OSFI Introduces New Quarterly Regulatory Update and Revised Guideline E-21

On August 22, 2024, the Office of the Superintendent of Financial Institutions (OSFI) launched its inaugural quarterly release of regulatory changes, marking a significant shift towards a standardized approach aimed at enhancing transparency and predictability in updates for the federal financial sector. This new approach aligns OSFI’s regulatory responses more closely with identified key risks.

The first release features the finalized version of Guideline E-21, which updates OSFI’s framework on Operational Risk Management and Resilience. The revised Guideline modernizes OSFI’s approach by placing a stronger emphasis on operational resilience and non-financial risks. Applicable to all federally regulated financial institutions (FRFIs), including banks, insurance companies, and foreign branches, Guideline E-21 focuses on enhancing the ability of institutions to maintain critical operations through disruptions.

Key Highlights of Guideline E-21:

Governance: The Guideline outlines OSFI’s expectations for effective governance concerning operational risk management and resilience. It includes detailed responsibilities for senior management, business functions, risk and compliance oversight, and independent assurance through internal audits.
Operational Risk Management: FRFIs are required to manage operational risks within approved risk appetites and limits. The Guideline introduces a refined risk taxonomy and emphasizes the use of risk and control assessments, key risk indicators, and scenario analysis to enhance risk management practices.
Operational Resilience: Institutions must identify and assess critical operations for their ability to withstand disruptions and establish tolerance levels for such disruptions. OSFI encourages regular and iterative scenario testing for severe but plausible scenarios, including cyber incidents, natural disasters, and third-party service failures. Testing frequency and intensity should be proportional to the criticality and risk to operations.

Key Areas to Strengthen Resilience:

– Business continuity and disaster recovery

– Crisis and change management

– Technology and cyber risk management

– Third-party and data risk management

FRFIs are expected to promptly align with the expectations set forth in the Governance and Operational Risk Management sections of Guideline E-21.

This update represents OSFI’s commitment to refining regulatory practices and enhancing operational resilience within the federal financial sector.

Related Posts

PRA Releases Near-Final Policy Statements on Basel 3.1 Implementation

RBI’s Strategic Move: Nurturing Transparency and Ethical Practices in Digital Lending

Basel Committee Advances Policy Initiatives on Cryptoassets, Interest Rate Risk, and Climate-related Financial Risks