Skip to content.

OSFI Issues Draft Culture and Behaviour Risk Guideline

The Office of the Superintendent of Financial Institutions (“OSFI”) recently issued a draft Culture and Behaviour Risk Guideline (“Guideline”) for consultation. The Guideline sets out key definitions and key outcomes and overarching principles in respect of culture risk that would apply to federally regulated financial institutions (“FRFIs”). The Guideline was developed following consultations in respect of OSFI’s prior Culture Risk Management Letter and is to be read in conjunction with other OSFI guidelines, including the Corporate Governance Guideline, the Operational Risk Management Guideline and the Regulatory Compliance Management Guideline. The consultation period for the Guideline is open until May 31, 2023.

The Guideline states that it “is principles-based and outcomes-focused in recognition that every FRFI’s culture is unique. OSFI expects FRFIs to design, govern and manage culture and behaviour in accordance with the FRFI’s size, nature, scope, complexity of operations, strategy, and risk profile.”

Definitions

The Guidelines sets out the following key definitions:

  • Culture” means “the commonly held values, mindsets, beliefs and assumptions that guide both what is important and how people should behave in an organization”
  • “‘Risk culture” means “a subset of culture that specifically refers to the commonly held values, attitudes and beliefs about risks and risk-taking within FRFIs”
  • Behavioural patterns” or “behavioural norms” means “behaviours that are common or typical across a group of people”
  • Behaviour risks” mean “behavioural patterns that are misaligned to the expected behaviours and the desired culture of the FRFI and/or increase financial and non-financial risks”

Outcomes

The Guideline identifies the following desired outcomes in respect of culture and behaviour risks:

  • “Culture and behaviour are designed and governed through clear accountabilities and oversight.”
  • “Desired culture and expected behaviours are proactively promoted and reinforced.”
  • “Risks emerging from behavioural patterns are identified and proactively managed.”

Principles

The Guideline outlines the following key principles in respect of culture and behaviour risks:

  • “Desired culture and expected behaviours are designed to align with the purpose and strategy of the FRFI and governed through appropriate structures and frameworks.”
  • “Leaders, at all levels, consistently promote and reinforce the desired culture and expected behaviours through their words, actions and decisions.”
  • “Talent and performance management strategies and practices promote and reinforce the desired culture and expected behaviours.”
  • “Compensation, incentives and rewards promote and reinforce the desired culture and expected behaviours.”
  • “FRFIs proactively monitor for, assess, and act to address risks related to culture and behaviour that may influence their resilience.”

Governance Requirements

The Guideline requires that FRFIs “establish appropriate governance structures for overseeing culture and expected behaviours” that are “appropriate and proportional to the size, nature, scope, complexity of operations, strategy, and risk profile of the FRFI”, including “frameworks related to remuneration, ethics and conflict management, performance, talent management, risk and resilience, escalation and whistleblowing among others.”

FRFIs are expected to define their “desired culture” and “develop and implement a plan to embed the desired culture across the institution.”

The Guideline also provides that FRFIs are expected “to use leadership, talent and performance management practices, and compensation and incentive plans to promote and/or reinforce their desired culture and expected behaviours.”

Finally, OSFI “expects FRFIs to implement mechanisms and techniques to identify, assess and manage risks arising from behavioural patterns that do not align to the desired culture and expected behaviours”, including “complacency, excessive risk taking, poor communication, or a lack of speaking up or raising concerns, among others.”

Self-Assessment Tool

OSFI has advised it will also issue a self-assessment tool to assist FRFIs with compliance with the Guideline.

OSFI

Authors