Managing Culture and Behaviour Risks: OSFI’s New Draft Guideline for Financial Institutions

Managing Culture and Behaviour Risks: OSFI’s New Draft Guideline for Financial Institutions

On February 28, 2023, the Office of the Superintendent of Financial Institutions (“OSFI”) released a draft Culture and Behaviour Risk Guideline (the “Guideline”). The Guideline outlines OSFI’s expectations for Federally Regulated Financial Institutions’ (“FRFI”) management of culture and behaviour risk to support their risk governance and resilience. The Guideline provides several defined terms to assist with interpretation, and lists expected outcomes and important principles for FRFIs to develop.

The principle-based expectations are as follows:

• desired culture and expected behaviours are designed to align with the purpose and strategy of the FRFI and governed through appropriate structures and frameworks;
• leaders, at all levels (including those playing a key role in lines of defence), consistently promote and reinforce the desired culture and expected behaviours through their words, actions and decisions;
• talent and performance management strategies and practices promote and reinforce the desired culture and expected behaviours;
• compensation, incentives and rewards promote and reinforce the desired culture and expected behaviours; and
• FRFIs proactively monitor for, assess, and act to address risks related to culture and behaviour that may influence their resilience.

OSFI recognizes that every FRFI is unique, so structures should be developed in a way that fits with that institution’s size, complexity and risk profile.

In any case, the expected outcomes for the management of culture and behaviour risks are as follows:

• clear accountabilities and oversight;
• desired culture and expected behaviours that are proactively promoted and reinforced; and
• risks emerging from behavioural patterns are identified and proactively managed.

OSFI expects FRFIs to define a desired culture and to continuously develop and improve it to support the purpose and effective management of risks and resilience and to incorporate any new related risks that could affect the safety and soundness of the FRFI. Further, OSFI suggests that FRFIs identify patterns of behaviours to see if current  culture is aligned with the desired culture.

The Guideline should be read in conjunction with other guidance, including the Corporate Governance Guideline, Guideline E-21 (Operational Risk Management) and Guideline E-13 (Regulatory Compliance Management).

Feedback on the Guideline was invited until May 31, 2023. In the meantime, OSFI is developing a self-assessment tool to assist FRFIs with compliance, based on feedback received that culture can be subjective and difficult to assess.

by Darcy Ammerman and Justin Novick-Faille (Articling Student)

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2023