Background Checks on Directors and Senior Management of FREs – Guideline (2008)
Table of contents
I. Statement of Regulatory Principles
This Guideline builds upon the following:
Regulatory System: The federal prudential regulatory system is based on a tripartite division of responsibilities involving:
- The Federally Regulated Entity's (FRE) management and oversight processes;
- The use of independent external reviewers (i.e. the external auditor, and in the case of insurance companies, the appointed actuary); and
- Monitoring and supervision by OSFI.
The primary responsibility for ensuring FREs are soundly managed and directed rests with the board of directors and senior management of the FRE. Accordingly, the suitability and integrity of senior management and members of boards of directors pose an important concern for the FRE and OSFI, as the safety, soundness and reputation of an FRE can be negatively affected by the actions of these individuals.
Supervisory Approach: While OSFI assesses competence and experience of proposed directors and senior officers and verifies criminal records at incorporation
II. Application of Guideline
This Guideline outlines a number of principles to assist FREs in establishing policies and procedures regarding the conduct of assessments of their Responsible Persons and indicates areas that OSFI may focus on during supervisory reviews.
The Guideline recognizes that aspects of these assessments that address the suitability of a person, such as expertise, require assessment only upon initial appointment whereas regular assessments would focus on particulars that can change over time – for example, legal proceedings against an individual or changes in professional qualifications.
While FREs already have various policies and procedures in place to regularly assess the suitability and integrity of Responsible Persons to satisfy their own internal requirements (e.g., hiring policies or code of conduct) or to satisfy other statutory
This Guideline should be considered prudent practices or standards that can be considered by all FREs in developing their own practices and procedures.
Individual FREs can adopt different approaches that suit their circumstances with respect to conducting assessments of their Responsible Persons having regard to their nature of business, size, complexity, geographic location(s), risk profile, structure and ownership. The supervisory process takes this into consideration in the evaluation of individual FREs.
1. Federally Regulated Entity (FRE)
For the purposes of this Guideline, an FRE is defined as:
- a bank to which the Bank Act applies;
- a body corporate to which the Trust and Loan Companies Act applies;
- an association to which the Cooperative Credit Associations Act applies or a central cooperative credit society for which an order has been made under subsection 473(1) of that Act;
- an insurance company or a fraternal benefit society incorporated, formed or continued under the Insurance Companies Act, the order of which is not restricted to the servicing of existing policies;
- a bank holding company incorporated or formed under Part XV of the Bank Act;
- an insurance holding company incorporated or formed under Part XVII of the Insurance Companies Act;
- the Canadian branch of a foreign bank in respect of which an order under subsection 524(1) of the Bank Act has been made;
- the Canadian branch of a foreign company in respect of which an order under Section 574 of the Insurance Companies Act has been made, which order is not restricted to the servicing of existing policies.
2. Responsible Person
For the purposes of this Guideline, a Responsible Person is defined as:
- a director;
- senior management, i.e., any person who the FRE determines plays a significant role in the management of the FRE. This could include the chief executive officer, chief financial officer and any other officer who has a functional reporting line directly to the board of directors or chief executive officer; and
- Branch management in the case of foreign entities operating in Canada on a branch basis.
<p>Refer to <a href="/node/617">Guideline E-4 <cite>Foreign Entities Operating in Canada on a Branch Basis</cite></a>.</p>
IV. Assessment Policy
OSFI expects every FRE to have a written policy regarding the performance of assessments of the suitability and integrity of its Responsible Persons (Assessment Policy).
FREs belonging to the same corporate group may have one umbrella Assessment Policy for the entire group.
OSFI expects that the senior management of banks, insurance companies, bank holding companies, insurance holding companies, trust and loan companies, co-operative credit associations and retail associations will approve these entities' Assessment Policy (and any material amendments thereto). Branch management should approve or be aware of the Assessment Policy (and any material amendments thereto) in the case of branches.
OSFI expects that this Assessment Policy will consider the following matters in a way that prudently minimises the risks that persons who are not suitable or do not possess the required integrity do not hold Responsible Person positions:
a) Identification of the Responsible Persons subject to Assessments
All FREs are expected to identify as Responsible Persons individuals who play a significant role in the management of the FRE. OSFI expects that senior management will approve the list of Responsible Persons subject to the assessments.
Where employment contracts are in place that preclude the FRE from assessing Responsible Persons appointed to their positions prior to the coming into force of this Guideline, such Responsible Persons can be exempted from assessments until a notice of change of contract can be provided, their employment contract is renewed or their responsibilities change.
Only one assessment is necessary in respect of Responsible Persons identified as being a Responsible Person in more than one FRE of the same corporate group. Senior management may choose not to apply the provisions of this Guideline to individuals in an FRE subsidiary of a larger FRE in a corporate group where the management of the FRE subsidiary is directed by Responsible Persons of the larger FRE in the control chain.
Please refer to OSFI's Corporate Governance Guideline for OSFI's expectations of FRE Boards of Directors in regards to operational, business, risk and crisis management policies.
b) Timing of the Assessments
OSFI expects the Assessment Policy would require an assessment to be conducted before a person is appointed to a Responsible Person position unless it would be imprudent to delay the appointment. In such cases, the assessment would occur as soon as practicable and in any event within a number of days specified in the Assessment Policy. The initial assessment would address all aspects of the assessment including aspects that are not subject to change as well as those that can change over time.
After the initial appointment, updated assessments of each Responsible Person would be conducted at intervals specified in the Assessment Policy, which should be no longer than five years. Updated assessments can focus only on aspects that can change over time. FREs can rely on attestations from Responsible Persons to conduct update assessments. However, FREs areexpected to independently verify Responsible Persons' criminal records at least every seven years. Assessments should be undertaken between intervals if the FRE acquires knowledge of material adverse information about a Responsible Person.
c) Key Practices
OSFI expects that the Assessment Policy will indicate the key practices that will be followed by the FRE in implementing the principles of this Guideline, including the key practices relating to the FRE's decision-making process (discussed in greater detail in Part V c) below). For example, the Assessment Policy could set out when and how the Assessment Policy will be disclosed to Responsible Persons and candidates for Responsible Person positions. OSFI also expects the Assessment Policy to set out practices that will be followed if the FRE concludes a Responsible Person is not suitable or does not possess the required integrity, such as when and how the decision will be escalated through the organization, how and when the Responsible Person will be notified of adverse information as well as the steps that will be taken to remove a Responsible Person. FREs should ensure their practices comply with all applicable legal requirements, including privacy and employment laws.
V. Assessment Procedures
FREs are expected to have written internal procedures outlining how the Assessment Policy will be implemented.
Where assessment procedures similar to those described in this Guideline are already in place within an FRE to satisfy its internal policies (e.g., hiring or code of conduct) or to satisfy other regulatory requirements (e.g., public listing requirements), FREs can refer to the procedures used to meet the other requirements. Each FRE will implement its own procedures taking into account its nature, size, complexity and risk profile. FREs that belong to the same corporate group may appoint one FRE member of the group to implement the Assessment Procedures in respect of every FRE in the group.
The Assessment Procedures would consider the following matters:
a) Persons or Groups that will Conduct Assessments
FREs can assign the responsibility for conducting assessments of each Responsible Person to any person or group within the organization. OSFI expects the Assessment Policy to be implemented by appropriately qualified individuals and that procedures exist to allow such individuals to escalate concerns about findings in respect of a Responsible Person or the conduct of assessments.
Some branches may not have sufficient staff complement to implement this Guideline entirely within the branch. Accordingly, it may be inappropriate to apply the specific provisions of this Guideline directly to certain branches. Implementation of the Guideline in certain branches may require the branch to enter into arrangements with the home office (for example, conducting assessments of the chief agent or principal officer).
FREs can assign responsibility for various facets of the assessments to different groups in the FRE. FREs can outsource some of the functions related to conducting assessments, but OSFI expects that an appropriate person within the FRE will make the ultimate determination about whether a Responsible Person possesses the required suitability and integrity. Any outsourcing should comply with OSFI Guideline B-10 - Outsourcing of Business Activities, Functions and Processes and all privacy laws, as applicable.
b) Information that will be Obtained
In their Assessment Procedures, FREs can identify the information they will obtain to assess the suitability and integrity of their Responsible Persons, upon initial appointment of the Responsible Persons to their positions and during subsequent update assessments.
FREs that have procedures in place to comply with other regulatory requirements relative to suitability and integrity (e.g., requirements related to listing or securities regulations such as Ontario Securities Commission Rule 41-501 and/or National Instrument 44-101, National Policy 58-201, National Instrument 51-102 and National Instrument 52-110), can reference the procedures in place to meet these other requirements. FREs that have procedures in place to meet these requirements will be viewed as meeting the requirements of this section of the Guideline.
When a Responsible Person is first appointed to his or her position, FREs would obtain sufficient information to allow them to conclude that the Responsible Person possesses the suitability and integrity to perform properly the duties of the Responsible Person position. Such information could include:
- Criminal records;
- Records of securities-related sanctions or disciplinary actions by a professional regulatory body;
- Evidence that the Responsible Person possesses the required education, skills, professional qualifications and experience;
- Attestation that the Responsible Person has not been held liable in a civil proceeding in connection with financial or business misconduct, fraud or mismanagement of an entity; and
- Attestation that the Responsible Person has no conflicts of interests that could create a material risk that he or she will be unable to discharge the duties of the Responsible Person with integrity and in the best interests of the FRE.
When conducting assessments at initial appointment, FREs are expected to verify information using searches of databases and information made available by third parties when such independent sources are available. Each FRE should determine in which jurisdictions and how far back verifications should be conducted, based on the Responsible Person's history and circumstances. While attestations from Responsible Persons about certain aspects of the assessments, such as civil proceedings, are sufficient to meet the expectations of the Guideline, OSFI encourages FREs to conduct their own independent verifications, if they have grounds to believe that an attestation is insufficient or inaccurate.
Subsequent to the initial appointment, the frequency at which verifications are updated would reflect the specific circumstances of each FRE and of each Responsible Person. Updates of assessments can focus only on particulars that can change over time, such as:
- Criminal convictions, regulatory or civil proceedings against the Responsible Person;
- Changes in status in professional organizations; and
- New or changes in conflicts of interest.
In update assessments, FREs can rely on an attestation of the facts from Responsible Persons for all aspects of the assessment. In addition, FREs are expected to independently verify a Responsible Person's criminal record at intervals specified in the Assessment Policy.
c) Decision-making Process
FREs should document the decision-making process they will follow when an adverse finding is made with respect to a Responsible Person. For example, each FRE can set its own threshold about the type of adverse information it would consider material and the type of information it would gather to follow-up on the adverse information, including mitigating factors or circumstances. The decision-making process can be tailored to the unique circumstances of each individual FRE.
An adverse finding would not necessarily render a person unsuitable to hold a Responsible Person position. Each finding should be considered in relation to all surrounding circumstances (e.g. seriousness of the incident or time elapsed since incident). OSFI expects FREs to use judgement and to weigh the findings on each factor, including the materiality of the adverse information and the relevance of the factor to the Responsible Person's duties.
A Responsible Person may be found unsuitable for a particular Responsible Person position because of a lack of qualifications for that position or because of a conflict of interest related to the duties of that position. In that case, the Responsible Person may still be suitable for another Responsible Person position. The FRE may also redefine the duties associated with a Responsible Person position. Each FRE must determine whether a negative finding about a Responsible Person permanently disqualifies that person (for example, absent legislative or other requirements to the contrary, whether a Responsible Person who has been suspended by a professional association can remain in the position after serving the suspension). However, where a Responsible Person is found to lack integrity because of negative findings related to the Responsible Person's character or honesty (for example, conviction for offences relating to money laundering or fraud), that Responsible Person will normally not be suitable for any Responsible Person position.
OSFI expects that persons who do not possess the required suitability and integrity for a particular Responsible Person position will not be appointed to that position. OSFI and FREs may disagree about whether a Responsible Person is suitable or possesses the required integrity. OSFI will work with the FRE to address areas of concern. However, if OSFI determines that an FRE has taken insufficient action to resolve a situation OSFI deems to be of material risk, it has legislative authority to take remedial action
VI. Role of Senior Management
It is expected that senior management will:
- approve the Assessment Policy and significant amendments thereto;
- where it is inappropriate for another person in the FRE to make the determination, determine whether a Responsible Person is suitable or possesses sufficient integrity and, if not, ensure such persons do not hold Responsible Person positions. If the Responsible Person is not removed, ensure adequate measures are taken to manage the risk arising from misconduct or mismanagement, such as redefining the responsibilities of the position or removing a conflict that applies to the duties of that position; and
- elevate concerns to the Board regarding the suitability and integrity of a Responsible Person or regarding the manner in which the Assessment Policy is implemented.
Consistent with OSFI's Corporate Governance Guideline, OSFI recognizes that branches do not have Boards of directors and accordingly it would be inappropriate to apply the requirements of this Guideline directly to branch operations. OSFI looks to branch management to oversee the operations of the branch, including matters of corporate governance. As noted in Part V a) of this Guideline, implementation of this Guideline may require branches to enter into arrangements with the home office.
In respect of the obligations in this guideline, FREs belonging to the same corporate group may appoint senior management of one FRE in the group to discharge the obligations of the senior management of all FREs in the group.
VII. Providing Information to OSFI
FREs are not required to provide their Assessment Policy or Assessment Procedures to OSFI on a regular basis. However, OSFI expects that the Assessment Policies, Assessment Procedures and information about assessments conducted in respect of each Responsible Person will be retained by the FRE for a reasonable length of time specified in the Assessment Policy and that such information will be readily available for examination by OSFI upon request. As part of its regular supervisory practices, OSFI may periodically, where warranted, verify the assessments conducted by the FRE in accordance with its risk-based supervisory approach.
OSFI looks not only for evidence that FREs have appropriate policies and processes in place but also for indicators that these policies and processes are understood, are being followed and that, as a result, they are effective.