OSFI Issues 2023-24 Departmental Plan
The Office of the Superintendent of Financial Institutions (“OSFI”) recently issued its 2023-24 Departmental Plan[1] (“Plan”), which sets out its planned initiatives for the coming year. This marks the second Plan published under the leadership of Superintendent Routledge.
Strategic priorities
In his opening statement, the Superintendent confirms that next year’s activities will continue to be guided by the six areas of priority[2] set out in OSFI’s 2022-25 Strategic Plan (“Strategic Plan”), Fostering Public Confidence, Thriving in Uncertainty and Transforming for Tomorrow, but goes on to mention the potential for re-prioritization should vulnerabilities in the Canadian financial system worsen.
The Plan was released before OSFI took temporary control of Silicon Valley Bank’s Canadian branch. Surrounding market events could impact OSFI’s planned activities and focus.
a) What continues
In 2023-34, OSFI plans to continue many of the activities which marked the kick-off of its Strategic Plan.
Culture – The development and implementation of a Human Capital Strategy, with an embedded Equity, Diversity and Inclusion (“EDI”) component.
Risk, Strategy and Governance – The implementation of an enterprise-wide risk appetite framework to ensure risk-based decision making.
Strategic Stakeholder and Partner Engagement – The development of an integrated approach to stakeholder management and the exploration of ways to leverage the public roles of the Superintendent and Chief Actuary.
Policy Innovation - The creation of a dedicated climate risk team, a Climate Risk Hub and a Digital Innovation Hub
Supervisory Framework – The modernization of the Supervisory Framework to reflect OSFI’s new risk appetite for earlier corrective action and more differentiated risk ratings.
Data Management and Analytics – The improvement of data and analytics capabilities and of data literacy skills to support enterprise-wide functions.
b) What’s new
In addition to the activities that will continue from 2022-23, OSFI has introduced new activities for 2023-24.
Culture – The implementation of a three-year Culture Change Action Plan, the enhancement of the hybrid work environment, as well as the implementation of IM/IT initiatives to improve collaboration, data and analytics and organizational productivity.
Risk, Strategy and Governance – The implementation of an enhanced governance structure to enable timely, transparent and risk-intelligent decision making and of environmental scanning tools to advance the assessment of risks and trends.
Strategic Stakeholder and Partner Engagement – The implementation of a stakeholder affairs framework and function to coordinate stakeholder and partner engagement. The initiative will involve building standard messaging content and acquiring the required related tools.
Policy Innovation – The implementation of a multi-year roadmap for the Policy Architecture Renewal, the development of policy instruments on stablecoin, the creation of the Digital Regulatory Incubator (Sandbox) and the review of publications and release of new guidelines and frameworks for key risk principles (for more detail on OSFI’s planned activities around digital innovation, see our blog post: Canadian Federal Financial Regulators Issue Joint Statement on Crypto Assets).
This will include:
- issuing draft updates to Guideline B-20, Residential Mortgage Underwriting Practices and Procedures and Guideline E-21, Operational Risk and Resilience;
- issuing a final version of Guideline B-10, Third Party Risk Management (for details on this Guideline, see our blog post: OSFI consults on third-party risks in updated B-10 Guideline);
- issuing a final version of Guideline B-13, Technology and Cyber Risk Management (see our blog post on the consultation leading to this Guideline: OSFI’s Consultation on Technology: Understanding the risks inherent in the technologies that power the financial industry);
- issuing a final version of Guideline B-15, Climate Risk Management; (for details on this Guideline, see our blog post: Final Guideline on Climate Risk Management and Disclosure for Financial Institutions issued by OSFI)
- publishing the Intelligence-led Cyber Resilience Testing (I-CRT) framework; and
- issuing a draft Culture and Behaviour Risk Guideline and related self-assessment tool. (for details on this Guideline, see our blog post: OSFI Issues Draft Culture and Behaviour Risk Guideline)
Supervision Renewal (formerly Supervisory Framework) – The creation of the Risk Assessment and Intervention Hub, the Risk Advisory Hub, the Supervision Institute, the Supervision Quality Assurance Division, the Supervision Central Office and new teams to further OSFI’s supervision capabilities and expertise, particularity in the area of non-financial risk.
The redesign of the Supervisory Framework will ensure that key risk drivers (both financial and non-financial) are prominently included and that there are processes to rate non-financial risks and approve new entrants. The new Supervisory Framework will also aim to increase the use of data analytics to inform risk-based decisions and reflect OSFI’s new risk appetite.
To address the development of its supervision capabilities and expertise, OSFI plans to:
- advance an internal interaction model for employees across all OSFI sectors;
- deliver a training program on supervision and the redesigned Supervisory Framework;
- develop and implement supervisory technology capabilities;
- enhance key performance indicator reporting for supervision; and
- continue building and executing on plans for quality assurance across OSFI’s supervision function.
Data Management and Analytics – The creation of Vision 2030, OSFI’s next generation data strategy, and of a strategy related to enterprise data literacy.
Regulatory and supervisory priorities
In addition to its strategic priorities, OSFI will execute its supervisory mandate by focusing on internal activities and initiatives that are related to enhancing its monitoring activities.
a) Internal priorities
- the adequacy and proper functioning of OSFI’s capital tests following the implementation of International Financial Reporting Standard (IFRS 17). In doing so, OSFI will also ensure the continued training of its supervisors;
- a review of key policies aimed at ensuring that its capital tests remain risk-based and fit-for-purpose;
- the continued assessment of vulnerabilities to ensure that mortgage underwriting standards, including the Minimum Qualifying Rate ("MQR"), remain appropriately calibrated to the risk environment. The next MQR announcement date is planned for December 2023;
- the progress of its draft capital requirements framework for segregated fund guarantee risk related to life insurers. The draft framework is expected to be finalized in mid-2024 and is expected to come into effect in January 2025;
- the potential development of new tools and clear and transparent guidelines on the monitoring of technology and non-financial risks including technology, cyber, third party, operational resilience, culture and behaviour, and compliance risk;
- the monitoring of evolving and emerging risks to the financial system ranging from cyber attacks and digital innovation to housing-related considerations and climate change;
- the semi-annual reviews of the Domestic Stability Buffer and the publication of results in June and December 2023; and
- an assessment of its expectations and supervisory processes as they relate to the supervision of Federally Regulated Pension Plans. OSFI will work with the Canadian Association of Pension Supervisory Authorities to develop a Risk Management Guideline that includes guidance on investments, cyber risk, and Environmental, Social and Governance (ESG) considerations.
b) Monitoring priorities
- the implementation by financial institutions of key accounting, auditing and disclosure policies and practices for consistency with international standards and domestic modifications. OSFI intends to introduce regulatory returns with enhanced assurances;
- the monitoring of the January 2023 transition to IFRS 17 by insurers; and
- an assessment of the risk management practices of financial institutions to ensure alignment with their evolving risk environment, particularly as it relates to residential mortgage activities, commercial real estate, and corporate lending.
McCarthy Tetrault’s Expertise
By leveraging our deep industry expertise and experience, we help our clients navigate Canada’s complex, highly regulated financial institutions environment to achieve their business goals. Please contact a member of our Financial Institutions Regulatory Matters group if you have any questions or for assistance.
[1] Departmental Plans are expenditure plans for each government department and agency (excluding Crown corporations). They describe departmental priorities, strategic outcomes, programs, expected results and associated resource requirements, covering a three-year period beginning with the year indicated in the title of the report.(Government of Canada website)
[2] Culture, Risk, Strategy and Governance, Strategic Stakeholder and Partner Engagement, Policy Innovation, Supervision Framework/Renewal and Data Management and Analytics.