Audit of Supervision Insurance - Management Action Plans

Publication type
Audit
Date

Management response to the Audit

The recommendations from the 2024 Audit of Supervision Insurance Management Audit Report have been accepted and the MAP below reflects how these will be addressed.

Recommendation #1 (Medium Risk)

The SMSC team should continue its update to and centralization of guidance and tools, including examples for non-financial risks and risk assessments, where needed, for the smaller insurance institutions.

Planned actions to support the recommendation

  • Milestone 1: Supervision Institute will create a topic page on the Supervision Institute portal to provide supervisors with centralized access to intervention-related guides, tools, and procedures.
  • Milestone 2: Supervision Institute will enhance search functionality in the Supervision Institute portal to support more convenient access to existing guidance and tools.
  • Milestone 3: As part of the ongoing build out SMSC will work with relevant non-financial risk subject matter experts to create an additional guide or tool this fiscal year to support supervisors in the assessment of non-financial risks.

Target milestone completion

  • Milestone 1: Q2 2025-26
  • Milestone 2: Q3 2025-26
  • Milestone 3: Q4 2025-26

Accountability

  • Senior Director, Supervision Institute, Valérie Bournival

Target overall completion

  • Q4 2025-26

Recommendation #2 (Medium Risk)

Through future annual supervisory letter cycles, management should perform a strategic and risk-based review of all existing ‘1’ rated institutions to ensure support and consistency of these risk assessments. In addition, management should continue to exercise risk-based oversight to ensure that rating rationales across the Tier 2-5 insurance portfolios are adequately supported and are consistent.

Planned actions to support the recommendation

Review of existing “1’s” in the scorecard pillars:

  • Milestone 1: Financial resilience
    • Investments analytic review
    • Credit analytic review
    • Capital adequacy analytic review
    • Liquidity adequacy analytic review
    • Liquidity management analytic review
    • ALM analytic review
    • Update ratings and rationale
  • Milestone 2: Operational resilience
    • Pilot of a new cyber/technology assessment tool (T-SAT) for lead supervisors
    • Leverage risk-registry tool for applicable insurers
    • Supervisory planning to consider technology and cyber risk priority reviews
  • Milestone 3: Risk governance
    • Thematic monitoring of internal audit
    • Compliance thematic review of 8 tier 2 to 4 insurers
    • Horizontal review of risk governance across tier 2- 5 insurers
    • Update ratings and rationales

Target milestone completion

  • Milestone 1: Q2 2026-27
  • Milestone 2: Q1 2026-27
  • Milestone 3: Q4 2025-26

Accountability

  • Senior Director, Insurance, Darrell Leadbetter

Target overall completion

  • Q2 2026-27

Recommendation #3 (Medium Risk)

SMSC, in consultation with senior leadership, should continue to define the relevant contributors and sources of inputs and how they will be used to support supervisory assessment work, ratings, and recommendations on an ongoing basis.

Planned actions to support the recommendation

As highlighted in the finding, we updated the Monitoring Standard in April 2025 to identify relevant contributors and outline how their inputs will be used in risk assessments. We will update the standard when needed to reflect other input sources. Specifically, given the observations raised, we will do the following:

  • Milestone 1: Contingent to the anti-money laundering (AML) support model that is being developed by a team led by Risk, Strategy and Policy and Integrity, National Security and Integrated Solutions, SMSC will update methodology items to reflect the new model and support the risk assessment of integrity and security themes.
  • Milestone 2: Supervision Institute will deliver awareness / learning activities for supervisors about the new methodology items.

Target milestone completion

  • Milestone 1: Q1 2026-27
  • Milestone 2: Q2 2026-27

Accountability

  • Valérie Bournival

Target overall completion

  • Q2 2026-27

Recommendation #4 (Medium Risk)

Supervision Central Office (SCO), in collaboration with Supervision Methods Standards & Controls (SMSC) and management, should develop supplementary metrics to monitor changes to target dates for completion of an institution’s action items.

Planned actions to support the recommendation

SCO in collaboration with SMSC will develop a systematic process and reporting to monitor changes to the target dates for completion of remediation actions at the individual institution level:

  • Milestone 1: SCO will consult with SMSC to develop supplementary metrics to monitor changes to target dates for completion of institution action items
  • Milestone 2: SMSC will implement changes in Vu to lock original target dates and be able to monitor changes to revised target dates at the institution level
  • Milestone 3: SCO will conduct business user testing to ensure it meets the desired output to produce detailed reporting by institution
  • Milestone 4: SCO will implement changes in their tracking and reporting files and SMSC will develop new dashboard metrics/thresholds for tracking and reporting to management
  • Milestone 5: SCO will discuss changes, new metrics and dashboard reporting with SLT and SMT
  • Milestone 6: SI to communicate change to supervisors

Interim measures to address this risk: Existing reporting on action items is available to all supervisors and managers with SCO manually assessing the changes to target dates at the institution level with consolidated level reporting quarterly to Supervision Committee.

Target milestone completion

  • Milestone 1: Q1 2025-26
  • Milestone 2: Q1 2025-26
  • Milestone 3: Q2 2025-26
  • Milestone 4: Q2 2025-26
  • Milestone 5: Q2 2025-26
  • Milestone 6: Q3 2025-26

Accountability

  • Dennis van Welie, Managing Director SQAD and William Burn, Managing Director SMSC

Target overall completion

  • Q3 2025-26

Recommendation #5 (Medium Risk)

SMSC should develop and implement a tool to support the oversight and monitoring of user access to confidential and sensitive data in Vu.

Planned actions to support the recommendation

  • Milestone 1: SMSC will implement changes to Vu to add an audit history to isolation pods, recording changes to pod membership
  • Milestone 2:  SMSC will explore the feasibility of tools for lead supervisors to be alerted to changes to isolation pod membership when they occur
  • Milestone 3: SMSC will create a process for the regular attestation by lead supervisors of the appropriateness of isolation pod membership
  • Milestone 4: SMSC will communicate with supervisors about expectations relating to isolation pods and add related content to the Supervision Institute portal

Target milestone completion

  • Milestone 1: Q1 2025-26
  • Milestone 2: Q3 2025-26
  • Milestone 3: Q3 2025-26
  • Milestone 4: Q4 2025-26

Accountability

  • Will Burn

Target overall completion

  • Q4 2025-2026

Recommendation #6 (Low Risk)

SMSC should continue to coordinate the relevant risk register inputs to the PASS planning tool.

Planned actions to support the recommendation

  • Milestone 1: SMSC will work with the Risk Assessment and Intervention Hub to establish a process to update PASS when the insurance risk register changes
  • Milestone 2: SMSC will update PASS with the latest risk register ahead of the 2026-27 planning cycle

Target milestone completion

  • Milestone 1: Q2 2025-26
  • Milestone 2: Q2 2025-26

Accountability

  • Will Burn

Target overall completion

  • Q2 2025-26
Report a problem or mistake on this page
Please select all that apply:
Date modified: