Language selection

Office of the Superintendent of Financial Institutions / Bureau du surintendant des institutions financières
Top of content

OSFI’s Annual Risk Outlook – Fiscal Year 2022-23

In our efforts to provide more transparency to federally regulated financial institutions (FRFIs) and private pension plans (FRPPs), and for Canadians, the Office of the Superintendent of Financial Institutions (OSFI) will publish annually an outlook on the financial system risks that we view as most pressing and our regulatory and supervisory response to those risks.

This document is the first of our Annual Risk Outlooks. It provides our forward-looking view on the most material risks facing federally regulated financial institutions and private pension plans for fiscal year 2022-23. We are providing this directional guidance with the understanding that the risks and responses will be revised as needed should the risk landscape change during the fiscal year.

OSFI welcomes feedback on this publication (email information@osfi-bsif.gc.ca).

Text Description

The seven financial risks that OSFI views as most pressing:

  • Significant cyber attack
  • Housing market downturn
  • Digital innovation
  • Climate change
  • Third party
  • Commercial real estate downturn
  • Fragile corporate debt funding

Significant cyber attack

Risk Overview

Cyber-attacks are increasing in sophistication and severity.

This amplifies the need for federally regulated financial institutions to have measures in place that promote resilience to cyber events and technology disruptions. Recent geopolitical events, such as the tactics used by Russia in its conflict with Ukraine, have brought heightened attention to cyber risks given the interconnectivity of the global financial system and technology-based infrastructures. We work closely with the institutions we oversee to monitor and adapt proactively to the cyber threat environment.

We expect institutions to be prepared for extreme but plausible cyber scenarios. A cyber incident, including a ransomware attack, could significantly impact critical functions at one or multiple institutions. These could consequently result in system unavailability, data loss and/or the loss of public confidence, potentially leading to both the deterioration of an institution’s reputation and financial loss. Threat actors continue to seek to exploit software vulnerabilities in trusted software and third-party technology suppliers. Correspondingly, institutions continue to significantly invest to maintain their overall cyber posture, knowing that threats to the financial system continue to evolve and materialize.

Supervisory Responses

The widespread use and rapid adoption of new technologies, as well as recent geopolitical developments such as the tactics used by Russia in its conflict with Ukraine, have amplified the need for active monitoring and supervision of federally regulated financial institutions’ technology and cyber resilience.

Intelligence-led cyber security testing (or red teaming/penetration testing) is currently employed globally by financial regulators. It is utilized to assess a financial institution’s cyber resilience to withstand and respond to a sophisticated cyber-attack. Consistent with other leading regulatory bodies, we are piloting our own “intelligence-led cyber resilience testing” (I-CRT) to help institutions identify weaknesses in technology and cyber security controls and to test their overall cyber resiliency. Additionally, we published an updated cyber security self-assessment tool and enhanced the Technology & Cyber Incident Advisory reporting requirements. Since the update, we have been receiving reports and information that have shown to be valuable and provide insights into areas of concern and risk at the industry level.

Finally, we continue exploring ways to enhance resiliency by looking to share and distribute timely and actionable sector-focused intelligence amongst federally regulated financial institutions, other government stakeholders and our most trusted international partners.

Regulatory Responses

The heightened threat of cyber-attacks, as manifested by the interconnectivity of the global financial system and technology-based infrastructures, as well as the tactics used by Russia in its conflict with Ukraine, have created urgency for enhanced regulatory guidance.

In response to rising technology and cyber threat risks, we recently issued for consultation Draft Guideline B-13, Technology and Cyber Risk Management. This draft Guideline sets out our expectations for sound technology and cyber risk management. It requires federally regulated financial institutions to have in place measures that promote resilience to cyber events and technology disruptions. The final version of Guideline B-13 is expected to be released in 2022.

In the Fall 2022, we plan to consult on a draft revised Guideline E-21, Operational Risk Management, with revisions focusing on operational resilience while reinforcing operational risk management.


Housing market downturn

Risk Overview

The unprecedented run-up in the Canadian housing market, driven by very low interest rates and imbalances in housing supply/demand, have increased Real Estate Secured Lending (RESL) exposures for institutions.

At the same time, the heightened housing market activity and historically unprecedented price increases across Canada are leading to increasingly leveraged borrowers, that increases the systemic exposure to a housing price correction. While lending institutions are currently well-capitalized and appear to be financially resilient, such a sequence of events could lead to borrower defaults, a disorderly market reaction and broader economic uncertainty and volatility.

Supervisory Responses

Work on the application of Guideline B-20, Residential Mortgage Underwriting Practices and Procedures, and supervisory expectations and new product assessments continues.

Recent supervisory reviews identified several common issues around underwriting, specifically income verification in areas that have been raised as being problematic in the past including business for self, rentals, exceptions to income sustainability as well as collateral management.

We are also looking at the application of Guideline B-20 to other mortgage products such as reverse mortgages, mortgages with shared equity, and combined loans plans (CLPs) as these products have become more prevalent. We have extensively engaged with industry on CLPs to clarify the application of Guideline B-20 and supervisory expectations given the gaps observed in practice among primary lenders. As well, we have been clarifying communication on transitional arrangements related to CLPs and the applicable timelines. Finally, we will be holding an industry session for all residential mortgage lending financial institutions in spring 2022.

This work is in addition to ongoing supervisory reviews and monitoring. We also continue to monitor mortgage delinquency rates closely, for signs of borrower vulnerability following the end of COVID-related government support programs.

Regulatory Responses

We will continue to act in response to persistent housing market vulnerabilities by strengthening our regulatory guidance for sound residential mortgage underwriting through adjustments where necessary to Guideline B-20, Residential Mortgage Underwriting Practices and Procedures.

Recent growth in such lending has amplified risk for lenders. Supervisory review work has revealed that lenders need additional guidance to ensure their underwriting policies align with the principles of Guideline B-20. CLPs carry the risk of persistent, outstanding consumer debt that can make borrowers, and their lenders, more vulnerable to negative shocks. Prudent limits and other tailored risk management approaches for these products will ensure that lenders can sustainably address borrowers’ credit needs. We will issue a supplementary advisory to Guideline B-20 in spring 2022 to clarify expectations in respect of CLPs and other non-traditional loans secured by residential property.

We plan to conduct a holistic assessment of Guideline B-20 to ensure it remains clear and fit for purpose. This review will assess existing policy and supervisory insights obtained over the decade that Guideline B-20 has been in force. New and emerging risks and issues will also be considered.

As mortgage rates edge upward on expectations of tightening monetary policy, and as the severe-but-plausible risk of a housing market downturn remains, home buyers and lenders alike will have greater confidence to weather negative shocks with the minimum qualifying rate (MQR) “stress test.” While we have committed to reviewing the MQR for uninsured mortgages at least annually, we are prepared to make changes at any time if conditions warrant. The next planned MQR announcement date is December 15, 2022.

Lastly, as part of the domestic implementation of the Basel III reform package in banks’ fiscal Q2-2023, we are increasing the risk weights, and thus capital required, for investor mortgages compared to the risk weights for owner-occupied properties.


Digital innovation

Risk Overview

The rapid rise in digital innovation brings both valuable opportunities and emerging risks.

Technology-driven disruptive forces continue to pose significant threats to financial institutions’ business models, in virtually all aspects of their activity and value chain. Risks and impacts emanating from digitalization of money (i.e., stablecoins, unbacked crypto currency, and decentralized finance) and consumer directed finance, such as open banking, remain uncertain but potentially significant. Digitalization, already rapidly altering the way financial services are delivered, has accelerated throughout the COVID-19 pandemic.

Supervisory Responses

We have been engaged with institutions as they digitize and innovate with a focus on strategic execution, data governance, model, third party and technology risks.

Through discussions with regulated institutions, and the monitoring and conducting of reviews about technology risks, we are exploring any institutional vulnerabilities associated with digital innovations including cloud adoption, artificial intelligence/machine learning, and other technologies. We will continue conducting supervisory reviews of practices around data, risk management and transformative initiatives of selected institutions.

Regulatory Responses

We are working with various government partners and international organizations to assess the implications of digital money innovations, such as cryptocurrencies, on our regulatory frameworks.

We are engaged with the Basel Committee on Banking Supervision (BCBS) around the prudential treatment of crypto asset exposures. We plan to publish an advisory later this year that will clarify the capital and liquidity requirements to be applied to FRFIs’ crypto asset exposures. We are working with the Department of Finance and other federal partners on the development of a Government of Canada-endorsed data mobility framework to address the rise of open banking and other consumer directed finance arrangements. We are also considering ways to facilitate entry into the regulated federal financial system by non-traditional financial services providers.

Stablecoins are an important part of the emerging set of digital money innovations. Financial sector organizations and governments are advancing work on regulatory frameworks for digital assests, including stablecoins. We are currently reviewing the extent to which stablecoin activities that federally regulated financial institutions might wish to pursue are permissible under the relevant federal legislation to ensure appropriate federal prudential oversight. We plan on providing additional clarity to federally regulated financial institutions in 2022 on areas of risk management and governance that are specific to stablecoin arrangements. We are also working closely with our federal and provincial partners ensuring an appropriate and coordinated Canadian regulatory response to stablecoin arrangements.


Climate change

Risk Overview

Federally regulated financial institutions and private pension plans face physical risks (i.e., from climate change-related weather events) and transition risks (i.e., transition to a low greenhouse gas emitting or “low carbon” economy.)

These risks are considered “transversal” in nature because they drive more traditional risks, including credit, market, insurance, operational and legal risks, which could exacerbate over time, impacting the safety and soundness of individual financial institutions, and the Canadian financial system more broadly.

The Bank of Canada-OSFI scenario analysis pilot reportFootnote 1 describes how a disorderly transition to a low carbon economy, through delayed action and abrupt global policy changes, will increase the probability of financial stress from transition risks. The decision on the global path to reduce greenhouse gas emitting energy sources, whether it be an orderly 30-year pathway, or a delayed, disorderly accelerated pathway, is outside Canada’s control, and is certainly outside our control. Therefore, federally regulated financial institutions and private pension plans must be prepared and build resilience to withstand an accelerated and abrupt pathway to the reduction of greenhouse gas emitting energy sources.

Supervisory Responses

We will supervise climate risk while developing principles-based regulatory expectations.

This includes ensuring institutions are advancing their climate-related governance and risk management capabilities and are increasingly resilient to physical and transition risks. OSFI and the Bank of Canada will conduct two climate analysis exercises with financial institutions. The first will assess the financial impact of flood risk on the 2021 residential mortgage portfolios. The second will leverage the findings from the 2021 pilot on climate transition risk to assess the impacts of repricing of securities portfolios and the probability of a price-mediated contagion to the financial system through a rebalancing of the financial institution balance sheets. As data analytics, risk quantification and scenario analysis capabilities evolve, we will leverage insights to inform both micro-prudential and macro-prudential assessments.

Regulatory Responses

Building on OSFI’s 2021 discussion paper on climate-related financial risks and the joint Bank of Canada-OSFI pilot project on transition risk scenarios, we will issue guidance to set out our expectations of institutions’ climate risk management and climate-related financial disclosures in 2022/23.

Our principal objective is to support institutions’ efforts to build awareness and capability in managing climate-related financial risks. Furthermore, given the potential threat to financial stability associated with delayed global policy action, we will assess whether current internal targets at institutions and capital buffers sufficiently incorporate related risks. Improving financial institutions’ readiness to manage climate-related financial risks enhances the safety and soundness of these institutions and strengthens public confidence in Canada’s financial system.

In addition, we will continue our work on other policy initiatives including enhancing our climate data and analytics capabilities, developing a standardized climate scenario analysis exercise for institutions, and assessing the need to reflect the unique features of climate-related risks in the regulatory capital framework.

Lastly, we will actively look for opportunities to broaden stakeholder engagement, within and outside the financial industry, domestically and internationally; to collaborate, coordinate, and share insights on a range of best practices.


Third party

Risk Overview

The financial services industry has long made use of third-party arrangements to introduce efficiency, drive innovation, manage shifting operational needs, and improve service. Increasingly, financial institutions are relying on an expanded third-party ecosystem to execute and deliver more of their critical activities. This has increased the risk of financial loss at institutions and the risk of institutions being unable to deliver critical services due to disruption at a third party (or at subcontractors on which a third party relies). The emergence of a concentrated number of dominant service providers in key segments of the economy amplifies this risk. Disruption at one or more such service providers could potentially result in a systemic event if multiple institutions were unable to deliver services to their customers on a timely basis. This could impact institutions’ financial resilience and reputations.

Supervisory Responses

We will gather data from financial institutions to improve our understanding of third-party relationships including the existence of, and vulnerabilities associated with, dominant service providers.

We will continue to monitor third-party incidents, especially those events involving dominant service providers. We will conduct supervisory reviews focused on third-party risk management practices of selected institutions.

Regulatory Responses

We expect to release draft revisions to Guideline B-10 for public consultation in Q2 2022.

We are repositioning current Guideline B-10 on Outsourcing of Business Activities, Function and Processes to a Guideline on Third-Party Risk Management to better reflect a more comprehensive set of third-party risks within an expanded third-party ecosystem. The revised guideline will place greater emphasis on governance and risk management programs. It will set outcomes-focused, principles-based expectations for institutions supporting the sound management of third-party risk. It will call upon institutions to identify, assess, monitor, and manage all third-party arrangements, in proportion to the criticality and risk of the arrangement.


Commercial real estate market downturn

Risk Overview

Office and retail assets are facing uncertainty considering COVID-related changes to workplaces and consumer shopping habits.

In addition, a protracted sharp increase in unemployment and adaptation of work-from-home policies could further impact the value of office and retail assets. Conversely, industrial properties are seeing material increases in valuation, which may not be sustainable in an increasing interest rate environment, this may lead to refinancing challenges. Stress-to-asset performance and/or valuation could lead to increased losses to institutions given that commercial real estate is a systemic exposure across the financial sector.

Supervisory Responses

We are finalizing the results of the credit integrated plan “drop-in” reviews of specific small and medium sized financial institutions.

Preliminary observations include shortcomings in the prudent assessment and management of COVID-related risks at adjudication (e.g., debt service capacity assessment, sensitivity analysis and sponsor guarantee assessment) and ongoing monitoring of exposures (i.e., active collateral valuations). Many of the deficiencies observed were identified in work conducted in 2019-20 and since the onset of the pandemic. We will consider developing supervisory expectations for Commercial real estate. This work is in addition to on-going supervisory reviews and monitoring. We will monitor delinquency rates closely, for signs of borrower vulnerability following the end of COVID-related government support programs.

Regulatory Responses

As part of the implementation of the Basel III reform package, we are better aligning the capital required for commercial real estate exposures (including those related to financing land acquisition, development, and construction projects) with their risk. This is accomplished by having more risk-sensitive rules where varied risk weights are used under the Standardized Approach to credit risk instead of a flat risk charge as is currently applied, which will result in higher risk weights for more leveraged exposures. This approach allows banks to make lending decisions that are more in line with their risk appetite.


Fragile corporate debt funding

Risk Overview

Corporate debt remains a significant exposure for Canadian banks and life insurers.

There has been increased reliance on high-yield debt and leveraged loans, including covenant-lite loans, which contain fewer protections for lenders. These assets are vulnerable to a large global repricing and constrained access to liquidity and capital. The uncertain and volatile environment could lead to an increase in financing costs and difficulties to issue or roll over debt, which could result in heightened credit losses for Canadian banks and life insurers.

Supervisory Responses

We have been engaging with institutions active in corporate debt funding and are conducting ongoing monitoring with a focus on the most leveraged transactions.

We are in discussions with regulated institutions about stress testing activities and vulnerabilities associated with leveraged lending. We will conduct supervisory reviews of corporate debt exposure and leveraged loan risk management practices of selected institutions.


ANNEX – 2022-2023 PLANNED POLICY RELEASES

Guidance Priorities

This document sets out a near-term plan of guidance priorities for FRFIs and FRPPs. The references below reflect calendar quarters.

We have divided our guidance priorities into three streams: (i) Risk Management Guidance for FRFIs, (ii) Capital and Accounting Guidance for FRFIs and (iii) Guidance for FRPPs.

The timelines indicated below reflect our strategic plans. Plans may be changed or amended due to external factors. In that event, we will reconsider the dates for the guidance impacted.

I. Risk Management Guidance for FRFIs

DEPOSIT-TAKING INSTITUTIONS AND INSURANCE COMPANIES
Q2 2022
Guidance Initiative Purpose and Background
Draft Guideline on Climate Risk Management Sets out OSFI’s risk management expectations for FRFIs on climate-related financial risks.
Draft Guideline B-10 on Third-Party Risk Management Sets outs OSFI’s expectations on FRFI third-party risk management.
Advisory on Non-Traditional Mortgage Products Clarifies OSFI’s expectations under Guideline B-20 in respect of certain loan products secured by residential property.
Final Guideline B-13 on Technology and Cyber Risk Management Finalizes OSFI’s expectations on FRFI technology and cyber risk management.
Draft Revised Guideline E-16 on Participating Account Management and Disclosure to Policyholders Clarifies and strengthens OSFI’s expectations regarding the implementation of the requirements found in the Insurance Companies Act and Policyholders Disclosure Regulations.
Letter on proposed revisions to Guideline E-23 on Model Risk Management Proposes an expansion of the scope of application of Guideline E-23 and sets out OSFI’s expectations pertaining to model risk management, including for models which use artificial intelligence and machine learning (AI/ML).
Q3 2022
Guidance Initiative Purpose and Background
Draft Guideline B-11 on Unencumbered Assets and Pledging Sets out OSFI’s expectations and monitoring practices pertaining to unencumbered assets and pledging, including the covered bond limit.
Q4 2022
Guidance Initiative Purpose and Background
Final Guideline B-10 on Third-Party Risk Management Finalizes OSFI’s expectations on FRFI third-party risk management.
Draft Guideline on Culture Risk Management Sets out OSFI’s expectations on FRFI culture risk management.
Draft Operational Risk and Resilience Guideline (Revised E-21) Sets out OSFI’s expectations on FRFI operational resilience, while continuing to reinforce expectations on operational risk management.
Q1 2023
Guidance Initiative Purpose and Background
Final Guideline on Climate Risk Management Finalizes OSFI’s risk management expectations for FRFIs on climate-related financial risks.
Draft Revised Guideline B-20 on Mortgage Underwriting Sets out OSFI’s revised expectations on FRFI sound residential mortgage underwriting.
Final Revised Guideline E-16 on Participating Account Management and Disclosure to Policyholders Finalizes OSFI’s expectations regarding the implementation of the requirements found in the Insurance Companies Act and Policyholders Disclosure Regulations.
Draft Revised Guideline E-13 on Regulatory Compliance Management Sets out OSFI’s expectations on FRFI regulatory compliance risk management.
Final Guideline B-11 on Unencumbered Assets and Pledging Finalizes OSFI’s expectations and monitoring practices pertaining to unencumbered assets and pledging, including the covered bond limit.

II. Capital and Accounting Guidance for FRFIs

DEPOSIT-TAKING INSTITUTIONS AND INSURANCE COMPANIES
Q3 2022
Guidance Initiative Purpose and Background
Final Guideline on assurance of capital, leverage and liquidity returns Finalizes OSFI’s expectations on assurance of DTI and insurance capital, leverage and liquidity returns.
Advisory on crypto assets Sets out the prudential treatment of crypto assets.
Q4 2022
Guidance Initiative Purpose and Background
Consultative document on a stand-alone capital framework for large internationally active banks and insurance companies Seeks stakeholder feedback on the development of a solo capital framework to assess the sufficiency of capital that is available to domestic parent banks and insurance companies on a standalone basis to protect depositors, creditors, and policy holders.
Q4 2022
Guidance Initiative Purpose and Background
Discussion paper on the capital regime for DTIs As part of OSFI’s ongoing work to ensure the long-term effectiveness of the capital regime for DTIs, seek stakeholder feedback on possible changes to capital expectations for DTIs, including the role of buffers.
INSURANCE COMPANIES
Q2 2022
Guidance Initiative Purpose and Background
IFRS 17 Transition Readiness Test Tests insurers’ ability to submit IFRS 17 data to OSFI using OSFI regulatory returns and prescribed forms, prior to implementation of IFRS 17.
Revised IFRS 9 and D-5 Guidelines Incorporates consequential amendments to existing guidelines for IFRS 17 implementation.
Q3 2022
Guidance Initiative Purpose and Background
Semi-annual IFRS 17 progress reporting Reflects insurers reporting to OSFI on IFRS 17 implementation progress.
Final Life Insurance Capital Adequacy Test (LICAT), Minimum Capital Test (MCT) and Mortgage Insurer Capital Adequacy Test (MICAT) 2023 Guidelines Finalizes insurance capital guidelines, updated for IFRS 17, effective January 1, 2023.
Q1 2023
Guidance Initiative Purpose and Background
Semi-annual IFRS 17 progress reporting Reflects insurers final reporting to OSFI on IFRS 17 implementation progress.
Consultation on draft methodology for determining capital requirements for Segregated Fund Guarantee (SFG) Risk Releases Quantitative Impact Study (QIS) #6 along with draft Chapter 7 of the LICAT Guideline (i.e., the draft standard approach) and SFG-related regulatory returns.
Discussion paper on liquidity risk for insurers Seeks stakeholder feedback on scope of possible guidance addressing liquidity risk for insurers.

III. Guidance for FRPPs

PRIVATE PENSION PLANS
Q2 2022
Guidance Initiative Purpose and Background
Final instruction guide for authorizing benefit reductions Sets out the factors that OSFI considers with respect to an application seeking the Superintendent’s authorization for a benefit reduction.
Q3 2022
Guidance Initiative Purpose and Background
Final instruction guides for pension plan registrations Establishes OSFI’s expectations related to filing and reporting requirements for defined benefit and defined contribution pension plan registrations.
Q4 2022
Guidance Initiative Purpose and Background
Industry Letter on Pension Plan Investment Risk Management Summarizes feedback received on OSFI’s Pension Plan Investment Risk Management Discussion Paper issued in Q1 2022 and setting out OSFI’s proposal for future investment risk management initiatives.