Final Corporate Governance Guideline – Letter (2018)

Publication type
Foreign Bank Branches,
Life Insurance and Fraternal Companies,
Property and Casualty Companies,
Trust and Loan Companies
Table of contents

To: Federally-Regulated Financial Institutions (FRFIs)

OSFI is issuing the final version of the Corporate Governance Guideline (CGG).

The revised CGG is more principles-based and places greater focus on Board effectiveness. It provides Boards of Directors with greater discretion as to how they meet OSFI’s corporate governance expectations.

The revised CGG contains clear principles that replace OSFI’s Board expectations contained in risk management and capital guidelines and advisories. As a result, OSFI is reissuing these other guidance documents with their respective Board requirements removed. The revised guidelines and advisories have been posted to OSFI’s website.

OSFI has also rescinded the Advisory – Changes to the Membership of the Board and Senior Management, and revised its Assessment Criteria to align with the revised CGG.

The CGG does not apply to the Canadian branch operations of foreign financial institutions, and OSFI’s expectations for oversight of these operations remains unchanged. However, OSFI plans to review and amend guidelines E-4A Role of the Chief Agent & Record Keeping Requirements and E-4B Role of the Principal Officer & Record Keeping Requirements in the near future.

OSFI thanks those who provided comments on the draft version of the CGG published in November 2017. The annex to this letter summarizes the material comments provided and OSFI’s response.

Questions may be directed to Vlasios Melessanakis, Director, Prudential Policy at or by telephone at (613) 998-5478. OSFI will be conducting information seminars for FRFI directors and corporate secretaries in fall 2018. Details will follow. 

Carolyn Rogers
Assistant Superintendent
Regulation Sector

Annex – Summary of Public Consultation Comments and OSFI Responses

Industry Comments OSFI Response
Purpose and Scope of the Guideline

Industry members requested that OSFI define certain terms (i.e., Senior Management, Operational Management, and Oversight Functions) directly in the CGG. Respondents also requested that if there are references that should refer to the full Board, that these be explicit in the CGG.

FRFIs should continue to rely on OSFI’s Supervisory Framework for these definitions; however, the final CGG includes minor revisions to ensure clarity:

  • The guideline specifies that the Oversight Functions include Financial, Risk Management, Compliance, Internal Audit, and Actuarial.
  • The description of Senior Management has been refined to ensure permissive and flexible language.
The CGG does not prescribe which responsibilities should be fulfilled by the full Board (vs. a Committee) as this may depend on the size, nature and complexity of the institution. A footnote that stated the term “Board” could refer to the entire Board or a committee of the Board has been removed from the final CGG.
Board of Directors

Respondents viewed the footnote suggesting COSO as a general reference for effective Internal Control Frameworks as problematic, particularly for smaller, less complex institutions.

OSFI recognizes that there may be other suitable options depending on the size, nature and complexity of the institution. Accordingly, this footnote has been removed from the final CGG. 

Some respondents expressed concern regarding the need for the Oversight Functions to be independent from operational management, as well as the appropriateness of a direct reporting line.

OSFI expects the Oversight Functions to remain independent from operational management. The final CGG specifies a functional reporting line rather than a direct one.

Respondents noted that the references to “practices and procedures” within the Boards of Subsidiaries or with FRFI Subsidiaries sub-section went beyond the scope of reasonable Board involvement. Furthermore, respondents remarked that qualifying language (i.e. “that govern strategy, risk oversight, and controls”) was too restrictive.

The references to “practices and procedures” and “strategy, risk oversight, and controls” have been removed from this section of the final CGG, to ensure the language remains flexible and permissive.

Several respondents requested clarity regarding Board independence. One respondent also indicated that ‘tenure’ should not be part of the director independence policy.

In keeping with a principles and outcomes-based approach, the final CGG does not define independence. OSFI will hold industry information sessions to provide additional guidance regarding supervisory expectations in this area.

OSFI maintains that tenure should be a consideration in the FRFI’s director independence policy.

Risk Governance

An industry member suggested incorporating the notion of “risk profile” in relation to the Risk Appetite Framework.

The final CGG recognizes that the Risk Appetite Framework should take into account the FRFI’s risk profile. It also notes that the FRFI should be satisfied, on an ongoing basis, that the Risk Appetite Framework remains appropriate relative to its risk profile, long-term strategic plan and operating environment.

One respondent indicated that the CRO should not be treated differently with regards to compensation.

The CRO’s independence from the FRFI’s business operations is vital. OSFI maintains that the CRO’s compensation should not be linked to the performance (e.g. revenue generation) of specific business lines of the FRFI.

One respondent suggested that in cases where executives have dual roles, those roles must not compromise the independence required of the CRO.

Footnote 15 has been expanded to clarify that the independence of the CRO must not compromised if the CRO fulfills dual roles.
The Role of the Audit Committee

There were a number of suggestions to refine the AC section, notably:

  • Recognizing the need for an integrated audit approach between subsidiaries and parents;
  • Specifying in camera AC meetings with relevant parties; and
  • Clarifying the role of the AC vis-à-vis the Board.

OSFI maintains that subsidiaries and parents should have the flexibility to determine their audit requirements, provided they comply with the requirements under the Boards of Subsidiaries or with FRFI Subsidiaries sub-section.

The final CGG largely adopts the other revisions to clarify the role of the AC vis-à-vis the Board. It also specifies that the AC should meet with the external auditor, the CIA and other heads of the Oversight Functions, as appropriate, with and without the CEO or other members of Senior Management present.
Supervision of FRFIs
The industry requested clarity on how assessments will be undertaken and, specifically, further details on the evaluation criteria to assess the Board’s behaviour and effectiveness. OSFI will hold industry information sessions in order to provide clarity in this regard.
Industry asked to review the revised capital and risk management guidance, and to learn how the review of the CGG will influence E-4A revisions.  OSFI held targeted consultations with industry groups on the proposed amendments to capital and risk management guidance.
Respondents requested clarity on a number of terms such as “culture”, “oversee”, “challenge, advice, and guidance”, “satisfied”, “sufficient stature and authority”, “adopt”, “diversity”, and “small, less complex”.

In keeping with a principles and outcomes-based approach, the final CGG does not define these terms to ensure flexibility and avoid prescription.

OSFI will provide industry information sessions to provide additional guidance regarding supervisory expectations in these areas.

Many respondents provided a number of proposed edits for consistency, clarity, and completeness. The final guideline incorporates the majority of these proposals, except in cases where edits resulted in added prescription or were not consistent with the approach.