Office of the Superintendent of Financial Institutions
Culture can influence sound decision-making, prudent risk-taking and effective risk management, which can materially support or weaken the resilience of Federally Regulated Financial Institutions (FRFIs).
Given the contributions culture can have on the safety and soundness of financial institutions and confidence in the broader financial system, the Office of the Superintendent of Financial Institutions (OSFI) expects FRFIs to:
This guideline sets principles-based expectations for FRFIs to oversee their culture and assess the impact of behavioural patterns to effectively manage the associated risks.
‘Culture’ refers to the commonly held values, mindsets, beliefs and assumptions that guide both what is important and how people should behave in an organization. Footnote 1
‘Behavioural patterns’ are also known as ‘behavioural norms’ and refers to behaviours that are common or typical across a group of people.
‘Behaviour risks’ refers to behavioural patterns that are misaligned to the expected behaviours and the desired culture of the FRFI and/or increase financial and non-financial risks.
This Guideline establishes OSFI’s expectations for FRFIs management of culture and behaviour risks to support FRFIs’ risk governance and resilience.
FRFIs should read this Guideline in conjunction with other OSFI guidance; in particular:
OSFI's Culture and Behaviour Risk Guideline is principles-based and outcomes-focused in recognition that every FRFI’s culture is unique. OSFI expects FRFIs to design, govern and manage culture and behaviour in accordance with the FRFI’s size, nature, scope, complexity of operations, strategy, and risk profile.
This guideline presents expected outcomes and principles for FRFIs in their sound management of culture and behaviour risks. This guideline has three sections, one for each outcome and its related principles.
Culture and behaviour risk outcomes:
Outcome 1: Culture and behaviour are designed and governed through clear accountabilities and oversight.
Principle 1: Desired culture and expected behaviours are designed to align with the purpose and strategy of the FRFI and governed through appropriate structures and frameworks.
Senior Management is responsible for the design, implementation and monitoring of FRFI culture.
Please refer to OSFI’s Corporate Governance Guideline for OSFI’s expectations of FRFI Boards of Directors regarding business strategy, risk appetite and operational, business, risk and crisis management policies.
FRFIs should establish appropriate governance structures for overseeing culture and expected behaviours. Governance structures should include clear responsibilities for key roles and functions across all lines of defence in the management of culture and behaviour risks, supported by adequate human and financial resources.
Governance structures should be appropriate and proportional to the size, nature, scope, complexity of operations, strategy, and risk profile of the FRFI. This may include frameworks related to remuneration, ethics and conflict management, performance, talent management, risk and resilience, escalation and whistleblowing among others. Related governance structures, policies and processes should:
OSFI expects FRFIs to define the desired culture needed to achieve its strategy and to manage risks effectively. FRFIs should develop and implement a plan to embed the desired culture across the institution. Definition and development of the desired culture should include:
Outcome 2: Desired culture and expected behaviours are proactively promoted and reinforced.
Many factors shape culture and behaviour, but at a minimum, OSFI expects FRFIs to use leadership, talent and performance management practices, and compensation and incentive plans to promote and/or reinforce their desired culture and expected behaviours.
Principle 2: Leaders, at all levels, consistently promote and reinforce the desired culture and expected behaviours through their words, actions and decisions.
Leaders at all levels play an important role in shaping FRFI culture. Leaders actively shape the culture by what they say and do, and do not say and do. This includes:
Principle 3: Talent and performance management strategies and practices promote and reinforce the desired culture and expected behaviours.
FRFI talent management strategies, processes and practices should consider the desired culture and expected behaviours of the FRFI. Current and future talent needs should be identified and addressed to achieve the FRFI’s strategic objectives and desired culture. In this context, talent management includes recruitment, hiring, onboarding, learning and development, retention and succession.
FRFIs’ performance management strategies, processes and practices should consider the desired culture and expected behaviours of the FRFI. There should be clear, transparent, proportionate and consistently applied consequences for performance including behaviour. In this context, performance management includes goal setting, performance evaluation, promotion, discipline and termination.
Principle 4: Compensation, incentives and rewards promote and reinforce the desired culture and expected behaviours.
Behaviours are influenced by the design and application of compensation frameworks, reward programs and incentive plans, including the way in which compensation and incentives are distributed or adjusted.
FRFIs should design and implement compensation frameworks and incentive plans to encourage expected behaviours and discourage undesired behaviours at all levels, including Senior Management, material risk takers and staff.
Compensation frameworks, reward programs, and incentive plans may include, for example, financial and non-financial awards, performance score cards, informal and formal recognition among others.
FRFIs should ensure that compensation, rewards and incentive practices and decisions, including adjustment decisions:
Outcome 3: Risks emerging from behavioural patterns are identified and proactively managed.
OSFI expects FRFIs to implement mechanisms and techniques to identify, assess and manage risks arising from behavioural patterns that do not align to the desired culture and expected behaviours. Examples of behaviour risks may include complacency, excessive risk taking, poor communication, or a lack of speaking up or raising concerns, among others.
Principle 5: FRFIs proactively monitor for, assess, and act to address risks related to culture and behaviour that may influence their resilience.
Identifying patterns of behaviours is an important way to observe how closely the actual culture of a FRFI is aligned to its desired culture. Some behavioural patterns will support and reinforce the desired culture, while other behavioural patterns may not.
FRFIs should use a range of qualitative and quantitative methods and techniques to identify behavioural patterns that commonly exist across the institution. Methods and techniques may include a combination of informal conversations with employees, surveys, interviews, focus groups, employee related data (for example, turnover and retention rates) and performance indicators, among many others.
Where behavioural patterns are found to reflect the expected behaviours and support the desired culture of the FRFI, these patterns should be encouraged and reinforced.
Where behavioural patterns do not reflect the expected behaviours and support the desired culture of the FRFI, these patterns should be assessed to understand:
The results of the assessment of behavioural patterns should inform any actions taken to effectively manage behaviour risks. Behaviour risks are behavioural patterns that are misaligned to the expected behaviours and the desired culture of the FRFI or increase financial and non-financial risks.
FRFIs should employ a risk-based approach when assessing behaviour risks. Particular attention should, for example, be given to widespread behaviour risks and those that may pose a substantial risk to a specific area of the FRFI or impact their resilience. Reporting on behavioural risks should be consistent with reporting on other risks within the FRFI.
FRFIs should determine what behavioural patterns and associated behaviour risks require a response. Responses could include ongoing monitoring of existing behavioural patterns, actions to modify existing behavioural patterns that pose a risk to the FRFI or reinforcing existing behavioural patterns that support the desired culture.
Decisions to monitor, modify or reinforce existing behavioural patterns should be supported by a rationale. FRFI decisions and actions to modify or reinforce behavioural patterns should also be appropriately tracked and evaluated.
‘Risk culture’ refers to a subset of culture that specifically refers to the commonly held values, attitudes and beliefs about risks and risk-taking within FRFIs. This guideline focusses on FRFI culture more broadly, which encompasses risk culture but is not limited to that scope.
Return to footnote 1