Office of the Superintendent of Financial Institutions
On December 15, 2020, the Office of the Superintendent of Financial Institutions (OSFI) concluded a consultation process on its discussion paper,
Developing Financial Sector Resilience in a Digital World that highlighted certain aspects of operational resilience. On May 10, 2021, OSFI subsequently published a summary of next steps in areas related to non-financial risk more broadly.
During that same period, the Basel Committee on Banking Supervision (BCBS) published guidance in March 2021 on operational risk and resilience. As a BCBS member, OSFI participated in work that led to the publication of revised
Principles for the Sound Management of Operational Risk (PSMOR) and new
Principles for Operational Resilience (POR). OSFI believes these principles are broad-based and relevant to risk management at all financial institutions, not just banks. The International Association of Insurance Supervisors has also underscored its commitment to the operational resilience of insurance companies.Footnote 1
The revisions to the PSMOR strengthen BCBS guidance on operational risk management in areas such as risk identification and assessment, change management, and information and communication technology. The POR introduce the concept of operational resilience, which relates to the ability of an entity to deliver critical operations through disruption.
OSFI views operational resilience as an important objective of operational risk management and, as a result, critical for the overall safety and soundness of a financial institution. Operational resilience encompasses a number of risk management practices and capabilities, including:
While OSFI’s existing Guidelines and AdvisoriesFootnote 3 cover many of these areas, there are opportunities to strengthen its guidance expectations in order to enhance operational resilience at FRFIs, including both deposit-taking institutions and insurance companies. As part of implementing any guidance on operational risk and resilience for financial institutions, OSFI will consider whether certain elements of this guidance could also be relevant to federally regulated pension plans.
OSFI is now seeking FRFIs’ views on:
Please submit comments to
Resilience@osfi-bsif.gc.ca by September 10, 2021.
Please see: the IAIS’ upcoming “Supervisory Guidance on Operational Risk and Resilience in the Insurance Sector” in the
2021‑22 IAIS Public Roadmap.
Return to footnote 1
For the purposes of the POR, critical operations include processes, services and their relevant supporting assets the disruption of which would be material to the continued operation of a financial institution or its role in the financial system.
Return to footnote 2
For example, the Corporate Governance Guideline, Guideline B-10 on Outsourcing, Guideline E-21 on Operational Risk Management, and OSFI’s Cyber Security Self-Assessment Tool.
Return to footnote 3