Panel discussion with Tolga Yalkin on the Evolving Regulatory Landscape Facing Credit Unions

Backgrounder - Calgary -

OSFI’s Assistant Superintendent, Regulatory Response Sector, Tolga Yalkin participates in a panel discussion titled “The Evolving Regulatory Landscape Facing Credit Unions” at the Canadian Credit Union Association (CCUA) conference

Regulation is constantly evolving. Can you walk us through your regulatory vision and/or mandate for the near future by sharing where resources are being allocated and what role you believe the regulator can play in credit unions better serving their members?

  • Last June, Parliament expanded our mandate to require us to supervise financial institutions to determine whether they have adequate policies and procedures to protect themselves against threats to their integrity or security, including foreign interference.

  • To support this new mandate, we released the Integrity and Security Guideline in January. It sets out OSFI’s expectations for the policies and procedures that financial institutions employ to protect themselves against these kinds of risks and become more resilient to them. It is available on our website.
  • This guideline reflects a continuation of work we had already been doing when it comes to many non-financial risks that can indirectly impact safety and soundness. This said, it does shift the focus. Now, risks such as those relating to things such as compliance, governance, and data and information, to name just a few, are important in and of themselves.

To what extent does international level activity, policy, and direction play a role in the impact on your decision making around credit unions? Specifically, are there areas we should be paying attention to outside of financial services such as competition law or technology that could have an impact on future decisions and action and how is your organization working within these changes?

  • OSFI takes note of how international standards are being adopted by other jurisdictions, especially those where our financial institutions may be active. When considering how to respond, our job is to look at these standards and ask ourselves what makes sense from a Canadian perspective. In doing this, we consider carefully the risk we think the international standard addresses, but also how it would impact the ability of financial institutions to compete effectively and take reasonable risks.

  • One area outside of financial services that illustrates this is climate risk. Climate change is a risk driver of traditional risks like credit, market, insurance, and operational risk.
    • We contribute to climate work at the international level with many international bodies. For example, we co-lead the NGFS’s supervisory workstream on Transition Plans. This is a rapidly evolving area in financial supervision. The team recently published several reports that outline the complexities involved in transition planning. This work will serve as valuable resources for many regulators across the globe as they work to develop their own transition plan frameworks in their own jurisdictions.
    • We also work with the IAIS on developing standards for scenario analysis, and with the Basel Committee’s Task force on Climate-Related Financial Risks. We hope that this work will be useful to provincial regulators in Canada as they develop their respective frameworks.
    • Guideline B-15 includes the requirement for transition plans. We are the first Canadian financial regulator to require this. Our expectations for transition plans are aligned with the Financial Stability Board’s Task Force on Climate-related Financial Disclosures. Our role in assessing transition plans will be how financial institutions are prudently managing climate-related risks for safety and soundness.
    • We are also consulting on a Standardized Climate Scenario Exercise (SCSE) that aims to increase financial institutions’ understanding of their potential exposures to climate-related risks and build their capacity to conduct climate scenario analysis and risk assessments. As a fully standardized exercise, the SCSE will also give us a comparable quantitative assessment of climate-related risks across FRFIs.

Credit unions operate within a complex risk environment, this includes non-financial risks. Can you describe the importance of building resilience to non-financial risks and how your organization is addressing this or supporting credit unions?

  • Risks that are not directly financial in nature – such as cyber and tech, third party, compliance, culture – have been growing, and we, as a regulator, have been responding. The recent changes to our mandate which I spoke about earlier, broadening it to include integrity and security, reflect a continuation of this trend.

  • Like other non-financial risks, risks to integrity and security, when left unchecked, can threaten the safety and soundness of financial institutions. And, critically, when these risks materialize, the response of financial institutions depends on the maturity of their operational resilience and operational risk management practices, helping them withstand, adapt to, and recover from disruptive events while delivering critical operations.
  • Oversight of financial institutions’ operational resilience and their effectiveness at managing operational risk is central to our prudential mandate. That’s why last October, we published our draft revised Guideline E-21 on Operational Resilience and Operational Risk Management for consultation. This guideline sets out our expectations to help financial institutions prepare for and recover from severe disruptive events. We plan on publishing our final Guideline E-21 this year.
  • This work around Guideline E-21 also supports other important areas of risk management such as Guideline B-13, Technology and Cyber Risk Management, that came into effect January 1 of this year, and Guideline B-10, Third Party Risk Management, that came into effect on May 1. The connections between these different areas is important for financial institutions to carefully consider. For example, they need to prevent against cyber threats, as per Guideline B-13, make sure that the third parties they receive services from are doing so, as per Guideline B-10, and ensure that, should a cyber threat succeed, they have sound business continuity and disaster recovery plans, as per E-21.

We are in an increasingly innovation driven marketplace, with higher levels of data sharing, payment needs, and technologically driven products. How is your organization grappling with all these activities to better support credit unions and their members?

  • Digital products are fundamentally transforming the financial sector, driving both innovation and inefficiency. They facilitate real-time data processing and analytics, offering consumers and financial institutions greater convenience, accessibility, and personalization.

  • The importance of embracing such developments is reflected in the federal government’s newly announced Consumer-Driven Banking Framework, which aims to facilitate a system for secure, consumer-permissioned data sharing between financial institutions and accredited fintech companies.
  • This development and others will continue to shape the financial sector ecosystem for the foreseeable future, and likely with increasing rapidity. While such innovations hold the promise of considerable advantages – like making finance more inclusive and innovative, they also present potential risks that we as a regulator need to be cognizant of.
  • While some aspects of this rapidly evolving area are or will be overseen by regulatory agencies, such as the Financial Consumer Agency of Canada in the context of Consumer-Driven Banking Framework, others, such as crypto-assets, remain relatively unregulated.
  • It is in this context that we need to make sure we are giving effect to our obligation to protect the rights and interests of depositors, policyholders, and creditors of financial institutions, while having due regard to the need to allow financial institutions to compete effectively and take reasonable risks.
  • Given this, we support the principle of “same activity, same risk, same regulation.” As such, it won’t surprise you that we are developing final guidelines on the regulatory capital and liquidity treatment of crypto-asset exposures – one for deposit-taking institutions and another for insurers.
  • We also recently consulted on the public disclosure of crypto-asset exposures by federally regulated financial institutions and this year we will issue draft guidelines for comment. Our intention is to issue the final guidelines on regulatory capital, liquidity, and disclosures together in early 2025.