Superintendent Peter Routledge participates in RBC Canadian Bank CEO Conference

Moderator:

Mortgages in Canada – we were preparing for payment shock, but it seems so far, so good and mortgage rates are falling so that we are probably avoiding the worst-case scenario. Please speak to how OSFI views the risks currently and longer term, how do you see mortgage regulation evolving?

Superintendent Peter Routledge:

• Delinquencies are lower than expected. Despite increased interest rates and an uncertain housing market, 99.8% of Canadians are keeping up with their mortgages.
• 2025 and 2026 will be challenging years. As of September 2024, 65% or 3.8 million mortgages are set to renew by the end of 2026. Of these, approximately 62% (or 2.4 million) have yet to experience increased payments. We’re monitoring borrowers with variable-rate mortgages with fixed payments as they could face substantial payment increases at renewal.
• The Minimum Qualifying Rate (MQR), known as a ‘stress’ test, did not prevent the 2021/22 share increase in mortgages originated with high loan-to-income (LTI) ratios, which I define as 450% LTI and greater. That outcome caused OSFI to look at experiences at peer regulators and we found a potentially useful tool: the LTI test on residential mortgage originations.
• The LTI test limits the amount of high loan-to-income, residential mortgages that a bank may underwrite each quarter (e.g., 15% or 25% of total number of mortgages underwritten). In the UK, during the COVID years, the Bank of England had both a mortgage stress test and LTI limit in force concurrently. Its Financial Policy Committee (FPC) found that LTI limits were more effective than their mortgage stress test at containing the buildup of highly leveraged borrowers. The LTI was so effective that, in 2023, the FPC announced it would drop the mortgage stress test.
• Aside from performing better as a prudential tool, the LTI limit is a regulatory tool applied to lenders’ residential mortgage portfolio only. By contrast, the mortgage stress test is applied to every Canadian borrower at origination. Parliament never intended for OSFI to regulate individual borrowers in this way. Otherwise, it would have so stated in statute.
• We’ve recently removed the expectation that institutions apply the prescribed MQR on uninsured straight switches between federally regulated financial institutions at renewal. We expect minimal prudential impacts because we have already begun the LTI test and because switch renewal volumes have always been very low.

Moderator:

Under what conditions would the Domestic Stability Buffer (DSB) be decreased? What if losses keep going up slowly? What if vulnerabilities simply dissipate, could the DSB go to zero?

Superintendent Peter Routledge:

• In setting the DSB we look first at the systemic vulnerabilities (household debt, corporate debt, etc.) that could impair capital were they to crystallize in a short period of time. We size the DSB to absorb the potential costs of vulnerabilities crystallizing – it is a margin of safety (or buffer) to absorb unexpected losses in a tail event.
• OSFI could also lower the DSB if vulnerabilities are judged to have declined sufficiently. For example, in a “beautiful de-leveraging”, in which income grows faster than debt over a sustained period, vulnerabilities would fall and OSFI would lower the DSB in line with that fall, all else equal.
• Key factors affecting a decrease decision include the severity of impact that a risk event will have on the banks, how quickly system-wide risks could materialize or dissipate, and how long these risks or positive trends may last.
• In some cases, OSFI may act early to decrease the DSB in response to a sudden and severe event, like the pandemic. In other cases, OSFI may determine that the vulnerabilities have sufficiently dissipated, indicating a reduced need for the buffer.
• The size of a decrease would depend on the assessed likelihood and severity of losses banks could suffer, such that they would need to reduce lending.
• For more information on the DSB design framework, please visit our website.

Moderator:

There seems to be a lot of “hesitation” on Basel III globally. We are hearing that in Europe, FRTB is being pushed out and probably not going to be adopted. In the US there is widespread belief of significant Basel III endgame roll back. There was a decision here in Canada to delay the output floor by one year. But now, there are many calls to review our situation in light of global events and perhaps ease our rules to keep Canadian banks globally competitive. Please share your thoughts.

Superintendent Peter Routledge:

• OSFI’s implementation of the Basel III 2017 reforms, including the capital floor, reflects our conviction that these reforms provide a sound, prudential foundation for Canada’s banking system.
• Since we have a principles-based system, we were able to move faster than many of our peers who have rules-based approaches to bank regulation.
• And so, we are nearly finished with the commitment to implement the Basel III 2017 reforms while some of our peer signatories have further progress to make.
• At its November 2024 meeting, Basel Committee members unanimously reaffirmed their expectation of implementing all aspects of the Basel III framework in full, consistently and as soon as possible. Such a commitment was also recently reiterated by G20 Finance Ministers and Central Bank Governors.
• As you noted in your question, there remain uncertainties about the ultimate timeline and of implementation of the reforms by our peer signatories. Because of these uncertainties, OSFI delayed an increase of the standardized capital floor level (or “output floor”) to give us time to consider the implementation timelines of the 2017 Basel III reforms in other jurisdictions.
• As we have said in 2024, despite OSFI’s demonstrated commitment to the 2017 Basel III reforms, we cannot extend the implementation lead we share with a small number of fellow signatories.
• We will continue to measure implementation progress of the 2017 Basel III reforms across jurisdictions with a focus on both competitive balance in banking and the soundness of Canada’s capital regime. As we do this, we remain in active dialogue with both internal model-based banks and standardized banks to ensure Canada’s bank capital regime serves the best interests of Canadians.

Moderator:

AML – a big topic – please share your thoughts on the matter. Do you see AML rules and regulations changing – is there a bigger role for OSFI to play on this front?

Superintendent Peter Routledge:

• AML is a critically important and growing area of focus, as failures in AML strike directly at the heart of the financial system’s integrity and security, as we learned in 2024. These failures can reflect a lack of integrity and security in financial institutions and also can raise concerns about the effectiveness of corporate governance, regulatory compliance management, and the oversight of culture risk.
• OSFI addresses money laundering threats to an institution’s integrity & security through its supervisory authorities. OSFI is focused on ensuring that risks like compliance and culture are effectively managed because they underpin the integrity and security of financial institutions. Where we see failures in governance, compliance management, or culture, OSFI will act urgently and decisively.
• OSFI’s focus on integrity & security issues broadly, and specifically with respect to money laundering threats, puts a special burden and responsibility on boards of directors. We count on boards of directors to take the long view on combatting integrity & security threats to their organizations. We expect boards to ensure their management teams are investing to protect long-term franchise values of their institutions. And we believe that depositor & creditor interests are well-aligned with common shareholder interests in this regard.
• One recognizes that the direct regulation of AML falls under FINTRAC’s mandate. OSFI and FINTRAC work closely together, using FINTRAC’s insights as a critical input into our own supervisory work. Our relationship is collaborative, with recent enhancements to information-sharing authorities between the two agencies aimed at improving coordination and oversight.
• We are working to implement these enhanced information-sharing authorities effectively while exploring ways to share insights with the industry. Greater transparency and collaboration are essential to combating increasingly sophisticated money laundering schemes and maintaining public trust in Canada’s financial system.
• To that end, we appreciate the government’s intention to make FINTRAC a member of the FISC. This falls under the category of smart technocratic policy.
• As AML risks grow, OSFI’s role will expand within its supervisory mandate, ensuring that institutions’ governance, compliance, and cultural frameworks are robust enough to prevent and respond to these challenges. Our collective efforts—both with FINTRAC and the industry—are vital to safeguarding the integrity and resilience of Canada’s financial system.

Moderator:

Cyber risk has become a concern as of late especially with big advancements in generative AI. Can you please discuss how OSFI monitors this risk and the latest developments on this front?

Superintendent Peter Routledge:

• Cyber incidents continue to accelerate. Sophisticated cyber threats are coming from state-sponsored actors, who are becoming more aggressive, and use cyber threats to advance their interests.
• In coordination with national security agencies, we continuously monitor cyber risk through supervisory assessments, intelligence gathering, and close collaboration with domestic and international partners. We analyze emerging cyber threats, evaluate institutions’ resilience practices, and use tools like incident reporting and self-assessments to ensure institutions are prepared to identify, mitigate, and recover from cyber incidents.
• Institutions must continuously improve their ability to detect and respond to cyber incidents. This means being proactive in identifying potential threats, preparing for disruptions, and ensuring they can respond quickly and effectively when incidents do occur.
• Beyond the expectations outlined in Guideline B-13, OSFI has developed a number of resources to help them do this, including:
  • the Cyber Security Self-Assessment to evaluate their preparedness
  • the Technology and Cyber Security Incident Reporting Advisory to guide incident management and reporting
  • the Intelligence-Led Cyber Resilience Testing Framework to identify and address weaknesses in their cyber defenses through simulated attacks
• These tools provide institutions with practical guidance to strengthen their ability to respond to and recover from cyber incidents.
• Cyber risk is going to change and adapt over time and in fairly opaque ways. We need to be constantly alert and work with institutions to put cyber risk standards of practice in place.

Moderator:

Foreign Interference is “new” please discuss OSFI’s expanded mandate here and what it might mean for regulation in Canada.

Superintendent Peter Routledge:

• Foreign interference is not new but has gained increase public prominence in recent years. Under OSFI’s expanded mandate, we have strengthened our focus on this issue to address its growing implications for the Canadian financial sector.
• Foreign interference refers to activities that are detrimental to Canada’s interests and security. These activities are often clandestine, deceptive, or involve a threat to individuals or institutions, posing a direct risk to the integrity and security of financial institutions.
• Foreign interference can take many forms. Examples include:
  • Governance Influence: Foreign actors could attempt to influence existing board members or senior executives through lobbying, coercion, or other pressure tactics. This could include encouraging decisions that align with foreign geopolitical objectives, such as altering investment strategies, denying services to specific customers, or prioritizing partnerships that benefit foreign entities.
  • Cyber Exploitation of Data: A state-sponsored group launches a phishing campaign targeting employees of a financial institution to gain unauthorized access to sensitive data, such as customer information or financial transaction records. This information might then be used for espionage or to fund illicit activities, including money laundering or financing geopolitical operations.
  • Money Laundering to Fund Foreign Activities in Canada: Foreign actors may use money laundering schemes to funnel illicit funds into Canada to support covert operations, influence activities, or operatives working domestically. Banks can unintentionally become conduits for these funds when complex transactions are designed to mask their true origins and purposes. For example, funds might flow through shell companies, offshore accounts, or seemingly legitimate businesses before being used to finance activities like political interference, espionage, or influence campaigns.
• Financial institutions must remain vigilant, with strong monitoring, governance, and controls to detect and respond to these threats effectively. OSFI’s Integrity and Security Guideline provides financial institutions with a framework to bolster their defenses against foreign interference. This includes expectations for regular monitoring, proactive responses to threats, and prompt reporting to OSFI when risks are identified.
• Our National Security Sector (NSS) plays a critical role in this area by collaborating closely with Government of Canada security and intelligence partners. The NSS informs OSFI’s supervisory decision-making and supports the development of tools and guidance to strengthen the financial sector’s defenses against foreign interference.