Office of the Superintendent of Financial Institutions
Good morning and Happy New Year.
I am pleased to have the opportunity to speak to you today and thank our hosts for the invitation.
As we begin a new year, the banking industry is operating in an environment that is rapidly evolving and growing in complexity. Advances in technology are changing how banking is done. These advances present both opportunities and challenges.
Some of the challenges related to these innovations include cyber security, third-party risk management and managing models driven by machine learning and artificial intelligence.
In addition to these risks, banks have to manage risks considered more traditional such as credit, market, operational, conduct and culture.
All of this takes place against a backdrop of low rates, a flat yield curve, highly indebted consumers and a protracted benign credit environment that is showing signs of deterioration.
So how does OSFI operate in such an environment?
Our strategic plan guides us; specifically I would point to our vision statement:
Building OSFI for today and tomorrow: preserving confidence, ever vigilant, always improving.
I want to emphasize the
ever vigilant portion. An analogy you might find useful is comparing OSFI to the Scouts. At least twice since our creation in 1987, OSFI has been referred to as being like a “boy scout”. First was during the Latin American debt crisis in the late 80s/early 90s, when OSFI wanted Canadian banks to hold more capital than other jurisdictions. And the same concerns resurfaced about the time of the asset-backed commercial paper situation, when OSFI was again seen as being
too safe when requiring banks to hold additional capital.
For me, the most useful part of the Scout analogy is not the century old motto “Be Prepared,” but rather Scout founder Baden-Powell’s response to the question, “Prepared for what?” His response was, “Why, for any old thing.”
Although no one can predict the future, we know that there will be another period of stress for banks; it may be due to an economic downturn or other causes. We have learned it is too late to begin preparing for a stress event after one begins.
I would like to use our time today to share what OSFI is doing to prepare “for any old thing.”
For OSFI, being ready means having a clear plan and last year we publicly released the
OSFI Strategic Plan for 2019-2022.
The plan sets out a framework for our work; it provides a vision for the future; confirms our purpose and values; and sets clear objectives. It identifies issues and challenges that require a response so OSFI can continue to perform its important role in keeping Canada’s financial system strong and resilient.
The plan has four key goals:
Supporting resilience to financial risks is in goal 1, and the recognition of potential prudential impacts of non-financial risks in goal 2.
Non-financial risks are both broad and deep and often require new measures and tools to address effectively, which leads to goals 3 and 4. Making sure that OSFI remains effective and is more transparent about how we go about meeting our mandate.
Let me spend some time now talking about the key issues under the first two goals of our plan: financial risks and non-financial risks.
For financial risks, capital is the first line of defense. It is the most important tool that banks need to grow as well as to stay in business. OSFI requires domestic systemically important banks (D-SIBs) to hold several capital buffers to guard against risks in the financial system and broader economy. One of these buffers is the Domestic Stability Buffer, or DSB.
You may recall that in December, OSFI set the DSB at 2.25% of total risk-weighted assets, effective April 30, 2020.
The DSB is an important part of OSFI’s capital regime. It fosters confidence and supports resilience by promoting the build-up of capital as vulnerabilities grow and, at the same time, provides a tool for banks to use when risks materialize.
By design, the buffer allows banks to use the capital they have built up in good times when it is most needed—in bad times. This contributes to financial stability and improves banks’ ability to continue to provide loans and services to Canadians during a downturn or a period of stress.
It is important to note that the DSB acts as a buffer against a range of risks to domestic stability—risks that can originate either at home or abroad. International vulnerabilities were an important factor in our decision to increase the DSB last month. Global trade tensions, lower global growth and rising global leverage are all risks that could potentially spill over into the Canadian financial system.
OSFI will continue to set the DSB in a transparent manner to ensure it is widely understood by markets. In doing so, we expect that decisions to decrease or draw on buffers when needed will be seen as normal course, stabilizing actions. Our long-term objective is to ensure the effectiveness of the DSB. In that context, we will review the range of 0 to 2.5% to determine if it is appropriate. As well, we will continue to refine our assessment of vulnerabilities and risks by which we set the buffer.
OSFI will continue closely monitoring growth in areas that contribute to vulnerabilities and will increase its focus on global vulnerabilities that may affect Canadian financial stability.
But being resilient requires more than just a capital buffer.
We are now in year three of IFRS 9. We have experienced a prolonged benign environment with historically low loan loss levels. When the economic and credit cycles change, there is an expectation that loan loss rates will increase. The spirit of IFRS 9 is to recognize losses earlier. It is important that banks take steps to guard against complacency in the economic outlooks that are key inputs to their expected credit loss (ECL) processes.
Banks’ ECL economic forecasts should capture leading economic indicators and ECL processes should be responsive to forward-looking information. In the current economic environment, OSFI expects a prudent bank’s ECL allowance levels to reflect the emerging economic headwinds.
We have seen some banks do this by incorporating the plausibility of an increase in loan losses into their short-term ECL economic forecast. We will continue to monitor the ECL allowance levels and economic inputs and assess the responsiveness of the ECL processes as they mature. In addition, we will be gathering information to understand how the IFRS 9 framework interacts with the regulatory capital framework.
An important element of OSFI’s capital regime is the Basel 3 capital reforms.
In Canada, we have now moved into drafting revisions to the capital adequacy requirements and leverage requirements guidelines. The revisions take into account the Basel 3 changes, an estimated impact of those changes, and what OSFI views as appropriate guidance for the Canadian market.
For credit risk, we are targeting a public consultation this spring, which will include our policy positions on the capital floor, the treatment of credit cards, and the treatment of investor mortgages under the internal ratings-based approach. We expect the changes to be final by the end of this year for implementation in Q1 2022.
Last summer, we released a discussion paper that looked at tailoring capital and liquidity requirements for small and medium-sized deposit-taking institutions (DTIs). This initiative is in support of goal 1 of our strategic plan—to adapt our regulatory approaches to reflect the size, complexity and risk profile of institutions with the goal of improving their preparedness and resilience to financial risks.
The first phase of this initiative focuses on Pillar 1 capital and liquidity requirements, including capital adequacy requirements, leverage requirements and liquidity adequacy requirements. Future phases will extend to other elements of OSFI’s capital and liquidity-related requirements, including Pillar 2 and Pillar 3. We are assessing feedback, and further consultation on the first phase elements will occur early this year. We are aiming to finalize related guidance by the end of the year for implementation in Q1 2022.
This initiative will be among the topics at an upcoming webinar for small and medium-sized banks later this month.
Last year signalled a holistic set of updates to our liquidity-related guidance, both the liquidity adequacy requirements and liquidity principles guidelines, which are now in place.
The liquidity adequacy requirements guideline was revised to focus on recalibrated and more granular run-off rates for less stable retail deposits. In addition, the revisions included the introduction of a second minimum liquidity standard for D-SIBs (the net stable funding ratio) as well as the formalization of the liquidity activity monitor, which is a monitoring tool that provides OSFI with frequent and timely key account balances for liquidity monitoring purposes.
Last month, we finalized a set of revisions to guideline B-6, which sets out OSFI's expectations around the management of liquidity risk for DTIs. Revisions covered institutions’ liquidity risk tolerance, the role of senior management in liquidity risk management, contingency funding plans and stress testing practices.
Finally, yet importantly in this financial risks section, I want to mention housing, in particular OSFI’s mortgage underwriting guideline B-20. An issue that has captured quite a bit of attention in the past couple years.
While much debated, B-20 is much more than simply a mortgage-qualifying rate. It is the result of extensive analysis and lessons learned from the global financial crisis; a careful study of Canada’s mortgage markets; and a detailed look at the underwriting practices at financial institutions.
Guideline B-20 has been effective in improving underwriting standards and consequently the resilience of lenders.
Recently, OSFI has seen a renewed uptick in mortgage credit growth and housing prices in some regions, while the share of new mortgages to highly indebted borrowers has again begun to rise. We are keeping an eye out for effective compliance of the principles and other potential effects like changes in renewal rates, or shifting of products.
In particular, we are advising lenders to closely review combined HELOC-mortgage structures and assess the elevated vulnerability these create. OSFI expects banks’ HELOC account management programs to pay special attention to those re-advanceable portions that are in the higher LTV segments – where current loan-to-values are greater than 65%.
I will stop here, as B-20 will be the subject of an upcoming speech by my colleague Ben Gully at The C.D. Howe Institute later this month.
I will turn now from financial risks and talk a little about non-financial risks and operational resilience, a growing area of concern for everyone.
Financial institutions are expanding their business capabilities through a powerful combination of new technology and rapid digitization. Many of these developments have been outside of the traditional banking institutions, giving rise to new risks. To remain an effective regulator and supervisor in this rapidly developing area, OSFI will need to invest in our people, skills and capabilities.
Seeking insights from key stakeholders on this issue will be an important way to ensure the effectiveness of our technology risk management framework. That is why later this year, we will be issuing a technology risk discussion paper focused on themes like cybersecurity, third-party ecosystem and advanced analytics. This engagement will help inform the development of potentially new or revised regulatory guidance and supervisory expectations.
Perhaps the most visible of the non-financial risks are cyber incidents—information loss or theft that can lead to negative consequences for both consumers and financial institutions.
Our new Technology Risk Division is working on ways to share anonymized threat and incident information through avenues like intelligence bulletins and information sharing sessions at forums such as the Canadian Bankers Association.
While continuing to work within the broader context of the Government of Canada’s overall cyber strategy, OSFI will aim to enhance its capabilities and expectations for technology and cyber risk. OSFI will be working toward a more agile guidance model to keep pace with the ever-changing landscape of technology and cyber. OSFI will begin to develop an intelligence-led approach to help manage and assess both technology and cyber risk at regulated institutions.
And given the increasing number and frequency of data leaks and breaches, OSFI will continue to monitor and measure how banks are responding to authentication concerns across all channels.
More information on these important developments will be coming soon.
OSFI continues to work toward strengthening its understanding of the risks and challenges posed by new technologies. We are putting a lot of emphasis on the use of advanced analytics such as artificial intelligence or “AI”. We recognize the potential of AI applications in customer engagement and marketing, fraud and security, anti-money laundering, risk management and many other areas.
At the same time, AI presents challenges of transparency and explainability, auditability, bias, data quality, representativeness and ongoing data governance. There are challenges in terms of overall model risk management controls such as continuously evolving models and the use of AI in validation. There may also be risks that are not fully understood and limited time would be available to respond if those risks materialize.
Subsequently, within the scope of our mandate, OSFI will continue to evolve and enhance its expectations around model risk management, including developing regulatory expectations around the use of AI tools. To ensure effectiveness, transparency, and most importantly appropriateness and relevancy of supervisory expectations, OSFI is proactively engaging with key stakeholders in this area, including practitioners, academia, third-party providers and other regulators. Moreover, as I mentioned earlier, we will be issuing a technology risk discussion paper in the spring and look forward to comments. Finally, OSFI will continue to pursue its objective of forming a comprehensive view of model risk at the enterprise level.
Culture is a non-traditional risk that is difficult to quantify, qualitative in nature and unique to each financial institution. An organization’s culture can influence the effectiveness of its risk management, potentially leading to excessive risk-taking and negative financial and reputational outcomes.
Recognizing that culture is a key dimension in ensuring effective supervision, OSFI has created a culture and conduct group to identify possible risks facing financial institutions as well as system-wide issues and trends.
The team has done an industry culture scan to see what shapes an institution’s culture, and it has shared its observations and range of practices with the institutions that took part.
We expect that all of these measures will help advance OSFI’s work, including building an assessment framework on culture and conduct. We have no plans to create new guidance at this point and our
Corporate Governance Guideline will continue to serve us in this area.
As I near the end of my remarks, I will briefly touch on goals 3 and 4 of our strategic plan.
Goal 3 has to do with OSFI’s own effectiveness in a rapidly evolving environment. To this end, we are investing in our people, our infrastructure, data management and analytics and data security.
Goal 4 has to do with trust in OSFI. We recognize that old patterns of saying very little about our concerns and our work is not a way to maintain that trust. We need to be more transparent about our work if we want to contribute to the public confidence in the Canadian financial system. An example of increased transparency is the Domestic Stability Buffer. Other examples include the consultative approach on advancing proportionality and the upcoming discussion paper on technology risk.
I should be clear that increased transparency has limits. We are very aware that maintaining the trust that we have earned means keeping a high and rising wall around protected supervisory information. This is, and will remain, a founding principle of our supervisory model.
That brings me to the end of my remarks today. I hope that I have been able to shed more light on OSFI, our priorities, activities and goals. More importantly, I hope I raised issues that will help us all be ready.
No one knows when or where the next crisis or downturn will come from, but by acting prudently now and being ready, OSFI is building a foundation for future financial stability regardless of what lies ahead.
So when I am asked, “What is OSFI prepared for?” my reply is, “Why, for any old (or new) thing”.
Thank you and I would be pleased to answer questions.