The OSFI has published the final version of its updated Corporate Governance Guideline which sets out current expectations for corporate governance of Canadian federally regulated financial institutions.
The Office of the Superintendent of Financial Institutions (OSFI) has published the final version of its updated Corporate Governance Guideline (2018 CGG) (guideline). The 2018 CGG sets out OSFI’s current expectations for corporate governance of Canadian federally regulated financial institutions (FRFIs). The guideline applies to all FRFIs other than the branch operations of foreign banks and foreign insurance companies. OSFI looks to the chief agent of an insurance company branch and the principal officer of a foreign bank branch to oversee the management of a branch.
Background
The guideline complements relevant provisions of the Bank Act, the Insurance Companies Act, the Trust and Loan Companies Act, the Cooperative Credit Associations Act and associated regulations and OSFI’s Supervisory Framework and Assessment Criteria.
Corporate governance practices for FRFIs have evolved significantly since OSFI published its first corporate governance guidelines in 2003. It is generally recognized that a number of factors set financial institutions apart from other business forms, and this has led them to be subject to generally higher levels of regulation. The 2018 CGG sets out a summary of these factors in an annex, including that the effectiveness of the economy depends significantly on how well its financial services sector functions and that, relative to non-financial businesses, the failure of a financial institution can have a greater impact on members of the public who have placed a substantial portion of their life savings in the institution and who may be relying on the institution for day-today financial needs. These factors support the view of OSFI that there is a “need for knowledgeable, independent oversight exercised by or on behalf of the board, along with the additional assurance of regulatory oversight, to provide assurance to markets on the reliability of reporting and disclosure”.
The global financial crisis of 2007-2008 brought to light many questions about whether the corporate governance practices that have been evolving since the 1930s were adequate and appropriate for the financial sector in Canada and abroad. Subsequently, a number of domestic regulators, international standard-setters and commentators published reports highlighting industry best practices and standards with respect to the effective corporate governance of financial institutions globally. Drawing on this important international dialogue, in 2013 OSFI updated its own corporate governance guidance to FRFIs (2013 CGG).
Last fall, having the benefit of feedback and several years of practical application with the 2013 GCC, OSFI published an updated draft of its Corporate Governance Guideline in which it sought to provide boards of FRFIs (i) greater discretion on how they meet the principles of the guideline, taking into account the FRFI’s size, nature of operations and risk profile; (ii) a clearer delineation of board and senior management responsibilities across the FRFIs; and (iii) consolidation and rationalization of board requirements into one place (2017 CGG). The 2018 CGG reflect a further refinement of the views of OSFI with respect to key priority areas for boards and clearer direction with respect to the governance responsibilities of board and senior management. Set out below is a summary of the key elements of the 2018 CGG.
Brief Overview
OSFI indicates that, in addition to the roles and responsibilities of the board outlined in federal legislation (to manage and supervise the management or the business and affairs of the FRFI), the board should, at a minimum, approve and oversee strategy, risk management, board, senior management and oversight functions, and audit plans.
The board is expected to provide challenge, advice and guidance to the senior management of the FRFI on operational and business policies, and business performance and effectiveness of risk management. OSFI indicates that the board has the discretion to decide the extent and nature of its input, and to provide challenge, advice and guidance on these matters and others. The obligation to provide challenge, advice and guidance replaced the 2013 CGG obligation to review and discuss the matters set out above. The obligation to “challenge” should be seen as an important expectation for directors of FRFIs.
OSFI indicates that the board should be satisfied that the decisions and actions of senior management are consistent with the board-approved business plan, strategy and risk appetite of the FRFI, and that the corresponding internal controls are sound. OSFI indicates that it expects senior management to set out information, options, potential trade-offs and recommendations to the board in a manner that allows the board to focus on key issues and make informed decisions in a timely manner. In turn, OSFI expects the board to understand the decisions, plans and policies being implemented by senior management and their potential impact on the FRFI.
The board is expected by OSFI to regularly assess the effectiveness of the FRFI’s oversight functions with the support of senior management. The 2018 CGG indicates that the board is to have unfettered access to the oversight function of the FRFI and the oversight function is to have a functional reporting line to the board or the appropriate committee of the board.
If a FRFI is part of a larger corporate group and subject to policies of its parent, the board of the subsidiary FRFI must be satisfied that the policies are appropriate for the FRFI and comply with Canadian regulatory requirements. If the parent is another FRFI, that board of the parent should exercise adequate oversight of the subsidiary to be satisfied that the board can meet its enterprise wide responsibilities.
OSFI indicates that an effective board should be independent and provide objective oversight of, thoughtful guidance, advice and constructive challenge to, senior management. The board should regularly assess its practices, and those of the board committees, and should pursue strategies to enhance its overall effectiveness. In addition, the board should be diverse and, collectively, bring a balance of expertise, skills, experience, competencies and perspectives, taking into consideration the FRFI’s strategy, risk profile, culture and overall operations. OSFI indicates that to promote independence of thinking, the board should have a director independence policy. OSFI indicates that the role of board chair should be separate from the CEO. Further, the board chair and chairs of board committees should be independent non-executive directors.
OSFI indicates that the board and senior management should promote a risk culture that stresses integrity and effective risk management throughout the FRFI. Consistent with guidance provided by OSFI, the 2018 CGG indicates that the FRFI should have a risk appetite framework that guides the risk-taking activities of the FRFI. OSFI indicates that the board and senior management must understand the risk attendant to the FRFI’s business model, including each business line and product, and how they relate to the FRFI’s strategy and senior officer who is responsible for oversight of all risks across the firm. The FRFI should have a senior officer (CRO) or equivalent who is responsible for the oversight of all risks across the FRFI. Further, OSFI indicates that the board should establish a risk committee with a clear mandate, composed of non-executive members of the FRFI, although the 2018 CGG recognizes that smaller FRFIs may leave responsibility for oversight of risk management with the full board.
The 2018 CGG, continues to provide guidance to boards with respect to the composition of audit committees and specific duties to be included in the mandate of the committee, beyond those that are statutorily mandated. OSFI indicates that the committee must be composed of non-employee directors, a majority of whom are not affiliated with the firm. In particular, the 2018 CGG provides, among other things, that the committee should (i) approve the FRFI’s audit plans (internal and external); (ii) be responsible for overseeing the performance of the FRFI’s internal audit function as a whole; (iii) recommend to the shareholders the appointment or removal of the external auditor and the scope and terms of the audit engagement, (iv) review and recommend for approval by the board the engagement letter and remuneration of the external auditor, (v) annually report to the board on the effectiveness of the external auditor and (vi) meet with the external auditor and heads of the oversight functions, as appropriate, with and without the CEO or other members of senior management present.
There is a final section of the 2018 CGG that relates to the supervision of FRFIs. OSFI indicates that effective corporate governance is an essential element in the safe and sound functioning of FRFIs. The 2017 CGG added a requirement for the board to understand the regulatory environment within which the FRFI and its subsidiaries operate. Further, the 2017 CGG added that the board should be informed of the results of supervisory work by OSFI and other regulators and should follow up with senior management accordingly. These changes are reflected in the 2018 CGG.
Further Action
All FRFIs should be reviewing their policies with respect to board governance in light of the adoption of the 2018 CGG. If changes had been made to bring their corporate governance policies into conformity with the 2017 Draft CGG, there will be little further change required to bring policies into conformity with the 2018 CGG. If, however, the corporate governance policies of the FRFI are more consistent with the earlier 2013 CGG, then more significant updating may be required.
We would be pleased to assist FRFIs to review and update their corporate governance policies or provide advice on specific issues raised by the 2018 CGG.