Office of the Superintendent of Financial Institutions
Effective this year, OSFI will be providing institutions with a Composite Risk rating reflecting OSFI’s assessment of the safety and soundness of the institution. This rating is an integral part of OSFI’s current Supervisory Framework and will not change how institutions are supervised.
An institution’s Composite Risk will be assessed as Low, Moderate, Above Average or High based on an assessment of the level of risk in the institution’s significant activities, the effectiveness of its risk management and control practices, and the quality and adequacy of its earnings and capital. Eventually, institutions will also be provided with ratings for the applicable risk management control (oversight) functions. A standardized process, incorporating an internal OSFI review, will be used for arriving at ratings for all institutions, enhancing the consistency of assessments across institutions and across financial sectors.
In consultation with industry, OSFI has developed a set of Assessment Criteria that will be used to guide supervisory judgements in developing the ratings. These criteria are not required standards. The ratings will be based on findings and observations from OSFI’s ongoing monitoring activities and its on-site reviews of the institution’s operations. OSFI expects that the nature and extent of
oversight by an institution over its activities will be commensurate with its complexity and risk profile. Accordingly, the various factors considered in the assessment of the oversight functions may be weighted differently for different institutions. The Assessment Criteria are available on the Publications page of the OSFI Internet site (www.osfi-bsif.gc.ca.). A more complete explanation of the ratings is also included on the Web site.
OSFI will begin sharing the Composite Risk ratings with a number of institutions this year, with full implementation expected over the following two years. Relationship managers will advise those institutions that will be rated this year. Most institutions will be rated on an annual basis. The rating will be provided in writing to the Chief Executive Officer (or other most senior officer in the institution) as well as to the Board of Directors, where applicable. While only the Composite Risk rating will be provided initially, supervisors will be prepared to discuss the ratings of individual oversight functions and other factors that were key in arriving at this rating.
Institutions will be required to maintain the confidentiality of the ratings. Confidentiality is protected by the Supervisory Information Regulations. Under these regulations, institutions are prohibited from disclosing their supervisory ratings to third parties, except as specifically provided.
If you have any questions related to the supervisory ratings or the criteria, please contact the relationship manager for your institution.
John C. Doran