On February 28, 2023, the Canada Office of the Superintendent of Financial Institutions (OSFI) released its Draft Culture and Behaviour Risk Guideline (Draft Guideline). The Draft Guideline was developed with industry stakeholder feedback provided in response to OSFI’s 2022 Culture Risk Management Letter, released in March 2022. In addition, OSFI notes that minor changes will be made to its Corporate Governance Guideline to align with the finalized version of the Draft Guideline. Industry stakeholders may submit comments to OSFI on the Draft Guideline at email@example.com until May 31, 2023.
The Draft Guideline applies to all federally regulated financial institutions (FRIs and each an FRI) conducting business in Canada. In releasing the Draft Guideline, OSFI notes that FRIs’ culture can contribute to the safety and soundness of financial institutions and confidence in the broader financial system, and that OSFI expects FRIs to (i) define a desired culture and continuously develop and improve its culture to support the FRIs’ purpose, strategy, effective management of risks and resilience; and (ii) continuously evaluate and respond to behavioural risks that can affect an FRI’s overall safety and soundness.
This memorandum provides a brief summary of the Draft Guideline, along with considerations for federally regulated insurers conducting business in Canada.
I. Expected outcomes and principles for the management of culture and behaviour risks
The Draft Guideline sets out three expected outcomes for FRIs’ sound management of culture and behaviour risks. For each outcome listed in the Draft Guideline, OSFI includes one or more principles for FRIs to leverage in achieving its stated expected outcomes. This is discussed in greater detail below.
Outcome #1: Culture and behaviour are designed and governed through clear accountabilities and oversight
Principle #1: Desired culture and expected behaviours are designed to align with the purpose and strategy of an FRI and are governed through appropriate structures and frameworks.
OSFI notes that senior management are responsible for the design, implementation and monitoring of an FRI’s culture, and that FRIs should establish appropriate governance structures for overseeing culture and expected behaviours. An FRI’s governance structure should include clear responsibilities for key roles and functions across the management of its culture and behaviour risks, and such governance structure should be supported by adequate human and financial resources.
It is important to note that governance structures should be appropriate and proportional to the size, nature, scope, complexity of operations, strategy and risk profile of the FRI, which is consistent with OSFI’s principles-based application of other guidelines. Such governance structures may include frameworks related to remuneration, ethics, conflict management, performance, talent management and whistleblowing.
The Draft Guideline states that OSFI expects FRIs to define the desired culture needed to achieve its strategy and to manage risks effectively, and that such definition and development of its desired culture should include the following:
- Clear articulation of the desired culture, including expected behaviours and values;
- Alignment of the culture to an FRI’s purpose, vision, strategy and enterprise risk management approach;
- Consideration of key talent and people management strategies;
- Consideration of policies, processes, practices and systems needed to support the desired culture;
- Implementation of frameworks, mandates and objectives that reinforce accountabilities; and
- Proactive management of culture and behaviour risks through monitoring, assessment and reporting to support ongoing oversight and continuous improvement.
Outcome #2: Desired culture and expected behaviours are proactively promoted and reinforced
At a minimum, OSFI expects FRIs to use leadership, talent and performance management practices, as well as compensation and incentive plans to promote and reinforce their desired culture and expected behaviours.
Principle #2: FRIs’ leaders, at all levels, should consistently promote and reinforce the desired culture and expected behaviours through their words, actions and decisions.
OSFI notes that FRIs’ leaders can actively shape the firm’s culture, including by the following:
- Senior leaders (including senior management and heads of oversight functions) setting a consistent ‘tone from the top’ that is aligned with the FRI’s desired culture and expected behaviours;
- Leaders at all levels, including all people managers, modelling their own behaviours and decisions in accordance with the FRI’s desired culture and expected behaviours; and
- Leaders at all levels consistently holding people accountable to the desired culture and expected behaviours of the FRI.
Principle #3: Talent and performance management strategies and practices promote and reinforce the desired culture and expected behaviours.
OSFI notes that FRIs’ talent management and performance management strategies, processes and practices should consider its desired culture and expected behaviours.
Principle #4: Compensation, incentives and rewards promote and reinforce the desired culture and expected behaviours.
The Draft Guideline provides that FRIs should design and implement compensation frameworks and incentive plans to encourage expected behaviours and discourage undesired behaviours across its organization. OSFI states that such compensation frameworks, reward programs and incentive plans may include financial and non-financial awards, performance score cards and informal and formal recognition.
Outcome #3: Risks emerging from behavioural patterns are identified and proactively managed
Principle #5: FRIs should proactively monitor for, assess and act to address risks related to culture and behaviour that may influence their resilience.
OSFI expects FRIs to implement processes to identify, assess and manage risks arising from behavioural patterns that do not align with its desired culture and expected behaviours (including identifying behaviours such as complacency, excessive risk taking, poor communication, or a lack of speaking up or raising concerns).
In order for FRIs to identify certain behavioural patterns, OSFI recommends that FRIs use a range of qualitative and quantitative methods and techniques to identify behavioural patterns that commonly exist across its organization. OSFI notes that such methods and techniques may include a combination of informal conversations with employees, surveys, interviews, focus groups, employee-related data (for example, turnover and retention rates) and performance indicators.
Where behavioural patterns observed within an FRI do not reflect its expected behaviours and support its desired culture, these patterns should be assessed to understand (i) their root causes, (ii) potential impacts, (iii) unintended consequences and (iv) whether the behavioural patterns are widespread within the FRI. Behavioural patterns that do not align with an FRI’s expected behaviours and desired culture, or that increase an FRI’s financial and non-financial risks, are defined by the Draft Guideline as “behavioural risks.”
OSFI notes that FRIs should employ a risk-based approach when assessing its behaviour risks, and focus should be given to widespread behaviour risks and those that may pose a substantial risk to specific areas of an FRI’s operations. FRIs’ responses to certain identified behavioural patterns and associated risks may include ongoing monitoring of existing behavioural patterns, actions to modify certain existing behavioural patterns, or reinforcing existing behavioural patterns that support the FRIs’ desired culture.
Lastly, it is important to note that any decisions to monitor, modify, or reinforce existing behavioural patterns should be supported by a rationale and should be appropriately tracked and evaluated by the FRI.
II. Considerations for federally regulated insurers conducting business in Canada
Due to the relatively broad nature of the Draft Guideline, we anticipate that further guidance will be required from OSFI to provide FRIs with specific actionable steps that they may undertake to implement the principles set out in the Draft Guideline once it is finalized. It is also a positive development that OSFI plans to release a self-assessment tool that FRIs may use to review the design and effectiveness of its compliance with this Draft Guideline.
We recommend that FRIs begin reviewing the Draft Guideline against its current policies, especially those policies governing human resources, as this will be a productive exercise to ensure that there is consistency between current policies and the Draft Guideline, taking into consideration, however, that further changes may be made to the Draft Guideline once it is finalized.
Industry stakeholders may submit comments to OSFI on the Draft Guideline at firstname.lastname@example.org until May 31, 2023.
Please do not hesitate to contact Dentons Canada LLP’s Corporate and Regulatory Insurance group, should you wish to discuss how the Draft Guideline may impact your firm’s current and future compliance regime and operations.