Update to Instructions for Operational Risk Self-Assessment for TSA and AMA Institutions
Information
Table of contents
To: TSA and AMA Deposit-taking Institutions
As part of OSFI’s approval processes for applicants and users of the Standardized Approach (TSA) and the Advanced Measurement Approach (AMA) for operational risk capital modeling, institutions are required to populate and submit a standard self-assessment based on the minimum criteria defined in OSFI’s Capital Adequacy Requirements (CAR) guideline and the Basel Committee on Banking Supervision (BCBS) 2011 document Principles for the Sound Management of Operational Risk.
On June 29, 2016, the Office of the Superintendent of Financial Institutions (OSFI) issued Guideline E-21 Operational Risk Management which provides OSFI’s expectations regarding the management of operational risk. In support of the guideline, OSFI has created an Operational Risk Self-Assessment template. To avoid duplication, OSFI has revised the TSA & AMA Self-Assessment template to remove criteria already included in the Operational Risk Self-Assessment template. Applicants and users of TSA and AMA are now required to complete the Operational Risk Self-Assessment template and the revised 2017 TSA & AMA Self-Assessment on an ongoing basis as required by OSFI.
Further questions may be directed to Denise.Price-Hoo@osfi-bsif.gc.ca.
Bob Hassan,
Managing Director,
Operational Risk Division
Annex – Revised 2017 TSA & AMA Self-Assessment Template
The self-assessment template sets out the expectations of the requirements for TSA & AMA applicants and users in terms of the minimum criteria as defined in OSFI’s Capital Adequacy Requirements (CAR) guideline as well as BCBS Principles for the Sound Management of Operational Risk. The Template is divided into two worksheets: ORM Practices and AMA Methodology. Details on each of the worksheets are as follows:
| Column Heading | Definition | Drop Down Options |
|---|---|---|
| ID | Reference number | |
| Criteria | Articulation of the requirement | |
| Reference | Regulatory guidance reference | |
| Previous SAP Reference | Numbering from 2012 AMA & TSA Operational Risk Self-Assessment Template | |
| Compliance Rating | Rating refers to the Federally Regulated Financial Institutions (FRFIs) compliance with OSFI criteria. |
|
| Target Compliance Date | Expected date to achieve full compliance status or date full compliance was attained | |
| Internal Audit (Audit Status) | Internal Audit (Audit Status) refers to the independent audit assessment of the FRFIs responses to OSFI criteria. |
|
| Validation | The validation responses reflect the status of work done by the institution’s independent validation function to establish whether the AMA model is sound or whether improvements are required. Validation should encompass both quantitative and qualitative elements, and assess the appropriateness of the risk management processes to ensure that the framework remains ‘fit for purpose’. |
|
| Comments including Names of Supporting Documents | Commentary regarding evidence and supporting documentation. |
A mapping of the 2012 TSA & AMA Self-Assessment Template to the E-21 Self-Assessment template is available on request.