The Office of the Superintendent of Financial Institutions (OSFI) published a draft Culture and Behaviour Risk Guideline for consultation after earlier feedback from stakeholders expressed concern about the use of terms like ‘culture’ and ‘risk’ without clearer terminology. “Respondents expressed confusion about which outcomes shape culture and which outcomes result from Federally Regulated Financial Institution (FRFI) culture,” they write.

FRFIs currently include 60 life insurance companies, nine fraternal benefit societies and 149 property and casualty companies, in addition to Canadian banks, trust companies and loan companies.

“Several respondents expressed concern that OSFI would attempt to prescript the culture institutions should have. We acknowledge that each institution has a unique culture. The draft guideline is more focused and clarifies our intent by setting expectations for FRFIs to have governance, processes and practices in place to define, assess and manage culture and behaviour risks that is proportional to their size, nature, scope, complexity of operations, strategy and risk profile,” they state.

In the guideline itself, OSFI continues, saying culture can influence sound decision-making and risk management which can materially weaken or support resilience. They say that OSFI expects FRFIs to define, develop and improve their cultures to support effective risk management and to continuously evaluate behaviour risk that can affect an institution’s overall safety and soundness, “given the contributions culture can have on the safety and soundness of financial institutions and confidence in the broader financial system.”

They add that culture and behaviour should be designed and governed through clear accountabilities and oversight. The paper goes on to discuss governance, leadership, talent and performance management, compensation, and managing behaviour risks. In the latter category, the paper discusses the identification of behavioural patterns, assessment of behaviour risks and appropriate responses to any behaviour risks identified.

Stakeholders are asked to respond with feedback by May 31, 2023.