Managing Culture and Behaviour Risks: OSFI’s New Draft Guideline for Financial Institutions
Managing Culture and Behaviour Risks: OSFI’s New Draft Guideline for Financial Institutions
On February 28, 2023, the Office of the Superintendent of Financial Institutions (“OSFI”) released a draft Culture and Behaviour Risk Guideline (the “Guideline”). The Guideline outlines OSFI’s expectations for Federally Regulated Financial Institutions’ (“FRFI”) management of culture and behaviour risk to support their risk governance and resilience. The Guideline provides several defined terms to assist with interpretation, and lists expected outcomes and important principles for FRFIs to develop.
The principle-based expectations are as follows:
- desired culture and expected behaviours are designed to align with the purpose and strategy of the FRFI and governed through appropriate structures and frameworks;
- leaders, at all levels (including those playing a key role in lines of defence), consistently promote and reinforce the desired culture and expected behaviours through their words, actions and decisions;
- talent and performance management strategies and practices promote and reinforce the desired culture and expected behaviours;
- compensation, incentives and rewards promote and reinforce the desired culture and expected behaviours; and
- FRFIs proactively monitor for, assess, and act to address risks related to culture and behaviour that may influence their resilience.
OSFI recognizes that every FRFI is unique, so structures should be developed in a way that fits with that institution’s size, complexity and risk profile.
In any case, the expected outcomes for the management of culture and behaviour risks are as follows:
- clear accountabilities and oversight;
- desired culture and expected behaviours that are proactively promoted and reinforced; and
- risks emerging from behavioural patterns are identified and proactively managed.
OSFI expects FRFIs to define a desired culture and to continuously develop and improve it to support the purpose and effective management of risks and resilience and to incorporate any new related risks that could affect the safety and soundness of the FRFI. Further, OSFI suggests that FRFIs identify patterns of behaviours to see if current culture is aligned with the desired culture.
The Guideline should be read in conjunction with other guidance, including the Corporate Governance Guideline, Guideline E-21 (Operational Risk Management) and Guideline E-13 (Regulatory Compliance Management).
Feedback on the Guideline was invited until May 31, 2023. In the meantime, OSFI is developing a self-assessment tool to assist FRFIs with compliance, based on feedback received that culture can be subjective and difficult to assess.
by Darcy Ammerman and Justin Novick-Faille (Articling Student)
A Cautionary Note
The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.
© McMillan LLP 2023
Insights (5 Posts)View More
Federal Court Orders CRA to “Reconsider” an Assessment: Milgram Foundation v Canada (Attorney-General), 2024 FC 1405
Comment on Federal Court decision in Milgram Foundation—a remarkable victory by a taxpayer against the Canada Revenue Agency.
Watch your Warnings – The Québec Court of Appeal Sets the Bar High
Québec Court of Appeal decision which clarifies the manufacturer, supplier and distributor's obligation to provide proper warnings and information to consumers.
Canada Expands Interim Measures and Disclosure Powers for Foreign Investment National Security Reviews
As of September 3, 2024, the Government has new powers it can use when conducting national security reviews under the Investment Canada Act
OSFI’s First Industry Day: Key Highlights and Takeaways
On September 5, 2024, the Office of the Superintendent of Financial Institutions hosted its inaugural virtual Industry Day.
The Top 5 Things you probably are not doing (but should be doing) to comply with Canadian Privacy Laws: ISSUE #4: Responding to Data Subject Requests the Right Way
Under Canadian privacy laws, individuals have certain rights with respect to their personal information.
Get updates delivered right to your inbox. You can unsubscribe at any time.