Explanation of Terms used in Assessment Criteria

Document Properties

  • Date : July 2002

The purpose of this document is to explain how OSFI intends to interpret the terms used in the Assessment Criteria. Explanations should be read in conjunction with the Supervisory Framework and the Assessment Criteria. 

Adequacy of, appropriateness of, and extent to which

Terms such as “adequacy of”, “appropriateness of” and “extent to which” are used to allow supervisors to scale the Assessment Criteria to the nature, scope, complexity and risk profile of each institution. The terms require supervisors to use sound and informed judgement in applying the criteria to the unique circumstances of each institution. This approach is necessary because the Assessment Criteria, like the Supervisory Framework, are designed to apply to all types and sizes of institutions supervised by OSFI.

Average probability

“Average probability”, with reference to Overall Net Risk, is consistent with what would be expected, on average, at a well-managed institution. This is not a quantitative measure but a supervisor’s assessment of the likelihood of a material adverse impact, derived from an understanding of the institution and its industry.

Communication and disclosure policy

An institution’s “communication and disclosure policy” will usually include a broad framework for managing relations with its stakeholders. The policy would not only address practices related to financial disclosure, but the communication of reportable events as well.

Generally accepted industry practices

The term “generally accepted … practices” is not a reference to codified standards, but to practices observed by OSFI to be in general use at institutions of comparable size and complexity within an industry, and which OSFI considers acceptable (including meeting all legal and regulatory requirements). The sophistication of an institution’s oversight practices will depend on the nature, scope, complexity and risk profile of its activities.

In control

“In control” refers to that state in which an institution is subject to effective corporate governance; is operating within an appropriate control environment, with effective strategic and risk management processes; and has demonstrated the capability and willingness to identify and effectively resolve significant control weaknesses on a timely basis.


“Independence” of a Risk Management Control (Oversight) Function means that the function is not subject to the undue influence of Operational Management in the areas it oversees, nor is it directly involved in the management or execution of the activities in those areas. To be effective, an oversight function needs to be independent of the department, process or activity it is mandated to oversee.

Independent reviews

“Independent reviews” are periodic reviews of Risk Management Control (Oversight) Functions by a person or group independent of the function being reviewed. The need for, and frequency of, these reviews will depend on the size and complexity of an institution and is at the discretion of the institution. The practice is not usually found in smaller institutions, because Senior Management and the Board are normally sufficiently informed to make an independent review unnecessary. Reviews may be carried out internally; e.g., by Internal Audit, or by an outside consultant, depending on the objectives of the review and availability of the required expertise and resources.

Key indicators

“Key indicators” are the benchmarks normally used by institutions and OSFI to measure operating performance. They vary by industry and include such measures as ROE, ROA, ROI, loss ratios, expense or efficiency ratios, and production and retention ratios.


“Materiality” is a measure of the relative significance of an institution’s activities to the attainment of its business objectives. It is multidimensional, prospective and considers both qualitative and quantitative factors. Sound and informed judgement is critical in the determination of materiality.

Normal adverse conditions

Most Supervisory Framework assessments are qualitative assessments based on informed judgement by supervisors. These assessments take into account the economic environment, conditions in the industry and the specific context of an institution. Normal implies “usual”, i.e., what is expected.


The term “policy” refers to the guiding principles by which an institution conducts its activities. An institution’s regular or usual practices are a manifestation of these principles, whether written or unwritten.

Senior management

Senior Management would include those individuals responsible for overseeing the effective management of the institution’s operations. They frequently have policy-making responsibilities. Because the Supervisory Framework and Assessment Criteria are applicable to institutions of all types and sizes, the number and titles of Senior Management will vary based on the size and complexity of an institution and how it is organized.

Significant activities

As noted in the Supervisory Framework, “Significant Activities” are activities that are material to an institution’s operations and/or strategies, and can be lines of business, business units, or other institution-wide processes such as treasury operations or information technology. OSFI will generally group an institution’s activities in a manner that is consistent with the way in which the institution is structured and managed.

Substantially mitigate

The term “Substantially mitigate”, as used in the definition of Overall Net Risk, means that an institution’s risk management is sufficiently effective that the probability of a material adverse impact on its Capital and Earnings is expected to be lower than average.

Target levels

“Target levels” of regulatory capital refers to OSFI’s expected level of capital for a particular type of institution or for a particular institution.

What is considered necessary

“What is considered necessary” is assessed in relation to each institution’s risk profile, in the context of its safety and soundness.