Regulatory Compliance Management – Guideline impact analysis statement (2014)
Information
Table of contents
I. Background
OSFI considers effective regulatory compliance management (RCM) essential to a federally regulated financial institution’s (FRFI) well-being and is therefore of the view that a FRFI’s non-compliance with applicable regulatory requirements can not only weaken the intended results of such requirements but also have significant negative effects on a FRFI’s reputation and/or safety and soundness. As such, an effective RCM process is necessary to provide the means by which a FRFI can satisfy itself that it is in compliance with applicable regulatory requirements.
To assist FRFIs in understanding OSFI’s expectations regarding effective RCM frameworks, OSFI issued Guideline E-13: Legislative Compliance Management (Guideline E-13) in 2003. Guideline E-13 sets out OSFI’s expectations for FRFIs with respect to the management of regulatory compliance risk inherent in FRFIs’ business activities enterprise-wide. It also elaborates on a number of the key control principles in RCM. A wide variety of laws and regulations apply to FRFIs in Canada, and for some, outside Canada. OSFI believes that adequate controls over the identification and mitigation of regulatory risk are key to a robust internal control framework.
II. Problem Identification
Guideline E-13 was issued in 2003 and does not now fully align with the more recently revised Supervisory Framework. Further, the Guideline does not reflect all of the principles outlined in the Basel Committee on Banking Supervision’s (BCBS) updated 2011 version of its Principles for the Sound Management of Operational Risk, or the International Association of Insurance Supervisors’ (IAIS) relevant Insurance Core Principles. It also does not fully align with OSFI’s Corporate Governance Guideline, which was updated in 2013.
In addition, since 2003, OSFI has identified a number of systemic issues associated with FRFIs’ application of Guideline E-13 that would be well-served by additional or clarified guidance.
Finally, OSFI believes that as noted, effective RCM extends to a broad range of regulatory requirements and, accordingly, the title of the Guideline has been changed to reflect this. Therefore, OSFI believes it appropriate that Guideline E-13 be updated to better reflect all of the foregoing factors.
III. Objectives
The main objectives of the revised Guideline E-13 are to:
- Outline OSFI’s supervisory expectations with respect to FRFIs’ control frameworks for mitigating regulatory risk, which contribute to their safety and soundness;
- Promote industry best practices in regulatory compliance risk management;
- Be consistent with OSFI’s Supervisory Framework (2010) and Corporate Governance Guideline (2013);
- Be more consistent with international risk management standards.
IV. Options and Assessment
Option I – Status Quo
Although the current version of the Guideline E-13 has served OSFI and the industry well over the past ten years, it is not fully consistent with OSFI’s current Supervisory Framework and Corporate Governance Guideline, or the international standards that underpin these documents.
Option 2 – Repeal Current Guideline E-13
Repealing Guideline E-13 would deprive FRFIs of clear expectations from OSFI on risk management control measures used to ensure compliance with applicable regulatory requirements. Although this might provide FRFIs with greater flexibility in how they operate their regulatory compliance risk management programs, it would not lead to a reduction in the cost of compliance because FRFIs would still be subject to, and would still need reliable measures to confirm compliance with, regulatory requirements. Instead, the lack of guidance could pose significant regulatory risk and related reputation risk, as well as potential material financial risk, for FRFIs that do not apply robust RCM controls. It would also make it more difficult for OSFI to evaluate FRFIs’ control measures and would not be consistent with OSFI’s supervisory standards, international standards or other OSFI guidance.
Option 3 – Revise Guideline E-13
Under this option, Guideline E-13 would be revised to:
- Enhance the effectiveness of the risk-based approach outlined in OSFI’s Supervisory Framework;
- Reinforce OSFI’s expectations in the Corporate Governance Guideline;
- Strengthen regulatory risk-specific governance;
- Bolster the overall internal control framework of FRFIs; and
- Support OSFI’s international reputation as an advocate of global control standards.
V. Consultation
A period of public consultation took place from April 30 to June 15, 2014, during which OSFI received comments from six stakeholders, including three industry associations. All comments were taken into consideration and many were incorporated into the final version of the revised Guideline. The final Guideline is accompanied by a table of consolidated industry comments and corresponding OSFI responses.
VI. Recommendations
OSFI has chosen Option 3 because it allows for harmonization of OSFI’s published guidance for FRFIs, and provides better guidance to FRFIs on key control elements with which some have struggled in recent years. In particular, it reinforces the principles-based approach to guidance as this addresses the wide variety of size, scope and operations of FRFIs. Finally, revising Guideline E-13 does not impose significant incremental costs on FRFIs because FRFIs are subject to, and need reliable measures to confirm compliance with, regulatory requirements.
VII. Implementation & Evaluation
Since Guideline E-13 revisions will align with other OSFI guidance already in place, implementation of the revised Guideline by FRFIs would be expected no later than six months from the date that the final version is published and comes into force.