The Evolving Regulatory Landscape Facing Credit Unions

OSFI’s Assistant Superintendent, Regulatory Response Sector, Tolga Yalkin delivers brief opening remarks at the panel discussion titled “The Evolving Regulatory Landscape Facing Credit Unions” at the Canadian Credit Union Association (CCUA) conference

Good afternoon,

Thank you for having me here in Calgary today. It’s a pleasure to participate in this panel on Canada’s evolving regulatory landscape.

In today’s rapidly changing risk environment, financial institutions face increasing complex and interconnected risks. They must navigate a complex landscape shaped by digital innovation, economic shifts, and climate-related challenges.

This includes geopolitical volatility, shifting regulatory landscapes, and the emergence of groundbreaking technological advancements, such as artificial intelligence and blockchain, which, while promising to revolutionize, also introduce new vulnerabilities and regulatory challenges. Add to this increasing demands that operations be sustainable and responsible, all while continuing to pursue financial performance and excellence in customer service.

This dynamic setting not only tests the resilience and adaptability of financial institutions but also necessitates innovative approaches to risk management and strategic planning.

Our job is to provide the structure or scaffolding within which financial institutions, including federally regulated credit unions, manage such risks and, at the end of the day, ensure that they are, indeed, managing them appropriately.

There are a few key ways in which we do this that we have been evolving and advancing over the last few years.

First, and foremost, we just launched our new Supervisory Framework on April 1. This is a big watershed moment for us as a regulator, for it has been the first comprehensive update in 25 years .

While I won’t go into all the details of the enhancements we have effected to it, there are a few key ones that are worth mentioning. For example, we introduced an 8-point risk scale for more nuanced risk assessments and better integrated critical risk categories like business and operational resilience, as well as climate risk considerations, into its structure.

We are hopeful that the new framework will support financial institutions in enhancing their risk management capabilities, adapting more efficiently to emerging risks, and aligning more closely with regulatory and supervisory expectations to ensure their health and stability but also that of the financial system overall.  

Second, in 2022, we published our first Annual Risk Outlook (ARO). The acronym of which is “ARO,” which phonetically resembles the word “arrow” in English. This play on words subtly emphasizes the documents directive nature, pointing financial institutions in the right direction regarding risk management.

The ARO has a dual role, however: it identifies key risks for financial institutions to focus on, but it also clarifies how our regulatory and supervisory responses are aligned with the overall risk facing the financial sector. This doesn’t mean that the ARO risks are the only risks that we or financial institutions should be focused on, but it offers a clear indication of the ones that call for a proactive response.

I’m pleased to share with you that this year’s ARO will be released in the next couple of weeks. I encourage you to review it thoroughly when it is published.

Third, we have increasingly recognized the criticality of non-financial risks, not just to overall safety and soundness, but as intrinsically important in and of themselves when it comes to the confidence that Canadians have in the financial system.

In line with this, last summer, Parliament expanded our mandate to include overseeing the adequacy of policies and procedures to protect financial institutions against threats to their integrity or security, including foreign interference.

To meet these requirements, we released our final Integrity and Security Guideline in January. It sets out our expectations for the policies and procedures that financial institutions employ to protect themselves against these kinds of risks.

The impact of such risks, including on cybersecurity, operational disruptions, and reputational damage, can be pivotal, not just for the financial solvency of institutions, but also for public confidence in the financial sector. Effective management of them ensures trust and stability, underscoring the sector’s integrity and reliability.

Last October, we released a draft of our updated Guideline E-21 on Operational Resilience and Operational Risk Management for consultation. This guideline sets out our expectations to help financial institutions prepare for and recover from severe disruptive events. Our final Guideline E-21 will be published this year.

As we move forward with this work, it is essential to acknowledge that the collective efforts of all financial institutions, including of course, credit unions, are the cornerstone of maintaining a secure and viable financial sector in Canada.

We believe the viability of these efforts depends in part on our commitment as a regulator to transparency. Transparency ensures that financial institutions are not only aware of our expectations and the direction we are taking, but also understand the why and how. I believe that this dialogue builds a foundation of trust and cooperation that is critical for navigating the complexities of today’s financial landscape. Together, with a clear vision and shared responsibilities, I’m confident we can continue to uphold the integrity and stability of Canada’s financial system.

Thank you.