Office of the Superintendent of Financial Institutions
The Assessment Tool for Operational Risk Capital Data ("AT") sets out OSFI's detailed expectations based on Chapter 3 of the Capital Adequacy Requirements Guideline, OSFI's Data Maintenance Expectations for Institutions using the Basel III Standardized Approach for Operational Risk Capital Data, and the Basel Committee on Banking Supervision's
Principles for Effective Risk Data Aggregation and Risk Reporting.
Together with the Data Maintenance Expectations, the AT aims to ensure that institutions have effective management of current and historical operational risk capital data, which includes both internal operational loss data and the components used to calculate the Business Indicator under the Basel III Standarized Approach for Operational Risk.
All three lines of defence ("LOD") are expected to rate each criterion in the AT using the following rating scale:
Fully Compliant: FRFI is fully compliant with the criterion and can demonstrate adequacy of design and effective functioning.
Substantiallly Compliant: FRFI is largely compliant with the criterion with minor exceptions that can be readily remediated. For areas of compliance, adequacy of design and effective functioning can be demonstrated.
Partially Compliant: FRFI is compliant with some aspects of the criterion and can demonstrate adequacy of design and effective functioning for these apsects; however, significant actions are required to fully meet the criterion.
Non-Compliant: FRFI has not implemented the criterion.
Institutions should provide rationale for the rating and supporting documents where relevant.
Institutions can include any additional comments within the 'Additional Comments' column in the AT along with any relevant supporting documents. Institutions should specify if the comment is being made by thefirst, second or third LOD.
Chapter 3 – Operational Risk - Capital Adequacy Requirements ("CAR").
Data Maintenance Expectations for Institutions Using the Basel III Standardized Approach for Operational Risk Capital Data ("DME").
Basel Committee on Banking Supervision's
Principles for Effective Risk Data Aggregation and Risk Reporting ("RDARR").