Office of the Superintendent of Financial Institutions
The purpose of this document is to explain how OSFI intends to interpret the terms used in the
Assessment Criteria. Explanations should be read in conjunction with the Supervisory
Framework and the Assessment Criteria.
of, and extent to
Terms such as “adequacy of”, “appropriateness of” and “extent to
which” are used to allow supervisors to scale the Assessment Criteria to
the nature, scope, complexity and risk profile of each institution. The
terms require supervisors to use sound and informed judgement in
applying the criteria to the unique circumstances of each institution.
This approach is necessary because the Assessment Criteria, like the
Supervisory Framework, are designed to apply to all types and sizes of
institutions supervised by OSFI.
“Average probability”, with reference to Overall Net Risk, is consistent
with what would be expected, on average, at a well-managed
institution. This is not a quantitative measure but a supervisor’s
assessment of the likelihood of a material adverse impact, derived from
an understanding of the institution and its industry.
An institution’s “communication and disclosure policy” will usually
include a broad framework for managing relations with its stakeholders.
The policy would not only address practices related to financial
disclosure, but the communication of reportable events as well.
The term “generally accepted … practices” is not a reference to
codified standards, but to practices observed by OSFI to be in general
use at institutions of comparable size and complexity within an
industry, and which OSFI considers acceptable (including meeting all
legal and regulatory requirements). The sophistication of an
institution’s oversight practices will depend on the nature, scope,
complexity and risk profile of its activities.
“In control” refers to that state in which an institution is subject to
effective corporate governance; is operating within an appropriate
control environment, with effective strategic and risk management
processes; and has demonstrated the capability and willingness to
identify and effectively resolve significant control weaknesses on a
“Independence” of a Risk Management Control (Oversight) Function
means that the function is not subject to the undue influence of
Operational Management in the areas it oversees, nor is it directly
involved in the management or execution of the activities in those
areas. To be effective, an oversight function needs to be independent of
the department, process or activity it is mandated to oversee.
“Independent reviews” are periodic reviews of Risk Management
Control (Oversight) Functions by a person or group independent of the
function being reviewed. The need for, and frequency of, these reviews
will depend on the size and complexity of an institution and is at the
discretion of the institution. The practice is not usually found in
smaller institutions, because Senior Management and the Board are
normally sufficiently informed to make an independent review
unnecessary. Reviews may be carried out internally; e.g., by Internal
Audit, or by an outside consultant, depending on the objectives of the
review and availability of the required expertise and resources.
“Key indicators” are the benchmarks normally used by institutions and
OSFI to measure operating performance. They vary by industry and
include such measures as ROE, ROA, ROI, loss ratios, expense or
efficiency ratios, and production and retention ratios.
“Materiality” is a measure of the relative significance of an institution’s
activities to the attainment of its business objectives. It is multidimensional,
prospective and considers both qualitative and quantitative
factors. Sound and informed judgement is critical in the determination
Most Supervisory Framework assessments are qualitative assessments
based on informed judgement by supervisors. These assessments take
into account the economic environment, conditions in the industry and
the specific context of an institution. Normal implies “usual”, i.e., what
The term “policy” refers to the guiding principles by which an
institution conducts its activities. An institution’s regular or usual
practices are a manifestation of these principles, whether written or
Senior Management would include those individuals responsible for
overseeing the effective management of the institution’s operations.
They frequently have policy-making responsibilities. Because the
Supervisory Framework and Assessment Criteria are applicable to
institutions of all types and sizes, the number and titles of Senior
Management will vary based on the size and complexity of an
institution and how it is organized.
As noted in the Supervisory Framework, “Significant Activities” are
activities that are material to an institution’s operations and/or
strategies, and can be lines of business, business units, or other
institution-wide processes such as treasury operations or information
technology. OSFI will generally group an institution’s activities in a
manner that is consistent with the way in which the institution is
structured and managed.
The term “Substantially mitigate”, as used in the definition of Overall
Net Risk, means that an institution’s risk management is sufficiently
effective that the probability of a material adverse impact on its Capital
and Earnings is expected to be lower than average.
“Target levels” of regulatory capital refers to OSFI’s expected level of
capital for a particular type of institution or for a particular institution.
What is considered
“What is considered necessary” is assessed in relation to each
institution’s risk profile, in the context of its safety and soundness.