Guideline E-21– Operational Risk Self-Assessment Template

Publication type
Sound Business and Financial Practices
Foreign Bank Branches,
Life Insurance and Fraternal Companies,
Property and Casualty Companies,
Trust and Loan Companies
Table of contents

To: Federally Regulated Financial Institutions (FRFIs)

The Office of the Superintendent of Financial Institutions (OSFI) issued its Operational Risk Management guideline (Guideline) on June 29, 2016, providing OSFI’s expectations regarding the management of operational risk. Full implementation of the principles within the guideline is expected by June 2017.

OSFI recognizes that many FRFIs may have already conducted, or may be in the process of conducting an assessment of their current practices. With this in mind, OSFI believes that they could benefit from guidance in conducting a self-assessment against the principles contained within Guideline.

FRFIs may use this template to assess their practices against the principles outlined in the Guideline as well as to highlight additional practices, such as those noted within Annex 1 of the Guideline. FRFIs are also reminded to review Annex 2 of the Guideline for the list of related guidance when assessing their practices. OSFI may request FRFIs to complete the template during future supervisory assessments.

Further questions may be directed to the Operational Risk Division at

Bob Hassan,
Managing Director,
Operational Risk Division

Annex – Operational Risk Self-Assessment Template for FRFIs

The self-assessment template sets out the expectations of the Guideline with a tab for each of the four principles. Each tab is split into two parts; (1) the criteria that demonstrate achievement of the principle, and (2) Annex 1 - practices for consideration. Columns have been included to encourage FRFIs to document the date full compliance was (or will be) attained, the rationale for each rating and areas for improvement.

For each principle, FRFIs are encouraged to rate their current degree of compliance and provide a rationale within the comments section. Definitions of each of the ratings are provided below:

Self-Assessment Rating Definition
Full Compliance The FRFI is entirely in accordance with the criterion and its implementation is effective.
Substantial Compliance The FRFI is to a large extent in accordance with the criterion, the spirit of which is followed in practice.
Partial Compliance Some aspects or parts of the criterion are met while others are not.
Non-Compliance The FRFI fails to comply with the criterion.

Items included under Annex 1 are not exhaustive and are included as examples of leading industry practices to enhance or improve operational risk management. Definitions of the ratings for the state of each of the noted practices are as follows:

FRFI Implementation Phase Definition
Implemented The FRFI has implemented the practice and its implementation is effective and sustained.
Planned to be Implemented The FRFI plans to implement the practice; the FRFI is either in the process of implementation or has a defined plan and timeframe for implementation.
Not Implemented The FRFI has neither implemented the practice nor plans to do so.

FRFIs may have other practices they wish to highlight in addition to those included on the template; therefore, an “Additional practices” space has been included to allow for description of these practices.