Office of the Superintendent of Financial Institutions Canada OSFI’s Supervisory Framework FSI/ SVS/ASSAL/IAIS Regional Seminar on Risk-Based Supervision – San Jose, Costa Rica July 8 – 10, 2014

The Canadian System At the federal level, regulatory oversight divided between: OSFI (prudential regulation & supervision) CDIC/deposit insurer (deposit insurance) DOF (policy / legislation) BOC (LLR & payment system oversight) FCAC (consumer issues) Each agency has a well-defined mandate with minimal overlap: Limited scope for conflicting priorities within an agency Various mechanisms to facilitate coordination, and balance trade-offs: FISC CDIC/deposit insurer Boards SAC

OSFI’s Mandate In pursuing these objectives… Determine whether institution’s are in sound financial condition Take necessary corrective measures in an expeditious manner Promote the adoption of policies and procedures designed to control risk Monitor and evaluate system-wide events or sectoral issues that could have a negative impact In pursuing these objectives…

OSFI’s Mandate (cont’d) …OSFI shall strive to protect the interests of depositors and policyholders. Regulated institutions can experience financial difficulties which can lead to their failure

Part 1 Overview of OSFI’s Supervisory framework

Supervision Mandate Assess the safety and soundness of federally-regulated financial institutions and use supervisory powers to intervene in a timely manner to protect depositors and policyholders from loss.

General Approach Consolidated supervision Relationship Manager Principles-based Intensity and intervention Board & Sr. Mgmt accountability Risk tolerance Reliance on external auditors Use of work of others

Key Principles Focus on material risk Forward-looking, early intervention Sound predictive judgment Understanding the drivers of risk

Key Principles (cont’d) Differentiate inherent risks and risk management Dynamic adjustment Assessment of the whole institution

What does risk-based supervision mean to you? Discussion Point #1 What does risk-based supervision mean to you?

What is risk based supervision? Supervision is really complex judgment. Given this, it requires: Teams and teamwork skills Leadership that displays balanced risk-taking Mechanisms to identify risk A methodology that reinforces sound and round judgment The ability to dynamically source and allocate skill

Core Supervisory Process Process has been simplified into 3 main parts:

Core Supervisory Process Described as a 3-stage circular process Key documents are associated with each stage Process is dynamic, iterative, and continuous

Key Concepts - The Risk Matrix Significant Activities Inherent Risks Credit, Market, Insurance, Operational, Regulatory Compliance, Strategic Quality of Risk Management Operational Mgmt., Financial, Compliance, Actuarial, Risk Mgmt., Internal Audit, Senior Mgmt., Board Net Risk Direction of Rating Importance Activity 1 Activity 2 Activity 3 Etc. Overall Rating Rating Direction Time Frame Earnings Capital Liquidity Composite Risk Intervention Rating

Knowledge of Business and Identification of Significant Activities Environment Economic Social Demographic Political Regulatory Industry Competition Customers Technology Industry Products/Services Skilled Personnel Institution’s Business Profile Business Model Objectives and Strategies Organization Develop inventory of activities and enterprise-wide processes Identify significant activities

What is a Significant Activity? Fundamental element of business model Significant to achievement of business objectives Based on quantitative or qualitative measures Now or in the future Lines of business, enterprise-wide processes, geographic units

Inherent Risk - Definition Inherent risk is the probability of a material loss due to exposure to, and uncertainty arising from, current and potential future events. A material loss is a loss or combination of losses that could impair the adequacy of the capital of a FRFI such that there is the potential for loss to depositors or policyholders.

Why do we identify and assess Inherent Risk? To understand nature and extent of risks assumed. To develop expectations as to the nature, extent and rigour of mitigation needed.

Categories of Inherent Risk Credit Market Insurance Operational (including legal) Regulatory Compliance Strategic Six risk categories common to FIs. Appendix A of Framework booklet defines them. OSFI’s definitions of the various categories of risk are generally consistent with those used in the industry. OSFI’s definition of Operational risk now aligns with the Basel definition because it includes legal risk. Previously we had legal with compliance. Next step is to determine which inherent risks contribute, then which are key. Reputational risk is not a separate category. It is a consideration in the assessment of each inherent risk category.

Quality of Risk Management Operational Management (OM) Responsible for day-to-day management If oversight functions are deemed to be effective, we can use their work to assess effectiveness of operational management Periodic validation via activity review

Quality of Risk Management Oversight Functions Board Senior Management Internal Audit Risk Management Actuarial Compliance Financial

Determining Net Risk Significant Activities Inherent Risk Mitigated by Quality Of Risk Management is Net Risk/ Direction of Rating Significant Activities

Net Risk - Representative Heat Map Aggregate Quality of Risk Management for Significant Activity Level of Inherent Risk for Significant Activity Low Moderate Above Average High Net Risk Assessment Strong Acceptable Needs Improvement Weak

Importance Importance is a judgement of a significant activity’s relative contribution to the overall net risk Also one of the factors in planning

Institution “residual risk” Net Risk: “Residual risk” after mitigation in each Significant Activity Overall Net Risk: The weighted aggregate of all Net Risks using the importance of each SA as the weighting factor Institution “residual risk” Risk Matrix Financial Institution Risk Matrix as at… Significant Activities Inherent Risks Quality of Risk Management Net Risk Direction of Rating Importance Activity 1 Activity 2 Activity 3 Etc. Credit Market Insurance Operational Regulatory Compliance Strategic Operational Management Financial Compliance Actuarial Risk Management Internal Audit Senior Management Board Increasing OR Stable Decreasing Low OR Medium OR High Overall Rating Animation: 2 clicks NR & Direction ONR Capital Earnings Liquidity Composite Risk Direction of Rating Time Frame Intervention Rating

Capital and Earnings Capital Earnings Adequacy Quantity Quality Capital management policies & practices Earnings Strength Sustainability

Liquidity Importance of liquidity to overall safety and soundness is highlighted Liquidity assessment similar to Capital by including level and quality of liquidity and liquidity risk management

Composite Risk Rating An assessment of the institution’s risk profile, after considering its earnings and capital in relation to the ONR from its S.A.s, and the assessment of its liquidity OSFI’s assessment of the institution’s safety and soundness with respect to its depositors and policyholders

Institution “residual risk” Institution’s risk profile Net Risk: “Residual risk” after mitigation in each Significant Activity Overall Net Risk: The weighted aggregate of all Net Risks using the importance of each SA as the weighting factor Institution “residual risk” Risk Matrix Financial Institution Risk Matrix as at… Significant Activities Inherent Risks Quality of Risk Management Net Risk Direction of Rating Importance Activity 1 Activity 2 Activity 3 Etc. Credit Market Insurance Operational Regulatory Compliance Strategic Operational Management Financial Compliance Actuarial Risk Management Internal Audit Senior Management Board Increasing OR Stable Decreasing Low, Medium High Overall Rating Animation: 5 clicks NR & Direction ONR CRR Composite Risk: Overall Net Risk as mitigated or enhanced by Capital and Earnings Institution’s risk profile So to summarize, the Composite Risk Rating is the net result of the various assessments made throughout the supervisory process. We aggregate Net Risk [CLICK] across all activities considering their relative importance to determine Overall Net Risk [CLICK]. We then assess the extent to which Capital and Earnings [CLICK] together act as safety nets to absorb unexpected losses arising from its ONR. We then consider the level and management of liquidity risk [CLICK], to arrive at the Composite Risk Rating [CLICK]. In addition to assessing a level of Composite Risk, we also assess the direction of the rating as Decreasing, Stable or Increasing over a specified time frame. That assessment considers environmental and industry factors as well as the institution’s own circumstances. So that completes Track I of the Risk Matrix. However, there is one more thing to look at before we move to Track II Capital Earnings Liquidity Composite Risk Direction of Rating Time Frame Intervention Rating

Part 2 SUPERVISORY RESOURCE PLANNING

Planning An annual Supervisory Strategy prepared for each institution The intensity of supervisory work depends on the nature, size, complexity and risk profile of the institution Continuum of supervisory work ranges from monitoring to extensive on-site reviews including testing or sampling

Planning (cont’d) OSFI Management takes a top-down portfolio view to ensure that supervisory resources are allocated effectively to higher risk institutions and significant activities

Planning (cont’d) Monitoring work done quarterly On-site review work is prioritized based on: Risk considerations (FI specific and external) Need to update our information Importance of the activity Work done by supervisory team and/or specialists, e.g., Credit Risk, Operational Risk, AML Compliance

Example - Prioritization Activity Importance Risk Considerations Last On-site Priority Individual Life Insurance High Moderate net risk and stable. Concerns re: prolonged low interest rates, aging population New regulations in Jan 2014. Sept 2013 ? Group Life Low Moderate net risk and increasing. Recent purchase of large block of group business. New management in Oct 2013. June 2011 Variable Annuity Medium AA net risk and stable. Exposure to capital market volatility. May 2013

Part 3 Early intervention

What is early intervention? Discussion Point #2 What is early intervention?

CRR vs. Intervention Ratings While OSFI may stage an institution for reasons other than its CRR, there is a link between the Composite Risk Rating and OSFI’s Intervention Rating. Low Moderate Above Average High 1 2 3 4 Normal Early Warning Risk to Solvency Viability Doubtful Insolvency Imminent Intervention Rating CRR

Intervention - Overview Assign intervention rating Early intervention Intervention measures are flexible Both formal and informal powers Consider unique circumstances of the institution Guide to Intervention

Guide to Intervention Stage 1 – Early Warning OSFI has identified deficiencies in the institution’s financial condition, policies or procedures or the existence of other practices, conditions and circumstances that could lead to the development of problems described at Stage 2 if they are not promptly addressed.

Stage 1 – OSFI Activities Meet with management and board Escalate monitoring Conduct enhanced or more frequent reviews including by OSFI specialists Inform deposit insurer Meet with deposit insurer several times a year Implement any of a number of intervention measures

Guide to Intervention Stage 2 – Risk to financial viability or solvency The institution poses material safety and soundness concerns and is vulnerable to adverse business and economic conditions. OSFI has identified problems that could deteriorate into a serious situation if not addressed promptly, although the problems are not serious enough to present an immediate threat to financial viability of solvency.

Stage 2 – OSFI Activities Follow up supervisory reviews more frequently or enlarged scope Require outside parties to review financials or actuarial reserves Keep deposit insurer informed of results Develop a contingency plan in consultation with deposit insurer

Guide to Intervention Stage 3 – Future financial viability in serious doubt OSFI has identified that the institution has failed to remedy the problems that were identified at Stage 2 and the situation is worsening. The institution has severe safety and soundness concerns and is experiencing problems that pose a material threat to its future financial viability or solvency unless effective corrective measures are promptly undertaken.

Stage 3 – OSFI’s Activities Direct external specialists to assess Enhance scope of business restrictions Expand information to be submitted OSFI staff to be present to monitor situation on an ongoing basis Expand contingency planning Communicate with Board re resolution options More frequent discussions with deposit insurer

Guide to Intervention Stage 4 – Non-viability/insolvency imminent OSFI has determined that the institution is experiencing severe financial difficulties and has deteriorated to such an extent that: -it failed to meet regulatory capital and surplus requirements in conjunction with an inability to rectify the situation on an immediate basis; -the statutory conditions for taking control have been met; and/or -it has failed to develop and implement an acceptable business plan, resulting in either of the two preceding circumstances becoming inevitable within a short period of time.

Grounds for taking control Insufficient assets Failure to pay liabilities Improper accounting of assets Insufficient regulatory capital Failure to comply with an order to increase capital or assets Any other prejudicial state of affairs N.B. Power to close with positive capital

Stage 4 – OSFI’s Activities Voluntary Dissolution Monitoring of the company’s liquidation and dissolution by the Court Take Control and Request Liquidation Control of Assets Control of the institution Liquidation

More information is available on our website www.osfi-bsif.gc.ca