On September 18, 2018, the Office of the Superintendent of Financial Institutions (OSFI) released its final revised Corporate Governance Guideline (Final CGG). This follows the issuance of a draft revised Corporate Governance Guideline (Draft CGG) for public consultation on November 7, 2017. The Final CGG articulates OSFI's expectations with respect to the corporate governance of federally regulated financial institutions (FRFIs).
The Final CGG takes a more principles-based and outcomes-based approach, and is intended to provide Boards with greater discretion as to how they meet OSFI's corporate governance expectations. The Final CGG also more clearly delineates between the responsibilities of the Board and Senior Management.
There is also a consolidation of Board duties set out in numerous OSFI guidelines and advisories in this Final CGG. As a result, OSFI is reissuing other risk management and capital guidelines and advisories to remove references to Board requirements. OSFI has also rescinded the Advisory – Changes to the Membership of the Board and Senior Management, and revised its Assessment Criteria to align with the Final CGG.
This Bulletin provides an overview of key differences between the Final CGG and the Draft CGG, as well as key differences between the Final CGG and the prior version of the Corporate Governance Guideline (Prior CGG).
OSFI has indicated that it will hold information seminars for FRFI directors and corporate secretaries in fall 2018.
Comments on changes to the Draft CGG
OSFI released the Draft CGG for consultation in November last year, and received a number of comments. You can read our Bulletin on the Draft CGG here.
OSFI made a number of changes to the Draft CGG based on feedback it received. For the most part, these changes are clarifications and do not impact the overall thrust and tone of the Final CGG. Some of the more notable changes are summarized below.
- In response to the comment that references to "practices and procedures" within the Boards of Subsidiaries or with FRFI Subsidiaries sub-section went beyond the scope of reasonable Board involvement, and that qualifying language (i.e. "that govern strategy, risk oversight, and controls") was too restrictive, OSFI has removed these references to allow for more flexibility.
- The Final CGG notes that the Risk Appetite Framework should take into account the FRFI's risk profile and that the FRFI should be satisfied, on an ongoing basis, that the Risk Appetite Framework remains appropriate relative to its risk profile, long-term strategic plan and operating environment.
- A footnote in the Final CGG clarifies that where the Chief Risk Officer fulfills dual roles, his or her independence must not be compromised.
- A number of changes to the Audit Committee section have been made to clarify the role of the Audit Committee vis-à-vis the Board and to specify that the Audit Committee should meet with the external auditor, the Chief Internal Auditor and other heads of the Oversight Functions, with and without the CEO or other members of Senior Management present.
Comments on changes to the Prior CGG
In many respects, the proposed changes represent an evolution of, and improvement on, the Prior CGG.
The Final CGG takes a more principles-based and outcomes-based approach, and is intended to provide Boards with greater discretion as to how they meet OSFI's corporate governance expectations. The Prior CGG was prescriptive on many points, having approximately 108 rules which FRFIs had to address in a detailed way to demonstrate compliance to OSFI. The Final CGG takes a less prescriptive and more outcomes-based approach, while still making many of the same points made in the Prior CGG. This is an improvement in that it allows for more flexibility, and does not encourage as much of a "check the box" approach. At the same time, putting the onus on Boards of directors to determine how they are going to achieve the applicable governance outcomes for the still many specific points and principles based recommendations means that the responsibilities and duties of the Board are even more profound.
The Final CGG also reflects general corporate governance developments since the Prior CGG. For example, the Final CGG states that Boards should be diverse, and contains numerous references to culture.
Perhaps most significantly, the Final CGG reflects an increasing emphasis on the importance of the role and responsibilities of the Board of Directors, and the significant duties that go with them. This is articulated in the Final CGG in a variety of ways that, taken together, give increased weight to the many responsibilities and duties of directors. As a result, the Final CGG requires a director to not only have increasing financial industry and risk management competence, the two essential areas of competency the Board must have, but also to (a) approve and oversee strategy, risk management and oversight, Board and Senior Management functions themselves, and audit plans, and (b) not just discuss (as under the Prior CGG) but to challenge, advise and guide Senior Management on operational and business policies, business performance and effectiveness of risk management.
The Prior CGG and the Final CGG both provide as follows: "In addition to the roles and responsibilities of the Board outlined in federal legislation, the Board should discharge, at a minimum the following essential duties in relation to the FRFI". Upon reviewing them, one appreciates how significant and extensive these essential duties are.
"The Role of the Board
1. Approve and oversee: [emphasis added]
- Short-term and long-term business plans and strategy;
- Significant strategic initiatives (e.g., mergers and acquisitions);
Risk Management and Oversight
- Risk Appetite Framework;
- Internal Control Framework;
- Significant policies, plans and strategic initiatives related to the management of, or that materially impact, capital and liquidity (e.g., internal capital targets, share issuance); [mostly new]
- Codes of ethics and conduct; [new]
Board, Senior Management and Oversight Functions
- Appointment, performance review, and compensation of the CEO and other key members of Senior Management, including the heads of the Oversight Functions;
- Succession plans with respect to the Board, CEO and other key members of Senior Management, including the heads of the Oversight Functions;
- External audit plan, including audit fees and the scope of the audit engagement; and
- Internal audit plan." [new]
"2. Provide challenge, advice and guidance to the Senior Management of the FRFI, as appropriate, on:
Operational and Business Policies
- Significant operational, business, risk and crisis management policies of the FRFI, including those in respect of credit, market, operational, insurance, regulatory compliance and strategic risks, and their effectiveness; and; [emphasis added]
- Compensation policy for all human resources that is consistent with the Financial Stability Board (FSB) Principles for Sound Compensation;
- Business Performance and Effectiveness of Risk Management
- Performance of the FRFI relative to the Board-approved business plan and strategy;
- Effectiveness of the Risk Appetite Framework; [new]
- Effectiveness of the Internal Control Framework; [new]
- Effectiveness of the Oversight Functions; and [new]
- Effectiveness of significant policies and plans related to management of capital and liquidity (e.g., stress testing, ICAA/ORSA report)." [new]
Where "[new]" appears after an essential duty, this essential duty is new as contained in the Final CGG compared to the Prior CGG.
Directors of FRFIs will be required to take their roles very seriously and to dedicate significant time and effort to do their jobs properly. To fulfill OSFI's expectations, directors will need to know more, read more, prepare more for meetings, and follow financial industry and risk management developments on an ongoing basis. They will also have to be careful to observe the line between the role of the Board and the role of management.