OSFI Reaches out to Industry in Advance of Issuing a Guideline Concerning Culture Risk Management
On March 15, 2022, the Office of the Superintendent of Financial Institutions (“OSFI”) released a letter (the “Letter”) outlining its plan to issue for consultation later this year a culture risk management guideline. The future guideline will be principles-based and outcomes-focused, as OSFI recognizes that each federally regulated financial institution’s (“FRFI’s”) culture is unique and the managing of culture risks will vary with the size, nature, scope, and complexity of an FRFI’s operations.
OSFI is also seeking comments about how culture risks may have an effect on federally regulated pension plans (“FRPPs”), which may inform OSFI’s approach to regulating FRPPs. While the Letter and this summary refer only to FRFIs, OSFI noted in the Letter that FRPPs may face similar risks to FRFIs in respect of culture, and that the themes in the Letter may apply equally to FRPPs.
What are Culture Risks?
OSFI defines culture risks as “widespread behaviours and mindsets that can threaten sound decision-making, prudent risk-taking, and effective risk management.” Recognizing that organizational culture can have a material impact on FRFIs and the financial system overall, OSFI is looking to a develop a more comprehensive view of the adequacy and effectiveness of FRFI culture risk management.
The Letter follows OSFI’s 2017 review of the domestic retail sales practices at five Canadian banks, which review examined, among other matters, business culture and the related reputational risks potentially impacting an institution’s safety and soundness. It was issued also in the backdrop of attention being similarly paid to culture risks in other jurisdictions, such as supervisory guidance from the international Financial Stability Board in 2014, an exploratory paper from the International Association of Insurance Supervisors in 2021, and information papers being issued by other regulators who have made culture part of their supervisory activities, such as the Netherlands central bank, the Australian prudential financial regulator, and the Singapore financial regulator.
Proposed outcomes of culture risk management guidance
OSFI will expect FRFIs to establish and maintain a robust approach to manage and oversee culture risks. To support this, OSFI proposes that FRFIs should execute these six outcomes as part of their culture risk management and oversight:
- Leadership: Leaders at all levels should consistently promote and reinforce the desired culture.
- Compensation, People Management & Incentives: FRFIs should acquire, develop, retain, compensate, and incentivize executives, material risk-takers and all other employees to promote and reinforce the desired culture, effective culture risk management, and achieve sound financial and non-financial outcomes.
- Accountability & Ownership: Individuals should have a clear understanding of their roles and responsibilities, have capacity and autonomy to fulfill them, take ownership of their decisions and actions, and be held accountable for them.
- Risk Mindsets & Behaviours: Risk mindsets and behaviours within FRFIs should align with and support the structures in place to ensure financial and non-financial risks are effectively managed.
- Group Dynamics & Decision-Making: The work environment should enable individuals to feel safe to speak up, openly communicate and work together to make sound decisions and achieve financial and non-financial outcomes.
- Resilience: Individuals should be vigilant towards known and unknown threats, notice and effectively respond to problems and opportunities, and continuously learn, improve, and adapt to changing conditions.
Questions for the Market
OSFI has asked for input on these key questions:
- What are your views on OSFI’s proposed culture risk management outcomes? Are there other outcomes OSFI should consider?
- Which of the outcomes outlined above is your organization currently overseeing as part of its culture risk management? How is your organization measuring and assessing culture risks in these areas?
- Is your organization proactively disclosing culture risk management information as part of its published annual reports? Why or why not? Do you foresee any challenges if OSFI were to expect FRFIs to enhance existing annual reporting requirements to include this information?
- Does a FRFI’s size, nature, complexity, risk profile or various sub-cultures (e.g., differences between geographies, business units or functions) give rise to specific culture risk management issues that OSFI should consider?
- How do culture risks influence the way FRPPs are managed and administered? What are the benefits of similar outcomes-focused guidance for FRPPs?
FRFIs and FRPPs are invited to submit comments on the Letter and responses to the key questions to OSFI by May 31, 2022 at [email protected]. FRFIs and FRPPs can expect the release of OSFI’s draft culture risk management guideline once OSFI takes into account the comments it receives.
By strategically leveraging our deep industry expertise, our market-leading Financial Institutions and Pensions groups enable our clients to traverse Canada’s complex, highly-regulated environment. Please contact Nancy Carroll, Ana Badour, Hartley Lefton, Deron Waldock, or Lucie Tedesco if you have any questions or for assistance, including for assistance on how you can submit a response to the Letter, or how you can prepare for the culture risk management guidelines once they are released.