How we supervise financial institutions

Our supervisory process

In the following sections, we describe the main elements in our supervisory process:

  • the work we do to identify risks at institutions
  • how we assess risks and assign ratings
  • our response to risks and the monitoring of remediation activity
  • how we report the results of our supervisory work

Risk identification

Factoring in size, complexity, and potential system impact

We’re guided by our risk appetite in terms of the supervisory work that we carry out. We recognize that it is not cost-effective or realistic for us to intervene on all risks facing institutions. We have a high appetite for early corrective action to address risks that could jeopardize the public’s confidence in the Canadian financial system.

The type of supervisory work that we do to identify risks considers an institution’s size, complexity, and potential impact on the financial system. This is reflected in an institution’s Tier Rating.

Risk identification starts with data analytics. For larger institutions, our work also includes more frequent supervisory reviews and discussions with management teams and boards of directors.

Analyzing risk trends in a broader context

The risks facing financial institutions are more volatile, complex, and interconnected than ever before. These broader risks set the context for our supervision of individual institutions.

We scan the environment for emerging risks and other relevant trends. This work draws on stress testing and advanced analytics. By thinking about broader trends, we are better positioned to respond quickly to risks that emerge.

We share our view of the most significant risks facing the financial system in our published risk outlooks. We use these publications to explain the high level supervisory and regulatory actions we take in response to risks.

Leveraging data and analytics

Good data is essential to effective supervision. We use data analytics to generate insights and timely signals of changes in risk level. Metrics derived from regulatory returns and other sources provide a consistent starting point for supervisory judgment. We expect advanced data analytics will continue to lead to new supervisory capabilities.

Risk assessment

An institution’s risk rating reflects our view of risk to viability

The Overall Risk Rating (ORR) reflects the level of risk to the viability of a financial institution and has a 1 to 8 scale (ORR scale).

Our ratings reflect issues that we want an institution to address. We follow a structured approach in assessing risk and use our judgment to assign ratings, supported by data and other evidence.

We monitor risk ratings on an ongoing basis and update them when necessary.

An institution’s ORR and its Tier drive the intensity of our supervisory activity.

Our assessment highlights the main sources of risk for an institution

An institution’s ORR considers these categories:

  • business risk
  • financial resilience
  • operational resilience
  • risk governance

You can read more about each category in the section on ORR categories.

We do not expect perfection for the strongest ratings

We assign an ORR of 1 when no significant issues are identified. Issues could come up, but we have confidence in the institution’s ability to manage them. As a result, there is a minimal level of risk to viability.

Institutions identify some risks through their own oversight and governance processes. Greater transparency around this process helps us to develop and maintain confidence in the institution’s risk oversight.

Issues identified by the institutions themselves can lead to rating changes where they represent an elevated risk to viability. Rating changes are also more likely when we have concerns about the institution’s action plan to address the issues.

Building in flexibility to our approach

We developed a flexible approach to respond to new risks as well as the interplay between financial and non-financial risks.

As an example, we expect that digital innovation will lead to new business models in the financial system. Business risk will be a prominent part of the supervisory risk assessment for these institutions.

We evaluate branch operations in accordance with statutory regimes

Foreign entities operating in Canada on a branch basis are supervised in accordance with the statutory regimes set out in the Bank Act and the Insurance Companies Act. A branch is not a separate legal entity, but rather an extension or presence of the foreign entity in Canada.

We are not the solvency regulator of the foreign entity as a whole. The home country regulator of the foreign entity is the primary regulator.

Our supervisory role for a branch is limited to the business in Canada of the foreign entity. We assess compliance with legal requirements as well as alignment with supervisory and regulatory expectations. Where these requirements and expectations are not met by the foreign entity, we could apply additional supervisory measures to the foreign entity in respect of its branch.

Our guideline Foreign Entities Operating in Canada on a Branch Basis communicates our expectations for foreign entities operating in Canada on a branch basis.

Risk response and remediation

We are outcomes focused

When we have supervisory concerns, we highlight these to institutions and explain the outcomes we want to see. Generally, the institution is responsible for managing the way it achieves the outcomes. We update our rating assessments when we’re satisfied that supervisory concerns are addressed.

Transparency is a cornerstone of effective supervisory relationships

We provide institutions with information to help them address any supervisory concerns.

Our expanded rating scale gives institutions greater clarity about their risk position and supports our ability to take early corrective action. In addition to the ORR, larger institutions (in Tiers 1 to 4) also receive ratings for business risk, financial resilience, operational resilience, and risk governance.

Supervisory information is sensitive with legal prohibitions on inappropriate disclosure.

We escalate our intervention when outcomes are not achieved

We expect institutions to provide a detailed action plan in response to supervisory concerns. We track the progress of remediation activity and are ready to escalate intervention activity when the institution does not achieve satisfactory outcomes. Our approach to intervention is explained in our Guide to Intervention.

Supervisory reporting

We provide regulated institutions with written reports

We communicate with institutions through formal letters in addition to our ongoing discussions with management teams. Our letters highlight key themes and outline any specific concerns.

We communicate supervisory ratings privately and notify the institution by letter whenever any of these ratings changes.

Supervisory letters also remind institutions about the legal prohibitions on inappropriate disclosure of supervisory information.

We share information with Canadian and foreign regulators in certain situations

We share letters and other supervisory information with certain provincial regulators where agreements are in place. Information sharing also takes place when we host or attend supervisory collegesSupervisory colleges are multilateral working groups of financial sector regulators that are formed for the purpose of enhancing effective consolidated supervision on an ongoing basis..

We also share information with foreign regulators where there is a memorandum of understanding.

In all cases, we take measures to protect the confidentiality of information.

Working with our partners in Canada’s federal regulatory system

We use various formal and informal processes to ensure we effectively execute our mandate.

For example, the Financial Institutions Supervisory Committee is a committee whose members include OSFI, the Department of Finance, the Bank of Canada, the Canada Deposit Insurance Corporation, and the Financial Consumer Agency of Canada. It meets at least quarterly to share information on matters relating to supervising federally regulated financial institutions.

We also work with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), which is responsible for ensuring compliance with Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act.