The Office of the Superintendent of Financial Institutions plans to provide federally-regulated financial institutions with a formal rating based on their level of risk.

On Wednesday, OFSI said it will start later this year to provide a confidential risk rating to individual institutions. It also released a detailed set of criteria on which they will be judged.

Composite Risk rating reflecting its assessment of the safety and soundness of the institution.

OSFI said the Composite Risk rating is an integral part of its current Supervisory Framework and will not change how institutions are supervised. In a letter to CEOs, OSFI said that an institution’s Composite Risk will be assessed as Low, Moderate, Above Average or High based on an assessment of the level of risk in the institution’s significant activities, the effectiveness of its risk management and control practices, and the quality and adequacy of its earnings and capital.

Full implementation of the ratings is expected over the following two years. Most institutions will be rated on an annual basis. The rating will be provided in writing to the CEO as well as the board of directors. Institutions will be required to maintain the confidentiality of the ratings.

Eventually, institutions will also be provided with ratings for the applicable risk management control (oversight) functions. A standardized process, incorporating an internal OSFI review, will be used for arriving at ratings for all institutions, enhancing the consistency of assessments across institutions and across financial sectors.

In consultation with industry, OSFI has developed a set of Assessment Criteria that will be used to guide supervisory judgements in developing the ratings. These criteria are not required standards. The ratings will be based on findings and observations from OSFI’s ongoing monitoring activities and its on-site reviews of the institution’s operations. OSFI expects that the nature and extent of oversight by an institution over its activities will be commensurate with its complexity and risk profile. Accordingly, the various factors considered in the assessment of the oversight functions may be weighted differently for different institutions.