Office of the Superintendent of Financial Institutions (OSFI) - Enterprise-wide Risk Management (ERM)

Similar documents
ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Office of the Superintendent of Financial Institutions FUTURE-ORIENTED STATEMENT OF OPERATIONS. For the years ending March 31, 2016 and 2017

FINANCIAL STATEMENTS

Office of the Superintendent of Financial Institutions Canada

Insurance Bulletin. New OSFI Guideline on Operational Risk Management. September 2015

Office of the Superintendent of Financial Institutions FINANCIAL STATEMENTS. For the three and six months ended September 30, 2017

Office of the Superintendent of Financial Institutions

Office of the Superintendent of Financial Institutions Financial Highlights For the period ended September 30, 2014

Internal Audit Report on. Supervision of Life Insurance Non- Conglomerate Institutions. November 2017

Guideline. Earthquake Exposure Sound Practices. I. Purpose and Scope. No: B-9 Date: February 2013

Oversight Review Report of the Investment Industry Regulatory Organization of Canada

summary of directors duties under OSFI guidance

Pillar 3 Disclosure Statement

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

Management Information Systems Reporting Supervisory Expectations James Dennison Managing Director

Office of the Superintendent of Financial Institutions Financial Highlights For the period ended December 31, 2014

Corporate Governance Guideline

Derivatives Sound Practices for Federally Regulated Private Pension Plans

Risk Management Framework

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

BANK OF CHINA (CANADA) BASEL PILLAR III DISCLOSURES AS AT DECEMBER 31, 2014

Supervisory Framework JUNE 2012

Guideline. Own Risk and Solvency Assessment. Category: Sound Business and Financial Practices. No: E-19 Date: November 2015

OSFI Supervisory Model

Please contact your OSFI Relationship Manager with any questions concerning the guidelines or their implementation.

Applying COSO s Enterprise Risk Management Integrated Framework

Office of the Superintendent of Financial Institutions Internal Audit Report on Insurance Supervision Sector

Office of the Superintendent of Financial Institutions

Inter-Segment Notes for Life Insurance Companies. The revised Guideline is effective for fiscal years beginning on or after January 1, 2011.

IFRS and the role of CIA Standards

Community Trust Company Basel III Pillar 3 Disclosures June 30, 2018

Community Trust Company Basel III Pillar 3 Disclosures December 31, 2017

Corporate Governance of Federally-Regulated Financial Institutions

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Community Trust Company Basel III Pillar 3 Disclosures March 31, 2017

TD BANK INTERNATIONAL S.A.

Risk Management Policy

PUBLIC APPOINTMENTS COMMISSION SECRETARIAT

MISSION VALUES. This Framework has been printed by:

Solvency Assessment and Management: Stress Testing Task Group Discussion Document 96 (v 3) General Stress Testing Guidance for Insurance Companies

Guideline Impact Analysis Statement

COMMUNIQUE. Page 1 of 13

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

IDENTIFICATION OF BEST PRACTICES FOR THE GOVERNANCE AND ADMINISTRATION OF PENSION PLANS

Academy Presentation to NAIC ORSA Implementation (E) Subgroup

Energize Your Enterprise Risk Management

Procedures for Management of Risk

Life Insurance Capital Adequacy Test Public Disclosure Requirements. Date: March 2018 Effective Date: December 31, 2018

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

IMPLEMENTATION NOTE. Collateral Management Principles for IRB Institutions

Sound residential mortgage underwriting in a changing environment

Presentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,IIK 6 th JULY 2017

Session 032 PD - Life Insurance Capital Framework in Canada. Moderator: Benjamin L. Marshall, FSA, CERA, FCIA, MAAA

Risk Management Strategy

Kidsafe NSW Risk Management Plan. August 2014

Enterprise Risk Management Integrated Framework

Collective Allowances - Sound Credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost

COMPUTERSHARE TRUST COMPANY OF CANADA BASEL III PILLAR 3 DISCLOSURES

Draft Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: November 2017

Sections of the ORSA Report

OSFI Announces Major Reinsurance Regulatory Reforms

The Northern Trust Company, Canada Basel III Pillar lll Disclosure March 31, 2018

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

ENTERPRISE RISK MANAGEMENT Framework

Risk Management Report

REGULATORY GUIDELINE Liquidity Risk Management Principles TABLE OF CONTENTS. I. Introduction II. Purpose and Scope III. Principles...

GPC Financial Corporation. BASEL III PILLAR 3 DISCLOSURES September 30, 2014

GPC Financial Corporation. BASEL III PILLAR 3 DISCLOSURES December 31, 2014

the importance of managing risk OSFI ANNUAL REPORT

The Northern Trust Company, Canada Basel III Pillar lll Disclosure as at March 31, 2015

Statement of Management s Responsibility for Financial Information

Filing and Reporting Requirements for Defined Contribution Pension Plan Terminations

GOV : Enterprise Risk Management Policy

University of the Sunshine Coast (USC) Risk Appetite Statement

Use of Internal Models for Determining Required Capital for Segregated Fund Risks (LICAT)

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Project Risk Management

November 1, GRA - MPI Exhibit #81. Minimum Capital Test For Federally Regulated Property and Casualty Insurance Companies

BANK OF CHINA (CANADA) BASEL III DISCLOSURES AS AT DECEMBER 31, 2013

Data Maintenance at TSA & AMA Institutions

Re: Defined Benefit Pension Plan Stress Testing

SOLVENCY AND FINANCIAL CONDITION REPORT EUROLIFE LTD

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

Approved by: Diocesan Council 17 December 2015

Note 1: Basis of Presentation

Understanding Enterprise Risk Management: An Overview

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

American Academy of Actuaries Webinar: The Practice of ERM in the Insurance Industry. Enterprise Risk Management Committee November 19, 2013

Amex Bank of Canada. Basel III Pillar III Disclosures December 31, AXP Internal Page 1 of 15

Risk Management at ANZ

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

The Northern Trust Company, Canada Basel III Pillar lll Disclosure March 31, 2017

This document contains the Canadian Case Study.

Thirty-Second Board Meeting Risk Management Policy

Profile. Liability Driven Investment Solutions. TD Asset Management LIABILITY DRIVEN INVESTMENT CUSTOMIZED SOLUTION. What is LDI? Why Consider LDI?

Unlocking Value with Enterprise Risk Management. presented by Jim Toole, FSA, CERA, MAAA Bob Daino, FCAS, MAAA

DRAFT 3/18/14 Financial Analysis Handbook 2014 Annual/2015 Quarterly

USF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment

Transcription:

Office of the Superintendent of Financial Institutions (OSFI) - Enterprise-wide Risk Management (ERM) Michele Bridges, Managing Director of Finance and Corporate Planning Financial Management Institute November 23, 2010

What is OSFI? The Office of the Superintendent of Financial Institutions (OSFI) is an independent agency of the Government of Canada established in 1987. OSFI supervises and regulates federally registered banks, insurers, trust and loan companies and private pension plans that are subject to federal oversight. - 2 -

OSFI s Mission Statement We are the primary regulator of federal financial institutions and pension plans. Our mission is to safeguard policyholders, depositors and pension plan members from undue loss. We advance and administer a regulatory framework that contributes to public confidence in a competitive financial system. We also provide actuarial services and advice to the Government of Canada. We are committed to providing a professional, high quality and cost effective service. - 3 -

About OSFI Approximately 550 employees. Offices located in Ottawa, Toronto, Montréal, and Vancouver. Office is comprised of the following sectors: Supervision, Regulation, Corporate Services, and the Office of the Chief Actuary. Superintendent (Julie Dickson) is the head of OSFI. The OCA is headed by the Chief Actuary, and all other sectors are headed by an Assistant Superintendent. - 4 -

ERM Overview What is risk? Risk is any event that could impair our ability to achieve our objectives. Risk and could Future oriented words External and internal (i.e. operational risks) Objectives Need to be clear about objectives Objectives cascade down - 5 -

ERM Overview (continued) Imagine if you will 1. Both top-down and bottom-up communication exercises (Senior management communicates its concerns to staff as well as an annual deep-dive exercise where staff provide input to detailed risk assessments) 2. Staff meet to agree on their concerns. 3. Concerns are consolidated. 4. Some risks are not adequately controlled. 5. Close control gaps. = ERM - 6 -

ERM Overview (continued) ERM Framework Conceptually ERM is quite straight forward. Devil is in the detail of implementation. ERM framework built through understanding key ERM concepts. - 7 -

ERM Overview (continued) Why implement ERM? Our environment Rapid and complex change. Infinite choices of where to commit resources, but scarce resources. Informal methods don t cut in any more. ERM Benefits Better prioritization of work and resources allocation. (i.e. better planning) Basis for improved reporting. Better management. - 8 -

ERM Overview (continued) Why implement ERM? (Continued) Government of Canada Compliance Treasury Board Secretariat risk management related policies and guidelines: Integrated Risk Management Implementation Guide Integrated Risk Management Framework Policy on Active Monitoring Risk Management Policy Policy on Internal Control TBS Management Accountability Framework (MAF) departments and agencies rated on their risk management practices. - 9 -

ERM at OSFI Implementation Timeline ERM was rolled out at OSFI in June 2005. Then: Annual formal risk assessments. Bottom up approach. Executive oversaw process but no direct involvement. Now: Quarterly risk assessments. Top down approach. Bimonthly discussions with Executive Committee. At annual planning meeting Executive agrees on ERM results prior to finalizing OSFI priorities. - 10 -

ERM at OSFI (Continued) OSFI ERM Management Policy Prescribes the scope and effective date of the policy. Outlines the roles and responsibilities of: Superintendent and Executive Committee The Risk Management Function Assistant Superintendents Sector Risk Coordinators, and Internal Audit OSFI ERM Framework Sets out risk management process including details on performing risk assessments. Approach is now more dynamic and top down and includes bimonthly discussions with Executive Committee on risks. - 11 -

ERM at OSFI (Continued) Roles in ERM Risk Coordinators conduct risk assessments and document results in Sector and Divisional Risk Registers: Supervision Sector Regulation Sector Corporate Services Sector Office of the Chief Actuary Audit & Consulting Services OSFI ERM Risk Coordinator rolls-up Risk Registers to OSFI-wide ERM Overview. Executive Committee & Audit Committee - Review ERM results. - 12 -

Which areas of OSFI are subject to risk assessments? Program Activity Architecture (PAA as required by Treasury Board) is used in determining the key business lines that are subject to risk assessments. Separate risk registers are required for each of the three sectors, plus the OCA and A&CS divisions. Risk assessments are performed at the business line level or lower levels within a business line at the discretion of the Assistant Superintendent. - 13 -

How are risks consolidated? OSFI Risk Consolidation OSFI Consolidated Risk Summary Sector Consolidation Office of the Chief Actuary Audit & Consulting Services Regulation Sector Supervision Sector Corporate Services Sector Activity / Sub-Activity Consolidation Rule Making Approvals Supervisory Support Accounting Legislative Accounting Risk Registers Actuarial Segregated Funds Actuarial Capital Capital Models Capital Other Other Compliance - 14 -

Update Process Risk assessments are completed on a quarterly basis March update involves a more detailed review. Update considers addition of new risks or removal of risks that are no longer relevant/significant. Each sector is responsible for determining the best approach (i.e. who to involve) in performing the update. Updated risk reports are submitted to OSFI s Risk Coordinator. Office wide summary is prepared for Executive and for Audit Committee (summary for Audit Committee is apprised of a more limited set of risks, consistent with its mandate). - 15 -

Six Elements in OSFI s Risk Management Process 1. Define the objectives 2. Identify the risks 3. Identify the key controls 4. Assess the risks 5. Develop and implement action plans 6. Documentation - 16 -

1. Define Objectives Objectives are key to the ERM process. Consider the risks that could impair the achievement of objectives for a particular business line or activity. Objectives must be clearly stated, understood and up-to-date. - 17 -

2. Identification of Risks Risk identification is key. Consider those risks that could impact the ability to achieve objectives. Focus is on top 5 7 risks. Risk Identification & Assessment (ERM) SWOT Performance Measures Risk ID & Assess. Executive Planning Meeting Environmental Scan Emerging Risk Cttee ERM Risk Register Update - 18 -

2. Identification of Risks (continued) OSFI s Risk Inventory External Risks Economic conditions Financial industry environment Legal environment Catastrophic events Internal (Operational) Risks People Skills Allocation of resources Governance Processes Strategic and business planning Information/MIS Organization structure Key Internal Processes Key Business Line Processes Other key processes Legal decisions Relationship Management Stakeholders Direct and indirect influencers Systems Effectiveness of systems Security of systems Culture Core values Change management - 19 -

3. Identify Key Controls Identify and document key controls. Controls are activities, resources, systems and people that help mitigate, transfer or avoid risks. Control activities: Are the policies and procedures that help ensure that management s risk responses are carried out. Occur throughout the organization, at all levels and in all functions. Controls can be preventive, detective or corrective in nature. - 20 -

4. Assessment of Risks A. Inherent Risk = [Impact + Likelihood]/2 The quantification of a risk, which is determined by considering the impact of the risk on the organization s ability to achieve its objectives, and the degree of likelihood of the risk occurring within a given timeframe. B. Risk Direction Concluding, on a subjective basis, on whether the residual risk (i.e. inherent risk after considering the effect of current controls) is stable, increasing or decreasing. - 21 -

4. Assessment of Risks (Continued) C. Control Comprehensiveness Rating the comprehensiveness of controls in place to mitigate the risk. A 5-point control comprehensiveness assessment scale can aid in assessing five control characteristics, namely: Extensiveness of control structure Awareness of controls (by employees) Documentation of controls Internal review of controls Independent review of controls - 22 -

4. Assessment of Risks (Continued) D. Risk Tolerance The level of residual risk you are willing to accept after considering the level of controls and the risk versus reward trade-off. Potentially Over Controlled Controls in place to mitigate the risk are excessive and could be reduced in the interests of efficacy Acceptable Controls in place to mitigate the risk are acceptable there is no control gap Cautionary Controls in place to mitigate the risk are at a minimum level and may need to be enhance in the future there may be a control gap Potentially Under Controlled Controls in place to mitigate the risk are likely inadequate and should probably be enhances there is likely a control gap - 23 -

5. Develop and Implement Action Plans Develop action plans (aka mitigation strategies) to address unacceptable gaps. Monitor progress status against these action plans. Action plans can feed into priorities/ strategic planning process. - 24 -

6. Documentation Documentation of OSFI s risk management process is standardized across the office. Risk register is used to document the six steps. Where a sector has several business lines, a risk register is prepared for each line. The Sector Risk Coordinator prepares a risk consolidation of all risk registers prepared in the sector. Each Assistant Superintendent is required to sign off on their respective risk consolidation. - 25 -

Risk Register - Example - 26 -

Applying ERM Results Used by staff and management to support decision making. ERM is incorporated as an integral part of OSFI planning discussions and exercises. Used as a key input into strategic, operational and financial planning. ERM inputs throughout the planning process to help identify, quantify, and include risk information when developing strategic priorities and business plans. ERM is formally incorporated into the Planning Model and Integrated Planning Cycle. - 27 -

Applying ERM Results Why Integrate with Planning? Structured approach to provide essential information in forming corporate objectives and actions, and setting priorities such that risks are effectively managed. Including HR and IM/IT Strategies and Plans. Planning based on risk-sensitive information provides: Better prioritization of work. Better support of decision-making throughout planning process. Supports more comprehensive reporting ( Risk Profile section of Report on Plans and Priorities, Departmental Performance Report and Annual Report). Supports the Audit Committee in delivering its mandate. Can provide substantiated justification for greater resource requests in risk areas. - 28 -

Contacts www.osfi-bsif.gc.ca Michele Bridges: Managing Director, Finance and Corporate Planning Phone: (613) 991-4607 Email: michele.bridges@osfi-bsif.gc.ca Sharon Nitschke: Manager, Policy Initiatives and Corporate Coordination Phone: (613) 990-8798 Email: sharon.nitschke@osfi-bsif.gc.ca Katie Brown: Manager, Corporate Planning and Performance Measurement Phone: (613) 949-8935 Email: katie.brown@osfi-bsif.gc.ca - 29 -

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback