OSFI issues guidance on compliance risk

OSFI notes that “a wide variety of laws and regulations” apply to financial firms both within Canada, and in other countries where they operate, and it says that it believes that “adequate controls over the identification and mitigation of regulatory risk are key to a robust internal control framework.”

Moreover, regulatory expectations have changed in the wake of the financial crisis. For instance, OSFI suggests that the existing guidance isn’t fully aligned with the Basel Committee on Banking Supervision’s updated principles for managing operational risk; OSFI’s own recently revised corporate governance guidelines; or, the International Association of Insurance Supervisors’ (IAIS) core principles for regulating insurers. Additionally, OSFI reports that it has “identified a number of systemic issues” associated with firms’ application of the existing guidance “that would be well-served by additional or clarified guidance.”

“OSFI considers effective regulatory compliance management essential to a federally regulated financial institution’s well-being and is therefore of the view that a [firm’s] non-compliance with applicable regulatory requirements can not only weaken the intended results of such requirements but also have significant negative effects on a [firm’s] reputation and/or safety and soundness,” the guidance says. Therefore, it says, effective regulatory compliance management is necessary to ensure that firms are compliance with their regulatory requirements.

OSFI notes that the revised guidance does not create new regulatory requirements. Instead, it communicates the regulator’s expectations for firms “to establish and maintain an enterprise-wide framework of regulatory risk management controls.”

Firms are expected to implement the new guidance by May 1, 2015.