Reference: Guideline for Banks/BHC/
T&L/Co-op/Life/Frat/
P&C/IHC
January 28, 2013
To:
Federally-Regulated Financial Institutions (FRFIs)
Subject:
Final Corporate Governance Guideline
On August 7, 2012, OSFI published its draft revised Corporate Governance Guideline. The
comment period ended on September 14, 2012. OSFI received over 30 submissions from
various stakeholders following the release of the draft. I would like to thank everyone who
provided comments and suggestions.
OSFI reviewed the submissions and is publishing the final version of the Corporate
Governance Guideline, as well as the Annex to this letter, which provides a summary of the
key comments received from the public and an explanation of how these issues were dealt
with in the final Guideline.
OSFI expects FRFIs to conduct a self-assessment of compliance with the Corporate
Governance Guideline and to establish a plan to address any deficiencies. FRFIs should
advise their Relationship Manager in writing of the results of their self-assessment and the
related action plans by May 1, 2013. The self-assessments are to be retained by the FRFI and
made available to OSFI upon request. Full implementation of the Corporate Governance
Guideline by FRFIs is expected by no later than January 31, 2014.
For directors of small and medium-sized FRFIs, OSFI will be offering seminars on the
Corporate Governance Guideline commencing in the spring. FRFI Boards will be contacted
directly with further details.
Mark Zelmer
Assistant Superintendent
Regulation Sector
255 Albert Street
Ottawa, Canada
K1A 0H2
www.osfi-bsif.gc.ca
Annex
Corporate Governance Guideline – Summary of Consultation Comments and OSFI Responses
Industry Comments
OSFI Response
General Comments
Flexibility for smaller FRFIs
Several commentators noted that, although there is a general
statement at the beginning of the Guideline indicating that
FRFIs may have different governance practises based on their
size, ownership, risk profile, etc., there is a significant concern
that the Guideline (and OSFI expectations) are designed for
large institutions – and that this Guideline is not flexible
enough for smaller institutions. Examples highlighted by
commentators include the requirement to:




Having a Chief Risk Officer (CRO);
Developing a Risk Appetite Framework (which can be
of little benefit to a single-office, one-product nondeposit-taking FRFI);
Separating the Chief Executive Officer (CEO) and
Chair roles; and
Conducting independent third-party reviews.
The Guideline has been revised to clarify which elements can be
applied by FRFIs in a more flexible manner, depending on the
circumstances of the FRFI. For example:


For smaller, less complex institutions, the full Board or
another Board committee can serve the function of the
Risk Committee. However, in place of establishing a
separate Risk Committee, the Board or other committee
should ensure that it has the collective skills, time and
information to provide effective oversight of risk
management; and
The FRFI does not necessarily need to have a designated
CRO. However, there should be a senior individual
charged with oversight of all the relevant risks of the FRFI.
This role can be held by another executive of the firm (i.e.,
the executive has dual oversight roles). What is critical is
that one senior individual within the firm is accountable to
the Board and Senior Management for the same functions
as a CRO.
OSFI prefers that the role of the Chair and CEO be separated, as
this is critical in maintaining the Board’s independence. This is
particularly important for financial institutions, and is supported
Summary of External Consultation Comments
January 2013
Corporate Governance Guideline
Page 2 of 8
Industry Comments
OSFI Response
by various international standards. As well, given the risks that
financial institutions undertake, it is expected that all FRFIs
develop a Risk Appetite Framework (but tailored to the size,
nature and scope of the FRFI’s operations).
The concept of “independence”
Commentators noted that greater clarity and detail with respect
to the meaning of “independence” should be provided in the
Guideline.
OSFI is of the view that the concept of “independent” is wellunderstood, particularly in the legal community, and is used
extensively in international standards.
As well, Commentators indicated that it is not clear if the
meaning of independence differs from one portion of the
Guideline to another. For example, is the meaning of
independence in the context of the Board operating effectively
different from the meaning of independence in the context of
all members of the Audit Committee being independent?
By attempting to define the concept of “independent”, there is a
risk that FRFIs would simply undertake a compliance exercise
(i.e., check against OSFI’s listed criteria) and not necessarily
adhere to the full spirit of independence.
However, the Guideline has been amended so that the notion of
“independent” is only used selectively and appropriately (beyond
the reference to Board “independence”).
Application of the Guideline to subsidiaries
Commentators noted that, depending upon the size, scope and
complexity of the subsidiary’s operations, in certain
circumstances the parent may appropriately and effectively
perform certain roles and responsibilities set out in the
Guideline. For example, there may be circumstances where it
is neither necessary nor appropriate for the subsidiary to have
its own Risk Committee or to separate the CEO and Chair
roles. Also, commentators noted that a parent company
generally provides a Risk Appetite Framework and retains the
role of CRO.
Summary of External Consultation Comments
January 2013
The intent of Annex B in the draft Guideline was not to change
current industry practice (this section was verbatim from the 2003
version of the Corporate Governance Guideline).
However, for clarity, Annex B has now been deleted and replaced
with a more succinct section in the main body of the Guideline. In
this section, it is stressed that “Boards of parent companies should
determine what Board structures for the FRFI’s subsidiaries would
best contribute to effective oversight of subsidiary operations”.
Corporate Governance Guideline
Page 3 of 8
Industry Comments
OSFI Response
Board of Directors
Use of the word “ensure”
Commentators noted that, with respect to the Board’s duties,
the use of the word “ensure” throughout the Guideline is
strong, and blurs the role of the Board with that of Senior
Management. In its oversight function, the Board can never
ensure actions or results.
The term “ensure” has been deleted throughout the Guideline.
Rather, the Board is expected to “seek assurances from Senior
Management…” or “establish processes to periodically assess the
assurances provided to it by Senior Management…”
Director tenure and independence
Several commentators disagreed that a long-serving director
would no longer be deemed independent. Further,
commentators noted that most (if not all) financial institutions
have implemented term limits and or a director tenure policy.
While many institutions have established term limits or have a
director tenure policy, OSFI is of the view that director tenure a
factor (among many factors) that FRFIs should consider, if
appropriate, when developing a director independence policy.
Many jurisdictions have explicit limits with respect to director
tenure and independence (e.g., U.K., Spain), an approach that
OSFI is not undertaking.
Independent third-party reviews
According to many commentators, there are several practical
concerns in respect of independent third-party reviews,
including:

The lack of qualified reviewers, as the nature,
operations, risk and corporate governance of each FRFI
is unique. Some reviewers might be incented to be
overly-zealous in the application to small FRFIs of
governance practices considered “best practices” for
larger, more complex FRFIs;
Summary of External Consultation Comments
January 2013
The Guideline has been amended to clarify that “the Board of a
FRFI should regularly conduct a self-assessment of the
effectiveness of Board and Board Committee practices,
occasionally with the assistance of independent external advisors.
The scope and frequency of such external input should be
established by the Board”.
As well, the Guideline has been amended to clarify that, with
respect to the effectiveness of the oversight functions, the Board
“occasionally, as part of its assessment, should conduct a
Corporate Governance Guideline
Page 4 of 8
Industry Comments



Lack of clear objective criteria and measurable
standards, either in the Guideline or industry-accepted
norms. Does the reviewer assess the documented
governance practices or the overall effectiveness?
There would be a high level of subjectivity;
Third-party review of the oversight functions (e.g., risk
management) is duplicative of the review of internal
controls conducted by internal and external auditors, as
well as the independent actuary; and
Uncertainty and legal risk created where a Board
disagrees with a negative third-party review.
OSFI Response
benchmarking analysis with the assistance of independent external
advisors”
As well, commentators noted that it is not clear in the
Guideline as to whether OSFI expects a definitive “opinion”, a
“benchmark”, or a design assessment.
Interface between the Board and Oversight Functions
According to commentators, it is not clear how or why a Board
should “approve and play an active role in the activities of the
Oversight Functions”. Combined with the direction to be
involved with their performance management and
compensation, this suggests that the Board should go beyond
its stewardship role and act as an operational manager of the
Oversight Functions.
This reference has been deleted in the Guideline. The Guideline
now clarifies that the Board should approve the mandate,
resources and budget for the oversight functions. As well, the
Board should approve, where appropriate, the appointment,
performance review and compensation of the heads of the
oversight functions.
Risk Governance
Risk Appetite Framework
Commentators suggested that the Risk Appetite Framework
not exhaustively consider each and every risk. The assessment
of all types of risks is part of the ICAAP or ORSA process,
Summary of External Consultation Comments
January 2013
The Guideline has been amended to clarify that the Risk Appetite
Framework should consider the “material risks” to the FRFI, not
all risks.
Corporate Governance Guideline
Page 5 of 8
Industry Comments
OSFI Response
and can be used as information when formulating the Risk
Appetite Framework. According to the commentators, the
Risk Appetite Framework should focus on the critical risks
that have the potential to significantly impact the FRFI.
Risk Committee and independence
Commentators noted that it is difficult to find directors that
have both sufficient knowledge and a “sound understanding”
of the risks of a FRFI (a key competency for Risk Committee
members) and also be independent.
The Guideline has been amended to clarify that all members of the
Risk Committee should be “non-executives” of the FRFI (e.g.,
directors from affiliated companies are eligible). This is
consistent with international standards.
According to commentators, some of the most competent Risk
Committee directors are from the company’s group – and they
make valuable contributions, as they have intimate knowledge
of the FRFI’s operations. For some FRFIs, the only Board
committee on which non-independent directors can currently
serve is the Risk Committee.
CRO compensation
Aside from the reference to the Financial Stability Board’s
Principles for Compensation, commentators suggested that
there should be an explicit reference in the Guideline that the
CRO’s compensation not be linked to the revenue-generation
aspects of the FRFI.
The Guideline has been amended to note that “the CRO’s
compensation should not be linked to the performance (e.g.,
revenue generation) of specific business lines of the FRFI.”
However, the CRO’s compensation can be linked to the broader
performance of the FRFI.
CRO and Appointed Actuary
Commentators noted that, unlike other financial institutions,
which are involved in financial intermediation and can be
subject to high levels of asset and liability volatility, the main
risk to which P&C companies are exposed is the sufficiency of
Summary of External Consultation Comments
January 2013
The Guideline has been amended to include footnote 13, which
clarifies that “the CRO can be held by another executive of the
FRFI (i.e., the executive has dual roles). Some FRFIs may not
have a CRO position per se, but nonetheless can clearly identify
Corporate Governance Guideline
Page 6 of 8
Industry Comments
OSFI Response
their reserves. As a result, the Appointed Actuary of a P&C
company should be allowed to assume the CRO’s
responsibilities.
an individual within the firm that is accountable to the Board and
Senior Management for the same functions.”
CRO succession planning
The draft Guideline suggests that the Risk Committee oversee
the succession planning for the CRO position and other key
positions within the risk management function. Commentators
noted that, at most FRFI’s, this is the responsibility of the
Human Resources (HR) Committee (or equivalent), not the
Risk Committee.
The Guideline has been amended to clarify that the Board (i.e., the
full Board or delegated to a Board Committee) should approve,
where appropriate, the succession plans with respect to the heads
of the oversight functions.
Direct reporting lines
Commentators suggested that references to “direct reporting
lines” should be removed. There is a general agreement that
the heads of the control functions must have direct access to
the relevant Board committees. However, according to
commentators, if they were to “report” to the committees with
only an “administrative” reporting line to the CEO, their
ability to function as an effective member of the management
team would be compromised.
The Guideline has been amended to clarify that the heads of the
oversight functions “should have unfettered access and, for
functional purposes, a direct reporting line to the Board or relevant
Board committee (e.g., Audit, Risk).” This is consistent with
international standards.
CRO “assurances” of objective analysis
According to commentators, it is inappropriate for the Board
and Risk Committee to seek “assurances” from the CRO
regarding the objectivity of analysis that he/she are expected to
oversee. Such assurances should come from the Chief Internal
Auditor as an arms-length independent party.
Summary of External Consultation Comments
January 2013
It was not OSFI’s intention to suggest that the CRO perform the
duties of the Chief Internal Auditor. The CRO’s role, however, is
to assess the risk information or risk analysis provided by the
business lines, and to provide an opinion on that information and
analysis to the Board.
Corporate Governance Guideline
Page 7 of 8
Industry Comments
OSFI Response
The Role of the Audit Committee
Audit Committee independence
The Guideline proposes that all Audit Committee members be
independent. However, commentators noted that financial
institution statutes require that Audit Committee membership
be comprised of non-employee directors, a majority of whom
are not “affiliated” with the institution. Commentators suggest
that OSFI’s Guideline be consistent with the Bank Act,
Insurance Companies Act, etc.
The requirement for all Audit Committee members to be
independent has been deleted so as to be in line with federal
legislation. However, OSFI notes that it is an international best
practice for all members of the Audit Committee to be
independent, and many FRFIs have moved to this standard, which
OSFI supports.
Auditing standards
Commentators noted that the Canadian Auditing Standards
(CAS) outline the requirements for auditor communication
with the Board, and are comprehensive. According to
commentators, the proposed listed criteria appear to be more
onerous and specific in comparison to the CAS criteria.
Summary of External Consultation Comments
January 2013
The listed criteria for auditor communication with the Board are
consistent with various best practices, and are designed to set
higher standards than the CAS, given that financial institutions are
unique from other sectors of the economy.
Corporate Governance Guideline
Page 8 of 8