Update to Instructions for Operational Risk Self-Assessment for TSA and AMA Institutions

Publication type
Sound Business and Financial Practices
CAR for TSA and AMA DTIs
Table of contents

To: TSA and AMA Deposit-taking Institutions

As part of OSFI’s approval processes for applicants and users of the Standardized Approach (TSA) and the Advanced Measurement Approach (AMA) for operational risk capital modeling, institutions are required to populate and submit a standard self-assessment based on the minimum criteria defined in OSFI’s Capital Adequacy Requirements (CAR) guideline and the Basel Committee on Banking Supervision (BCBS) 2011 document Principles for the Sound Management of Operational Risk.

On June 29, 2016, the Office of the Superintendent of Financial Institutions (OSFI) issued Guideline E-21 Operational Risk Management which provides OSFI’s expectations regarding the management of operational risk. In support of the guideline, OSFI has created an Operational Risk Self-Assessment template. To avoid duplication, OSFI has revised the TSA & AMA Self-Assessment template to remove criteria already included in the Operational Risk Self-Assessment template. Applicants and users of TSA and AMA are now required to complete the Operational Risk Self-Assessment template and the revised 2017 TSA & AMA Self-Assessment on an ongoing basis as required by OSFI.

Further questions may be directed to Denise.Price-Hoo@osfi-bsif.gc.ca.

Bob Hassan,
Managing Director,
Operational Risk Division

Annex – Revised 2017 TSA & AMA Self-Assessment Template

The self-assessment template sets out the expectations of the requirements for TSA & AMA applicants and users in terms of the minimum criteria as defined in OSFI’s Capital Adequacy Requirements (CAR) guideline as well as BCBS Principles for the Sound Management of Operational Risk. The Template is divided into two worksheets: ORM Practices and AMA Methodology. Details on each of the worksheets are as follows:

Column Heading Definition Drop Down Options
ID Reference number  
Criteria Articulation of the requirement  
Reference Regulatory guidance reference  
Previous SAP Reference Numbering from 2012 AMA & TSA Operational Risk Self-Assessment Template  
Compliance Rating Rating refers to the Federally Regulated Financial Institutions (FRFIs) compliance with OSFI criteria.
  • N/A
  • Full Compliance
  • Substantial Compliance
  • Partial Compliance
  • Non-Compliance
Target Compliance Date Expected date to achieve full compliance status or date full compliance was attained  
Internal Audit (Audit Status) Internal Audit (Audit Status) refers to the independent audit assessment of the FRFIs responses to OSFI criteria.
  • N/A
  • Audit Work Completed
  • Audit Work in Progress
  • No Audit Work Planned
Validation The validation responses reflect the status of work done by the institution’s independent validation function to establish whether the AMA model is sound or whether improvements are required. Validation should encompass both quantitative and qualitative elements, and assess the appropriateness of the risk management processes to ensure that the framework remains ‘fit for purpose’.
  • N/A
  • Validation Work Completed
  • Validation Work in Progress
  • No Validation Work Planned
Comments including Names of Supporting Documents Commentary regarding evidence and supporting documentation.  

A mapping of the 2012 TSA & AMA Self-Assessment Template to the E-21 Self-Assessment template is available on request.