Skip to main content

OSFI Seeks Input on Culture Risk Management

Reading Time 3 minute read


Financial Services Bulletin

On March 15, 2022, the Office of the Superintendent of Financial Institutions (“OSFI”) issued a letter (the “Letter”) to all federally regulated financial institutions (“FRFIs”) and federally regulated pension plans (“FRPPs”) indicating OSFI’s intention to issue a culture risk management guideline for consultation in late 2022.

As described in the Letter, “culture risks” are “the widespread behaviours and mindsets that can threaten sound decision-making, prudent risk-taking, and effective risk management.” In OSFI’s view, when culture risks are not proactively identified, managed, and monitored, they can erode a FRFI’s ability to effectively manage its financial and non-financial risks and achieve its strategic business objectives.

The Letter notes that in recent years, OSFI has increased its supervisory activities with respect to culture risks, including conducting industry scans and incorporating culture risks in supervisory reviews, and that this work highlighted the need for OSFI to be transparent about its expectations in this area.

The Letter is seeking comments from FRFIs and FRPPs that will form the basis of OSFI’s future guidance and supervisory expectations in this area.

Proposed Outcomes of Culture Risk Management

The Letter indicates that as part of the future guidance, OSFI will expect FRFIs to establish and maintain a robust approach to managing and overseeing culture risks. In this regard, OSFI is proposing the following six prudential outcomes that should be achieved to support effective culture risk management:

Leadership: Leaders, at all levels, consistently promote and reinforce the desired culture through their words, actions and decisions.

Compensation, People Management & Incentives: The FRFI acquires, develops, retains, compensates, and incentivizes executives, material risk-takers and all other employees to promote and reinforce its desired culture, effective culture risk management, and achieve sound financial and non-financial outcomes.

Accountability & Ownership: Individuals have a clear understanding of their roles and responsibilities, have capacity and autonomy to fulfill them, take ownership of their decisions and actions, and are held accountable for them.

Risk Mindsets & Behaviours: Risk mindsets and behaviours within the FRFI align with and support the structures in place to ensure financial and non-financial risks are effectively managed.

Group Dynamics & Decision-Making: The work environment enables individuals to feel safe to speak up, openly communicate and work together to make sound decisions and achieve financial and non-financial outcomes.

Resilience: Individuals are vigilant towards known and unknown threats, notice and effectively respond to problems and opportunities, and continuously learn, improve, and adapt to changing conditions.

The Letter indicates that these outcomes are principles-based to acknowledge that how a regulated entity manages its culture risks and achieves these outcomes will vary with its size, nature, scope, and complexity of operations.

Questions for Stakeholders

OSFI is seeking comments from stakeholders on the following questions:

  1. What are your views on OSFI’s proposed culture risk management outcomes? Are there other outcomes OSFI should consider?
  2. Which of the outcomes outlined above is your organization currently overseeing as part of its culture risk management? How is your organization measuring and assessing culture risks in these areas?
  3. Is your organization proactively disclosing culture risk management information as part of its published annual reports? Why or why not? Do you foresee any challenges if OSFI were to expect FRFIs to enhance existing annual reporting requirements to include this information?
  4. Does a FRFI’s size, nature, complexity, risk profile or various sub-cultures (e.g., differences between geographies, business units or functions) give rise to specific culture risk management issues that OSFI should consider?
  5. How do culture risks influence the way FRPPs are managed and administered? What are the benefits of similar outcomes-focused guidance for FRPPs?

Next Steps?

FRFIs and FRPPs have been asked to provide comments on the Letter and the above questions to OSFI by May 31, 2022 at

Contact the Authors

For more information or to discuss a particular matter please contact us.

Contact the Authors



    Receive email updates from our team