Guideline E-21– Operational Risk Self-Assessment Template
Information
Table of contents
To: Federally Regulated Financial Institutions (FRFIs)
The Office of the Superintendent of Financial Institutions (OSFI) issued its Operational Risk Management guideline (Guideline) on June 29, 2016, providing OSFI’s expectations regarding the management of operational risk. Full implementation of the principles within the guideline is expected by June 2017.
OSFI recognizes that many FRFIs may have already conducted, or may be in the process of conducting an assessment of their current practices. With this in mind, OSFI believes that they could benefit from guidance in conducting a self-assessment against the principles contained within Guideline.
FRFIs may use this template to assess their practices against the principles outlined in the Guideline as well as to highlight additional practices, such as those noted within Annex 1 of the Guideline. FRFIs are also reminded to review Annex 2 of the Guideline for the list of related guidance when assessing their practices. OSFI may request FRFIs to complete the template during future supervisory assessments.
Further questions may be directed to the Operational Risk Division at ord@osfi-bsif.gc.ca.
Bob Hassan,
Managing Director,
Operational Risk Division
Annex – Operational Risk Self-Assessment Template for FRFIs
The self-assessment template sets out the expectations of the Guideline with a tab for each of the four principles. Each tab is split into two parts; (1) the criteria that demonstrate achievement of the principle, and (2) Annex 1 - practices for consideration. Columns have been included to encourage FRFIs to document the date full compliance was (or will be) attained, the rationale for each rating and areas for improvement.
For each principle, FRFIs are encouraged to rate their current degree of compliance and provide a rationale within the comments section. Definitions of each of the ratings are provided below:
| Self-Assessment Rating | Definition |
|---|---|
| Full Compliance | The FRFI is entirely in accordance with the criterion and its implementation is effective. |
| Substantial Compliance | The FRFI is to a large extent in accordance with the criterion, the spirit of which is followed in practice. |
| Partial Compliance | Some aspects or parts of the criterion are met while others are not. |
| Non-Compliance | The FRFI fails to comply with the criterion. |
Items included under Annex 1 are not exhaustive and are included as examples of leading industry practices to enhance or improve operational risk management. Definitions of the ratings for the state of each of the noted practices are as follows:
| FRFI Implementation Phase | Definition |
|---|---|
| Implemented | The FRFI has implemented the practice and its implementation is effective and sustained. |
| Planned to be Implemented | The FRFI plans to implement the practice; the FRFI is either in the process of implementation or has a defined plan and timeframe for implementation. |
| Not Implemented | The FRFI has neither implemented the practice nor plans to do so. |
FRFIs may have other practices they wish to highlight in addition to those included on the template; therefore, an “Additional practices” space has been included to allow for description of these practices.