporate Governance Guideline.

[1] Office of the Superintendent of Financial Institutions, “Enterprise-Wide Model Risk Management for Deposit-Taking Institutions”, December 2016, Online: www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/e23.aspx#ToC3.

Insights (5 Posts)

Featured Insight

Update for Ontario Employers: Proposed Changes Related to Remote Workers

Ontario employer's should note proposed amendments to the province's employment laws that would clarify remote employees' entitlements in mass terminations.

Read More
Mar 24, 2023
Featured Insight

Trademark of Foreign Owner Invalidated on the Basis of Bad Faith

Awareness of a senior rights holder’s trademark and its prior use of such trademark in Canada is relevant to the assessment of bad faith.

Read More
Mar 22, 2023
Featured Insight

Fanning the Flames of Liability: The Ontario Court of Appeal Considers Product Liability Issues in Burr v. Tecumseh Products of Canada Limited

The decision of the Court of Appeal in Burr v. Tecumseh Products of Canada Limited, 2023 ONCA 135 provides a helpful overview of product liability law.

Read More
Mar 20, 2023
Featured Insight

A Look at Some Key Findings by the Alberta Securities Commission in Re Bison Acquisition Corp.

On December 21, 2021, a panel of the Alberta Securities Commission issued its written decision providing its reasons for the oral ruling it made on July 12, 2021 regarding applications brought by Bison Acquisition Corp. and Brookfield Infrastructure Corporation Exchange Limited Partnership, as well as Inter Pipeline Ltd. and Pembina Pipeline Corporation.

Read More
Mar 20, 2023
Featured Insight

Employer’s Disturbing Termination Conduct Results in $15,000 Moral Damages Award

Teljeur v Aurora Hotel Group 2023 ONSC 1324 provides example of post-termination conduct and bad faith damages.

Read More
Mar 16, 2023